How to wrap basic HTTP authentication with PHP

Suppose you have a file hosted on an Apache server that is protected by Basic HTTP Authentication, often via an old-school ‘.htaccess’ file, to prevent anonymous users from downloading it without a valid username/password. Then someone asks you to wrap that protected file download with some kind of GUI, maybe a simple HTML form to gather some standard user data (e.g. name and email address). The trouble is once the user has submitted the form they then get prompted separately by the browser to enter a username/password for the HTTP authentication, and this two step process is a bad user experience and looks unprofessional. What you really want to do is ask the user for the username and password as part of the first form, and then just supply those credentials behind the scenes so the download just starts once the form has been submitted. I was recently asked to solve this exact problem, and there simply wasn’t time to address this properly with a nicer solution.


Continue ReadingHow to wrap basic HTTP authentication with PHP

Unlock your TrueCrypt Encrypted Device without the Exact Password

So here’s the rather embarrassing story…

A couple of years ago, I encrypted a USB stick using TrueCrypt encryption to store some important/valuable files. I then put it in my bag and forgot about it. This weekend I came back to it and realised I had forgotten the password. I could remember using a combination of a couple of other passwords for increased security, but I couldn’t remember which passwords I had used, or in what order or combination. After numerous manual attempts to find the right combination, I gave up resigned to the fact that I would just have to wipe the device and start again.


Continue ReadingUnlock your TrueCrypt Encrypted Device without the Exact Password