Re: [PHP] Reading from the htpasswd file
Hey!
(Forgive me for top posting but in this case I think it makes more sense)
Thanks for the tips, you've given me some excellent starting points so will
start experimenting from there and come back when I start running into problems
(which I am sure I will as I still dont know RegEx so preg_* statements leave
me pretty much clueless... I know, I should learn)
If you (or anybody) wants to chip in any additional advise snippets, please go
ahead.
Cheers!
R
Richard Lynch [EMAIL PROTECTED] wrote: On Fri, February 2, 2007 8:17 am, Ryan
A wrote:
I have a pal who uses a htpasswd file for access to his site..
rather than using basic_auth he wants to change it to form based
_without_ a DB (ie user comes to his site and enters the username and
password into a form, then submits it to the php script, the php
script reads the htpasswd file and accordingly grants access or denies
access if the login does not match)
Am not so sure about this but before i can make an arguement against
this, I should know something myself so my questions to you more
knowledgeable guys are:
1. Is it such a good idea switching?
If he thinks the Basic Auth popup is icky then go ahead and get rid
of it. No biggie.
There's no great advantage to Basic Auth, and, actually, having the
authentication done in PHP can be beneficial if you want to start
doing some custom logging and user profile modeling of logins.
It's certainly possible to get access to that, or to integrate that
after the HTTP Basic Auth has been done, but it can be cleaner code
to have it all as one conceptual mess in PHP, instead of a mess in
HTTP Auth Apache and another in PHP.
2.Wont the basic_auth pop up anyway even after entering these values
into the form?
Not unless you send the headers out, either with PHP, or with
.htaccess (or httpd.conf) settings to do HTTP Basic Authentication
3. If having a hundreds (or even thousands) of user:pass combinations
in the htpasswd file wont it make logging in longer and more
processor intensive to search all of the combinations till you find
(or not find) the login?
Not really.
$file = file_get_contents('/full/path/to/htpasswd');
preg_match_all('/(.*):(.*)$/msU', $file, $htpassd);
//play games with array_flip or array_slice here to get
//an associative array of $users['username'] = 'password';
//Your login check is then a simple array reference
Did some small code experiments before coming here asking for
advise...
can send you the code I have written if need be...but what i have
found out is with small amounts of data i see no difference in speed
of loggin in using the htpasswd file as the login database..
Whether reading the file or the DB is faster depends totally and your
hardware and network topology between web server and db server, or
lack thereof.
Nothing anybody else can say on this matter has any real meaning.
--
Some people have a gift link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
- The faulty interface lies between the chair and the keyboard.
- Creativity is great, but plagiarism is faster!
- Smile, everyone loves a moron. :-)
-
Any questions? Get answers on any topic at Yahoo! Answers. Try it now.
[PHP] Reading from the htpasswd file
Hey, *** Warning: feeling a bit braindead today after working long hours yesterday so please excuse if some parts are crappy*** I have a pal who uses a htpasswd file for access to his site.. rather than using basic_auth he wants to change it to form based _without_ a DB (ie user comes to his site and enters the username and password into a form, then submits it to the php script, the php script reads the htpasswd file and accordingly grants access or denies access if the login does not match) Am not so sure about this but before i can make an arguement against this, I should know something myself so my questions to you more knowledgeable guys are: 1. Is it such a good idea switching? 2.Wont the basic_auth pop up anyway even after entering these values into the form? 3. If having a hundreds (or even thousands) of user:pass combinations in the htpasswd file wont it make logging in longer and more processor intensive to search all of the combinations till you find (or not find) the login? Did some small code experiments before coming here asking for advise... can send you the code I have written if need be...but what i have found out is with small amounts of data i see no difference in speed of loggin in using the htpasswd file as the login database.. Thanks for any input on the above. Cheers! R -- - The faulty interface lies between the chair and the keyboard. - Creativity is great, but plagiarism is faster! - Smile, everyone loves a moron. :-) - Sucker-punch spam with award-winning protection. Try the free Yahoo! Mail Beta.
Re: [PHP] Reading from the htpasswd file
On Fri, February 2, 2007 8:17 am, Ryan A wrote:
I have a pal who uses a htpasswd file for access to his site..
rather than using basic_auth he wants to change it to form based
_without_ a DB (ie user comes to his site and enters the username and
password into a form, then submits it to the php script, the php
script reads the htpasswd file and accordingly grants access or denies
access if the login does not match)
Am not so sure about this but before i can make an arguement against
this, I should know something myself so my questions to you more
knowledgeable guys are:
1. Is it such a good idea switching?
If he thinks the Basic Auth popup is icky then go ahead and get rid
of it. No biggie.
There's no great advantage to Basic Auth, and, actually, having the
authentication done in PHP can be beneficial if you want to start
doing some custom logging and user profile modeling of logins.
It's certainly possible to get access to that, or to integrate that
after the HTTP Basic Auth has been done, but it can be cleaner code
to have it all as one conceptual mess in PHP, instead of a mess in
HTTP Auth Apache and another in PHP.
2.Wont the basic_auth pop up anyway even after entering these values
into the form?
Not unless you send the headers out, either with PHP, or with
.htaccess (or httpd.conf) settings to do HTTP Basic Authentication
3. If having a hundreds (or even thousands) of user:pass combinations
in the htpasswd file wont it make logging in longer and more
processor intensive to search all of the combinations till you find
(or not find) the login?
Not really.
$file = file_get_contents('/full/path/to/htpasswd');
preg_match_all('/(.*):(.*)$/msU', $file, $htpassd);
//play games with array_flip or array_slice here to get
//an associative array of $users['username'] = 'password';
//Your login check is then a simple array reference
Did some small code experiments before coming here asking for
advise...
can send you the code I have written if need be...but what i have
found out is with small amounts of data i see no difference in speed
of loggin in using the htpasswd file as the login database..
Whether reading the file or the DB is faster depends totally and your
hardware and network topology between web server and db server, or
lack thereof.
Nothing anybody else can say on this matter has any real meaning.
--
Some people have a gift link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
