Automated security for apps that matter
Sqreen monitors your application security and helps you easily protect it from common vulnerabilities or advanced attacks.
Spent almost 12h figuring out why a htaccess / htpasswd wasn’t working…
[Mon Apr 04 14:45:45.605734 2016] [authn_file:error] [pid 21193] (13)Permission denied: [client 84.91.XXX.XXX:62465] AH01620: Could not open password file: /home/rocker/public_html/control/data/.htpassw
That was it! File permissions!
This worked for me.
$new_password = password_hash($old_password, PASSWORD_BCRYPT);
password_hash() creates a new password hash using a strong one-way hashing algorithm. password_hash() is compatible with crypt().
Therefore, password hashes created by crypt() can be used with password_hash().
PASSWORD_BCRYPT – Use the CRYPT_BLOWFISH algorithm to create the hash.
This will produce a standard crypt() compatible hash using the “$2y$” identifier. The result will always be a 60 character string, or FALSE on failure. Supported Options:
Username is stored in $_SERVER[‘PHP_AUTH_USER’]
and password in $_SERVER[‘PHP_AUTH_PW’]