https://github.com/j-isreal/php-htpasswd

This small php app allows managing the htpasswd file via web
https://github.com/j-isreal/php-htpasswd

apache html htpasswd nginx password php

Last synced: about 1 month ago
JSON representation

This small php app allows managing the htpasswd file via web

• Host: GitHub
• URL: https://github.com/j-isreal/php-htpasswd
• Owner: j-isreal
• License: apache-2.0
• Created: 2024-09-01T18:55:52.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2025-07-19T05:06:05.000Z (11 months ago)
• Last Synced: 2025-07-30T14:01:08.116Z (11 months ago)
• Topics: apache, html, htpasswd, nginx, password, php
• Language: PHP
• Homepage: https://icllc.cc/devtool-php-htpasswd/
• Size: 17.6 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# README

# php-htpasswd

This small php app allows managing the htpasswd file via web.

This project assumes you are using a web server such as Apache or Nginx that can use htpasswd files, and that you have the htpasswd program installed.

Visit [Apache](https://httpd.apache.org/docs/current/programs/htpasswd.html) for more info on htpasswd.

## Create initial htpasswd file

If you don't already have an htpasswd file, create one.  You can use existing ones, too.

Use the following command to create a new htpasswd file using Bcrypt as encryption for passwords.

You can use any filename in place of `.htpasswd` below.  You can replace `testuser` with any username.

```

htpasswd -c -B .htpasswd testuser

```

The `-c` means to create the file, and the `-B` is for using Bcrypt for password hashing.

## Set the htpasswd filename in the php file

Be sure you change the path/filename for the htpasswd file in the php file.

Change the `$file` variable to the correct filename between the single quotes.

``

$file = '.htpasswd';

``

## Security notes

If you put the htpasswd file in a web-accessible area, you are asking for security issues.


Please visit the link below regarding Apache htpasswd security considerations.

- If you are going to place the htpasswd file in a web-accessible folder for some reason, at least:

  - password-protect the folder, or

  - use an .htaccess file to prevent viewing the htpasswd file online ([more on htaccess](https://httpd.apache.org/docs/current/howto/htaccess.html))

 

This php app uses Bcrypt to hash passwords, the default for the password_hash() function.


(See [PHP Manual](https://www.php.net/manual/en/function.password-hash.php) for details.)

The apache user (apache or www-data) will need write access to the htpasswd file.

Visit [this Apache page](https://httpd.apache.org/docs/current/programs/htpasswd.html#security) for more info on security considerations.

#### Created by

Jacob "Isreal" - [https://www.jinet.us/dev/dev-projects/php-htpasswd/]