Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

php script to protect a folder with .htaccess and .htpasswd

Posted on 2010-11-24
5
554 Views
Last Modified: 2012-05-10
Hi
I am looking for a simple php script that will generate (create .htaccess and .htpassword) to protect a folder

as simple as that !
ex: **protect.php?username=admin&password=admin**
and it will create automatially the .htaccess and .htpasswd that protects the folder with user admin/amin

Regards
0
Comment
Question by:yarekGmail
  • 2
  • 2
5 Comments
 
LVL 8

Expert Comment

by:ropenner
ID: 34210862
<?PHP
//$username = "admin";
//$password = "admin";
$username = $_Request("username");
$password = $_Request("password");

$path = pathinfo(__FILE__,PATHINFO_DIRNAME) . "/";

$default_htaccess_text = <<< endofhtaccesstext
AuthUserFile    $path.htpasswd
AuthGroupFile   /dev/null
AuthName        "Please Enter your Password for this Folder"
AuthType        Basic
<Limit GET POST>
require valid-user
</Limit>
endofhtaccesstext;

$username = preg_replace("/\W/","",$username); // remove any special characters only allowing letters and numbers and underscore .... customize this so system command doesn't become a security hole
$password = preg_replace("/\W/","",$password);

$create = (file_exists("$path.htaccess")?"":"-c");
system("htpasswd $create -b .htpasswd $username $password");
if (!file_exists("$path.htaccess")) {
      if (writeFile("$path.htaccess", $default_htaccess_text)) {
            print "successful write of .htaccess";
      } else {
            print "problem writing .htaccess file";
      }
}

function writeFile($file, $message) {
      if ($handle = fopen($file, "w")) {
            fwrite($handle, imap_qprint($message));
            fclose($handle);
            return true;
      } else {
            return false;
      }
}
?>
0
 
LVL 6

Accepted Solution

by:
V4nP3rs13 earned 500 total points
ID: 34211230
No.. that code that ropenner posted is wrong. I think It has some mistakes.... here's the right code:
<?PHP
//$username = "admin";
//$password = "admin";
$username = $_REQUEST["username"];
$password = $_REQUEST["password"];

$path = pathinfo(__FILE__,PATHINFO_DIRNAME) . "/";

$default_htaccess_text = <<< endofhtaccesstext
AuthUserFile    $path.htpasswd
AuthGroupFile   /dev/null
AuthName        "Please Enter your Password for this Folder"
AuthType        Basic
<Limit GET POST>
require valid-user
</Limit>
endofhtaccesstext;

$username = preg_replace("/\W/","",$username); // remove any special characters only allowing letters and numbers and underscore .... customize this so system command doesn't become a security hole
$password = preg_replace("/\W/","",$password);

$create = (file_exists("$path.htaccess")?"":"-c");
system("htpasswd $create -b .htpasswd $username $password");
if (!file_exists("$path.htaccess")) {
      if (writeFile("$path.htaccess", $default_htaccess_text)) {
            print "successful write of .htaccess";
      } else {
            print "problem writing .htaccess file";
      }
}

function writeFile($file, $message) {
      if ($handle = fopen($file, "w")) {
            fwrite($handle, imap_qprint($message));
            fclose($handle);
            return true;
      } else {
            return false;
      }
}
?>

Open in new window

0
 

Author Comment

by:yarekGmail
ID: 34211471
I executed the script and got : INTERNAL ERROR
It seems the .htpasswd was not written

It seems I cannot execute that on my shared hosting plan:
system("htpasswd $create -b .htpasswd $username $password");

Any idea on how to simply do that ?

regards
0
 
LVL 8

Expert Comment

by:ropenner
ID: 34211673
I assumed UNIX or LINUX, what type of box are you hosted on (windows, unix)?

try just the part of creating the .htaccess file

if (writeFile("$path.htaccess", $default_htaccess_text)) {
   print "successful write of .htaccess";
} else {
   print "problem writing .htaccess file";
}

if you can do that ... then at least you have permission to create files and there may be a way to create the .htpasswd file without using a 'system' call.

On your shared hosting ... what method is provided to manually create the .htpasswd files?
0
 

Author Comment

by:yarekGmail
ID: 34212511
Linux shared server.
There is no problem to create files with writeFile.
the .htaccess was created

But .htpasswd is not created :
it means system("htpasswd $create -b .htpasswd $username $password"); is NOT executed correctly

Regards
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question