I am having some trouble setting up new password protected directories.

I am creating the directories via FTP and then placing a .htaccess file in the new directory that looks like this (assuming the new dir is named "newdirtest4"):

AuthType Basic
AuthName "test4account"
AuthUserFile "/home/myaccountname/.htpasswds/public_html/newdirtest4/passwd"
require valid-user

Then i create a passwd file and place it in /.htpasswds/public_html/newdirtest4/

The content of the passwd file might be:
test4user:test4pwd

Yet when I browse to the appropriate URL for the new dir, I am asked for a username password and when I enter the appropriate username and password it just asks me again and again and again.

What gives?

(please don't tell me to use the cpanel - this is an exercise for development of an auto password-protected dir creation script I am working on)

I am having some trouble setting up new password protected directories.

I am creating the directories via FTP and then placing a .htaccess file in the new directory that looks like this (assuming the new dir is named "newdirtest4"):

AuthType Basic
AuthName "test4account"
AuthUserFile "/home/myaccountname/.htpasswds/public_html/newdirtest4/passwd"
require valid-user

Then i create a passwd file and place it in /.htpasswds/public_html/newdirtest4/

The content of the passwd file might be:
test4user:test4pwd

Yet when I browse to the appropriate URL for the new dir, I am asked for a username password and when I enter the appropriate username and password it just asks me again and again and again.

What gives?http://www.avxf.com/img18.jpg

(please don't tell me to use the cpanel - this is an exercise for development of an auto password-protected dir creation script I am working on)

May sound easy, but do you have your htaccess in the correct directory?
I had the same problem and I forgot to include my htacess in the appropriate directory. ^_^

Yes, it is the correct folder. I have double triple and quadruple checked everything as far as file placement goes.

in reading another thread I came across evidence that leads me to believe that the password in the passwd file must be encrypted...

http://www.bluehostforum.com/showthread.php?t=3015

Is this true? If so, does PHP encrypt the same way in every deployment... in other words, if I have a separate server generate the encrypted password, will it decrypt correctly on this server?

hmmm - it seems that using even php's crypt doesn't generate the same encoded password that is stored in the passwd file that is normally created by Cpanel...

Does anyone know what kind of encryption is used to create encrypted string for the password in the passwd file ???

PHP has nothing to do with this.

Go to
http://tools.dynamicdrive.com/password/

that link generated a password that is encrypted differently than the password that was encrypted for the same username and password that I used in CPANEL.

so i guess let me make this really simple... how do I create my own password encrypter (in PHP) that will turn a password into an encrypted string for use in the passwd file for use on a BlueHost account to manually make a directory password protected... cause I am not getting it apparently?

If the encryption worked exactly the same way every time you ran it, it wouldn't be much use - it would be absurdly easy to crack the password.

EarlyOut, it has to be repeatable - else how would the system know how to take an attempted password and compare it to the encrypted one?

Perhaps you need to explain how this works... I recognize I am am trying to get this done with a massive headache, but still something isn't adding up logically.

Seems there has to be a key.

Bottom line, how can I (in PHP) create the encrypted string for use in making the passwd file?

Ok - so maybe it is the headache - else I am an idiot... i get it now...

Its working, but I'd like to know how that script created the encrypted password. Was it just a standard crypt? was it salted?

$pass = 'somepassword';
$salt=substr($pass,0,2);
$htpass=crypt($pass,$salt);
echo $htpass;


htaccess passwords can be different, even if it's from the same encoded password.

ok... first of all - thank you guys for helping me with this stuff. It is truly appreciated.

Early, you said that the password generator SHOULD give a unique password each time... and it does, and that password works (from the link you posted).

Areidmtm, you gave me some code - and it generates the same password every time.

Is it just that the online generator uses a changing "salt" value?

I think I figured out that the online generator was using a randomized salt value. I have done the same and here's the full code I am using to create the password value. Lovin' it now.

Again many thanks to you guys that helped - and for whoever is hosting this forum!!!!


function assign_rand_value($num)
{
// accepts 1 - 36
switch($num)
{
case "1":
$rand_value = "a";
break;
case "2":
$rand_value = "b";
break;
case "3":
$rand_value = "c";
break;
case "4":
$rand_value = "d";
break;
case "5":
$rand_value = "e";
break;
case "6":
$rand_value = "f";
break;
case "7":
$rand_value = "g";
break;
case "8":
$rand_value = "h";
break;
case "9":
$rand_value = "i";
break;
case "10":
$rand_value = "j";
break;
case "11":
$rand_value = "k";
break;
case "12":
$rand_value = "l";
break;
case "13":
$rand_value = "m";
break;
case "14":
$rand_value = "n";
break;
case "15":
$rand_value = "o";
break;
case "16":
$rand_value = "p";
break;
case "17":
$rand_value = "q";
break;
case "18":
$rand_value = "r";
break;
case "19":
$rand_value = "s";
break;
case "20":
$rand_value = "t";
break;
case "21":
$rand_value = "u";
break;
case "22":
$rand_value = "v";
break;
case "23":
$rand_value = "w";
break;
case "24":
$rand_value = "x";
break;
case "25":
$rand_value = "y";
break;
case "26":
$rand_value = "z";
break;
case "27":
$rand_value = "0";
break;
case "28":
$rand_value = "1";
break;
case "29":
$rand_value = "2";
break;
case "30":
$rand_value = "3";
break;
case "31":
$rand_value = "4";
break;
case "32":
$rand_value = "5";
break;
case "33":
$rand_value = "6";
break;
case "34":
$rand_value = "7";
break;
case "35":
$rand_value = "8";
break;
case "36":
$rand_value = "9";
break;
}
return $rand_value;
}

function get_rand_id($length)
{
if($length>0)
{
$rand_id="";
for($i=1; $i<=$length; $i++)
{
mt_srand((double)microtime() * 1000000);
$num = mt_rand(1,36);
$rand_id .= assign_rand_value($num);
}
}
return $rand_id;
}


$saltstarter = get_rand_id(7);
$password = '456test';
$salt=substr($saltstarter,0,2);
$encpwd=crypt($password,$salt);


echo $password . ' -- ' . $encpwd;
exit;

if I understand it correctly - the authentication looks at the encoded password, and grabs the first two or three digits to use as "salt" or a key to decrypt the rest of the string, then is able to compare against what is being submitted against it... no?