Apache user name and password verification

Apache built-in user authentication mechanism, by opening AllowOverride In the httpd. conf file
Authconfig enables Apache permission authentication. In this way, a logon verification box similar to the following will pop up when you access the Apache server. After the verification is passed, you can continue to access the page.

However, we usually need to configure and modify the password on the web page. How can I change the password on the page?

The. htaccess file can be used for Password Authentication in Apache .. The content of the htaccess file is as follows:

AuthType BasicAuthName "firehood web server"AuthUserFile "D:/Program Files/Apache Software Foundation/Apache2.2/user.passwd"require valid-user

In this example, authuserfileis the directory of the saved user name and password file, which can be generated through the htpasswd.exe tool under the appachedirectory.

Save the. htaccess file to the Web virtual directory. You can use the. htaccess file to change the password. The following is the PHP interface for password modification, which supports three encryption algorithms: MD5, Sha, and DES. The salt must be specified when the encryption algorithm uses MD5 or DES.

<?php/*Function change password in htpasswd.Arguments:$user    > User name we want to change password to.$newpass > New password$type    > Type of cryptogrphy: DES, SHA, MD5. $salt    > Option: Add your custom salt (hashing string).            Salt is applied to DES and MD5 and must be in range 0-9A-Za-z$oldpass > Option: Add more security, user must known old password to change it.            This option is not supported for DES and MD5 without salt!!!$path    > Path to .htaccess file which contain the password protection.            Path to password file is obtained from this .htaccess file. */  function changePwd($user,$newpass,$oldpass="",$type="SHA",$salt="",$path=".htaccess") {  switch ($type) {    case "DES" :    $salt = substr($salt,0,2);  //Salt must be 2 char range 0-9A-Za-z    $newpass = crypt($newpass,$salt);    if ($oldpass != null) $oldpass = crypt($oldpass,$salt);    break;    case "SHA" :    $newpass = '{SHA}'.base64_encode(sha1($newpass, TRUE));    if ($oldpass != null) $oldpass = '{SHA}'.base64_encode(sha1($oldpass, TRUE));    break;    case "MD5" :    $salt = substr($salt,0,8);  //Salt must be max 8 char range 0-9A-Za-z    $newpass = crypt_apr1_md5($newpass, $salt);    if ($oldpass != null) $oldpass = crypt_apr1_md5($oldpass, $salt);    break;    default :    return 0;    break;  }  $hta_arr = explode("\n", file_get_contents($path));    foreach($hta_arr as $line) {    $line = trim($line); // remove spaces    if ($line) {      $line_arr = explode(' ', $line, 2);      if (strcmp(trim($line_arr[0]," "),"AuthUserFile") == 0) {        $path_htaccess = trim($line_arr[1]," ");        $path_htaccess = trim($path_htaccess,"\"");      }       }  }    //echo $path_htaccess;   $htp_arr = explode("\n", file_get_contents($path_htaccess));  $new_file = "";  foreach($htp_arr as $line) {    $line = trim($line); // remove spaces    if ($line) {      list($usr, $pass) = explode(":", $line, 2);      if (strcmp($user,$usr) == 0) {        if ($oldpass != null) {          if ($oldpass == $pass) {            $new_file .= $user.':'.$newpass."\n";          } else {            return -1;          }        } else {          $new_file .= $user.':'.$newpass."\n";        }      } else {        $new_file .= $user.':'.$pass."\n";      }       }  }   $f=fopen($path_htaccess,"w") or die("couldn't open the file");  fwrite($f,$new_file);  fclose($f);  return 1;}  function crypt_apr1_md5($plainpasswd,$salt=null) {    $tmp = "";  if ($salt == null) $salt = substr(str_shuffle("abcdefghijklmnopqrstuvwxyz0123456789"), 0, 8);  $len = strlen($plainpasswd);  $text = $plainpasswd.'$apr1$'.$salt;  $bin = pack("H32", md5($plainpasswd.$salt.$plainpasswd));  for($i = $len; $i > 0; $i -= 16) { $text .= substr($bin, 0, min(16, $i)); }  for($i = $len; $i > 0; $i >>= 1) { $text .= ($i & 1) ? chr(0) : $plainpasswd{0}; }  $bin = pack("H32", md5($text));  for($i = 0; $i < 1000; $i++) {      $new = ($i & 1) ? $plainpasswd : $bin;      if ($i % 3) $new .= $salt;      if ($i % 7) $new .= $plainpasswd;      $new .= ($i & 1) ? $bin : $plainpasswd;      $bin = pack("H32", md5($new));  }  for ($i = 0; $i < 5; $i++) {      $k = $i + 6;      $j = $i + 12;      if ($j == 16) $j = 5;      $tmp = $bin[$i].$bin[$k].$bin[$j].$tmp;  }  $tmp = chr(0).chr(0).$bin[11].$tmp;  $tmp = strtr(strrev(substr(base64_encode($tmp), 2)),  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",  "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");  return "$"."apr1"."$".$salt."$".$tmp;}?>

Reference: http://stackoverflow.com/questions/2994637/how-to-edit-htpasswd-using-php