This class handle folder web restricted access through .htaccess/.htpassword files.
More...
This class handle folder web restricted access through .htaccess/.htpassword files.
- Copyright
- AlternC-Team 2000-2017 https://alternc.com/
Definition at line 27 of file m_hta.php.
◆ _reading_htaccess()
m_hta::_reading_htaccess |
( |
|
$absolute | ) |
|
|
private |
Check that a .htaccess file is valid (for authentication)
- Parameters
-
| global | m_messages $msg |
type | $absolute | |
string | $absolute | Folder we want to check (relative to user root) |
- Returns
- boolean TRUE is the .htaccess is protecting this folder, or FALSE else
Definition at line 408 of file m_hta.php.
410 $msg->debug(
"hta",
"_reading_htaccess", $absolute);
411 $file = fopen(
"$absolute/.htaccess",
"r+");
412 $lignes = array(1, 1, 1);
417 while (!feof($file) && !$errr) {
418 $s = fgets($file, 1024);
419 if (substr($s, 0, 12) !=
"RewriteCond " && substr($s, 0, 14) !=
"ErrorDocument " && substr($s, 0, 12) !=
"RewriteRule " && substr($s, 0, 14) !=
"RewriteEngine " && trim($s) !=
"") {
422 if (strtolower(trim($s)) == strtolower(
"authuserfile $absolute/.htpasswd")) {
426 if (strtolower(trim($s)) ==
"require valid-user") {
430 if (strtolower(trim($s)) ==
"authtype basic") {
436 if ($errr || in_array(0, $lignes)) {
437 $msg->raise(
"ERROR",
"hta", _(
"An incompatible .htaccess file exists in this folder"));
References $msg.
◆ add_user()
m_hta::add_user |
( |
|
$user, |
|
|
|
$password, |
|
|
|
$dir |
|
) |
| |
Add a user to a protected folder.
- Parameters
-
| global | m_messages $msg |
| global | m_bro $bro |
| global | m_admin $admin |
string | $user | |
string | $password | |
string | $dir | |
string | $password | The password to add (cleartext) |
string | $dir | The folder we add it to (relative to user root). |
- Returns
- boolean TRUE if the user has been added, or FALSE if an error occurred
Definition at line 259 of file m_hta.php.
261 $msg->log(
"hta",
"add_user",
$user .
"/" . $dir);
263 $msg->raise(
"ERROR",
'hta', _(
"Please enter a user"));
267 $msg->raise(
"ERROR",
'hta', _(
"Please enter a password"));
270 $absolute =
$bro->convertabsolute($dir, 0);
271 if (!file_exists($absolute)) {
272 $msg->raise(
"ERROR",
"hta", _(
"The folder '%s' does not exist"), $dir);
278 if (is_callable(array($admin,
"checkPolicy"))) {
284 $file = @fopen(
"$absolute/.htpasswd",
"a+");
286 $msg->raise(
"ERROR",
"hta", _(
"File already exist"));
290 while (!feof($file)) {
291 $s = fgets($file, 1024);
292 $t = explode(
":", $s);
294 $msg->raise(
"ERROR",
"hta", _(
"The user '%s' already exist for this folder"),
$user);
298 fseek($file, SEEK_END);
299 if (empty(
$t[1]) || substr(
$t[1], -1) !=
"\n") {
306 $msg->raise(
"ERROR",
"hta", _(
"Please enter a valid username"));
checkloginmail($mail)
Check a login mail, cf http://www.bortzmeyer.org/arreter-d-interdire-des-adresses-legales....
_md5cr($pass, $salt="")
Hashe a password using proper crypto function.
foreach($domaines_user as $domaine) $t
References $bro, $msg, $password, $t, $user, _md5cr(), and checkloginmail().
◆ alternc_password_policy()
m_hta::alternc_password_policy |
( |
| ) |
|
Password kind used in this class (hook for admin class)
- Returns
- array
Definition at line 34 of file m_hta.php.
35 return array(
"hta" =>
"Protected folders passwords");
◆ change_pass()
m_hta::change_pass |
( |
|
$user, |
|
|
|
$newpass, |
|
|
|
$dir |
|
) |
| |
Change the password of a user in a protected folder.
- Parameters
-
string | $user | The users whose password should be changed |
string | $newpass | The new password of this user |
string | $dir | The folder, relative to user root, in which we will change a password |
- Returns
- boolean TRUE if the password has been changed, or FALSE if an error occurred
Definition at line 361 of file m_hta.php.
363 $msg->log(
"hta",
"change_pass",
$user .
"/" . $dir);
364 $absolute =
$bro->convertabsolute($dir, 0);
365 if (!file_exists($absolute)) {
366 $msg->raise(
"ERROR",
"hta", _(
"The folder '%s' does not exist"), $dir);
371 if (is_callable(array($admin,
"checkPolicy"))) {
372 if (!$admin->checkPolicy(
"hta",
$user, $newpass)) {
377 touch(
"$absolute/.htpasswd.new");
378 $file = fopen(
"$absolute/.htpasswd",
"r");
379 $newf = fopen(
"$absolute/.htpasswd.new",
"a");
380 if (!$file || !$newf) {
381 $msg->raise(
"ERROR",
"hta", _(
"File already exist"));
384 while (!feof($file)) {
385 $s = fgets($file, 1024);
386 $t = explode(
":", $s);
391 fwrite($newf,
"$user:" .
_md5cr($newpass) .
"\n");
394 unlink(
"$absolute/.htpasswd");
395 rename(
"$absolute/.htpasswd.new",
"$absolute/.htpasswd");
References $bro, $msg, $t, $user, and _md5cr().
◆ CreateDir()
Create a protected folder (.htaccess et .htpasswd)
- Parameters
-
string | $dir | Folder to protect (relative to user root) |
- Returns
- boolean TRUE if the folder has been protected, or FALSE if an error occurred
- Parameters
-
- Returns
- boolean
Definition at line 66 of file m_hta.php.
68 $msg->log(
"hta",
"createdir", $dir);
69 $absolute =
$bro->convertabsolute($dir, 0);
70 if (!is_dir($absolute)) {
71 $msg->raise(
"ERROR",
"hta", _(
"The folder '%s' does not exist"), $dir);
74 if (!file_exists(
"$absolute/.htaccess")) {
75 $file = @fopen(
"$absolute/.htaccess",
"w+");
77 $msg->raise(
"ERROR",
"hta", _(
"Error creating .htaccess file: ") . error_get_last()[
'message']);
81 $param =
"AuthUserFile \"$absolute/.htpasswd\"\nAuthName \"" . _(
"Restricted area") .
"\"\nAuthType Basic\nrequire valid-user\n";
82 fwrite($file, $param);
85 if (!file_exists(
"$absolute/.htpasswd")) {
86 if (!@touch(
"$absolute/.htpasswd")) {
87 $msg->raise(
"ERROR",
"hta", _(
"Error creating .htpasswd file: ") . error_get_last()[
'message']);
References $bro, and $msg.
◆ del_user()
m_hta::del_user |
( |
|
$lst, |
|
|
|
$dir |
|
) |
| |
Delete a user from a protected folder.
- Parameters
-
| global | m_bro $bro |
| global | m_messages $msg |
array | $lst | An array with login to delete. |
string | $dir | The folder, relative to user root, where we want to delete users. |
- Returns
- boolean TRUE if users has been deleted, or FALSE if an error occurred.
Definition at line 321 of file m_hta.php.
323 $msg->log(
"hta",
"del_user", $lst .
"/" . $dir);
324 $absolute =
$bro->convertabsolute($dir, 0);
325 if (!file_exists($absolute)) {
326 $msg->raise(
"ERROR",
"hta", _(
"The folder '%s' does not exist"), $dir);
329 touch(
"$absolute/.htpasswd.new");
330 $file = fopen(
"$absolute/.htpasswd",
"r");
331 $newf = fopen(
"$absolute/.htpasswd.new",
"a");
332 if (!$file || !$newf) {
333 $msg->raise(
"ERROR",
"hta", _(
"File already exist"));
338 while (!feof($file)) {
339 $s = fgets($file, 1024);
340 $t = explode(
":", $s);
341 if (!in_array(
$t[0], $lst) && (
$t[0] !=
"\n")) {
348 unlink(
"$absolute/.htpasswd");
349 rename(
"$absolute/.htpasswd.new",
"$absolute/.htpasswd");
References $bro, $msg, and $t.
◆ DelDir()
m_hta::DelDir |
( |
|
$dir, |
|
|
|
$skip = false |
|
) |
| |
Unprotect a folder.
- Parameters
-
| global | m_mem $mem |
| global | m_bro $bro |
| global | m_messages $msg |
string | $dir | Folder to unprotect, relative to user root |
boolean | $skip | For testing purpose mainly, skips the full user path search |
- Returns
- boolean TRUE if the folder has been unprotected, or FALSE if an error occurred
Definition at line 194 of file m_hta.php.
196 $msg->log(
"hta",
"deldir", $dir);
197 $dir =
$bro->convertabsolute($dir, $skip);
199 $msg->raise(
"ERROR",
"hta", (
"The folder '%s' does not exist"), $dir);
202 $htaccess_file =
"$dir/.htaccess";
203 if (!is_readable($htaccess_file)) {
204 $msg->raise(
"ERROR",
"hta", _(
"I cannot read the file '%s'"), $htaccess_file);
206 $fileLines = file($htaccess_file);
207 $patternList = array(
211 "require valid-user.*$"
214 foreach ($fileLines as
$key => $line) {
215 foreach ($patternList as $pattern) {
216 if (preg_match(
"/" . $pattern .
"/", $line)) {
218 unset($fileLines[
$key]);
224 $msg->raise(
"ALERT",
"hta", _(
"Unexpected: No changes made to '%s'"), $htaccess_file);
227 if (!count($fileLines)) {
228 if (!unlink($htaccess_file)) {
229 $msg->raise(
"ERROR",
"hta", _(
"I could not delete the file '%s'"), $htaccess_file);
232 file_put_contents($htaccess_file, implode(
"\n", $fileLines));
234 $htpasswd_file =
"$dir/.htpasswd";
235 if (!is_writable($htpasswd_file)) {
236 $msg->raise(
"ERROR",
"hta", _(
"I cannot read the file '%s'"), $htpasswd_file);
237 }
else if (!unlink($htpasswd_file)) {
238 $msg->raise(
"ERROR",
"hta", _(
"I cannot delete the file '%s/.htpasswd'"), $dir);
if(empty($_POST['key'])||empty($_POST['val'])) $key
References $bro, $key, and $msg.
◆ get_hta_detail()
m_hta::get_hta_detail |
( |
|
$dir | ) |
|
Returns the list of login for a protected folder.
- Parameters
-
| global | m_mem $mem |
| global | m_messages $msg |
string | $dir | The folder to lookup (relative to user root) |
- Returns
- array An array containing the list of logins from the .htpasswd file, or FALSE
Definition at line 154 of file m_hta.php.
156 $msg->debug(
"hta",
"get_hta_detail");
157 $absolute =
ALTERNC_HTML .
"/" . substr(
$mem->user[
"login"], 0, 1) .
"/" .
$mem->user[
"login"] .
"/$dir";
158 if (file_exists(
"$absolute/.htaccess")) {
164 $file = @fopen(
"$absolute/.htpasswd",
"r");
171 while (!feof($file)) {
172 $s = fgets($file, 1024);
173 $t = explode(
":", $s);
References $i, $mem, $msg, $res, $t, and ALTERNC_HTML.
◆ hook_menu()
hook called by menu class to add a menu to the left panel
- Returns
- array
Definition at line 44 of file m_hta.php.
46 'title' => _(
"Protected folders"),
47 'link' =>
'hta_list.php',
◆ is_protected()
m_hta::is_protected |
( |
|
$dir | ) |
|
Tells if a folder is protected.
- Parameters
-
- Returns
- boolean If the folder is protected, or FALSE if it is not
Definition at line 134 of file m_hta.php.
136 $msg->debug(
"hta",
"is_protected", $dir);
137 $absolute =
ALTERNC_HTML .
"/" . substr(
$mem->user[
"login"], 0, 1) .
"/" .
$mem->user[
"login"] .
"/$dir";
138 if (file_exists(
"$absolute/.htpasswd")) {
References $mem, $msg, and ALTERNC_HTML.
◆ ListDir()
Returns the list of all user folder currently protected by a .htpasswd file.
- Parameters
-
- Returns
- array Array containing user folder list
Definition at line 103 of file m_hta.php.
105 $msg->debug(
"hta",
"listdir");
108 exec(
"find " . escapeshellarg($absolute) .
" -name .htpasswd|sort", $sortie);
109 if (!count($sortie)) {
110 $msg->raise(
"INFO",
"hta", _(
"No protected folder"));
113 $pattern =
"/^" . preg_quote(
ALTERNC_HTML,
"/") .
"\/.\/[^\/]*\/(.*)\/\.htpasswd/";
116 for (
$i = 0;
$i < count($sortie);
$i++) {
118 preg_match($pattern, $sortie[
$i], $matches);
119 $tmpm = isset($matches[1]) ?
'/' . $matches[1] :
'';
120 $r[
$i] = $tmpm .
"/";
References $i, $mem, $msg, $r, and ALTERNC_HTML.
The documentation for this class was generated from the following file: