2016-12-10 82 views
1

我在Windows 10上運行MAMP 3.2.2,Apache在端口8888上運行。我試圖密碼保護目錄C:\ MAMP \ htdocs \ admin \通過在其中放置一個.htaccess和一個.htpasswd文件。MAMP Htaccess密碼保護:重複「需要驗證」對話框

.htacess是:

AuthType Basic 
AuthName "Password Protected Area" 
AuthUserFile C:\MAMP\htdocs\admin\.htpasswd 
Require valid-user 

htpasswd的(用戶=測試;密碼=試驗)是:

test:dGRkPurkuWmW2 

我檢查MAMP的Apache的httpd.conf和它說,在線路202:

<Directory /> 
    Options FollowSymLinks ExecCGI 
    AllowOverride All 
    Order deny,allow 
    Allow from all 
</Directory> 

而且,在線路220:

<Directory "C:\MAMP\htdocs"> 
    # 
    # Possible values for the Options directive are "None", "All", 
    # or any combination of: 
    # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews 
    # 
    # Note that "MultiViews" must be named *explicitly* --- "Options All" 
    # doesn't give it to you. 
    # 
    # The Options directive is both complicated and important. Please see 
    # http://httpd.apache.org/docs/2.2/mod/core.html#options 
    # for more information. 
    # 
    Options Indexes FollowSymLinks ExecCGI 

    # 
    # AllowOverride controls what directives may be placed in .htaccess files. 
    # It can be "All", "None", or any combination of the keywords: 
    # Options FileInfo AuthConfig Limit 
    # 
    AllowOverride All 


    # 
    # Controls who can get stuff from this server. 
    # 
    Order allow,deny 
    Allow from all 

嘗試導航到「http://localhost:8888/admin/index.php」時,出現「需要驗證」對話框,並說「http://localhost:8888正在請求您的用戶名和密碼」。但是,輸入用戶名和密碼後,對話框將不斷重新出現,而不是授予我訪問權限。

我錯過了什麼?

預先感謝您!

+0

的問題是,我是用PHP「$ encryptedPassword =隱窩($ typedPassword,BASE64_ENCODE($ typedPassword ));」以創建編碼密碼,因爲我不想依賴於使用其他網站的密碼生成器。有沒有人知道加密密碼的正確方法? –

回答

2

密碼test:dGRkPurkuWmW2是錯誤的。檢查日誌文件(\mamp\apache\logs\error.log)看到錯誤消息,應該是這樣的:

[Sat Dec 10 10:39:04.965830 2016] [auth_basic:error] [pid 2200:tid 1648] [client ::1:49487] AH01617: user test: authentication failure for "/protected/": Password Mismatch 

使用此HTPasswd Generator形式產生一個有效的密碼,而你的情況爲用戶test和密碼test將是什麼像這樣的,但它總是會產生不同的東西:

test:$apr1$2pi0lu5b$Omg8StTZWO0m5lMfq/D8d. 

下面是使用上述密碼的屏幕捕獲與我的工作示例:

Protected directory login

UPDATE

注意,這個算法工作的Windows。您在代碼中的密碼適用於Linux的系統,它是Apache 2.2.17及更早版本所使用的默認算法。從的Apache 2.2.18,默認的加密方法是基於MD5,它可以同時的WindowsLinux的基於系統中使用。您可以在這裏閱讀更多關於How to generate passwords for .htpasswd using PHP

與功能crypt_apr1_md5 PHP代碼生成加密兼容的.htpasswd密碼輸入的窗口:

<?php 
// APR1-MD5 encryption method (windows compatible) 
function crypt_apr1_md5($plainpasswd) 
{ 
    $salt = substr(str_shuffle("abcdefghijklmnopqrstuvwxyz"), 0, 8); 
    $len = strlen($plainpasswd); 
    $text = $plainpasswd.'$apr1$'.$salt; 
    $bin = pack("H32", md5($plainpasswd.$salt.$plainpasswd)); 
    for($i = $len; $i > 0; $i -= 16) { $text .= substr($bin, 0, min(16, $i)); } 
    for($i = $len; $i > 0; $i >>= 1) { $text .= ($i & 1) ? chr(0) : $plainpasswd{0}; } 
    $bin = pack("H32", md5($text)); 
    for($i = 0; $i < 1000; $i++) 
    { 
     $new = ($i & 1) ? $plainpasswd : $bin; 
     if ($i % 3) $new .= $salt; 
     if ($i % 7) $new .= $plainpasswd; 
     $new .= ($i & 1) ? $bin : $plainpasswd; 
     $bin = pack("H32", md5($new)); 
    } 
    for ($i = 0; $i < 5; $i++) 
    { 
     $k = $i + 6; 
     $j = $i + 12; 
     if ($j == 16) $j = 5; 
     $tmp = $bin[$i].$bin[$k].$bin[$j].$tmp; 
    } 
    $tmp = chr(0).chr(0).$bin[11].$tmp; 
    $tmp = strtr(strrev(substr(base64_encode($tmp), 2)), 
    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz/", 
    "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"); 

    return "$"."apr1"."$".$salt."$".$tmp; 
} 

// Password to be used for the user 
$username = 'test'; 
$password = 'test'; 

// Encrypt password 
$encrypted_password = crypt_apr1_md5($password); 

// Print line to be added to .htpasswd file 
echo $username . ':' . $encrypted_password; 
+0

非常感謝Christos。我試圖通過使用「$ encryptedPassword = crypt($ typedPassword,base64_encode($ typedPassword));」在PHP中。你知道什麼是正確的做法嗎? –

+0

不客氣@AnnaCivolani。如果您發現我的答案有幫助,請將其標記爲已接受。要了解如何接受答案,請閱讀此處:http://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work –

+0

接受!你會碰巧知道使用php腳本來編碼密碼的正確方法,而不是其他網站的密碼生成器嗎? –