4WebHelp
 FAQ  •  Search  •  User Groups  •  Forum Admins  •  Smilies List  •  Statistics  •  Rules   •  Login   •  Register
Toggle Navigation Menu

 Update .htpasswd file without ftp / Control Panel access?
Post New TopicReply to Topic
View Previous Topic Print this topic View Next Topic
Author Message
Rick
Junior WebHelper
Junior WebHelper


Joined: 08 Jan 2004
Posts: 1
Location: Phoenix, Arizona, USA

PostPosted: Thu Jan 08, 2004 1:46 am (13 years, 9 months ago) Reply with QuoteBack to Top

I recently took over administration of my organization's web site. A password is required to allow members to get into anything behind the "Members-only" sub-directory where the .htaccess and .htpasswd files are.

The guy that used to administer the website didn't keep up with issuing passwords. People who have been members for 6 months still don't have access and people who have not been members for 2 or 3 years still have access. In fact, the guy simply disappeared with most of the organizations records, so we don't even have a current members list.

On top of running my own business, I have too many other website related problems to be able to catch that part of this thing up by myself. And there are "volunteers" available.

But the only access to web host's Password utility is through the website's "Control Panel." And the hosting company has no provision to assign additional passwords with limited access to parts of the control panel.

Anyone who has Control Panel and ftp access could do anything they want to the website. I'm not even a little bit comfortable giving a volunteer that kind of access. Just way too much opportunity to inadvertantly mess something while snooping around...

I've read .htaccess turorials, and searched the internet for .htpassword utilities, and the more I read, the more confused I get. I have enough understanding of HTML, CSS and SSI to get by, and have actually been able to get a couple of java scripts (written by others) to work in the 3 websites I administer. Beyond that, I'm totally in the dark. (Guess I'm not as much of a geek as my wife thinks I am...)

I probably not phrasing this question correctly. I have found .htpasswd utilities that will generate encripted passwords like the one on this website. But just encripting the password does not get it into the .htpasswd file in the protected directory.

Do any of you know of a script or program that can reside in the protected directory, that will allow a "volunteer" having only access to the sub-directory to issue .htaccess usernames and passwords?

Or perhaps a script or program that will allow the volunteer to enter the username and encripted password to the .htpasswd file in the protected directory - without giving that volunteer the website's ftp / control panel password and username?

The web hosting company's "technical support" guy told me "it can't be done." I just have a hard time accepting that. (Perhaps we need to change hosting companies.) Can you guys hepl me with this?

Thanks, Rick
OfflineView User's ProfileFind all posts by RickSend Personal Message
Arkaine
Junior WebHelper
Junior WebHelper


Joined: 10 Jan 2004
Posts: 2

PostPosted: Sat Jan 10, 2004 8:41 am (13 years, 9 months ago) Reply with QuoteBack to Top

I would like to get this to work as well...here's what I have so far. It works great, it's just not using the right encryption method for apache htpasswd files...I can't seem to figure out how to get "testpass" to encrypt the same way that the htpasswd binary does it.

The htpasswd binary creates this:
$apr1$ta3.....$TCOvaJ3d4QbMyjtai3rpB0

Using the PHP crypt function, I get this:
$1$6U3.Vi/.$ObBIBnm.LlVM4IeUqzF1T0

I thought I had it working before, but I guess not. Let me know if this gets you anywhere (or if you figure out how to do it Smile).

Execute it this way:
http://www.domain.tld/thisphpfile.php?user=usergoeshere&pass=passgoeshere

Code:

<?
   //GET FILENAMES
   $HTPasswdFile = '.htpasswd';
   $HTAccessFile = '.htaccess';

   //RETRIEVE USER/PASS
   $NewUser = "$_GET[user]";
   $NewPass = "$_GET[pass]";

   //WRITE TO HTACCESS FILE
   $HTAccessFileHandle = fopen($HTAccessFile,'w');
   fputs($HTAccessFileHandle, "AuthUserFile $HTPasswdFile\nAuthGroupFile /dev/null\nAuthName 'Restricted Directory'\nAuthType Basic\nrequire user $NewUser\n");
   fclose($HTAccessFileHandle);

   //ENCRYPT PASSWORD
   $NewPassEncrypted = crypt($NewPass);

   //WRITE TO HTPASSWD FILE
   $HTPasswdFileHandle = fopen($HTPasswdFile,'w');
   fputs($HTPasswdFileHandle, "$NewUser:$NewPassEncrypted\n");
   fclose($HTPasswdFileHandle);
?>

________________________________
-Arkaine
OfflineView User's ProfileFind all posts by ArkaineSend Personal Message
Arkaine
Junior WebHelper
Junior WebHelper


Joined: 10 Jan 2004
Posts: 2

PostPosted: Sat Jan 10, 2004 10:20 am (13 years, 9 months ago) Reply with QuoteBack to Top

Here's a modified version that works great! There's one catch though...you need to have execute permission for the apache htpasswd binary (and know where it is).

Code:

<?
   //GET FILENAMES
   $HTPasswdBinary = '/usr/local/apache2/bin/htpasswd';
   //$HTPasswdBinary = 'C:/Progra~1/Apache~1/Apache/bin/htpasswd.exe';
   $HTPasswdFile = $_SERVER['DOCUMENT_ROOT'] . '/testdir/.htpasswd';
   $HTAccessFile = $_SERVER['DOCUMENT_ROOT'] . '/testdir/.htaccess';

   //RETRIEVE USER/PASS
   $NewUser = "$_GET[user]";
   $NewPass = "$_GET[pass]";

   //WRITE TO HTACCESS FILE
   $HTAccessFileHandle = fopen($HTAccessFile,'w');
   fputs($HTAccessFileHandle, "AuthUserFile $HTPasswdFile\nAuthGroupFile /dev/null\nAuthName 'Restricted Directory'\nAuthType Basic\nrequire user $NewUser\n");
   fclose($HTAccessFileHandle);

   //CREATE HTPASSWD FILE
   system("$HTPasswdBinary -cb $HTPasswdFile $NewUser $NewPass");
?>


For multiple users in a single directory:
Code:

<?
   //GET FILENAMES
   $HTPasswdBinary = '/usr/local/apache2/bin/htpasswd';
   //$HTPasswdBinary = 'C:/Progra~1/Apache~1/Apache/bin/htpasswd.exe';
   $HTPasswdFile = $_SERVER['DOCUMENT_ROOT'] . '/testdir/.htpasswd';
   $HTAccessFile = $_SERVER['DOCUMENT_ROOT'] . '/testdir/.htaccess';

   //RETRIEVE USER/PASS
   $NewUser = "$_GET[user]";
   $NewPass = "$_GET[pass]";

   //WRITE TO HTACCESS FILE
   if(!file_exists($HTAccessFile)){
      $HTAccessFileHandle = fopen($HTAccessFile,'w');
      fputs($HTAccessFileHandle,"AuthUserFile $HTPasswdFile\nAuthGroupFile /dev/null\nAuthName 'Restricted Directory'\nAuthType Basic\n");
   }else{
      $HTAccessFileHandle = fopen($HTAccessFile,'a');
   }
   fputs($HTAccessFileHandle,"require user $NewUser\n");
   fclose($HTAccessFileHandle);

   //CREATE HTPASSWD FILE
   if(file_exists($HTPasswdFile)){
      system("$HTPasswdBinary -b $HTPasswdFile $NewUser $NewPass");
   }else{
      system("$HTPasswdBinary -cb $HTPasswdFile $NewUser $NewPass");
   }
?>

________________________________
-Arkaine
OfflineView User's ProfileFind all posts by ArkaineSend Personal Message
Display posts from previous:      
Post New TopicReply to Topic
View Previous Topic Print this topic View Next Topic


 Jump to:   




You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot edit your posts in this forum.
You cannot delete your posts in this forum.
You cannot vote in polls in this forum.


Page generation time: 0.055161 seconds :: 17 queries executed :: All Times are GMT
Powered by phpBB 2.0 © 2001, 2002 phpBB Group :: Based on an FI Theme