htpasswd.php 3.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123
  1. <?php
  2. /**
  3. * htpasswd tools for Apache Basic Auth.
  4. * Uses crypt only!
  5. *
  6. */
  7. class htpasswd {
  8. var $fp;
  9. var $filename;
  10. const HTACCESS_CONTENT = "AuthType Basic\nAuthName \"Password Protected Area\"\nAuthUserFile XXX\nRequire valid-user";
  11. function htpasswd($filename) {
  12. $basedir = realpath(dirname($filename));
  13. $htaccessdir = $basedir . "/.htaccess";
  14. if (!file_exists($filename)) {
  15. @$this->fp = fopen ( $filename, 'w' );
  16. } else {
  17. @$this->fp = fopen ( $filename, 'r+' ) or die ( 'Invalid file name' );
  18. }
  19. if (!file_exists($htaccessdir)) {
  20. $bdfp = fopen($htaccessdir, 'w');
  21. $htaccess_content = str_replace("XXX",realpath($filename),self::HTACCESS_CONTENT);
  22. fwrite($bdfp,$htaccess_content);
  23. }
  24. $this->filename = $filename;
  25. }
  26. function user_exists($username) {
  27. rewind ( $this->fp );
  28. while ( ! feof ( $this->fp ) && trim ( $lusername = array_shift ( explode ( ":", $line = rtrim ( fgets ( $this->fp ) ) ) ) ) ) {
  29. if ($lusername == $username)
  30. return 1;
  31. }
  32. return 0;
  33. }
  34. function get_users() {
  35. rewind ( $this->fp );
  36. $users = array();
  37. $i = 0;
  38. while ( ! feof ( $this->fp ) && trim ( $lusername = array_shift ( explode ( ":", $line = rtrim ( fgets ( $this->fp ) ) ) ) ) ) {
  39. $users[$i] = $lusername;
  40. $i++;
  41. }
  42. return $users;
  43. }
  44. function user_add($username, $password) {
  45. if ($this->user_exists ( $username ))
  46. return false;
  47. fseek ( $this->fp, 0, SEEK_END );
  48. fwrite ( $this->fp, $username . ':' . self::htcrypt($password) . "\n" );
  49. return true;
  50. }
  51. /**
  52. * Login check
  53. * first 2 characters of hash is the salt.
  54. * @param user $username
  55. * @param pass $password
  56. * @return boolean true if password is correct!
  57. */
  58. function user_check($username, $password) {
  59. rewind ( $this->fp );
  60. while ( ! feof ( $this->fp ) && $userpass = explode ( ":", $line = rtrim ( fgets ( $this->fp ) ) ) ) {
  61. $lusername = trim($userpass[0]);
  62. $hash = $userpass[1];
  63. if ($lusername == $username) {
  64. return (self::check_password_hash($password, $hash));
  65. }
  66. }
  67. return false;
  68. }
  69. static function check_password_hash($password, $hash) {
  70. $salt = substr($hash,0,2);
  71. if (crypt($password,$salt)==$hash) {
  72. return true;
  73. } else {
  74. return false;
  75. }
  76. }
  77. static function htcrypt($password) {
  78. return crypt ( $password, substr ( str_replace ( '+', '.', base64_encode ( pack ( 'N4', mt_rand (), mt_rand (), mt_rand (), mt_rand () ) ) ), 0, 22 ) );
  79. }
  80. function user_delete($username) {
  81. $data = '';
  82. rewind ( $this->fp );
  83. while ( ! feof ( $this->fp ) && trim ( $lusername = array_shift ( explode ( ":", $line = rtrim ( fgets ( $this->fp ) ) ) ) ) ) {
  84. if (! trim ( $line ))
  85. break;
  86. if ($lusername != $username)
  87. $data .= $line . "\n";
  88. }
  89. $this->fp = fopen ( $this->filename, 'w' );
  90. fwrite ( $this->fp, rtrim ( $data ) . (trim ( $data ) ? "\n" : '') );
  91. fclose ( $this->fp );
  92. $this->fp = fopen ( $this->filename, 'r+' );
  93. return true;
  94. }
  95. function user_update($username, $password) {
  96. rewind ( $this->fp );
  97. while ( ! feof ( $this->fp ) && trim ( $lusername = array_shift ( explode ( ":", $line = rtrim ( fgets ( $this->fp ) ) ) ) ) ) {
  98. if ($lusername == $username) {
  99. fseek ( $this->fp, (- 15 - strlen ( $username )), SEEK_CUR );
  100. fwrite ( $this->fp, $username . ':' . self::htcrypt($password) . "\n" );
  101. return true;
  102. }
  103. }
  104. return false;
  105. }
  106. }
  107. ?>