Home > Archive > PHP Language > October 2006 > htpasswd problem
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| Hello folks. My colleague and I are unable to figure out what is wrong
with some code. We can't make it do what we want. Perhaps some kind
person can help please.
I run a particular pay-to-view web site. For credit card processing, we
signed on with PayPal.
The process is generally working ok. An interested person clicks the
"join" button on the site and is transported to PayPal where he enters
his card data and so on.
PayPal generates access codes for the new member and emails them to
him. PayPal also sends us an email announcing a new join.
The problem is that, so far, I must update the .htpasswd file manually
to liven up access to the member area.
My colleague has good PHP skills and has written code to try to enable
PayPal to update the file automatically but all attempts fail so far.
The relevant section of the code is reproduced below. (This is not the
entire file, only the reelvant lines.)
We have proper permissions to write to the .htaccess file (777)
===============
<?php
$username = $_POST['username'];
$password = $_POST['password'];
$filename = '.htpasswd';
$pass = crypt($password, substr($password, 0, 2));
$pwf = $username.":".$pass;
if ($pwf) {
$fp = fopen($filename, 'a');
$pwf = $pwf."\n";
fputs($fp, $pwf, strlen($pwf));
fclose($fp);
$fp = fopen($filename, 'r');
fpassthru($fp);
}
?>
| |
| Koncept 2006-10-30, 7:03 pm |
| In article <271020061943154624%happy@last.com>, Happy <happy@last.com>
wrote:
> We have proper permissions to write to the .htaccess file (777)
There is no need to assign global executable permissions to the
..htaccess file. In fact, executable permissions are not needed at all
and should be avoided when not dealing with directories. I'm suggesting
this from a security perspective (think potential file compromised). RW
perms are all that is necessary. Just my 2 cents. :)
--
Koncept <<
"The snake that cannot shed its skin perishes. So do the spirits who are
prevented from changing their opinions; they cease to be a spirit." -Nietzsche
| |
|
| On Fri, 27 Oct 2006 19:43:15 +0200, Happy <happy@last.com> wrote:
>Hello folks. My colleague and I are unable to figure out what is wrong
>with some code. We can't make it do what we want. Perhaps some kind
>person can help please.
>
>My colleague has good PHP skills and has written code to try to enable
>PayPal to update the file automatically but all attempts fail so far.
>The relevant section of the code is reproduced below. (This is not the
>entire file, only the reelvant lines.)
The code looks sane; my first guess at a culprit in a case like this
would be the path to the .htaccess file. Does it live in the same
directory as the script? If not, a path will need to be supplied in
addition to the filename.
Debugging Paypal's IPN postbacks remotely is a XXXXX. Try temporarily
hardcoding a value for the username and password (instead of pulling
them in from $_POST), then load the script in your browser. Do you get
any errors?
Is your Paypal account setup to do IPN postbacks, and if so, is the
IPN URL pointing to the right place? Those settings are under Profile
-> Instant Payment Notification after you login to Paypal.
hth
-
Remove mypants to email.
<http://www.shaunc.com/>
| |
| PeacePipe 2006-10-30, 7:03 pm |
| In article <nnd5k29rpf3bvnedmn45u8ourj2mr49jph@4ax.com>, Shaun
<shaun@mypants.drunkwerks.com> wrote:
> On Fri, 27 Oct 2006 19:43:15 +0200, Happy <happy@last.com> wrote:
>
>
> The code looks sane; my first guess at a culprit in a case like this
> would be the path to the .htaccess file. Does it live in the same
> directory as the script? If not, a path will need to be supplied in
> addition to the filename.
>
> Debugging Paypal's IPN postbacks remotely is a XXXXX. Try temporarily
> hardcoding a value for the username and password (instead of pulling
> them in from $_POST), then load the script in your browser. Do you get
> any errors?
>
> Is your Paypal account setup to do IPN postbacks, and if so, is the
> IPN URL pointing to the right place? Those settings are under Profile
> -> Instant Payment Notification after you login to Paypal.
>
> hth
>
> -
> Remove mypants to email.
> <http://www.shaunc.com/>
A big thanks to you two gentlemen.
I moved the discussion over to comp.lang.php because there seemed to be
more people over there.
As a consequence, I also had to change my nick because there was
already a "Happy" there. Sigh. So it's under tha nick of PeacePipe now.
If you would be so kind as to follow the thread over there, I'm hoping
we can all learn something.
Thanks again for contributing.
|
|
|
|
|