htdigest Password Function in PHP

This is a function to change a password within an htdigest password database file. htdigest is one method of user authentication in Apache HTTP Server.

Global $htdigest contains a path to the htdigest file. Global $domain is the security domain.

The htdigest formula for the hash is:


htdigest is like htpasswd, except it uses the md5 hash for hiding the password, and it supports digest authentication. Digest authentication is more secure than “basic” authentication, because basic authentication sends your password in clear text. Digest authentication sends a hash. This is ever-so-slightly more secure. (Use SSL for real security.)

For more information: read the caveat about basic authentication.

function changePass( $username, $secdom, $oldp, $p )
global $domain;
global $htdigest;

$changed = false;
$in = fopen( $htdigest, 'r' );
while ( preg_match("/:/", $line = fgets($in) ) )
$line = rtrim( $line );
$a = explode( ':', $line );
if ($a[0]==$username && $a[1]==$secdom)
if ($a[2] == md5("$username:$secdom:$oldp"))
$a[2] = md5("$username:$secdom:$p");
$changed = true;
print "Old password was wrong, or username exist
$output .= implode( ':', $a )."\n";
if (! $changed) // assume it's a new password
$hash = md5("$username:$secdom:$p");
$output .= "$username:$secdom:$hash\n";
$out = fopen( "$", 'w' );
fwrite( $out, $output );
fclose( $out );
system("mv -f $ $htdigest");

Leave a Reply