Initial commit

.gitignore

@@ -0,0 +1,2 @@
+.vagrant/
+

README.md

@@ -0,0 +1,28 @@
+HTAdmin
+=======
+
+HTAdmin is a simple .htaccess and .htpasswd editor implemented in PHP. It's intended to secure a folder of plain html files with multiple users. The admin has to create a user, but every user can change his/her password independently.
+
+It comes with a preconfigured Vagrant / Puppet VM, so you don't have to install a LAMP stack locally for testing.
+
+You find the application in `sites/html/htadmin`.
+
+![Screenshot](screenshot.png "Screenshot")
+
+Just install vagrant and virtual box and type
+
+ vagrant up
+ 
+to start the vm. After startup point your browser to:
+
+http://localhost/htadmin/ 
+
+Standard access: admin / admin, make sure to change that in your config/config.ini. You have to enter a hashed password, there is a tool for its generation included in the webapp:
+
+http://localhost/htadmin/adminpwd.php
+
+the .htaccess and .htpasswd files are configured for this folder:
+
+http://localhost/test/ 
+
+Enjoy!

Vagrantfile

@@ -0,0 +1,40 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+  # All Vagrant configuration is done here. The most common configuration
+  # options are documented and commented below. For a complete reference,
+  # please see the online documentation at vagrantup.com.
+
+  # Every Vagrant virtual environment requires a box to build off of.
+  config.vm.box = "ubuntu/trusty64"
+
+  forward_port = ->(guest, host = guest) do
+    config.vm.network :forwarded_port,
+      guest: guest,
+      host: host,
+      auto_correct: true
+  end
+  
+  # Sync between the web root of the VM and the 'sites' directory
+  config.vm.synced_folder "sites/", "/var/www"
+
+  forward_port[1080]      # mailcatcher
+  forward_port[3306]      # mysql
+  forward_port[80, 80]  # nginx/apache
+  
+  
+  config.vm.provision :shell do |shell|
+    shell.inline = "puppet module install --force puppetlabs-stdlib"
+    shell.inline = "puppet module install --force puppetlabs-apache"
+  end
+
+  config.vm.provision :puppet do |puppet|
+    puppet.manifests_path = "manifests"
+    puppet.manifest_file = "default.pp"
+  end
+  
+
+
+  config.vm.network :private_network, ip: "33.33.33.10"
+end

manifests/default.pp

@@ -0,0 +1,134 @@
+# Puppet configurations
+
+
+Exec { path =>  [ "/bin/", "/sbin/" , "/usr/bin/", "/usr/sbin/" ] }
+
+class base {
+
+  ## Update apt-get ##
+  exec { 'apt-get update':
+    command => '/usr/bin/apt-get update'
+  }
+}
+
+class apache 
+{      
+    package 
+    { 
+        "apache2":
+            ensure  => present,
+            require => Exec['apt-get update']
+    }
+    
+    service 
+    { 
+        "apache2":
+            ensure      => running,
+            enable      => true,
+            require     => Package['apache2'],
+            subscribe   => [
+                File["/etc/apache2/mods-enabled/rewrite.load"],
+                File["/etc/apache2/sites-available/000-default.conf"]
+            ],
+    }
+
+    file 
+    { 
+        "/etc/apache2/mods-enabled/rewrite.load":
+            ensure  => link,
+            target  => "/etc/apache2/mods-available/rewrite.load",
+            require => Package['apache2'],
+    }
+
+    file 
+    { 
+        "/etc/apache2/sites-available/000-default.conf":
+            ensure  => present,
+            source  => "/vagrant/puppet/templates/vhost",
+            require => Package['apache2'],
+    }
+}
+
+class php{
+
+  package { "php5":
+    ensure => present,
+  }
+
+  package { "php5-cli":
+    ensure => present,
+  }
+
+  package { "php5-xdebug":
+    ensure => present,
+  }-> file 
+    { 
+        "/etc/php5/mods-available/xdebug.ini":
+            ensure  => present,
+            source  => "/vagrant/puppet/templates/xdebug",
+            require => Package['php5-xdebug'],
+    }
+
+  package { "php5-mysql":
+    ensure => present,
+  }
+
+  package { "php5-imagick":
+    ensure => present,
+  }
+
+  package { "php5-mcrypt":
+    ensure => present,
+  }
+
+  package { "php-pear":
+    ensure => present,
+  }
+
+  package { "php5-dev":
+    ensure => present,
+  }
+
+  package { "php5-curl":
+    ensure => present,
+  }
+
+  package { "php5-sqlite":
+    ensure => present,
+  }
+
+  package { "libapache2-mod-php5":
+    ensure => present,
+  }
+  
+  exec { "reload_apache":
+    command => "/etc/init.d/apache2 reload",
+  }
+  
+
+
+}
+
+class mysql{
+
+  package { "mysql-server":
+    ensure => present,
+  }
+
+  service { "mysql":
+    ensure  => running,
+    require => Package["mysql-server"],
+    notify  => Exec["set-mysql-password"],
+  }
+
+  exec { "set-mysql-password":
+    command => "mysqladmin -u root password root",
+  }
+}
+
+
+include base
+include apache
+include php
+include mysql
+

puppet/templates/vhost

@@ -0,0 +1,21 @@
+<VirtualHost *:80>
+	ServerAdmin spam@osteronline.de
+
+	DocumentRoot /var/www/html
+	
+	<Directory />
+		Options FollowSymLinks
+		AllowOverride None
+	</Directory>
+	
+	<Directory /var/www/html>
+		Options Indexes FollowSymLinks MultiViews
+		AllowOverride All
+		Order allow,deny
+		allow from all
+	</Directory>
+
+	ErrorLog /var/log/apache2/error.log
+	LogLevel warn
+	CustomLog /var/log/apache2/access.log combined
+</VirtualHost>

puppet/templates/xdebug

@@ -0,0 +1,7 @@
+zend_extension=xdebug.so
+xdebug.remote_enable=1
+xdebug.remote_connect_back = on
+xdebug.remote_handler=dbgp
+xdebug.remote_mode=req
+xdebug.remote_host=127.0.0.1
+xdebug.remote_port=9000

sites/html/htadmin/adminpwd.php

@@ -0,0 +1,49 @@
+<?php
+include_once ('includes/checklogin.php');
+include_once('tools/util.php');
+$ini = read_config();
+include_once ('includes/head.php');
+
+//$salt = $ini['admin_pwd_salt'];
+include_once ('tools/htpasswd.php');
+include_once ('includes/nav.php');
+
+?>
+
+<div class="container box">
+	<div class="row">
+		<div class="col-xs-12">
+			<h2>Create Admin Password Hash</h2>
+			<?php 
+			
+			if (isset ( $_POST ['pwd'] )) {
+				?>
+					<div class="alert alert-info">
+					<?php
+					echo "<p>Your new hash: " . htpasswd::htcrypt($_POST['pwd']) . "</p>";
+					?>
+						</div>
+				    <?php
+			
+			}
+				
+			?>
+<p>Create a new password hash for the config file:</p>
+<form class="navbar-form navbar-left" action="adminpwd.php" method="post">
+				<div class="form-group">
+					<p>
+						<input class="form-control" type="password" name="pwd"
+							placeholder="Password" />
+					</p>
+					<button type="submit" class="btn btn-default">Submit</button>
+				</div>
+			</form>
+			
+		</div>
+	</div>
+</div>
+
+<?php
+include_once ('includes/nav.php');
+include_once ('includes/footer.php');
+?>

sites/html/htadmin/config/.htaccess

@@ -0,0 +1,3 @@
+ Options None
+ Order deny,allow
+ Deny from all

sites/html/htadmin/config/config.ini

@@ -0,0 +1,11 @@
+# important: secure this file from access!
+[application]
+
+app_title = Basic Auth Tool
+
+# path to html files which have to be secured: 
+secure_path  = ../test/
+# default password = admin
+admin_user = admin
+admin_pwd_hash = VPZ23KZUsquyk
+

sites/html/htadmin/delete.php

@@ -0,0 +1,24 @@
+<?php
+session_start();
+include_once("tools/util.php");
+if (!check_login()) {
+	echo "error";
+	die();
+}
+include_once ('tools/htpasswd.php');
+$ini = read_config();
+
+$htpasswd = new htpasswd ( $ini ['secure_path'] . ".htpasswd" );
+
+if (isset ( $_POST['user'] )) {
+	$user = $_POST['user'];
+	if ($htpasswd->user_delete($user)) {
+		echo "success";
+	} else {
+		echo "error";
+	}
+	
+} else {
+	echo "error";
+}
+?>

sites/html/htadmin/includes/.htaccess

@@ -0,0 +1,3 @@
+ Options None
+ Order deny,allow
+ Deny from all

sites/html/htadmin/includes/checklogin.php

@@ -0,0 +1,8 @@
+<?php
+session_start();
+include_once("tools/util.php");
+if (!check_login()) {
+	header('LOCATION:login.php');
+	die();
+}
+?>

sites/html/htadmin/includes/footer.php

@@ -0,0 +1,2 @@
+</body>
+</html>

sites/html/htadmin/includes/head.php

@@ -0,0 +1,18 @@
+<html>
+<head>
+<!-- Latest compiled and minified CSS -->
+<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">
+
+<!-- Optional theme -->
+<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css" integrity="sha384-fLW2N01lMqjakBkx3l/M9EahuwpSfeNvV63J5ezn3uZzapT0u7EYsXMjQV+0En5r" crossorigin="anonymous">
+
+<!-- Latest compiled and minified JavaScript -->
+<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js" integrity="sha384-0mSbJDEHialfmuBBQP6A4Qrprq5OVfW37PRR3j5ELqxss1yVqOtnepnHVP9aJ7xS" crossorigin="anonymous"></script>
+<script src="script/jquery-1.12.0.min.js"></script>
+<script src="script/script.js"></script>
+<link rel="stylesheet" href="styles/style.css">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>Password Generator</title>
+</head>
+<body>
+

sites/html/htadmin/includes/nav.php

@@ -0,0 +1,47 @@
+<?php
+if (check_login ()) {
+	?>
+<nav class="navbar navbar-default">
+	<div class="container">
+		<div class="navbar-header">
+			<ul class="nav navbar-nav navbar-left">
+				<a class="navbar-brand" href="index.php"><span
+					class="glyphicon glyphicon-home">&nbsp;</span>
+				<?php
+	echo $ini['app_title'];
+	?>
+				</a>
+				<li><a href="adminpwd.php">Admin password</a></li>
+				<li><a href="logout.php">Logout</a></li>
+				<li><a href="selfservice.php">Change my password</a></li>
+			</ul>
+		</div>
+	</div>
+</nav>
+<?php
+} else {
+	?>
+<nav class="navbar navbar-default">
+	<div class="container">
+		<div class="navbar-header">
+
+			<ul class="nav navbar-nav navbar-left">
+				<a class="navbar-brand" href="index.php"><span
+					class="glyphicon glyphicon-home">&nbsp;</span>
+				<?php
+	echo $ini['app_title'];
+	?>
+				</a>
+				<li><a href="login.php">Login</a></li>
+				<li><a href="login.php">Change my password</a></li>
+			</ul>
+		</div>
+	</div>
+</nav>
+<?php
+}
+
+?>
+
+
+

sites/html/htadmin/index.php

@@ -0,0 +1,94 @@
+<?php
+include_once ('includes/checklogin.php');
+include_once ('includes/head.php');
+include_once ('tools/htpasswd.php');
+include_once ('tools/util.php');
+$ini = read_config ();
+include_once ('includes/nav.php');
+
+$htpasswd = new htpasswd ( $ini ['secure_path'] . ".htpasswd" ); // path to your .htpasswd file
+
+?>
+
+<div class="container box">
+	<div class="row">
+		<div class="col-xs-12">
+<?php
+
+echo "<h2>" . $ini ['app_title'] . "</h2>";
+
+if (isset ( $_POST ['user'] )) {
+	$username = $_POST ['user'];
+	$passwd = $_POST ['pwd'];
+
+	if (!check_username($username) || !check_password_quality($passwd)) {
+		?>
+			<div class="alert alert-danger">
+			<?php
+		echo "<p>User <em>" . htmlspecialchars ( $username ) . "</em> is invalid!.</p>";
+	} else {
+		?>
+			<div class="alert alert-info">
+			<?php
+		if (! $htpasswd->user_exists ( $username )) {
+			$htpasswd->user_add ( $username, $passwd );
+			echo "<p>User <em>" . htmlspecialchars ( $username ) . "</em> created.</p>";
+		} else {
+			$htpasswd->user_update ( $username, $passwd );
+			echo "<p>User <em>" . htmlspecialchars ( $username ) . "</em> changed.</p>";
+		}
+	}
+	
+
+	?>
+		</div>
+    <?php
+}
+?>
+<div class="result alert alert-info" style="display: none;"></div>
+
+		</div>
+	</div>
+	<div class=row>
+		<div class="col-xs-12 col-md-4">
+			<h3>Create or change user and password:</h3>
+			<form class="navbar-form navbar-left" action="index.php"
+				method="post">
+				<div class="form-group">
+
+					<input type="text" class="userfield form-control"
+						placeholder="Username" name="user">
+					</p>
+					<p>
+						<input class="passwordfield form-control" type="password"
+							name="pwd" placeholder="Password" />
+					</p>
+					<button type="submit" class="btn btn-default">Submit</button>
+				</div>
+			</form>
+
+		</div>
+
+		<div class="col-xs-12 col-md-6">
+			<h3>Users found:</h3>
+			<ul class="list-group">
+			<?php
+			$users = $htpasswd->get_users ();
+			foreach ( $users as $user ) {
+				echo "<li class='list-group-item list-item-with-button id-" . htmlspecialchars ( $user ) . "' onclick=\"setUserField('" . $user . "');\">" . htmlspecialchars ( $user ) . "<a class='btn btn-danger btn-list-item pull-right' " . "onclick=\"deleteUser('" . $user . "');\"" . "href='#' >Delete</a>" . "</li>\n";
+			}
+			?>
+			</ul>
+		</div>
+	</div>
+	<div class=row>
+	<br/><br/>
+		<div class="col-xs-12 col-md-10 well">
+			<p>Create new users for the htpasswd file here. A user can change his/her password with this <a href="selfservice.php">self service link.</a><br/>
+			You can fill the username in the form if you add the url parameter user=&lt;username&gt;</p>
+		</div>
+	</div>
+</div>
+<?php
+include_once ('includes/footer.php');
+?>

sites/html/htadmin/login.php

@@ -0,0 +1,68 @@
+<?php
+session_start();
+include_once ('tools/util.php');
+include_once ('tools/htpasswd.php');
+$ini = read_config();
+
+if (isset ( $_POST ['user'] ) && isset ( $_POST ['password'] )) {
+	$username = $_POST ['user'];
+	$password = $_POST ['password'];
+
+
+	if ($username == $ini['admin_user'] && htpasswd::check_password_hash($password,$ini['admin_pwd_hash'])) {
+		$_SESSION ['login'] = true;
+		header ( 'LOCATION:index.php' );
+		die ();
+	}
+
+	$error = 'Invalid user or password!';
+
+} 
+
+
+include_once ('includes/head.php');
+include_once ('includes/nav.php');
+
+
+?>
+
+<div class="container box">
+	<div class="row">
+		<div class="col-xs-12">
+			<h2>Please Login:</h2>
+<?php
+
+
+if (isset ( $error )) {
+	
+	?>
+<div class="alert alert-danger">
+	<?php
+	echo "<p>" . $error . "</p>";
+	?>
+		</div>
+<?php
+}
+?>
+
+<form class="navbar-form navbar-left" action="login.php" method="post">
+	<div class="form-group">
+		<p>Login:</p>
+		<input type="text" class="form-control" placeholder="Username"
+			name="user">
+		</p>
+		<p>
+			<input class="form-control" type="password" name="password"
+				placeholder="Password" />
+		</p>
+		<button type="submit" class="btn btn-default">Login</button>
+	</div>
+
+</form>
+
+</div>
+</div>
+</div>
+<?php
+include_once ('includes/footer.php');
+?>

sites/html/htadmin/logout.php

@@ -0,0 +1,24 @@
+<?php
+session_start();
+include_once ('includes/head.php');
+include_once('tools/util.php');
+$ini = read_config();
+$_SESSION ['login'] = false;
+include_once ('includes/nav.php');
+?>
+
+<div class="container box">
+	<div class="row">
+		<div class="col-xs-12">
+			<h2>Logout</h2>
+<div class="alert alert-info">
+	<p>Logout successful.</p>
+		</div>
+
+
+</div>
+</div>
+</div>
+<?php
+include_once ('includes/footer.php');
+?>

sites/html/htadmin/script/script.js

@@ -0,0 +1,21 @@
+function deleteUser(user){
+	if (confirm('Are you sure?')) {
+		var posting = $.post("delete.php", { user: user}, function(data) {
+			$( ".result" ).html( data );
+			if (data=="success") {
+				$( ".result" ).html("<p>User <em>"+user+"</em> deleted.</p>");
+				$(".result").show( "fast" );
+				$('.id-' + user).remove();
+
+			} else {
+				$( ".result" ).html("<p>An error occured.</p>");
+			}
+			
+		} );			
+	}     
+ }
+
+function setUserField(user) {
+	$(".userfield").val(user);
+	$(".passwordfield").focus();
+}

sites/html/htadmin/selfservice.php

@@ -0,0 +1,80 @@
+<?php
+include_once ('includes/head.php');
+include_once ('tools/htpasswd.php');
+include_once ('tools/util.php');
+$ini = read_config ();
+include_once ('includes/nav.php');
+
+$htpasswd = new htpasswd ( $ini ['secure_path'] . ".htpasswd" );
+
+?>
+
+<div class="container box">
+	<div class="row">
+		<div class="col-xs-12">
+		<h2>Change your password here:</h2>
+<?php
+$equal = true;
+$success = false;
+if (isset ( $_POST ['user'] ) && isset ( $_POST ['oldpwd'] ) && isset ( $_POST ['newpwd'] ) && isset ( $_POST ['newpwd2'] )) {
+	$username = $_POST ['user'];
+	$old = $_POST ['oldpwd'];
+	$new = $_POST ['newpwd'];
+	$new2 = $_POST ['newpwd2'];
+	
+	if ($new == $new2 && $htpasswd->user_check ( $username, $old )) {
+		$htpasswd->user_update ( $username, $new );
+		?>
+			<div class="alert alert-info">Password changed successfully.</div>
+		<?php
+	} else {
+		?>
+				<div class="alert alert-danger">Could not change password.</div>
+				<?php
+	}
+}
+
+?>
+<div class="result alert alert-info" style="display: none;"></div>
+
+		</div>
+	</div>
+	<div class=row>
+		<div class="col-xs-12 col-md-4">
+			<form class="navbar-form navbar-left" action="selfservice.php"
+				method="post">
+				<div class="form-group">
+
+					<input type="text" class="userfield form-control"
+						placeholder="Username" name="user" <?php if (isset($_GET['user'])) echo "value=".htmlspecialchars($_GET['user']);?>>
+					</p>
+					<p>
+						<input class="passwordfield form-control" type="password"
+							name="oldpwd" placeholder="Old Password" <?php if (isset($_GET['user'])) echo "autofocus" ?>/>
+					</p>
+					<p>
+						<input class="passwordfield form-control" type="password"
+							name="newpwd" placeholder="New Password" />
+					</p>
+					<p>
+						<input class="passwordfield form-control" type="password"
+							name="newpwd2" placeholder="Repeat new Password" />
+					</p>
+					<button type="submit" class="btn btn-default">Change</button>
+				</div>
+			</form>
+
+		</div>
+
+
+	</div>
+		<div class=row>
+	<br/><br/>
+		<div class="col-xs-12 col-md-10 well">
+			<p>Note: You can't change the admin password here. This is only for user passwords.</p>
+		</div>
+	</div>
+</div>
+<?php
+include_once ('includes/footer.php');
+?>

sites/html/htadmin/styles/style.css

@@ -0,0 +1,11 @@
+.box {
+        padding: 1em;
+}
+
+.list-item-with-button {
+	padding: 15px 15px;
+}
+
+.btn-list-item {
+	margin-top: -7px;
+}

sites/html/htadmin/tools/.htaccess

@@ -0,0 +1,3 @@
+ Options None
+ Order deny,allow
+ Deny from all

sites/html/htadmin/tools/htpasswd.php

@@ -0,0 +1,123 @@
+<?php
+
+/**
+ * htpasswd tools for Apache Basic Auth. 
+ * Uses crypt only!
+  *
+ */
+class htpasswd {
+	var $fp;
+	var $filename;
+	
+	const HTACCESS_CONTENT = "AuthType Basic\nAuthName \"Password Protected Area\"\nAuthUserFile XXX\nRequire valid-user";
+	
+	function htpasswd($filename) {
+		$basedir = realpath(dirname($filename));
+		$htaccessdir = $basedir . "/.htaccess";
+
+		if (!file_exists($filename)) {
+			@$this->fp = fopen ( $filename, 'w' );
+		} else {
+			@$this->fp = fopen ( $filename, 'r+' ) or die ( 'Invalid file name' );
+		}
+		
+		if (!file_exists($htaccessdir)) {
+			$bdfp = fopen($htaccessdir, 'w');
+			$htaccess_content = str_replace("XXX",realpath($filename),self::HTACCESS_CONTENT);
+			fwrite($bdfp,$htaccess_content);
+		}
+		
+		
+		$this->filename = $filename;
+	}
+	function user_exists($username) {
+		rewind ( $this->fp );
+		while ( ! feof ( $this->fp ) && trim ( $lusername = array_shift ( explode ( ":", $line = rtrim ( fgets ( $this->fp ) ) ) ) ) ) {
+			if ($lusername == $username)
+				return 1;
+		}
+		return 0;
+	}
+	
+	function get_users() {
+		rewind ( $this->fp );
+		$users = array();
+		$i = 0;
+		while ( ! feof ( $this->fp ) && trim ( $lusername = array_shift ( explode ( ":", $line = rtrim ( fgets ( $this->fp ) ) ) ) ) ) {
+			$users[$i] = $lusername;
+			$i++;
+		}
+		return $users;
+	}
+	
+	function user_add($username, $password) {		
+		if ($this->user_exists ( $username ))
+			return false;
+		fseek ( $this->fp, 0, SEEK_END );
+		fwrite ( $this->fp, $username . ':' . self::htcrypt($password) . "\n" );
+		return true;
+	}
+	
+	/**
+	 * Login check
+	 * first 2 characters of hash is the salt.
+	 * @param user $username
+	 * @param pass $password
+	 * @return boolean true if password is correct!
+	 */
+	function user_check($username, $password) {
+		rewind ( $this->fp );
+		while ( ! feof ( $this->fp ) && $userpass = explode ( ":", $line = rtrim ( fgets ( $this->fp ) ) ) ) {
+			$lusername = trim($userpass[0]);
+			$hash = $userpass[1];
+
+			if ($lusername == $username) {
+				return (self::check_password_hash($password, $hash));
+			}
+		}
+		return false;
+	}
+	
+	static function check_password_hash($password, $hash) {
+		$salt = substr($hash,0,2);
+		if (crypt($password,$salt)==$hash) {
+			return true;
+		} else {
+			return false;
+		}
+	}
+	
+	static function htcrypt($password) {
+		return crypt ( $password, substr ( str_replace ( '+', '.', base64_encode ( pack ( 'N4', mt_rand (), mt_rand (), mt_rand (), mt_rand () ) ) ), 0, 22 ) );
+	}
+	
+	
+	function user_delete($username) {
+		$data = '';
+		rewind ( $this->fp );
+		while ( ! feof ( $this->fp ) && trim ( $lusername = array_shift ( explode ( ":", $line = rtrim ( fgets ( $this->fp ) ) ) ) ) ) {
+			if (! trim ( $line ))
+				break;
+			if ($lusername != $username)
+				$data .= $line . "\n";
+		}
+		$this->fp = fopen ( $this->filename, 'w' );
+		fwrite ( $this->fp, rtrim ( $data ) . (trim ( $data ) ? "\n" : '') );
+		fclose ( $this->fp );
+		$this->fp = fopen ( $this->filename, 'r+' );
+		return true;
+	}
+	
+	function user_update($username, $password) {
+		rewind ( $this->fp );
+		while ( ! feof ( $this->fp ) && trim ( $lusername = array_shift ( explode ( ":", $line = rtrim ( fgets ( $this->fp ) ) ) ) ) ) {
+			if ($lusername == $username) {
+				fseek ( $this->fp, (- 15 - strlen ( $username )), SEEK_CUR );
+				fwrite ( $this->fp, $username . ':' . self::htcrypt($password) . "\n" );
+				return true;
+			}
+		}
+		return false;
+	}
+}
+?>

sites/html/htadmin/tools/util.php

@@ -0,0 +1,28 @@
+<?php
+function check_login() {
+	if (isset($_SESSION['login']) && $_SESSION ['login'] === true) {
+		return true;
+	}
+	return false;
+}
+
+function read_config() {
+	return parse_ini_file('config/config.ini');
+}
+
+function check_password_quality($pwd) {
+	if (!isset($pwd)||strlen($pwd)<4) {
+		return false;
+	}
+	return true;
+}
+
+function check_username($username) {
+	if (!isset($username)||strlen($username)>20 || strlen($username)<3) {
+		return false;
+	}
+	return preg_match('/^[a-zA-Z0-9@\.]+$/', $username);
+
+}
+
+?>

sites/html/test/.htaccess

@@ -0,0 +1,4 @@
+AuthType Basic
+AuthName "Password Protected Area"
+AuthUserFile /var/www/html/test/.htpasswd
+Require valid-user

sites/html/test/.htpasswd

@@ -0,0 +1,2 @@
+test:YBKUDV6fZ9/yE
+superuser:WXVCezoX2Ccg.

sites/html/test/index.html

@@ -0,0 +1 @@
+Secured content.