How to generate .htpasswd under PHP

Question

Im trying to generate long htpasswd file with a lot of users (100+).

My DirectAdmin panel on linux server generates htpasswd file with password hashes starting with $1$.

I tried something like this:

function random_salt($length = 9) // 9 characters and $1$ = 12 characters
{      
    $chars = 'bcdfghjklmnprstvwxzaeiou';

    for ($p = 0; $p < $length; $p++)
    {
        $result .= ($p%2) ? $chars[mt_rand(19, 23)] : $chars[mt_rand(0, 18)];
    }

    return $result;
}

echo crypt($myplainpassword, "$1$".random_salt());

It produces hash which starts with $1$, but server doesnt let me in. My passwords are 4-digit random "pin codes" generated in excel. Examples:

1215 5325 6261

What im doing wrong?

I agree with Petah - there probably is a better way to secure a resource rather than using htpasswd. — petr, May 08 '12 at 11:24
Also, please add more details about your setup - I am only assuming that you are using apache? — petr, May 08 '12 at 11:24
Im using $1$ as part of salt because i read somewhere that apache needs md5 salt like this. — Kamil, May 08 '12 at 11:29
Perhaps http://www.php.net/manual/de/function.crypt.php#73619 provides some insight. — Woutifier, May 08 '12 at 11:51
Duplicate with : http://stackoverflow.com/questions/8275051/create-new-http-auth-credentials-using-php-instead-of-shell — Mike Castro Demaria, Sep 22 '12 at 21:52

score 1 · Answer 1 · answered Sep 10 '15 at 23:34

This how I generate the .htpasswd passwords...

$new_password = password_hash($old_password, PASSWORD_BCRYPT);

password_hash() creates a new password hash using a strong one-way hashing algorithm. password_hash() is compatible with crypt(). Therefore, password hashes created by crypt() can be used with password_hash().

The following algorithms are currently supported:

PASSWORD_BCRYPT - Use the CRYPT_BLOWFISH algorithm to create the hash. This will produce a standard crypt() compatible hash using the "$2y$" identifier. The result will always be a 60 character string, or FALSE on failure. Supported Options:

http://php.net/manual/en/function.password-hash.php

score 0 · Answer 2 · answered May 08 '12 at 11:19

0

I would recommend looking into the exact way how the hashes are generated. If you create a hash using your method, does it look the same as the one generated by DirectAdmin?

In general, I have previously used this to generate the entries.

answered May 08 '12 at 11:19

petr

2,554
3
20
29

Solution from that link doesnt work. I tried this. Hash generated from code that i pasted looks similar to that from DirectAdmin, but its not the same value. Salt is random, so i think its impossible to get same value... – Kamil May 08 '12 at 11:23

How to generate .htpasswd under PHP

2 Answers2