Home Explore Help
Sign In
Flo
/
HTAdmin
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 6a9a41d21a
Branches Tags
HTAdmin
/
sites
/
html
/
htadmin
/
tools
/
htpasswd.php

htpasswd.php 4.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167 
  1. <?php
    2. 

  2. include_once("model/meta_model.php");
    3. 

  3. /**
    4. 

  4.  * htpasswd tools for Apache Basic Auth. 
    5. 

  5.  * Uses crypt only!
    6. 

  6.  *
    7. 

  7.  */
    8. 

  8. class htpasswd {
    9. 

  9. 	var $fp;
    10. 

  10. 	var $metafp;
    11. 

  11. 	var $filename;
    12. 

  12. 	var $metafilename;
    13. 

  13. 	var $use_metadata;
    14. 

  14. 

  15. 	/* All ht-files. These files are stored within the secured folder. */
    16. 

  16. 	const HTPASSWD_NAME = ".htpasswd";
    17. 

  17. 	const HTACCESS_NAME = ".htaccess";
    18. 

  18. 	const HTMETA_NAME	= ".htmeta";
    19. 

  19. 	
    20. 

  20. 	function htpasswd($configpath, $use_metadata = false) {
    21. 

  21. 		$path = realpath($configpath);
    22. 

  22. 		$htaccessfile = $path . "/" . self::HTACCESS_NAME;
    23. 

  23. 		$htpasswdfile = $path . "/" . self::HTPASSWD_NAME;
    24. 

  24. 		@$this->use_metadata = $use_metadata;
    25. 

  25. 		
    26. 

  26. 		if (!file_exists($htaccessfile)) {
    27. 

  27. 			$bdfp = fopen($htaccessfile, 'w');
    28. 

  28. 			$htaccess_content = "AuthType Basic\nAuthName \"Password Protected Area\"\nAuthUserFile \"" . $htpasswdfile . 
    29. 

  29. 			"\"\nRequire valid-user" .
    30. 

  30. 			"<Files .ht*>\nOrder deny,allow\nDeny from all\n</Files>";
    31. 

  31. 			fwrite($bdfp,$htaccess_content);
    32. 

  32. 		}
    33. 

  33. 		
    34. 

  34. 		@$this->fp = @$this::open_or_create($htpasswdfile);
    35. 

  35. 		
    36. 

  36. 		if ($use_metadata) {
    37. 

  37. 			$htmetafile = $path . "/" . self::HTMETA_NAME;
    38. 

  38. 			@$this->metafp = @$this::open_or_create($htmetafile);				
    39. 

  39. 		}
    40. 

  40. 

  41. 		$this->filename 	= $htpasswdfile;
    42. 

  42. 		$this->metafilename = $htmetafile;
    43. 

  43. 	}
    44. 

  44. 	
    45. 

  45. 	function open_or_create($filename) {
    46. 

  46. 		if (!file_exists($filename)) {
    47. 

  47. 			return fopen ( $filename, 'w+' );
    48. 

  48. 		} else {
    49. 

  49. 			return fopen ( $filename, 'r+' );
    50. 

  50. 		}
    51. 

  51. 	}
    52. 

  52. 	
    53. 

  53. 	function user_exists($username) {
    54. 

  54. 		rewind ( $this->fp );
    55. 

  55. 		while ( ! feof ( $this->fp ) && trim ( $lusername = array_shift ( explode ( ":", $line = rtrim ( fgets ( $this->fp ) ) ) ) ) ) {
    56. 

  56. 			if ($lusername == $username)
    57. 

  57. 				return true;
    58. 

  58. 		}
    59. 

  59. 		return false;
    60. 

  60. 	}
    61. 

  61. 	
    62. 

  62. 	function get_metadata() {
    63. 

  63. 		rewind ( $this->metafp );
    64. 

  64. 		$meta_model_map = array();
    65. 

  65. 		$metaarr = array();
    66. 

  66. 		while ( ! feof ( $this->metafp ) && $line = rtrim ( fgets ( $this->metafp ) ) ) {
    67. 

  67. 				$metaarr = explode(":", $line);
    68. 

  68. 				$model = new meta_model();
    69. 

  69. 				$model->user = $metaarr[0];
    70. 

  70. 				$model->email = $metaarr[1];
    71. 

  71. 				$model->name = $metaarr[2];
    72. 

  72. 				$meta_model_map[$model->user] = $model;
    73. 

  73. 		}
    74. 

  74. 		return $meta_model_map;
    75. 

  75. 	}
    76. 

  76. 	
    77. 

  77. 	function get_users() {
    78. 

  78. 		rewind ( $this->fp );
    79. 

  79. 		$users = array();
    80. 

  80. 		$i = 0;
    81. 

  81. 		while ( ! feof ( $this->fp ) && trim ( $lusername = array_shift ( explode ( ":", $line = rtrim ( fgets ( $this->fp ) ) ) ) ) ) {
    82. 

  82. 			$users[$i] = $lusername;
    83. 

  83. 			$i++;
    84. 

  84. 		}
    85. 

  85. 		return $users;
    86. 

  86. 	}
    87. 

  87. 	
    88. 

  88. 	function user_add($username, $password) {		
    89. 

  89. 		if ($this->user_exists ( $username ))
    90. 

  90. 			return false;
    91. 

  91. 		fseek ( $this->fp, 0, SEEK_END );
    92. 

  92. 		fwrite ( $this->fp, $username . ':' . self::htcrypt($password) . "\n" );
    93. 

  93. 		return true;
    94. 

  94. 	}
    95. 

  95. 	
    96. 

  96. 	/**
    97. 

  97. 	 * Login check
    98. 

  98. 	 * first 2 characters of hash is the salt.
    99. 

  99. 	 * @param user $username
    100. 

  100. 	 * @param pass $password
    101. 

  101. 	 * @return boolean true if password is correct!
    102. 

  102. 	 */
    103. 

  103. 	function user_check($username, $password) {
    104. 

  104. 		rewind ( $this->fp );
    105. 

  105. 		while ( ! feof ( $this->fp ) && $userpass = explode ( ":", $line = rtrim ( fgets ( $this->fp ) ) ) ) {
    106. 

  106. 			$lusername = trim($userpass[0]);
    107. 

  107. 			$hash = $userpass[1];
    108. 

  108. 

  109. 			if ($lusername == $username) {
    110. 

  110. 				return (self::check_password_hash($password, $hash));
    111. 

  111. 			}
    112. 

  112. 		}
    113. 

  113. 		return false;
    114. 

  114. 	}
    115. 

  115. 	
    116. 

  116. 	static function check_password_hash($password, $hash) {
    117. 

  117. 		$salt = substr($hash,0,2);
    118. 

  118. 		if (crypt($password,$salt)==$hash) {
    119. 

  119. 			return true;
    120. 

  120. 		} else {
    121. 

  121. 			return false;
    122. 

  122. 		}
    123. 

  123. 	}
    124. 

  124. 	
    125. 

  125. 	static function htcrypt($password) {
    126. 

  126. 		return crypt ( $password, substr ( str_replace ( '+', '.', base64_encode ( pack ( 'N4', mt_rand (), mt_rand (), mt_rand (), mt_rand () ) ) ), 0, 22 ) );
    127. 

  127. 	}
    128. 

  128. 	
    129. 

  129. 	
    130. 

  130. 	function user_delete($username) {
    131. 

  131. 		return self::delete(@$this->fp, $username, @$this->filename);
    132. 

  132. 	}
    133. 

  133. 	
    134. 

  134. 	function meta_delete($username) {
    135. 

  135. 		return self::delete(@$this->metafp, $username, @$this->metafilename);
    136. 

  136. 	}
    137. 

  137. 	
    138. 

  138. 	static function delete($fp, $username, $filename) {
    139. 

  139. 		$data = '';
    140. 

  140. 		rewind ( $fp );
    141. 

  141. 		while ( ! feof ( $fp ) && trim ( $lusername = array_shift ( explode ( ":", $line = rtrim ( fgets ( $fp ) ) ) ) ) ) {
    142. 

  142. 			if (! trim ( $line ))
    143. 

  143. 				break;
    144. 

  144. 				if ($lusername != $username)
    145. 

  145. 					$data .= $line . "\n";
    146. 

  146. 		}
    147. 

  147. 		$fp = fopen ( $filename, 'w' );
    148. 

  148. 		fwrite ( $fp, rtrim ( $data ) . (trim ( $data ) ? "\n" : '') );
    149. 

  149. 		fclose ( $fp );
    150. 

  150. 		$fp = fopen ( $filename, 'r+' );
    151. 

  151. 		return true;
    152. 

  152. 	}
    153. 

  153. 	
    154. 

  154. 	
    155. 

  155. 	function user_update($username, $password) {
    156. 

  156. 		rewind ( $this->fp );
    157. 

  157. 		while ( ! feof ( $this->fp ) && trim ( $lusername = array_shift ( explode ( ":", $line = rtrim ( fgets ( $this->fp ) ) ) ) ) ) {
    158. 

  158. 			if ($lusername == $username) {
    159. 

  159. 				fseek ( $this->fp, (- 15 - strlen ( $username )), SEEK_CUR );
    160. 

  160. 				fwrite ( $this->fp, $username . ':' . self::htcrypt($password) . "\n" );
    161. 

  161. 				return true;
    162. 

  162. 			}
    163. 

  163. 		}
    164. 

  164. 		return false;
    165. 

  165. 	}
    166. 

  166. }
    167. 

  167. ?>
    168.