[thelist] crypt, salt, and htaccess

Keith cache at dowebscentral.com
Thu Jan 2 16:06:10 CST 2003


At 11:18 AM Thursday 1/2/2003, you wrote:


>But I can't see how to tell Apache what the *salt* is. How can Apache
>encrypt an entered password and see if it matches the stored password,
>if it doesn't know what salt was used?

To create a password file entry using form field PASSWORD

$salt=substr($PASSWORD,0,2);
$password=crypt($PASSWORD,$salt);

$entry=$username:$password

Basic Authentication will use the same sequence to generate $password to
check for a match. If you want to roll your own match instead of using
Basic Authentication use:

$salt=substr($PASSWORD,0,2);
$passwordA=crypt($PASSWORD,$salt);

($username,$passwodB)=split(/:/);
if($passwordA eq $passwordB){do_a_thingy}



Keith
====================
cache at dowebscentral.com




More information about the thelist mailing list