35 return array(
"hta" =>
"Protected folders passwords");
46 'title' => _(
"Protected folders"),
47 'link' =>
'hta_list.php',
68 $msg->log(
"hta",
"createdir", $dir);
69 $absolute =
$bro->convertabsolute($dir, 0);
70 if (!is_dir($absolute)) {
71 $msg->raise(
"ERROR",
"hta", _(
"The folder '%s' does not exist"), $dir);
74 if (!file_exists(
"$absolute/.htaccess")) {
75 $file = @fopen(
"$absolute/.htaccess",
"w+");
77 $msg->raise(
"ERROR",
"hta", _(
"Error creating .htaccess file: ") . error_get_last()[
'message']);
81 $param =
"AuthUserFile \"$absolute/.htpasswd\"\nAuthName \"" . _(
"Restricted area") .
"\"\nAuthType Basic\nrequire valid-user\n";
82 fwrite($file, $param);
85 if (!file_exists(
"$absolute/.htpasswd")) {
86 if (!@touch(
"$absolute/.htpasswd")) {
87 $msg->raise(
"ERROR",
"hta", _(
"Error creating .htpasswd file: ") . error_get_last()[
'message']);
105 $msg->debug(
"hta",
"listdir");
108 exec(
"find " . escapeshellarg($absolute) .
" -name .htpasswd|sort", $sortie);
109 if (!count($sortie)) {
110 $msg->raise(
"INFO",
"hta", _(
"No protected folder"));
113 $pattern =
"/^" . preg_quote(
ALTERNC_HTML,
"/") .
"\/.\/[^\/]*\/(.*)\/\.htpasswd/";
116 for (
$i = 0;
$i < count($sortie);
$i++) {
118 preg_match($pattern, $sortie[
$i], $matches);
119 $tmpm = isset($matches[1]) ?
'/' . $matches[1] :
'';
120 $r[
$i] = $tmpm .
"/";
136 $msg->debug(
"hta",
"is_protected", $dir);
137 $absolute =
ALTERNC_HTML .
"/" . substr(
$mem->user[
"login"], 0, 1) .
"/" .
$mem->user[
"login"] .
"/$dir";
138 if (file_exists(
"$absolute/.htpasswd")) {
156 $msg->debug(
"hta",
"get_hta_detail");
157 $absolute =
ALTERNC_HTML .
"/" . substr(
$mem->user[
"login"], 0, 1) .
"/" .
$mem->user[
"login"] .
"/$dir";
158 if (file_exists(
"$absolute/.htaccess")) {
164 $file = @fopen(
"$absolute/.htpasswd",
"r");
171 while (!feof($file)) {
172 $s = fgets($file, 1024);
173 $t = explode(
":", $s);
196 $msg->log(
"hta",
"deldir", $dir);
197 $dir =
$bro->convertabsolute($dir, $skip);
199 $msg->raise(
"ERROR",
"hta", (
"The folder '%s' does not exist"), $dir);
202 $htaccess_file =
"$dir/.htaccess";
203 if (!is_readable($htaccess_file)) {
204 $msg->raise(
"ERROR",
"hta", _(
"I cannot read the file '%s'"), $htaccess_file);
206 $fileLines = file($htaccess_file);
207 $patternList = array(
211 "require valid-user.*$"
214 foreach ($fileLines as
$key => $line) {
215 foreach ($patternList as $pattern) {
216 if (preg_match(
"/" . $pattern .
"/", $line)) {
218 unset($fileLines[
$key]);
224 $msg->raise(
"ALERT",
"hta", _(
"Unexpected: No changes made to '%s'"), $htaccess_file);
227 if (!count($fileLines)) {
228 if (!unlink($htaccess_file)) {
229 $msg->raise(
"ERROR",
"hta", _(
"I could not delete the file '%s'"), $htaccess_file);
232 file_put_contents($htaccess_file, implode(
"\n", $fileLines));
234 $htpasswd_file =
"$dir/.htpasswd";
235 if (!is_writable($htpasswd_file)) {
236 $msg->raise(
"ERROR",
"hta", _(
"I cannot read the file '%s'"), $htpasswd_file);
237 }
else if (!unlink($htpasswd_file)) {
238 $msg->raise(
"ERROR",
"hta", _(
"I cannot delete the file '%s/.htpasswd'"), $dir);
261 $msg->log(
"hta",
"add_user",
$user .
"/" . $dir);
263 $msg->raise(
"ERROR",
'hta', _(
"Please enter a user"));
267 $msg->raise(
"ERROR",
'hta', _(
"Please enter a password"));
270 $absolute =
$bro->convertabsolute($dir, 0);
271 if (!file_exists($absolute)) {
272 $msg->raise(
"ERROR",
"hta", _(
"The folder '%s' does not exist"), $dir);
278 if (is_callable(array($admin,
"checkPolicy"))) {
284 $file = @fopen(
"$absolute/.htpasswd",
"a+");
286 $msg->raise(
"ERROR",
"hta", _(
"File already exist"));
290 while (!feof($file)) {
291 $s = fgets($file, 1024);
292 $t = explode(
":", $s);
294 $msg->raise(
"ERROR",
"hta", _(
"The user '%s' already exist for this folder"),
$user);
298 fseek($file, SEEK_END);
299 if (empty(
$t[1]) || substr(
$t[1], -1) !=
"\n") {
306 $msg->raise(
"ERROR",
"hta", _(
"Please enter a valid username"));
323 $msg->log(
"hta",
"del_user", $lst .
"/" . $dir);
324 $absolute =
$bro->convertabsolute($dir, 0);
325 if (!file_exists($absolute)) {
326 $msg->raise(
"ERROR",
"hta", _(
"The folder '%s' does not exist"), $dir);
329 touch(
"$absolute/.htpasswd.new");
330 $file = fopen(
"$absolute/.htpasswd",
"r");
331 $newf = fopen(
"$absolute/.htpasswd.new",
"a");
332 if (!$file || !$newf) {
333 $msg->raise(
"ERROR",
"hta", _(
"File already exist"));
338 while (!feof($file)) {
339 $s = fgets($file, 1024);
340 $t = explode(
":", $s);
341 if (!in_array(
$t[0], $lst) && (
$t[0] !=
"\n")) {
348 unlink(
"$absolute/.htpasswd");
349 rename(
"$absolute/.htpasswd.new",
"$absolute/.htpasswd");
363 $msg->log(
"hta",
"change_pass",
$user .
"/" . $dir);
364 $absolute =
$bro->convertabsolute($dir, 0);
365 if (!file_exists($absolute)) {
366 $msg->raise(
"ERROR",
"hta", _(
"The folder '%s' does not exist"), $dir);
371 if (is_callable(array($admin,
"checkPolicy"))) {
372 if (!$admin->checkPolicy(
"hta",
$user, $newpass)) {
377 touch(
"$absolute/.htpasswd.new");
378 $file = fopen(
"$absolute/.htpasswd",
"r");
379 $newf = fopen(
"$absolute/.htpasswd.new",
"a");
380 if (!$file || !$newf) {
381 $msg->raise(
"ERROR",
"hta", _(
"File already exist"));
384 while (!feof($file)) {
385 $s = fgets($file, 1024);
386 $t = explode(
":", $s);
391 fwrite($newf,
"$user:" .
_md5cr($newpass) .
"\n");
394 unlink(
"$absolute/.htpasswd");
395 rename(
"$absolute/.htpasswd.new",
"$absolute/.htpasswd");
410 $msg->debug(
"hta",
"_reading_htaccess", $absolute);
411 $file = fopen(
"$absolute/.htaccess",
"r+");
412 $lignes = array(1, 1, 1);
417 while (!feof($file) && !$errr) {
418 $s = fgets($file, 1024);
419 if (substr($s, 0, 12) !=
"RewriteCond " && substr($s, 0, 14) !=
"ErrorDocument " && substr($s, 0, 12) !=
"RewriteRule " && substr($s, 0, 14) !=
"RewriteEngine " && trim($s) !=
"") {
422 if (strtolower(trim($s)) == strtolower(
"authuserfile $absolute/.htpasswd")) {
426 if (strtolower(trim($s)) ==
"require valid-user") {
430 if (strtolower(trim($s)) ==
"authtype basic") {
436 if ($errr || in_array(0, $lignes)) {
437 $msg->raise(
"ERROR",
"hta", _(
"An incompatible .htaccess file exists in this folder"));
This class handle folder web restricted access through .htaccess/.htpassword files.
alternc_password_policy()
Password kind used in this class (hook for admin class)
is_protected($dir)
Tells if a folder is protected.
hook_menu()
hook called by menu class to add a menu to the left panel
add_user($user, $password, $dir)
Add a user to a protected folder.
del_user($lst, $dir)
Delete a user from a protected folder.
change_pass($user, $newpass, $dir)
Change the password of a user in a protected folder.
DelDir($dir, $skip=false)
Unprotect a folder.
get_hta_detail($dir)
Returns the list of login for a protected folder.
CreateDir($dir)
Create a protected folder (.htaccess et .htpasswd)
_reading_htaccess($absolute)
Check that a .htaccess file is valid (for authentication)
ListDir()
Returns the list of all user folder currently protected by a .htpasswd file.
checkloginmail($mail)
Check a login mail, cf http://www.bortzmeyer.org/arreter-d-interdire-des-adresses-legales....
_md5cr($pass, $salt="")
Hashe a password using proper crypto function.
foreach($domaines_user as $domaine) $t
if(empty($_POST['key'])||empty($_POST['val'])) $key