htaccess question. - GoFuckYourself.com

longdongsilver · 11-05-2003, 06:26 PM

hi,

Does anyone one know if there is a way to make one .htacess file check 2 htpasswd files?

So that it checks one htpasswd for a user and pass and if it's not there it checks the second htpasswd file.

I found a previous thread on this, but there was no conclusive answer, someone mentioned it was possible but did not explain how to do it.

ok thanks for reading.

JDog · 11-05-2003, 06:28 PM

Not possible

Sorry!

jDoG

longdongsilver · 11-05-2003, 06:34 PM

ok thanks for the answer.

It saved me hours of searching on google and forums.

cheers.

zoic · 11-05-2003, 07:13 PM

We get around it by running a cron script every minute that joins two or more password files into one. Achieves the same thing.

Cheers,
Dave.

myneid · 11-05-2003, 07:22 PM

or you could make your own custom auth module in C or mod_perl

myneid · 11-05-2003, 07:45 PM

heres a freebee mod_perl for what you want that should work with apache2 and mod_perl 1.99

MemberAuth.pm
<code>
package Apache::MemberAuth;

use strict;
use warnings;

use Apache::Access ();
use Apache::RequestUtil ();
use Apache::RequestRec ();
use Apache::Connection ();
use APR::SockAddr;

use ModPerl::Util ();
use Apache::RequestIO ();
use Apache::Server ();
use Apache::ServerUtil ();
use APR::Table ();

use Apache::Const -compile => qw(OK DECLINED HTTP_UNAUTHORIZED HTTP_NOT_FOUND);

sub handler
{
my $r = shift;

my $pw_file = $r->dir_config("AuthUserFile1");
my $username = $r->user();
my $user = Apache->request->user();

my ($status, $password) = $r->get_basic_auth_pw;
my $file_db_enc_pass = get_file_pass($user, $pw_file);
if($file_db_enc_pass)
{
my $seed = substr($file_db_enc_pass, 0, 2);
my $crypt_pass = crypt($password, $seed);
my $status = 0;
if($file_db_enc_pass eq $crypt_pass)
{
return Apache::OK;
}
else
{
$pw_file = $r->dir_config("AuthUserFile2");
$file_db_enc_pass = get_file_pass($user, $pw_file);
if($file_db_enc_pass)
{
my $seed = substr($file_db_enc_pass, 0, 2);
my $crypt_pass = crypt($password, $seed);
my $status = 0;
if($file_db_enc_pass eq $crypt_pass)
{
return Apache::OK;
}
else
{

$r->note_basic_auth_failure;
return Apache::HTTP_UNAUTHORIZED;
}
}
}

}

$r->note_basic_auth_failure;
return Apache::HTTP_UNAUTHORIZED;
}

sub get_file_pass($$)
{
my($user, $pw_file) = @_;
$user = Apache->request->user();
if(!$user)
{
$user = '';
}
open(FILE, "<$pw_file") || die $!;
while(<FILE>)
{
chomp();
my($u, $p) = split(/:/, $_, 2);
if($u eq $user)
{
close FILE;
return $p;
}
}
return undef;
}

1;

</code>
in httpd.conf do

PerlOptions +GlobalRequest +SetupEnv +Authen +Access +Authz

PerlAuthenHandler Apache::MemberAuth
PerlSetVar AuthUserFile1 /passwords/.htpasswd
PerlSetVar AuthUserFile2 /passwords/.htpasswd2
AuthName "protected"
AuthType Basic
Require valid-user

fsfaz · 11-05-2003, 09:58 PM

By default, you cannot make .htaccess do this. However, I saw a while back that Pay Site Power Tools was offering a "Multi Mod Auth" which is exactly what your lookng for.

http://www.paysitepowertools.com/

http://www.paysitepowertools.com/os-mma.html

longdongsilver · 11-06-2003, 07:02 PM

Thanks to everyone who replied, thats awesome.
cheers.

11-05-2003, 06:26 PM	#1
longdongsilver Confirmed User Join Date: Aug 2003 Posts: 378	htaccess question. hi, Does anyone one know if there is a way to make one .htacess file check 2 htpasswd files? So that it checks one htpasswd for a user and pass and if it's not there it checks the second htpasswd file. I found a previous thread on this, but there was no conclusive answer, someone mentioned it was possible but did not explain how to do it. ok thanks for reading.

11-05-2003, 06:28 PM	#2
JDog Confirmed User Join Date: Feb 2003 Location: Canby, OR Posts: 7,453	Not possible Sorry! jDoG __________________ NSCash now powering ReelProfits.com ALSO FEATURING: NSCash.com :: SoloDollars.com :: ReelProfits.com :: BiminiBucks.com :: VOD PROGRAMS COMING SOON: Greedy Bucks :: Vengeance Cash NOW OFFERING OVER 60 SITES CONTACT :: JAMES SMITH :: CHIEF TECHNOLOGY OFFICER :: ICQ (711385133)

11-05-2003, 07:22 PM	#5
myneid Confirmed User Industry Role: Join Date: Jan 2003 Location: Los Angeles Posts: 736	or you could make your own custom auth module in C or mod_perl __________________ Tanguy 0x7a69 inc. Programmer/President/CEO http://www.0x7a69.com A Leader in Programming since 1996 PHP, Ruby on Rails, MySQL, PCI DSS, and any Technical Consulting

11-05-2003, 07:45 PM	#6
myneid Confirmed User Industry Role: Join Date: Jan 2003 Location: Los Angeles Posts: 736	heres a freebee mod_perl for what you want that should work with apache2 and mod_perl 1.99 MemberAuth.pm <code> package Apache::MemberAuth; use strict; use warnings; use Apache::Access (); use Apache::RequestUtil (); use Apache::RequestRec (); use Apache::Connection (); use APR::SockAddr; use ModPerl::Util (); use Apache::RequestIO (); use Apache::Server (); use Apache::ServerUtil (); use APR::Table (); use Apache::Const -compile => qw(OK DECLINED HTTP_UNAUTHORIZED HTTP_NOT_FOUND); sub handler { my $r = shift; my $pw_file = $r->dir_config("AuthUserFile1"); my $username = $r->user(); my $user = Apache->request->user(); my ($status, $password) = $r->get_basic_auth_pw; my $file_db_enc_pass = get_file_pass($user, $pw_file); if($file_db_enc_pass) { my $seed = substr($file_db_enc_pass, 0, 2); my $crypt_pass = crypt($password, $seed); my $status = 0; if($file_db_enc_pass eq $crypt_pass) { return Apache::OK; } else { $pw_file = $r->dir_config("AuthUserFile2"); $file_db_enc_pass = get_file_pass($user, $pw_file); if($file_db_enc_pass) { my $seed = substr($file_db_enc_pass, 0, 2); my $crypt_pass = crypt($password, $seed); my $status = 0; if($file_db_enc_pass eq $crypt_pass) { return Apache::OK; } else { $r->note_basic_auth_failure; return Apache::HTTP_UNAUTHORIZED; } } } } $r->note_basic_auth_failure; return Apache::HTTP_UNAUTHORIZED; } sub get_file_pass($$) { my($user, $pw_file) = @_; $user = Apache->request->user(); if(!$user) { $user = ''; } open(FILE, "<$pw_file") \|\| die $!; while(<FILE>) { chomp(); my($u, $p) = split(/:/, $_, 2); if($u eq $user) { close FILE; return $p; } } return undef; } 1; </code> in httpd.conf do PerlOptions +GlobalRequest +SetupEnv +Authen +Access +Authz PerlAuthenHandler Apache::MemberAuth PerlSetVar AuthUserFile1 /passwords/.htpasswd PerlSetVar AuthUserFile2 /passwords/.htpasswd2 AuthName "protected" AuthType Basic Require valid-user __________________ Tanguy 0x7a69 inc. Programmer/President/CEO http://www.0x7a69.com A Leader in Programming since 1996 PHP, Ruby on Rails, MySQL, PCI DSS, and any Technical Consulting

11-05-2003, 06:34 PM	#3
longdongsilver Confirmed User Join Date: Aug 2003 Posts: 378	ok thanks for the answer. It saved me hours of searching on google and forums. cheers.

11-05-2003, 07:13 PM	#4
zoic Registered User Join Date: Nov 2001 Posts: 84	We get around it by running a cron script every minute that joins two or more password files into one. Achieves the same thing. Cheers, Dave.

11-05-2003, 09:58 PM	#7
fsfaz Confirmed User Join Date: Apr 2003 Location: Hollyweird, CA Posts: 747	By default, you cannot make .htaccess do this. However, I saw a while back that Pay Site Power Tools was offering a "Multi Mod Auth" which is exactly what your lookng for. http://www.paysitepowertools.com/ http://www.paysitepowertools.com/os-mma.html

11-06-2003, 07:02 PM	#8
longdongsilver Confirmed User Join Date: Aug 2003 Posts: 378	Thanks to everyone who replied, thats awesome. cheers.