Programmatically building htpasswd

.httpasswd files are just text files with a specific format depending on the hash function specified. If you are using MD5 they look like this:


That’s the login, a colon, ,$apr1$, the salt and 1000 times md5 encoded as base64. If you select SHA1 they look like this:


That’s the login, a colon, the string {SHA} and the SHA1 hash encoded with base64.

If your language has an implementation of either MD5 or SHA1 and base64 you can just create the file like this:


$login = 'foo';
$hash = base64_encode(sha1($pass, true));

$contents = $login . ':{SHA}' . $hash;

file_put_contents('.htpasswd', $contents);


Here’s more information on the format:

Leave a Comment