htpasswd problem

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Oops ‹ must change nick. I see there is another "Happy" already in here.

Hello folks. My colleague and I are unable to figure out what is wrong
with some code. We can't make it do what we want. Perhaps some kind
person can help please.

I run a particular pay-to-view web site. For credit card processing, we
signed on with PayPal.

The process is generally working ok. An interested person clicks the
"join" button on the site and is transported to PayPal where he enters
his card data and so on.

PayPal generates access codes for the new member and emails them to
him. PayPal also sends us an email announcing a new join.

The problem is that, so far, I must update the .htpasswd file manually
to liven up access to the member area.

My colleague has good PHP skills and has written code to try to enable
PayPal to update the file automatically but all attempts fail so far.
The relevant section of the code is reproduced below. (This is not the
entire file, only the reelvant lines.)

We have proper permissions to write to the .htaccess file (777)



$username = $_POST['username'];
$password = $_POST['password'];

$filename = '.htpasswd';

$pass = crypt($password, substr($password, 0, 2));

$pwf = $username.":".$pass;

if ($pwf) {

  $fp = fopen($filename, 'a');
  $pwf = $pwf."\n";
  fputs($fp, $pwf, strlen($pwf));

  $fp = fopen($filename, 'r');



Re: htpasswd problem

Hello --

I'm a little confused as to what the specific problem is.  Is it that
you cannot write to the file at all, or that when you do write to the
file, all you see is a bunch of colons?

The one thing that does stand out as problematic about the code is
that, as written, the variable $pwf will always evaluate as "true."  So
the username and password could be blank, and the script would still
write to the .htpasswd file.

Perhaps a more detailed explanation of the problem would help us to get
you on the right track....  :)


PeacePipe wrote:
Quoted text here. Click to load it

Re: htpasswd problem

Quoted text here. Click to load it

Thank you, Geoffrey. I'll post a more-detailed description in about 12
hours when my colleague returns.

Re: htpasswd problem

Quoted text here. Click to load it
Hmm, permissions is 777 ... you are running on Lunux. You must use htpasswd
linux command instead to direct writing to file because passwords in
.htpasswd file are crypted.  Run it as shell_exec() in your PHP code. For
more info use "man htpasswd".


Petr Vileta, Czech republic
(My server rejects all messages from Yahoo and Hotmail. Send me your mail
from another non-spammer site please.)

Re: htpasswd problem

Quoted text here. Click to load it

Peter, you and Geoffrey are very kind to reply.  

My colleague and I are in Germany, same time-zone as you. I promised
Geoffrey a more-detailed post when my colleague returns, which should
be tonight.

The reason I don't post is because I'm a PHP moron. I know nothing
about it. My friend is not an expert but he's very good. English is not
his native language though, so I'm the one doing the typing. (Also,
he's a usenet newbie and I'm not.)

His brother _is_ a PHP expert and the two of them will have a
conversation later today.

Meanwhile, pehaps I can contribute some non-technical detail.

I run a pay-to-view web site. It's been live for over ten years. When I
started, I had no difficulty getting a merchant account with my bank
and a contract with a payment gateway so I could process credit card
transactions online, automatically.

Time passes. Other, less-reputable webmasters start to rort the system.
(An Australian invented word similar to "rip off") This spoils things
for the good guys. The card companies introduce new protocols for
card-not-present transactions. Many pay-to-view webmasters cannot

We were caught up in the general confusion. We lost our processing
facilities and set about structuring alternative solutions.

PayPal is such a solution so we started with them. An intending member
finds himself first on our "join" page where he reads the terms. Then
he clicks ahead and is moved to the PayPal site.

There, he enters card details and other obvious information. PayPal
then charges his card. If that works ok they send him an email
containing username and password that PayPal's server generates. Copy
to us so we know we have a new member.

At that point we must manually add the pair of access codes to the
.htpasswd file that is in the member area on the web site. We think it
should be easy to have PayPal's server do that automatically.

Apparently, it _is_ possible to do but my colleague sees some security
weaknesses. He wants to make it harder or impossible for a hacker to
break in. To do that, he must ignore how PayPal would normally do it.
We don't want PayPal to write direct to the .htpasswd file.

He knows how he wants to do it. I believe it involves getting PayPal's
server to access, not the .htpasswd file direct but, instead, another
file that we will place on our web site, elsewhere than directly in the
member folder, where the .htaccess and .htpasswd files reside.

I think the problem code is meant to be on that other file. He wants
PayPal to write to a special file then have that special file make the
necessary update to the .htpasswd file.

I hope that is helpful background. As soon as my guy returns, he can
dictate more info.

Re: htpasswd problem

PeacePipe wrote:
Quoted text here. Click to load it

Rather than trying to keep your .htaccess and/or .htpasswd up to date,  
use a database for authentication.  Much easier.  mod_auth_mysql (on can do it for mysql.

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Re: htpasswd problem

Quoted text here. Click to load it

Hello Jerry, thanks for the comment.

My colleague has returned and he has the solution. PayPal first sends
data to a file running on one server and that server then sends data to
the file I mentioned earlier. My first post assumed that there was an
error in this second file but now it appears the but is in the first
file. All appears to be solved. Thank you all very much. What a
friendly community.

Re: htpasswd problem

PeacePipe wrote:
Quoted text here. Click to load it

Fine, if it works, but I would strongly echo Jerry's suggestion: you are  
keeping your user database scattered around many individual files,  
rather than in a database where you can manage it readily.


Site Timeline