Alternc  3.2
Alternc logiel libre pour l'hébergement
 All Data Structures Namespaces Files Functions Variables Pages
Public Member Functions
m_hta Class Reference

This class handle folder web restricted access through .htaccess/.htpassword files. More...

Public Member Functions

 m_webaccess ()
 Constructor.
 alternc_password_policy ()
 Password kind used in this class (hook for admin class)
 hook_menu ()
 CreateDir ($dir)
 Create a protected folder (.htaccess et .htpasswd)
 ListDir ()
 Returns the list of all user folder currently protected by a .htpasswd file.
 is_protected ($dir)
 Tells if a folder is protected.
 get_hta_detail ($dir)
 Returns the list of login for a protected folder.
 DelDir ($dir)
 Unprotect a folder.
 add_user ($user, $password, $dir)
 Add a user to a protected folder.
 del_user ($lst, $dir)
 Delete a user from a protected folder.
 change_pass ($user, $newpass, $dir)
 Change the password of a user in a protected folder.
 _reading_htaccess ($absolute)
 Check that a .htaccess file is valid (for authentication)

Detailed Description

This class handle folder web restricted access through .htaccess/.htpassword files.

Copyleft AlternC Team

Copyright
AlternC-Team 2002-11-01 http://alternc.org/

Definition at line 40 of file m_hta.php.

Member Function Documentation

_reading_htaccess (   $absolute)

Check that a .htaccess file is valid (for authentication)

Parameters
string$absoluteFolder we want to check (relative to user root)
Returns
boolean TRUE is the .htaccess is protecting this folder, or FALSE else private

Definition at line 373 of file m_hta.php.

References $err.

{
global $err;
$err->log("hta","_reading_htaccess",$absolute);
$file = fopen("$absolute/.htaccess","r+");
$lignes=array(1,1,1);
$errr=0;
if (!$file) {
return false;
}
while (!feof($file) && !$errr) {
$s=fgets($file,1024);
if (substr($s,0,12)!="RewriteCond " && substr($s,0,14)!="ErrorDocument " && substr($s,0,12)!="RewriteRule " && substr($s,0,14)!="RewriteEngine " && trim($s)!="") {
$errr=1;
}
if (strtolower(trim($s))==strtolower("authuserfile $absolute/.htpasswd")) {
$lignes[0]=0;
$errr=0;
} // authuserfile
if (strtolower(trim($s))=="require valid-user") {
$lignes[1]=0;
$errr=0;
} //require
if (strtolower(trim($s))=="authtype basic") {
$lignes[2]=0;
$errr=0;
} //authtype
} // Reading config file
fclose($file);
if ($errr || in_array(0,$lignes)) {
$err->raise("hta",_("An incompatible .htaccess file exists in this folder"));
return false;
}
return true;
}
add_user (   $user,
  $password,
  $dir 
)

Add a user to a protected folder.

Parameters
string$loginThe user login to add
string$passwordThe password to add (cleartext)
string$dirThe folder we add it to (relative to user root).
Returns
boolean TRUE if the user has been added, or FALSE if an error occurred

Definition at line 227 of file m_hta.php.

References $err, $password, $t, $user, _md5cr(), and checkloginmail().

{
global $err, $bro, $admin;
$err->log("hta","add_user",$user."/".$dir);
if (empty($user)) {
$err->raise('hta',_("Please enter a user"));
return false;
}
if (empty($password)) {
$err->raise('hta',_("Please enter a password"));
return false;
}
$absolute=$bro->convertabsolute($dir,0);
if (!file_exists($absolute)) {
$err->raise("hta",printf(("The folder '%s' does not exist"),$dir));
return false;
}
if (checkloginmail($user)){
// Check this password against the password policy using common API :
if (is_callable(array($admin,"checkPolicy"))) {
if (!$admin->checkPolicy("hta",$user,$password)) {
return false; // The error has been raised by checkPolicy()
}
}
$file = @fopen("$absolute/.htpasswd","a+");
if (!$file) {
$err->raise("hta",_("File already exist"));
return false;
}
fseek($file,0);
while (!feof($file)) {
$s=fgets($file,1024);
$t=explode(":",$s);
if ($t[0]==$user) {
$err->raise("hta",_("The user '%s' already exist for this folder"),$user);
return false;
}
}
fseek($file,SEEK_END);
if ( empty($t[1]) || substr($t[1],-1)!="\n") {
fwrite($file,"\n");
}
fwrite($file, "$user:"._md5cr($password)."\n");
fclose($file);
return true;
} else {
$err->raise("hta",_("Please enter a valid username"));
return false;
}
}
alternc_password_policy ( )

Password kind used in this class (hook for admin class)

Definition at line 54 of file m_hta.php.

{
return array("hta"=>"Protected folders passwords");
}
change_pass (   $user,
  $newpass,
  $dir 
)

Change the password of a user in a protected folder.

Parameters
string$userThe users whose password should be changed
string$newpassThe new password of this user
string$dirThe folder, relative to user root, in which we will change a password
Returns
boolean TRUE if the password has been changed, or FALSE if an error occurred

Definition at line 327 of file m_hta.php.

References $err, $t, $user, and _md5cr().

{
global $bro,$err,$admin;
$err->log("hta","change_pass",$user."/".$dir);
$absolute=$bro->convertabsolute($dir,0);
if (!file_exists($absolute)) {
$err->raise("hta",printf(_("The folder '%s' does not exist"),$dir));
return false;
}
// Check this password against the password policy using common API :
if (is_callable(array($admin,"checkPolicy"))) {
if (!$admin->checkPolicy("hta",$user,$newpass)) {
return false; // The error has been raised by checkPolicy()
}
}
touch("$absolute/.htpasswd.new");
$file = fopen("$absolute/.htpasswd","r");
$newf = fopen("$absolute/.htpasswd.new","a");
if (!$file || !$newf) {
$err->raise("hta",_("File already exist"));
return false;
}
while (!feof($file)) {
$s=fgets($file,1024);
$t=explode(":",$s);
if ($t[0]!=$user) {
fwrite($newf, "$s");
}
}
fwrite($newf, "$user:"._md5cr($newpass)."\n");
fclose($file);
fclose($newf);
unlink("$absolute/.htpasswd");
rename("$absolute/.htpasswd.new", "$absolute/.htpasswd");
return true;
}
CreateDir (   $dir)

Create a protected folder (.htaccess et .htpasswd)

Parameters
string$dirFolder to protect (relative to user root)
Returns
boolean TRUE if the folder has been protected, or FALSE if an error occurred

Definition at line 76 of file m_hta.php.

References $err, and $mem.

{
global $mem,$bro,$err;
$err->log("hta","createdir",$dir);
$absolute=$bro->convertabsolute($dir,0);
if (!$absolute) {
$err->raise("hta",printf(_("The folder '%s' does not exist"),$dir));
return false;
}
if (!file_exists($absolute)) {
@mkdir($absolute,00777);
}
if (!file_exists("$absolute/.htaccess")) {
if (!@touch("$absolute/.htaccess")) {
$err->raise("hta",_("File already exist"));
return false;
}
$file = @fopen("$absolute/.htaccess","r+");
if (!$file) {
$err->raise("hta",_("File already exist"));
return false;
}
fseek($file,0);
$param="AuthUserFile \"$absolute/.htpasswd\"\nAuthName \""._("Restricted area")."\"\nAuthType Basic\nrequire valid-user\n";
fwrite($file, $param);
fclose($file);
}
if (!file_exists("$absolute/.htpasswd")) {
if (!touch("$absolute/.htpasswd")) {
$err->raise("hta",_("File already exist"));
return false;
}
return true;
}
return true;
}
del_user (   $lst,
  $dir 
)

Delete a user from a protected folder.

Parameters
array$lstAn array with login to delete.
string$dirThe folder, relative to user root, where we want to delete users.
Returns
boolean TRUE if users has been deleted, or FALSE if an error occurred.

Definition at line 286 of file m_hta.php.

References $err, and $t.

{
global $bro,$err;
$err->log("hta","del_user",$lst."/".$dir);
$absolute=$bro->convertabsolute($dir,0);
if (!file_exists($absolute)) {
$err->raise("hta",printf(_("The folder '%s' does not exist"),$dir));
return false;
}
touch("$absolute/.htpasswd.new");
$file = fopen("$absolute/.htpasswd","r");
$newf = fopen("$absolute/.htpasswd.new","a");
if (!$file || !$newf) {
$err->raise("hta",_("File already exist"));
return false;
}
reset($lst);
fseek($file,0);
while (!feof($file)) {
$s=fgets($file,1024);
$t=explode(":",$s);
if (!in_array($t[0],$lst) && ($t[0]!="\n")) {
fseek($newf,0);
fwrite($newf, "$s");
}
}
fclose($file);
fclose($newf);
unlink("$absolute/.htpasswd");
rename("$absolute/.htpasswd.new", "$absolute/.htpasswd");
return true;
}
DelDir (   $dir)

Unprotect a folder.

Parameters
string$dirFolder to unprotect, relative to user root
Returns
boolean TRUE if the folder has been unprotected, or FALSE if an error occurred

Definition at line 199 of file m_hta.php.

References $err, and $mem.

{
global $mem,$bro,$err;
$err->log("hta","deldir",$dir);
$dir=$bro->convertabsolute($dir,0);
if (!$dir) {
$err->raise("hta",printf(("The folder '%s' does not exist"),$dir));
return false;
}
if (!@unlink("$dir/.htaccess")) {
$err->raise("hta",printf(_("I cannot delete the file '%s/.htaccess'"),$dir));
return false;
}
if (!@unlink("$dir/.htpasswd")) {
$err->raise("hta",printf(_("I cannot delete the file '%s/.htpasswd'"),$dir));
return false;
}
return true;
}
get_hta_detail (   $dir)

Returns the list of login for a protected folder.

Parameters
string$dirThe folder to lookup (relative to user root)
Returns
array An array containing the list of logins from the .htpasswd file, or FALSE

Definition at line 164 of file m_hta.php.

References $err, $i, $mem, $res, $t, and ALTERNC_HTML.

{
global $mem,$err;
$err->log("hta","get_hta_detail");
$absolute=ALTERNC_HTML."/".substr($mem->user["login"],0,1)."/".$mem->user["login"]."/$dir";
if (file_exists("$absolute/.htaccess")) {
/* if (!_reading_htaccess($absolute)) {
return false;
}
*/ }
$file = @fopen("$absolute/.htpasswd","r");
$i=0;
$res=array();
if (!$file) {
return false;
}
// TODO: Tester la validité du .htpasswd
while (!feof($file)) {
$s=fgets($file,1024);
$t=explode(":",$s);
if ($t[0]!=$s) {
$res[$i]=$t[0];
$i=$i+1;
}
}
fclose($file);
return $res;
}
hook_menu ( )

Definition at line 58 of file m_hta.php.

{
$obj = array(
'title' => _("Protected folders"),
'ico' => 'images/password.png',
'link' => 'hta_list.php',
'pos' => 50,
) ;
return $obj;
}
is_protected (   $dir)

Tells if a folder is protected.

Parameters
string$dirFolder to check
Returns
TRUE if the folder is protected, or FALSE if it is not

Definition at line 144 of file m_hta.php.

References $err, $mem, and ALTERNC_HTML.

{
global $mem,$err;
$err->log("hta","is_protected",$dir);
$absolute=ALTERNC_HTML."/".substr($mem->user["login"],0,1)."/".$mem->user["login"]."/$dir";
$sortie=array();
if (file_exists("$absolute/.htpasswd")){
return true;
}
else {
return false;
}
}
ListDir ( )

Returns the list of all user folder currently protected by a .htpasswd file.

Returns
array Array containing user folder list

Definition at line 119 of file m_hta.php.

References $err, $i, $mem, $r, ALTERNC_HTML, and isset.

{
global$err,$mem;
$err->log("hta","listdir");
$sortie=array();
$absolute=ALTERNC_HTML."/".substr($mem->user["login"],0,1)."/".$mem->user["login"];
exec("find $absolute -name .htpasswd|sort",$sortie);
if(!count($sortie)){
$err->raise("hta",_("No protected folder"));
return false;
}
$pattern="/^".preg_quote(ALTERNC_HTML,"/")."\/.\/[^\/]*\/(.*)\/\.htpasswd/";
for($i=0;$i<count($sortie);$i++){
preg_match($pattern,$sortie[$i],$matches);
$tmpm=isset($matches[1])?'/'.$matches[1]:'';
$r[$i]=$tmpm."/";
}
return $r;
}
m_webaccess ( )

Constructor.

Definition at line 47 of file m_hta.php.

{
}
The documentation for this class was generated from the following file: