ozanhazer/php-htpasswd

A lightweight - single class - library to read and write htpasswd. You can add or delete users or you can update their passwords...

Maintainers

Details

github.com/ozanhazer/PHP-Htpasswd

Homepage

Source

Issues

Installs: 6 450

Dependents: 0

Suggesters: 0

Security: 0

Stars: 40

Watchers: 4

Forks: 12

Open Issues: 0

v1.0.0 2022-02-02 11:37 UTC

Requires

  • php: ^7.2|^8.0

Requires (Dev)

MIT bc41bb73c22a8ec534dea6bae46a78a21fd92306

  • M.Ozan Hazer <ozanhazer.woop@gmail.com>

phphtpasswd

This package is auto-updated.

Last update: 2024-05-29 03:27:34 UTC

README

Unit Tests

PHP Htpasswd writer for Apache. You can add or delete users, or update their passwords.

Features

  • Supports crypt, md5 and sha1 algorithms
  • Locks the htpasswd file to prevent conflicts while writing.
  • Throws an error on invalid usernames.
  • Unit tested.
  • Whole htpasswd file is read into the memory so be careful if you have lots of users (In fact you should consider a different kind of authentication mechanism if you have that many users)

Usage

Install: composer require ozanhazer/php-htpasswd

$htpasswd = new Htpasswd('.htpasswd');
$htpasswd->addUser('ozan', '123456');
$htpasswd->updateUser('ozan', '654321');
$htpasswd->deleteUser('ozan');

Apache htpasswd can be encrypted in three ways: crypt (unix only), a modified version of md5 and sha1. You can define the encryption method when you're setting the password:

$htpasswd->addUser('ozan', '123456', Htpasswd::ENCTYPE_APR_MD5);
$htpasswd->addUser('ozan', '123456', Htpasswd::ENCTYPE_SHA1);

(Yes, you may use different algorithms per user in the same passwd file...)

See the Apache documentation for encryption details.

Tips

  • Do not prefer ENCTYPE_CRYPT on Windows servers since it's not available on Windows by default.
  • ENCTYPE_CRYPT passwords are limited to 8 characters and extra characters will be ignored so the library will trigger a notice if long passwords are provided.