Verifing username and passwords from .htpasswd


I am having problems reading my .htpasswd file, or I think I am. I borrowed this PHP Script from a zend.com
article. But I am getting a false value and not a true value.

PHP Code: $auth=false;
$PHP_AUTH_USER='dotcomtim';
$PHP_AUTH_PW='dotcomtim';

if(isset($PHP_AUTH_USER)&&isset($PHP_AUTH_PW))
{
\t\t$filename='/www/passwords/.htpasswd';
\t\t$fp=fopen($filename,'r');
\t\t$file_contents=fread($fp,filesize($filename));
\t\tfclose($fp);

\t\t$lines=explode("\n",$file_contents);

\t\tforeach($linesas$line)
\t\t{
\t\t\t\tlist($username,$password)=explode(':',$line);
\t\t\t\tif($username=="$PHP_AUTH_USER")
\t\t\t\t{
\t\t\t\t\t$salt=substr($password,0,2);
\t\t\t\t\t$enc_pw=crypt($PHP_AUTH_PW,$salt);

\t\t\t\t\t\tif($password==$enc_pw)
\t\t\t\t\t\t{
\t\t\t\t\t\t\t\t$auth=true;
\t\t\t\t\t\t\t\tbreak;
\t\t\t\t\t\t}
\t\t\t\t}
\t\t}
}


I have debugged the script, and it does read and correct values.
print $salt = substr($password, 0, 2); produces 65 and
print $enc_pw = crypt($PHP_AUTH_PW, $salt); produces 65ryKu/IcagR2

In my .htpasswd file I have
dotcomtim:65ryKu/IcagR2

So if the following script above looks like it can find the salt from the password
and generate the correct matching password for the username shouldn't I get a true value
Posted On: Wednesday 24th of October 2012 12:32:25 AM Total Views:  312
View Complete with Replies

RELATED TOPICS OF PHP PROGRAMMING LANGUAGE