ho funzione modificati per utilizzare tutti i tipi di algoritmi cripta. Qualcuno potrebbe trovare utile:
/*
Function change password in htpasswd.
Arguments:
$user > User name we want to change password to.
$newpass > New password
$type > Type of cryptogrphy: DES, SHA, MD5.
$salt > Option: Add your custom salt (hashing string).
Salt is applied to DES and MD5 and must be in range 0-9A-Za-z
$oldpass > Option: Add more security, user must known old password to change it.
This option is not supported for DES and MD5 without salt!!!
$path > Path to .htaccess file which contain the password protection.
Path to password file is obtained from this .htaccess file.
*/
function changePass($user,$newpass,$type="SHA",$salt="",$oldpass="",$path=".htaccess") {
switch ($type) {
case "DES" :
$salt = substr($salt,0,2); //Salt must be 2 char range 0-9A-Za-z
$newpass = crypt($newpass,$salt);
if ($oldpass != null) $oldpass = crypt($oldpass,$salt);
break;
case "SHA" :
$newpass = '{SHA}'.base64_encode(sha1($newpass, TRUE));
if ($oldpass != null) $oldpass = '{SHA}'.base64_encode(sha1($oldpass, TRUE));
break;
case "MD5" :
$salt = substr($salt,0,8); //Salt must be max 8 char range 0-9A-Za-z
$newpass = crypt_apr1_md5($newpass, $salt);
if ($oldpass != null) $oldpass = crypt_apr1_md5($oldpass, $salt);
break;
default :
return false;
break;
}
$hta_arr = explode("\n", file_get_contents($path));
foreach($hta_arr as $line) {
$line = preg_replace('/\s+/','',$line); // remove spaces
if ($line) {
$line_arr = explode('"', $line);
if (strcmp($line_arr[0],"AuthUserFile") == 0) {
$path_htaccess = $line_arr[1];
}
}
}
$htp_arr = explode("\n", file_get_contents($path_htaccess));
$new_file = "";
foreach($htp_arr as $line) {
$line = preg_replace('/\s+/','',$line); // remove spaces
if ($line) {
list($usr, $pass) = explode(":", $line, 2);
if (strcmp($user,$usr) == 0) {
if ($oldpass != null) {
if ($oldpass == $pass) {
$new_file .= $user.':'.$newpass."\n";
} else {
return false;
}
} else {
$new_file .= $user.':'.$newpass."\n";
}
} else {
$new_file .= $user.':'.$pass."\n";
}
}
}
$f=fopen($path_htaccess,"w") or die("couldn't open the file");
fwrite($f,$new_file);
fclose($f);
return true;
}
funzione per la generazione di Apache come MD5:
function crypt_apr1_md5($plainpasswd,$salt=null) {
$tmp = "";
if ($salt == null) $salt = substr(str_shuffle("abcdefghijklmnopqrstuvwxyz"), 0, 8);
$len = strlen($plainpasswd);
$text = $plainpasswd.'$apr1$'.$salt;
$bin = pack("H32", md5($plainpasswd.$salt.$plainpasswd));
for($i = $len; $i > 0; $i -= 16) { $text .= substr($bin, 0, min(16, $i)); }
for($i = $len; $i > 0; $i >>= 1) { $text .= ($i & 1) ? chr(0) : $plainpasswd{0}; }
$bin = pack("H32", md5($text));
for($i = 0; $i < 1000; $i++) {
$new = ($i & 1) ? $plainpasswd : $bin;
if ($i % 3) $new .= $salt;
if ($i % 7) $new .= $plainpasswd;
$new .= ($i & 1) ? $bin : $plainpasswd;
$bin = pack("H32", md5($new));
}
for ($i = 0; $i < 5; $i++) {
$k = $i + 6;
$j = $i + 12;
if ($j == 16) $j = 5;
$tmp = $bin[$i].$bin[$k].$bin[$j].$tmp;
}
$tmp = chr(0).chr(0).$bin[11].$tmp;
$tmp = strtr(strrev(substr(base64_encode($tmp), 2)),
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz/",
"./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");
return "$"."apr1"."$".$salt."$".$tmp;
}
Questo codice funziona davvero correttamente?Non dice "se l'utente memorizzato nel file non corrisponde all'utente fornito dall'input di aggiungere l'utente e la password al file"? – Qullbrune
Se l'utente non corrisponde a quello già nel file non cambierà nulla e dice in alto 'Ofc questo è solo un campione 'significa che non è stato testato, ma la logica è lì e puoi sempre creare un file di test e testare il tuo se stesso. – Prix