Search code examples
.htaccessmamp

MAMP Htaccess password protection: "Authentication required" dialog being repeated

I'm running MAMP 3.2.2 on Windows 10, with Apache on port 8888. I'm trying to password protect the directory C:\MAMP\htdocs\admin\ by placing a .htaccess and a .htpasswd files inside it.

.htacess is:

AuthType Basic
AuthName "Password Protected Area"
AuthUserFile C:\MAMP\htdocs\admin\.htpasswd
Require valid-user

.htpasswd (user = test; password = test) is:

test:dGRkPurkuWmW2

I checked MAMP's Apache httpd.conf and it says, in line 202: 

 <Directory />
    Options FollowSymLinks ExecCGI
    AllowOverride All
    Order deny,allow
    Allow from all
</Directory>

And, in line 220:

<Directory "C:\MAMP\htdocs">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.2/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks ExecCGI

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    AllowOverride All


    #
    # Controls who can get stuff from this server.
    #
    Order allow,deny
    Allow from all

When trying to navigate to "http://localhost:8888/admin/index.php" I get the "Authentication Required" dialog, saying that "http://localhost:8888 is requesting your username and password". But, after entering username and password, the dialog keeps reappearing, instead of granting me access.

What am I missing?

Thank you in advance!

Solution

  • The password test:dGRkPurkuWmW2 is wrong. Check the log files (\mamp\apache\logs\error.log) to see the error messages, there should be something like this:

    [Sat Dec 10 10:39:04.965830 2016] [auth_basic:error] [pid 2200:tid 1648] [client ::1:49487] AH01617: user test: authentication failure for "/protected/": Password Mismatch

    Use this HTPasswd Generator form to generate a valid password, which in your case for user test and password test will be something like this, but it always produces something different: 

    test:$apr1$2pi0lu5b$Omg8StTZWO0m5lMfq/D8d.

    Here is a screen capture with my working example using the password above:

    Protected directory login

    UPDATE

    Note that this algorithm is working for Windows. The password you have at your code ($encryptedPassword = crypt($typedPassword, base64_encode($typedPassword));) works on Linux based systems and it is the default algorithm used by Apache 2.2.17 and older. From Apache 2.2.18, the default encryption method is based on MD5 and it can be used on both Windows and Linux based systems. You can read more about it here How to generate passwords for .htpasswd using PHP.

    PHP code with the function crypt_apr1_md5 to generate a .htpasswd password entry for APR1-MD5 encryption compatible for windows:

    <?php
// APR1-MD5 encryption method (windows compatible)
function crypt_apr1_md5($plainpasswd)
{
    $salt = substr(str_shuffle("abcdefghijklmnopqrstuvwxyz0123456789"), 0, 8);
    $len = strlen($plainpasswd);
    $text = $plainpasswd.'$apr1$'.$salt;
    $bin = pack("H32", md5($plainpasswd.$salt.$plainpasswd));
    for($i = $len; $i > 0; $i -= 16) { $text .= substr($bin, 0, min(16, $i)); }
    for($i = $len; $i > 0; $i >>= 1) { $text .= ($i & 1) ? chr(0) : $plainpasswd{0}; }
    $bin = pack("H32", md5($text));
    for($i = 0; $i < 1000; $i++)
    {
        $new = ($i & 1) ? $plainpasswd : $bin;
        if ($i % 3) $new .= $salt;
        if ($i % 7) $new .= $plainpasswd;
        $new .= ($i & 1) ? $bin : $plainpasswd;
        $bin = pack("H32", md5($new));
    }
    for ($i = 0; $i < 5; $i++)
    {
        $k = $i + 6;
        $j = $i + 12;
        if ($j == 16) $j = 5;
        $tmp = $bin[$i].$bin[$k].$bin[$j].$tmp;
    }
    $tmp = chr(0).chr(0).$bin[11].$tmp;
    $tmp = strtr(strrev(substr(base64_encode($tmp), 2)),
    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",
    "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");

    return "$"."apr1"."$".$salt."$".$tmp;
}

// Password to be used for the user
$username = 'test';
$password = 'test';

// Encrypt password
$encrypted_password = crypt_apr1_md5($password);

// Print line to be added to .htpasswd file
echo $username . ':' . $encrypted_password;