• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 573
  • Last Modified:

php script to protect a folder with .htaccess and .htpasswd

Hi
I am looking for a simple php script that will generate (create .htaccess and .htpassword) to protect a folder

as simple as that !
ex: **protect.php?username=admin&password=admin**
and it will create automatially the .htaccess and .htpasswd that protects the folder with user admin/amin

Regards
0
yarekGmail
Asked:
yarekGmail
  • 2
  • 2
1 Solution
 
ropennerCommented:
<?PHP
//$username = "admin";
//$password = "admin";
$username = $_Request("username");
$password = $_Request("password");

$path = pathinfo(__FILE__,PATHINFO_DIRNAME) . "/";

$default_htaccess_text = <<< endofhtaccesstext
AuthUserFile    $path.htpasswd
AuthGroupFile   /dev/null
AuthName        "Please Enter your Password for this Folder"
AuthType        Basic
<Limit GET POST>
require valid-user
</Limit>
endofhtaccesstext;

$username = preg_replace("/\W/","",$username); // remove any special characters only allowing letters and numbers and underscore .... customize this so system command doesn't become a security hole
$password = preg_replace("/\W/","",$password);

$create = (file_exists("$path.htaccess")?"":"-c");
system("htpasswd $create -b .htpasswd $username $password");
if (!file_exists("$path.htaccess")) {
      if (writeFile("$path.htaccess", $default_htaccess_text)) {
            print "successful write of .htaccess";
      } else {
            print "problem writing .htaccess file";
      }
}

function writeFile($file, $message) {
      if ($handle = fopen($file, "w")) {
            fwrite($handle, imap_qprint($message));
            fclose($handle);
            return true;
      } else {
            return false;
      }
}
?>
0
 
V4nP3rs13Commented:
No.. that code that ropenner posted is wrong. I think It has some mistakes.... here's the right code:
<?PHP
//$username = "admin";
//$password = "admin";
$username = $_REQUEST["username"];
$password = $_REQUEST["password"];

$path = pathinfo(__FILE__,PATHINFO_DIRNAME) . "/";

$default_htaccess_text = <<< endofhtaccesstext
AuthUserFile    $path.htpasswd
AuthGroupFile   /dev/null
AuthName        "Please Enter your Password for this Folder"
AuthType        Basic
<Limit GET POST>
require valid-user
</Limit>
endofhtaccesstext;

$username = preg_replace("/\W/","",$username); // remove any special characters only allowing letters and numbers and underscore .... customize this so system command doesn't become a security hole
$password = preg_replace("/\W/","",$password);

$create = (file_exists("$path.htaccess")?"":"-c");
system("htpasswd $create -b .htpasswd $username $password");
if (!file_exists("$path.htaccess")) {
      if (writeFile("$path.htaccess", $default_htaccess_text)) {
            print "successful write of .htaccess";
      } else {
            print "problem writing .htaccess file";
      }
}

function writeFile($file, $message) {
      if ($handle = fopen($file, "w")) {
            fwrite($handle, imap_qprint($message));
            fclose($handle);
            return true;
      } else {
            return false;
      }
}
?>

Open in new window

0
 
yarekGmailAuthor Commented:
I executed the script and got : INTERNAL ERROR
It seems the .htpasswd was not written

It seems I cannot execute that on my shared hosting plan:
system("htpasswd $create -b .htpasswd $username $password");

Any idea on how to simply do that ?

regards
0
 
ropennerCommented:
I assumed UNIX or LINUX, what type of box are you hosted on (windows, unix)?

try just the part of creating the .htaccess file

if (writeFile("$path.htaccess", $default_htaccess_text)) {
   print "successful write of .htaccess";
} else {
   print "problem writing .htaccess file";
}

if you can do that ... then at least you have permission to create files and there may be a way to create the .htpasswd file without using a 'system' call.

On your shared hosting ... what method is provided to manually create the .htpasswd files?
0
 
yarekGmailAuthor Commented:
Linux shared server.
There is no problem to create files with writeFile.
the .htaccess was created

But .htpasswd is not created :
it means system("htpasswd $create -b .htpasswd $username $password"); is NOT executed correctly

Regards
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now