Giving a user access to a password protected folder

asgsoft · 10-13-2006, 11:49 AM

Is it possible for me to give access to a password protected directory to a certain member and setup their account automatically?

If so how?

I tried but can't find anything.

Thank you

**-Ray-** · 10-16-2006, 09:46 AM

use the .htaccess file... then write a script to automatically edit it

asgsoft · 10-16-2006, 10:14 AM

how do i edit it? I know how to write to it but what do I write?

maximum · 10-19-2006, 02:18 PM

This isn't truelly, in iteslf "automatically", as you put it. But, you said you know how to write to the .htpasswd file (and this script assumes you would be doing so with PHP

). This shows a form to be filled-out (request for username and password), and auto-adds it to .htpasswd file after it encrypts the password (.htaccess usernames are not encrypted, only passwords are). You can alter it to get the variables passed by means other than the form, should you need to do so. This script only adds new entries, and does not let you alter current ones. If you need that added functionality, just let me know

".htaccess" file:

Code:

AuthUserFile /path/to/your/hidden/password/files/.htpasswd
AuthName "Private Directory"
AuthType Basic
require valid-user

CreateUser.php:

PHP Code:

  <?

????: NamePros.com http://www.namepros.com/code/246963-giving-user-access-password-protected-folder.html
$UserName = $_POST['user'];

$ClearPassword = $_POST['pass'];

if($UserName != "" && $ClearPassword != "") {

$EncryptedPassword = crypt($ClearPassword, base64_encode($ClearPassword));

$PasswordFile = '/path/to/your/hidden/password/files/.htpasswd';

$Login = "$UserName:$EncryptedPassword\n";

$handle = fopen($PasswordFile, 'a');

fwrite($handle, $Login);

fclose($handle);

die("<b>Login added to<br><font color=red>".$PasswordFile."</font></b><br><br>UserName: <font color=red>".$UserName."</font><br>Password: <font color=red>".$ClearPassword."</font><br>Encrypted As: <font color=red>".$EncryptedPassword."</font><br><br>Add <a href=".$PHP_SELF.">another</a> user."); }

?>

<center><table>

<form action="<? $PHP_SELF; ?>" method="post">

<table>

<tr><td>UserName: </td><td><input type="text" name="user"></td></tr>

<tr><td>Password: </td><td><input type="text" name="pass"></td></tr>

<tr><td colspan=2 align=center><input type=submit value="Add User"></td></tr>

</form></table></center>

A few (just incase you didn't know) security tips:
1) Move your .htpasswd file to a sub-root folder (ie: one that is not directly web accessable).
-OR-
2) Rename your .htpasswd file to something other than ".htpasswd"...As long as you put the name correctly in the .htaccess file itself, it will read it. Name it something odd and hard to guess, and create an odd extention (example: ValidMembers.list - not very creative, think of your own...just an example

). Instead of your .htaccess having the obvious:
AuthUserFile /path/to/your/protected/area/.htpasswd
it would have:
AuthUserFile /path/to/your/protected/area/ValidMembers.list

Need any more help, or don't understand anything there...just give me a yell here or in PM

Disclaimer: I acknowledge that there are more effective and clean ways to do this. But, I am not trying to write the above code for commercial use. Those finding errors, please let me know. Those wishing to educate me on my PHP coding, are also gladly asked to do so. However, those wishing to just nag or make themselves look smarter.....Go code something yourself...Preferably with PHP's ever-so-useful die() command
------------------------------------------------------------------
Update to my would-make-SecondVersion-think-I'm-stupid code:

The following allows you to edit the file directly

Not the best code in the world, but think it will do what you are seeking, if you wish to ad users by hand. To add them via another script, remove the form elements and just create a script to post to this.

PHP Code:

  <?

$HtpassFile = "/path/to/your/hidden/password/files/.htpasswd";

$Contents = htmlentities(implode("", file ($HtpassFile)));

if($edit != ""){

$editfile=fopen($HtpassFile, "w+"); 

fputs($editfile, $edit); 

fclose($editfile); 

}

?>

<form action="<? echo $PHP_SELF; ?>" method="post">

<textarea name="edit" cols="45" rows="20">

<?

echo $Contents;

?>

</textarea>

<br>

<input type=submit value="Edit List">

&nbsp;&nbsp;&nbsp;

<input type=button value="Refresh List" onclick="javascript:window.location.replace('<? echo $PHP_SELF; ?>')"></form><br><br>

<?

$DidAdd ="";

$UserName = $_POST['user'];

$ClearPassword = $_POST['pass'];

if($UserName != "" && $ClearPassword != "") {

????: NamePros.com http://www.namepros.com/showthread.php?t=246963
$EncryptedPassword = crypt($ClearPassword, base64_encode($ClearPassword));

$Login = "$UserName:$EncryptedPassword\n";

$handle = fopen($HtpassFile, 'a');

fwrite($handle, $Login);

fclose($handle);

$DidAdd ="<b>Login added to<br><font color=red>".$HtpassFile."</font></b><br><br>UserName: <font color=red>".$UserName."</font><br>Password: <font color=red>".$ClearPassword."</font><br>Encrypted As: <font color=red>".$EncryptedPassword."</font><br><br>"; }

?>

<table>

<form action="<? $PHP_SELF; ?>" method="post">

<table>

<tr><td>UserName: </td><td><input type="text" name="user"></td></tr>

<tr><td>Password: </td><td><input type="text" name="pass"></td></tr>

<tr><td colspan=2 align=center><input type=submit value="Add User"></td></tr>

</form></table><br><br>

<? echo $DidAdd; ?>

NOTE: When editing, make sure each username/password combo is on a new line. It may not end-up that way, if you edit the file in the text-box, so "Refresh List" to make sure it is added on new line for each user.

asgsoft · 10-20-2006, 02:09 AM

thanks alot for your script but I think there is a problem with the encryption. check it out at http://www.asgsoft.net/test/

maximum · 10-20-2006, 02:37 PM

Sorry. It isn't the encryption, which is standard. It is a matter of those hidden characters (line-feeds/carriage-returns that create each of them on a new line). Those little hidden characters are being read as if they were supposed to be part of the user-pass combo when the server reads the file to prompt for logins. I will let you know when fix that.

asgsoft · 10-21-2006, 02:12 AM

thank you very much

maximum · 10-24-2006, 02:14 AM

The both cleaned-up and corrected version of that code, rewritten by NamePro's resident PHP guru SecondVersion. Hope this solves that issue for you.

Thank You, SecondVersion

PHP Code:

  <?php 

 
$file = '/home/nonpubl/public_html/np/HTaccess-Sample/mylogins.txt'; 

 
if (!is_file($file)) 

{ 

    die("$file does not exist."); 

} 

 
$contents = htmlentities(file_get_contents($file)); 

????: NamePros.com http://www.namepros.com/showthread.php?t=246963
 
if (isset($_POST['submit_edit']) AND trim($_POST['edit']) != '') 

{ 

    $edit = trim(html_entity_decode($_POST['edit'])); 

    $fp = fopen($file, 'w+'); 

    fputs($fp, $edit); 

    fclose($fp);  

} 

 
?> 

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> 

<textarea name="edit" cols="45" rows="20"><?php echo $contents; ?></textarea><br> 

<input type="submit" name="submit_edit" value="Edit List">&nbsp;&nbsp;&nbsp; 

<input type="button" value="Refresh List" onclick="javascript:window.location.replace('<?php echo $_SERVER['PHP_SELF']; ?>')"> 

</form><br><br> 

 
<?php 

 
$didadd = ''; 

 
if (isset($_POST['submit_add'])) 

{ 

    $username = trim($_POST['user']); 

    $clearpassword = trim($_POST['pass']); 

 
    if ($username != '' AND $clearpassword != '') 

    { 

        $encryptedpassword = crypt($clearpassword, base64_encode($clearpassword)); 

????: NamePros.com http://www.namepros.com/showthread.php?t=246963
        $login = "$username:$encryptedpassword\n"; 

 
        $handle = fopen($file, 'a'); 

        fwrite($handle, $login); 

        fclose($handle); 

 
        $didadd = "<b>Login added to<br><font color=\"red\">$file</font></b><br><br>UserName: <font color=\"red\">$username</font><br>Password: <font color=\"red\">$clearpassword</font><br>Encrypted As: <font color=\"red\">$encryptedpassword</font><br><br>"; 

    } 

} 

 
?> 

 
<table> 

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> 

<table> 

<tr> 

  <td>UserName: </td><td><input type="text" name="user"></td> 

</tr> 

<tr> 

  <td>Password: </td><td><input type="text" name="pass"></td> 

</tr> 

<tr> 

  <td colspan="2" align="center"><input type="submit" name="submit_add" value="Add User"></td> 

</tr> 

</form> 

</table><br><br> 

<?php 

 
echo $didadd; 

 
?>

asgsoft · 10-24-2006, 10:58 PM

sorry for the late reply, but it still doesn't work

10-13-2006, 11:49 AM	THREAD STARTER #1 (permalink)
asgsoft NamePros Regular Join Date: Sep 2005 Location: At Home Posts: 881	Giving a user access to a password protected folder Is it possible for me to give access to a password protected directory to a certain member and setup their account automatically? If so how? I tried but can't find anything. Thank you __________________ Free SEO and Domain tools \|HTML ENT\| Your Source to expired domains with PageRank & tips

10-16-2006, 09:46 AM	#2 (permalink)
-Ray- CEO at Syack Inc. Join Date: Jun 2005 Location: Pennsylvania Posts: 1,879 Follow @fastbluff	use the .htaccess file... then write a script to automatically edit it __________________ Poker News, articles, discussion Syack - Shop.. Local Two great events started with apples. The one that fell on Neuton's head and the one that Steve Jobs bite into.

10-16-2006, 10:14 AM	THREAD STARTER #3 (permalink)
asgsoft NamePros Regular Join Date: Sep 2005 Location: At Home Posts: 881	how do i edit it? I know how to write to it but what do I write? __________________ Free SEO and Domain tools \|HTML ENT\| Your Source to expired domains with PageRank & tips

10-19-2006, 02:18 PM	#4 (permalink)
maximum If only you knew... Join Date: Oct 2005 Location: Inside your head... Posts: 990	This isn't truelly, in iteslf "automatically", as you put it. But, you said you know how to write to the .htpasswd file (and this script assumes you would be doing so with PHP ). This shows a form to be filled-out (request for username and password), and auto-adds it to .htpasswd file after it encrypts the password (.htaccess usernames are not encrypted, only passwords are). You can alter it to get the variables passed by means other than the form, should you need to do so. This script only adds new entries, and does not let you alter current ones. If you need that added functionality, just let me know ".htaccess" file: Code: AuthUserFile /path/to/your/hidden/password/files/.htpasswd AuthName "Private Directory" AuthType Basic require valid-user CreateUser.php: PHP Code: <? ????: NamePros.com http://www.namepros.com/code/246963-giving-user-access-password-protected-folder.html $UserName = $_POST['user']; $ClearPassword = $_POST['pass']; if($UserName != "" && $ClearPassword != "") { $EncryptedPassword = crypt($ClearPassword, base64_encode($ClearPassword)); $PasswordFile = '/path/to/your/hidden/password/files/.htpasswd'; $Login = "$UserName:$EncryptedPassword\n"; $handle = fopen($PasswordFile, 'a'); fwrite($handle, $Login); fclose($handle); die("<b>Login added to<br><font color=red>".$PasswordFile."</font></b><br><br>UserName: <font color=red>".$UserName."</font><br>Password: <font color=red>".$ClearPassword."</font><br>Encrypted As: <font color=red>".$EncryptedPassword."</font><br><br>Add <a href=".$PHP_SELF.">another</a> user."); } ?> <center><table> <form action="<? $PHP_SELF; ?>" method="post"> <table> <tr><td>UserName: </td><td><input type="text" name="user"></td></tr> <tr><td>Password: </td><td><input type="text" name="pass"></td></tr> <tr><td colspan=2 align=center><input type=submit value="Add User"></td></tr> </form></table></center> A few (just incase you didn't know) security tips: 1) Move your .htpasswd file to a sub-root folder (ie: one that is not directly web accessable). -OR- 2) Rename your .htpasswd file to something other than ".htpasswd"...As long as you put the name correctly in the .htaccess file itself, it will read it. Name it something odd and hard to guess, and create an odd extention (example: ValidMembers.list - not very creative, think of your own...just an example ). Instead of your .htaccess having the obvious: AuthUserFile /path/to/your/protected/area/.htpasswd it would have: AuthUserFile /path/to/your/protected/area/ValidMembers.list Need any more help, or don't understand anything there...just give me a yell here or in PM Disclaimer: I acknowledge that there are more effective and clean ways to do this. But, I am not trying to write the above code for commercial use. Those finding errors, please let me know. Those wishing to educate me on my PHP coding, are also gladly asked to do so. However, those wishing to just nag or make themselves look smarter.....Go code something yourself...Preferably with PHP's ever-so-useful die() command ------------------------------------------------------------------ *Update to my would-make-SecondVersion-think-I'm-stupid* code:** The following allows you to edit the file directly Not the best code in the world, but think it will do what you are seeking, if you wish to ad users by hand. To add them via another script, remove the form elements and just create a script to post to this. PHP Code: <? $HtpassFile = "/path/to/your/hidden/password/files/.htpasswd"; $Contents = htmlentities(implode("", file ($HtpassFile))); if($edit != ""){ $editfile=fopen($HtpassFile, "w+"); fputs($editfile, $edit); fclose($editfile); } ?> <form action="<? echo $PHP_SELF; ?>" method="post"> <textarea name="edit" cols="45" rows="20"> <? echo $Contents; ?> </textarea> <br> <input type=submit value="Edit List">     <input type=button value="Refresh List" onclick="javascript:window.location.replace('<? echo $PHP_SELF; ?>')"></form><br><br> <? $DidAdd =""; $UserName = $_POST['user']; $ClearPassword = $_POST['pass']; if($UserName != "" && $ClearPassword != "") { ????: NamePros.com http://www.namepros.com/showthread.php?t=246963 $EncryptedPassword = crypt($ClearPassword, base64_encode($ClearPassword)); $Login = "$UserName:$EncryptedPassword\n"; $handle = fopen($HtpassFile, 'a'); fwrite($handle, $Login); fclose($handle); $DidAdd ="<b>Login added to<br><font color=red>".$HtpassFile."</font></b><br><br>UserName: <font color=red>".$UserName."</font><br>Password: <font color=red>".$ClearPassword."</font><br>Encrypted As: <font color=red>".$EncryptedPassword."</font><br><br>"; } ?> <table> <form action="<? $PHP_SELF; ?>" method="post"> <table> <tr><td>UserName: </td><td><input type="text" name="user"></td></tr> <tr><td>Password: </td><td><input type="text" name="pass"></td></tr> <tr><td colspan=2 align=center><input type=submit value="Add User"></td></tr> </form></table><br><br> <? echo $DidAdd; ?> NOTE: When editing, make sure each username/password combo is on a new line. It may not end-up that way, if you edit the file in the text-box, so "Refresh List" to make sure it is added on new line for each user. __________________ --- The greatest truths ever told, and the greatest lies ever told, all consist of exactly the same three words: "I LOVE YOU" --- The best say little, only say what is important.....then they shut up and sit down. Last edited by maximum; 10-19-2006 at 03:57 PM.

10-20-2006, 02:09 AM	THREAD STARTER #5 (permalink)
asgsoft NamePros Regular Join Date: Sep 2005 Location: At Home Posts: 881	thanks alot for your script but I think there is a problem with the encryption. check it out at http://www.asgsoft.net/test/ __________________ Free SEO and Domain tools \|HTML ENT\| Your Source to expired domains with PageRank & tips

10-20-2006, 02:37 PM	#6 (permalink)
maximum If only you knew... Join Date: Oct 2005 Location: Inside your head... Posts: 990	Sorry. It isn't the encryption, which is standard. It is a matter of those hidden characters (line-feeds/carriage-returns that create each of them on a new line). Those little hidden characters are being read as if they were supposed to be part of the user-pass combo when the server reads the file to prompt for logins. I will let you know when fix that. __________________ --- The greatest truths ever told, and the greatest lies ever told, all consist of exactly the same three words: "I LOVE YOU" --- The best say little, only say what is important.....then they shut up and sit down.

10-21-2006, 02:12 AM	THREAD STARTER #7 (permalink)
asgsoft NamePros Regular Join Date: Sep 2005 Location: At Home Posts: 881	thank you very much __________________ Free SEO and Domain tools \|HTML ENT\| Your Source to expired domains with PageRank & tips

10-24-2006, 02:14 AM	#8 (permalink)
maximum If only you knew... Join Date: Oct 2005 Location: Inside your head... Posts: 990	The both cleaned-up and corrected version of that code, rewritten by NamePro's resident PHP guru SecondVersion. Hope this solves that issue for you. Thank You, SecondVersion PHP Code: <?php $file = '/home/nonpubl/public_html/np/HTaccess-Sample/mylogins.txt'; if (!is_file($file)) { die("$file does not exist."); } $contents = htmlentities(file_get_contents($file)); ????: NamePros.com http://www.namepros.com/showthread.php?t=246963 if (isset($_POST['submit_edit']) AND trim($_POST['edit']) != '') { $edit = trim(html_entity_decode($_POST['edit'])); $fp = fopen($file, 'w+'); fputs($fp, $edit); fclose($fp); } ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <textarea name="edit" cols="45" rows="20"><?php echo $contents; ?></textarea><br> <input type="submit" name="submit_edit" value="Edit List">    <input type="button" value="Refresh List" onclick="javascript:window.location.replace('<?php echo $_SERVER['PHP_SELF']; ?>')"> </form><br><br> <?php $didadd = ''; if (isset($_POST['submit_add'])) { $username = trim($_POST['user']); $clearpassword = trim($_POST['pass']); if ($username != '' AND $clearpassword != '') { $encryptedpassword = crypt($clearpassword, base64_encode($clearpassword)); ????: NamePros.com http://www.namepros.com/showthread.php?t=246963 $login = "$username:$encryptedpassword\n"; $handle = fopen($file, 'a'); fwrite($handle, $login); fclose($handle); $didadd = "<b>Login added to<br><font color=\"red\">$file</font></b><br><br>UserName: <font color=\"red\">$username</font><br>Password: <font color=\"red\">$clearpassword</font><br>Encrypted As: <font color=\"red\">$encryptedpassword</font><br><br>"; } } ?> <table> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <table> <tr> <td>UserName: </td><td><input type="text" name="user"></td> </tr> <tr> <td>Password: </td><td><input type="text" name="pass"></td> </tr> <tr> <td colspan="2" align="center"><input type="submit" name="submit_add" value="Add User"></td> </tr> </form> </table><br><br> <?php echo $didadd; ?> __________________ --- The greatest truths ever told, and the greatest lies ever told, all consist of exactly the same three words: "I LOVE YOU" --- The best say little, only say what is important.....then they shut up and sit down.

10-24-2006, 10:58 PM	THREAD STARTER #9 (permalink)
asgsoft NamePros Regular Join Date: Sep 2005 Location: At Home Posts: 881	sorry for the late reply, but it still doesn't work __________________ Free SEO and Domain tools \|HTML ENT\| Your Source to expired domains with PageRank & tips

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)