login to password protected directories

[red_bull_NRG]

Hello everyone,

I have a question. How could I create a php script that when a user logs in, it will log them into a password protected directory and let them view the files. I want to use this as a upload kind of thing, so the user can upload files and delete files, but they're all on the user's personal directory that is password protected. Please help me with this Thanks in advance!

[kows]

it might be simpler to use an htaccess file (or its equivalent) to password protect anything effectively, and then use php and a database to keep track of and manage their files. you could look into how to do that with htaccess here.

[red_bull_NRG]

okay, I now know how to create the .htaccess file, but how could i have a php script that will create a directory, and write the username and password in .htpasswd file and set the path in the .htaccess file. Thanks for the help!

[kows]

you can use the crypt() function to create password hashes for use in the htpasswd file:

PHP Code:

<?php
// Set the password
$password = 'mypassword';

// Get the hash, letting the salt be automatically generated
$hash = crypt($password);
?>

the mkdir() function for making a directory:

PHP Code:

<?php
  mkdir("/path/to/my/dir", 0700);
?>

and the fopen/fwrite functions to append a file:

PHP Code:

<?php
$filename = '.htpasswd';
$somecontent = "$username:$password_hash\n";

// Let's make sure the file exists and is writable first.
if (is_writable($filename)) {

    // In our example we're opening $filename in append mode.
    // The file pointer is at the bottom of the file hence
    // that's where $somecontent will go when we fwrite() it.
    if (!$handle = fopen($filename, 'a')) {
         echo "Cannot open file ($filename)";
         exit;
    }

    // Write $somecontent to our opened file.
    if (fwrite($handle, $somecontent) === FALSE) {
        echo "Cannot write to file ($filename)";
        exit;
    }

    echo "Success, wrote ($somecontent) to file ($filename)";

    fclose($handle);

} else {
    echo "The file $filename is not writable";
}
?>

all the examples are from php.net, though the last is changed slightly to reflect the format that an htpasswd file would have.

[red_bull_NRG]

Here's some code that I was experimenting around with. For some reason, it won't work. Can someone please help me out?

Code:

<?php
$password = password;
$hash = crypt($password);
function click_crypt() {
	print $hash;
}
?>
<input type="text" name="password">
<input type="submit" name="submit" value="Crypt" onclick="click_crypt()">

And remember, I am completely new to php, so this is a pretty basic question

[kows]

um.. because that's not how PHP works. PHP is not like javascript -- it cannot manipulate a page that has already been submitted to a browser. its syntax is similar because they're both based off of C (which is what may have confused you?). you would need to post that form to another script. an example follows:

this is your form (form.html?):

PHP Code:

<form action="crypt.php" method="post">
  <input type="text" name="password" />
  <input type="submit" value="Encrypt" />
</form> 


this is your script (crypt.php):

PHP Code:

<?php
  if($_SERVER['REQUEST_METHOD'] == "POST"){
    $password = crypt($_POST['password']);
    echo $password . " is your encrypted password.";
  }
?>

you can also combine this form and the crypt.php code into the same script if you'd like (but make sure you are still pointing the <form> to the name of the script, in this case -- crypt.php).