Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 9 of 9
  1. #1
    Member tlcook's Avatar
    Join Date
    Nov 2006
    Posts
    38
    Member #
    14386
    How do I decrypt the passwords in the .htpasswd file with a PHP script so I can use them to add/delete users and their passwords?

    cPanel writes to the file and encrypts the passwords. So is this possible?

  2.  

  3. #2
    Senior Member
    Join Date
    May 2003
    Location
    UK
    Posts
    2,354
    Member #
    1326
    Dont think you can alter/open the .htaccess file a webpage, purely for security (what if someone else has acces to your webspace).

  4. #3
    Member tlcook's Avatar
    Join Date
    Nov 2006
    Posts
    38
    Member #
    14386
    "cPanel writes to the file and encrypts the passwords." - Yes, you can. And it's .htpasswd, not .htaccess. Either way...I would like to know how to go about doing this. Thanks for your input though bfsog, no offence

  5. #4
    Senior Member
    Join Date
    May 2003
    Location
    UK
    Posts
    2,354
    Member #
    1326
    Ah sorry, misread.

    Hwever, cPanel is protected, by that I mean there are no files that can be accessed by joe bloggs.

    Though I have never used .htpasswd I rely on databases for user details

  6. #5
    Member tlcook's Avatar
    Join Date
    Nov 2006
    Posts
    38
    Member #
    14386
    Yeah I know. But it's no more protected than a subfolder on a webserver that has a .htaccess authorisation prompt. Without the correct credentials, neither can be accessed by the public.

  7. #6
    Senior Member
    Join Date
    Jun 2005
    Location
    Atlanta, GA
    Posts
    4,146
    Member #
    10263
    Liked
    1 times
    Is there a reason why just reading/writing as usual would not work?

    EDIT: never mind, it's the decryption you're looking for. Sorry. According to this page (man page for the htpasswd program), either MD5 is used (in which case it's impossible to decrypt), or crypt() is used. crypt() seems to use a variant of DES, but, if it's not one-directional like MD5, you'll need to know the salt that was used to encrypt it. That means you can probably encrypt, but you won't be able to decrypt.

  8. #7
    Member tlcook's Avatar
    Join Date
    Nov 2006
    Posts
    38
    Member #
    14386
    Thanks. As long as I can overwrite the current password(s), I am happy I'll play around with crypt() for a bit and see what I can do. Thanks again

  9. #8
    Senior Member
    Join Date
    Jun 2005
    Location
    Atlanta, GA
    Posts
    4,146
    Member #
    10263
    Liked
    1 times
    It might be in your best interest to use the htpasswd executable via a shell call from within PHP, if that is permitted on your webserver, as I'm not 100% sure whether htpasswd has its own salt or what.

  10. #9
    Member tlcook's Avatar
    Join Date
    Nov 2006
    Posts
    38
    Member #
    14386
    It's not permitted Looks like I'll have to start using MySQL databases :P Thanks for your help though


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 11:43 PM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com