Trying to set up a register and login with htaccess 1

[walks]

First off I hope this is possible. My php script seems to be writing to the htpasswd file in the directory I want to protect.

First here is the htaccess file

AuthUserFile /home/******/

http://www/www/protected/.htpasswd

AuthName "Members Only"
AuthType Basic
require valid-user

I made a blank htpasswd file and put it in the same directory chmoding it 777

Then inserted the following PHP script into the page I want people to sign up on.

<?php

if ($submit) //if the form has been submitted
{
if (!$nick || !$email || !$password || !$password2)
//if any of the fields were not filled in
{
$error = "All fields are required. Check input and try again"; //set error
} else {
if ($password != $password2) //if the passwords do not match
{
$error = "Passwords do not match."; //set error
} else //if everything went smoothly
{ //process form
$fp = fopen("/home/******/

http://www/www/protected/.htpasswd",

"a");
//open file, chage this to the path
//to your .htpasswd. The a says to
//"append" to the end of the file.
fwrite($fp, "$nick:" . crypt($password) );
//write to the htpasswd file
fclose($fp);

?>
Information successfully entered. You are now registered.
<?php
}
}
}

if (!$submit || $error)
//if the form has NOT been submitted or if there is an error
{
//display form

?>
<br>
<?php if ($error){ printf("<font color=FF0000>%s</font>", $error); } ?> <!--
//if there is an error print it -->
<form method="post" action="<?php echo $PHP_SELF?>">
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>Nick</td>
<td><input type="Text" name="nick" maxlength="25" width="25"
<?php if ($nick){ printf("value=%s", $nick);}?>></td>
</tr>
<td>E-mail</td>
<td><input type="Text" name="email" maxlength="50" width="25"
<?php if ($email){ printf("value=%s", $email);}?>></td>
</tr>
<td>Password</td>
<td><input type="Password" name="password" maxlength="25" width="25"></td>
</tr>
<td>Password Again</td>
<td><input type="Password" name="password2" maxlength="25" width="25"></td>
</tr>
</table>
<br>
<input type="submit" name="submit" value="Join">
</form>
<?php
} //end if statement

?>

I still cannot use the newly entered password and username to access the protected directory, does anyone have any suggestions?

 

[sleipnir214]

You're trying to do multiple layers of authentication at once.

When a browser tries to connect to content inside a .htaccess-protected directory, the authentication requirements of the .htaccess system. This is before Apache ever attempts to run your script.

If your .htpasswd file is empty, there is no such thing as a valid user. And only valid users can actually run your script.

I recommend that you have exactly one of Apache or PHP handle user authentication. If you let Apache do it with Basic authentication and if PHP is run as a module, the user's login credentials, once he has successfully logged in to Apache, will be available to PHP.



Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[walks]

Maybe its to late in the day for me but Im not sure I understand.

The register box is done on the main page, and when I fill out the form it works and sends it to the htpasswd file. I've opened that file and see the username and a long encrypted password file. I have three html files in a directory on my server with an htaccess file in. When you click on the link from the main page the login box pops up obviously. However I've tried two usernames and passwords (both were in the htpasswd) and neither worked.

Will htaccess and htpasswd not work for this type of thing? Should I just download a PHP script that handles this?

 

[sleipnir214]

Oh, so the above script is not itself protected by the .htaccess file?


Are you using the correct hashging algorithm? If you create a user through your script or create a user from the server console using the htpasswd app, do you get the same kind of entry in the .htpasswd file?


Why not just run the htpasswd app as an external app from PHP?



Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[walks]

No both the htpasswd and htaccess are located in a directory called protected, while this script is being run outside of it on the main page.

Havent tried making a pass or user through the server console as Im kind of a newb when it comes to all this stuff. All I really know is when you click the send registration button on the main page it writes to the htpasswd file in the protected directory.

 

[sleipnir214]

I understand it writes information to the file. The question I'm asking is, "Does it write the correct information to the file?"

You're using PHP's crypt() function to hash the passwords. What if Apache requires md5() or some other algorith? But actually creating one with the htpasswd command, you can know what you have to match in your code.

For information on how to use the htpasswd app:

http://httpd.apache.org/docs-2.0/programs/htpasswd.html

Want the best answers? Ask the best questions!

TANSTAAFL!!