[flashing frank]

because of a ****ing stupid mistake my .htpasswd file was deleted.

i have a backup file containing all usernames and passwords. the problem is that that the passwords aren´t encrypted.

what would be the best way to encrypt over 2000 passwords.
the scripts i found on the net are only able to encrypt one username, password combination at a time. This would take me a month to do....

i hope someone can help me

greetz
ff

[Bonzo]

I would have thought there would be a way of doing it in php using a "loop".

I am not an expert at php but can you put a link to one of the scripts you found and I will take a look.

Anthony

[cshark]

Do they all have the same encryption key?

Once you have something that will encrypt passwords, just apply a loop. If I were doing it, I would create an access database for the task, and encrypt them using a module through a query. That would give you a straight list, and you could work from there. There are a few access modules out there for free that do simple encryption. Mind you, this only works if you know what encryption shceme was used in the first place, they all have the same key, or if you know what they encryption key is. You might need a third field of encryption keys if that's the case.

[Bonzo]

Just done a quick search - can't do any more as left my glasses at work and my eyes are starting to hurt !!

I think the below is the sort of thing you could use, If your backup is im a Mysql database you could put all the usernames into an array and then loop through generating and saving the details.

Anthony

PHP Code:

// Found on the devshed forum.



$file = '.htpasswd';



// Read the file into the array $passwords

// This part is not necessary if you don't have an existing .htpasswd and want to create a new one.

$lines = file($file);

foreach($lines as $nokey => $line)

{

$array = explode(':',$line);

$user = $array[0];

$password = chop($array[1]);

$passwords[$user] = $password;

}

// Now you have the array $passwords with the users as keys and the (encrypted) passwords as values.



// Add a user

$newuser = 'foo';

$newpass = 'bar';

// Next part to generate a random salt with letters and/or numbers

mt_srand((double)microtime()*1000000);

$chars = array_merge(range('a','z'),range('A','Z'),range(0,9));

for($i=0;$i<2;$i++)

{

$salt .= $chars[mt_rand(0,count($chars)-1)];

}

// Salt $salt created

// Now add the user

$passwords[$newuser] = crypt($newpass,$salt);

// Now the array $passwords contains the existing users and (encrypted) passwords from the file and the new user (and the encrypted password).



// Delete a user

$deleteuser = 'foobar';

unset($passwords[$deleteuser]);



// Update the file

$filehandle = fopen($file,'w');

foreach($passwords as $user => $password)

{

fputs($filehandle, "$user:$password\n");

}

fclose($filehandle); 

[cshark]

That's neat.
Mind if I borrow it?

But still doesn't answer the question of what scheme he's using. There are several available for php. I've seen encryption in php using everything from m3 to enigma. They don't all work the same way. And it really depends on what application he's using, and how it was designed.

[Bonzo]

Yes you can have it although it is not my code - came off the devshed forum!

I did not realy know about the different coding for htaccess; I had asumed it was all the same. I learn something new everyday.

Off to buy some cheap glasses from the supermarket so I can read better.

Anthony

[cshark]

Probably not a bad idea.
I think you were right the first time.
I shouldn't be giving advice about php anyway.

I'll do the same.
I wonder if they have them in that big gramma size....

Thanks again.

cheers!