0

PHP offers the possibility to use HTTP-Authentication.

However, it is difficult to use .htpasswd-files.

There are scripts to check the .htpasswd file within php (for example this one). However, these scripts are quite complex and most of them don't support all relevant encryption types (like MD5 which is the default used by the program htpasswd).

With a standard .htaccess file it is much easier (just AuthUserFile <.htpasswd-file> is needed).

However, I would like to avoid an explicit .htaccess file and use php instead.

Is there an easy way to check a .htpasswd-file using php? Can php perhaps "ask" apache if access should be granted?

4

1 に答える 1

2

I doubt that there is direct way to ask apache for authenticating user, but there are few workarounds for it:

  1. implement missing algos for yourself: APR1-MD5, SHA
  2. Use with shell_exec("htpasswd -nb $user $password") to generate hash and check in .htpasswd file
  3. Setup virtual server on internal interface that uses .htpasswd file to authenticate and perform curl call (with user credentials) to it, checking response header (200 for authorized, 4xx for not authorized)
于 2012-06-04T21:15:49.180 に答える