Apache内置用户验证机制,通过打开httpd.conf文件中的 AllowOverride AuthConfig便可以开启apache权限认证功能。这样在访问apache服务器的页面时,会弹出一个类似如下的登录验证框,验证通过后才能继续访问页面。
但我们一般还需要在web页面中对密码进行配置和修改。那么如何通过页面修改密码呢?
Apache中的密码认证可以利用.htaccess文件来进行操作。.htaccess文件参考内容如下:
AuthType Basic
AuthName "firehood web server"
AuthUserFile "D:/Program Files/Apache Software Foundation/Apache2.2/user.passwd"
require valid-user
其中,AuthUserFile为保存的用户名密码文件所在的目录,该文件可通过appache目录下自带的htpasswd.exe工具生成。
将.htaccess文件文件保存到web虚拟目录下。修改密码可以直接借助.htaccess文件进行操作。以下是修改密码的php接口,支持MD5、SHA、DES三种加密算法。其中加密算法采用MD5或DES时需要指定salt。
<?php
/*
Function change password in htpasswd.
Arguments:
$user > User name we want to change password to.
$newpass > New password
$type > Type of cryptogrphy: DES, SHA, MD5.
$salt > Option: Add your custom salt (hashing string).
Salt is applied to DES and MD5 and must be in range 0-9A-Za-z
$oldpass > Option: Add more security, user must known old password to change it.
This option is not supported for DES and MD5 without salt!!!
$path > Path to .htaccess file which contain the password protection.
Path to password file is obtained from this .htaccess file.
*/
function changePwd($user,$newpass,$oldpass="",$type="SHA",$salt="",$path=".htaccess") {
switch ($type) {
case "DES" :
$salt = substr($salt,0,2); //Salt must be 2 char range 0-9A-Za-z
$newpass = crypt($newpass,$salt);
if ($oldpass != null) $oldpass = crypt($oldpass,$salt);
break;
case "SHA" :
$newpass = '{SHA}'.base64_encode(sha1($newpass, TRUE));
if ($oldpass != null) $oldpass = '{SHA}'.base64_encode(sha1($oldpass, TRUE));
break;
case "MD5" :
$salt = substr($salt,0,8); //Salt must be max 8 char range 0-9A-Za-z
$newpass = crypt_apr1_md5($newpass, $salt);
if ($oldpass != null) $oldpass = crypt_apr1_md5($oldpass, $salt);
break;
default :
return 0;
break;
}
$hta_arr = explode("\n", file_get_contents($path));
foreach($hta_arr as $line) {
$line = trim($line); // remove spaces
if ($line) {
$line_arr = explode(' ', $line, 2);
if (strcmp(trim($line_arr[0]," "),"AuthUserFile") == 0) {
$path_htaccess = trim($line_arr[1]," ");
$path_htaccess = trim($path_htaccess,"\"");
}
}
}
//echo $path_htaccess;
$htp_arr = explode("\n", file_get_contents($path_htaccess));
$new_file = "";
foreach($htp_arr as $line) {
$line = trim($line); // remove spaces
if ($line) {
list($usr, $pass) = explode(":", $line, 2);
if (strcmp($user,$usr) == 0) {
if ($oldpass != null) {
if ($oldpass == $pass) {
$new_file .= $user.':'.$newpass."\n";
} else {
return -1;
}
} else {
$new_file .= $user.':'.$newpass."\n";
}
} else {
$new_file .= $user.':'.$pass."\n";
}
}
}
$f=fopen($path_htaccess,"w") or die("couldn't open the file");
fwrite($f,$new_file);
fclose($f);
return 1;
}
function crypt_apr1_md5($plainpasswd,$salt=null) {
$tmp = "";
if ($salt == null) $salt = substr(str_shuffle("abcdefghijklmnopqrstuvwxyz0123456789"), 0, 8);
$len = strlen($plainpasswd);
$text = $plainpasswd.'$apr1$'.$salt;
$bin = pack("H32", md5($plainpasswd.$salt.$plainpasswd));
for($i = $len; $i > 0; $i -= 16) { $text .= substr($bin, 0, min(16, $i)); }
for($i = $len; $i > 0; $i >>= 1) { $text .= ($i & 1) ? chr(0) : $plainpasswd{0}; }
$bin = pack("H32", md5($text));
for($i = 0; $i < 1000; $i++) {
$new = ($i & 1) ? $plainpasswd : $bin;
if ($i % 3) $new .= $salt;
if ($i % 7) $new .= $plainpasswd;
$new .= ($i & 1) ? $bin : $plainpasswd;
$bin = pack("H32", md5($new));
}
for ($i = 0; $i < 5; $i++) {
$k = $i + 6;
$j = $i + 12;
if ($j == 16) $j = 5;
$tmp = $bin[$i].$bin[$k].$bin[$j].$tmp;
}
$tmp = chr(0).chr(0).$bin[11].$tmp;
$tmp = strtr(strrev(substr(base64_encode($tmp), 2)),
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");
return "$"."apr1"."$".$salt."$".$tmp;
}
?>
参考文章:
http://stackoverflow.com/questions/2994637/how-to-edit-htpasswd-using-php