tdack/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Quick and dirty .htpasswd admin page for Apache 2.4 or greater.
This uses the newer authentication providers in Apache 2.4 to secure access to the page.
Add the vhost.conf snippet to your  directive or server config.
Your .htpasswd file will need write permissions for the group or user that Apache is running as so it can be updated.
There's not many safety checks here, so be careful.

  
## ht-admin.php
<?php
    // -- Read the file into a variable
    $filename = '/path/to/.htpasswd';
    $fp = fopen( $filename, 'r' );
    $file_contents = fread( $fp, filesize( $filename ) );
    fclose( $fp );

    // -- Get the users and their passwords in a nice array
   $lines = explode("\n",$file_contents);
   foreach($lines as $line)
   {
        $bits = explode(":",trim($line));
        // make sure we don't have any blank users
        if ($bits[0] != '') {
	        $users[$bits[0]] = trim($bits[1]);
		}
    }

    if (isset($_GET['action']))
	{
		$action = $_GET['action'];
		if ($action == 'add' || $action == 'delete')
		{
			$username = $_GET['username'];
			// -- See if a user exists
			if (isset($users[$username]))
			{
				switch ($action) {
					case "add":
						$users[$username] = crypt($_GET['paswd']);
						break;
					case "delete":
						unset($users[$username]);
						break;
				}
			} elseif ($action == 'add') {
				// TODO: make sure $username is acutally safe to put into .htpasswd file
				$users[$username] = crypt($_GET['paswd']);
			}
			// -- Write back the new details
			$newfile = '';
			foreach($users as $username => $password)
			{
				$newfile .= $username.":".$password."\n";
			}
			$fp = fopen($filename,'w');
			fwrite($fp,$newfile);
			fclose($fp);
			header('Location: http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']);
		}
	}
?>
<html>
<head>
	<title>htpasswd Admin</title>
	<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script>
	<script type="text/javascript">
		$(document).ready(function() {
			$('#add').click(function() {
				window.location.href = '?action=add&username=' + $('#user').val() + '&paswd=' + $('#paswd').val();
				});
			});
	</script>
</head>
<body>
	<div style="text-align:center">
		<h1>Users</h1>
	</div>
	<hr />
	<table style="margin-left: 20%; margin-right:20%; width: 60%">
		<tr>
			<th>Username</th>
			<th>Action</th>
		</tr>
<?php
	foreach ($users as $username => $password)
	{
		if (trim($username))
		{
?>
		<tr>
			<td style="width: 75%">
<?php
			echo '				' . $username . "\n";
?>
			</td>
			<td style="text-align: center">
				<button onclick="window.location.href='?action=delete&username=<?php echo $username; ?>'">Delete</button>
			</td>
		</tr>
<?php
		}
	}
?>
		<tr>
			<td>
				Username: <input type="text" id="user" name="user" size="10" />
				Password: <input type="password" id="paswd" name="paswd" size="10" />
			</td>
			<td style="text-align: center">
				<button id="add" name="add">Add</button>
			</td>
		</tr>
	</table>
	<hr />
	<h2>Instructions</h2>
	<p>To add a new user enter the username and password then click 'Add'.<br /><br />
	To change a users password enter the existing username and then their new password
	then click 'Add'<br /><br />
	To delete a user simply click the 'Delete' button beside the username that you wish
	to remove.<br /><br />
	Note: If you delete all the user names you won't be able to access this page and will
	have to manually update the password file from the command line using the htpasswd
	utility.
	</p>
</body>
</html>

## login.html
<html>
  <head>
    <title>htpasswd Admin</title>
  </head>
  <body>
    <div style="text-align: center" markdown="1">
    Login
    <form method="post" action="">
	    <table>
	      <tr><td>User:</td><td> <input type="text" name="httpd_username" value="" /></td></tr>
	      <tr><td>Password:</td><td> <input type="password" name="httpd_password" value="" /></td></tr>
	    </table>
	    <br />
	    <input type="submit" name="login" value=" Login " />
    </form>
    </div>
  </body>
</html>

## vhost.conf
   <LocationMatch "ht-admin.php">

    	AuthFormProvider   file
      AuthType           form
      AuthName           "htpasswd Admin!"

    	Session On
    	SessionCookieName session path=/

   	# This is the login page
    	ErrorDocument 401 /login.html

    	# This is the file containing users login data
    	AuthUserFile /path/to.htpasswd
    	Require valid-user

   </LocationMatch>
	<?php
	// -- Read the file into a variable
	$filename = '/path/to/.htpasswd';
	$fp = fopen( $filename, 'r' );
	$file_contents = fread( $fp, filesize( $filename ) );
	fclose( $fp );

	// -- Get the users and their passwords in a nice array
	$lines = explode("\n",$file_contents);
	foreach($lines as $line)
	{
	$bits = explode(":",trim($line));
	// make sure we don't have any blank users
	if ($bits[0] != '') {
	$users[$bits[0]] = trim($bits[1]);
	}
	}

	if (isset($_GET['action']))
	{
	$action = $_GET['action'];
	if ($action == 'add' \|\| $action == 'delete')
	{
	$username = $_GET['username'];
	// -- See if a user exists
	if (isset($users[$username]))
	{
	switch ($action) {
	case "add":
	$users[$username] = crypt($_GET['paswd']);
	break;
	case "delete":
	unset($users[$username]);
	break;
	}
	} elseif ($action == 'add') {
	// TODO: make sure $username is acutally safe to put into .htpasswd file
	$users[$username] = crypt($_GET['paswd']);
	}
	// -- Write back the new details
	$newfile = '';
	foreach($users as $username => $password)
	{
	$newfile .= $username.":".$password."\n";
	}
	$fp = fopen($filename,'w');
	fwrite($fp,$newfile);
	fclose($fp);
	header('Location: http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']);
	}
	}
	?>
	<html>
	<head>
	<title>htpasswd Admin</title>
	<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script>
	<script type="text/javascript">
	$(document).ready(function() {
	$('#add').click(function() {
	window.location.href = '?action=add&username=' + $('#user').val() + '&paswd=' + $('#paswd').val();
	});
	});
	</script>
	</head>
	<body>
	<div style="text-align:center">
	<h1>Users</h1>
	</div>
	<hr />
	<table style="margin-left: 20%; margin-right:20%; width: 60%">
	<tr>
	<th>Username</th>
	<th>Action</th>
	</tr>
	<?php
	foreach ($users as $username => $password)
	{
	if (trim($username))
	{
	?>
	<tr>
	<td style="width: 75%">
	<?php
	echo ' ' . $username . "\n";
	?>
	</td>
	<td style="text-align: center">
	<button onclick="window.location.href='?action=delete&username=<?php echo $username; ?>'">Delete</button>
	</td>
	</tr>
	<?php
	}
	}
	?>
	<tr>
	<td>
	Username: <input type="text" id="user" name="user" size="10" />
	Password: <input type="password" id="paswd" name="paswd" size="10" />
	</td>
	<td style="text-align: center">
	<button id="add" name="add">Add</button>
	</td>
	</tr>
	</table>
	<hr />
	<h2>Instructions</h2>
	<p>To add a new user enter the username and password then click 'Add'.<br /><br />
	To change a users password enter the existing username and then their new password
	then click 'Add'<br /><br />
	To delete a user simply click the 'Delete' button beside the username that you wish
	to remove.<br /><br />
	Note: If you delete all the user names you won't be able to access this page and will
	have to manually update the password file from the command line using the htpasswd
	utility.
	</p>
	</body>
	</html>
	<LocationMatch "ht-admin.php">

	AuthFormProvider file
	AuthType form
	AuthName "htpasswd Admin!"

	Session On
	SessionCookieName session path=/

	# This is the login page
	ErrorDocument 401 /login.html

	# This is the file containing users login data
	AuthUserFile /path/to.htpasswd
	Require valid-user

	</LocationMatch>