"Protected folders passwords"); } /** * * @return array */ function hook_menu() { $obj = array( 'title' => _("Protected folders"), 'ico' => 'images/password.png', 'link' => 'hta_list.php', 'pos' => 50, ) ; return $obj; } /** * Create a protected folder (.htaccess et .htpasswd) * @param string $dir Folder to protect (relative to user root) * @return boolean TRUE if the folder has been protected, or FALSE if an error occurred * * @global m_mem $mem * @global m_bro $bro * @global m_err $err * @param string $dir * @return boolean */ function CreateDir($dir) { global $mem,$bro,$err; $err->log("hta","createdir",$dir); $absolute = $bro->convertabsolute($dir,0); if (!$absolute) { $err->raise("hta",printf(_("The folder '%s' does not exist"),$dir)); return false; } if (!file_exists($absolute)) { @mkdir($absolute,00777); } if (!file_exists("$absolute/.htaccess")) { if (!@touch("$absolute/.htaccess")) { $err->raise("hta",_("File already exist")); return false; } $file = @fopen("$absolute/.htaccess","r+"); if (!$file) { $err->raise("hta",_("File already exist")); return false; } fseek($file,0); $param = "AuthUserFile \"$absolute/.htpasswd\"\nAuthName \""._("Restricted area")."\"\nAuthType Basic\nrequire valid-user\n"; fwrite($file, $param); fclose($file); } if (!file_exists("$absolute/.htpasswd")) { if (!touch("$absolute/.htpasswd")) { $err->raise("hta",_("File already exist")); return false; } return true; } return true; } /** * Returns the list of all user folder currently protected by a .htpasswd file * * @global m_err $err * @global m_mem $mem * @return array Array containing user folder list */ function ListDir(){ global$err,$mem; $err->log("hta","listdir"); $sortie = array(); $absolute = ALTERNC_HTML."/".substr($mem->user["login"],0,1)."/".$mem->user["login"]; exec("find $absolute -name .htpasswd|sort",$sortie); if(!count($sortie)){ $err->raise("hta",_("No protected folder")); return false; } $pattern = "/^".preg_quote(ALTERNC_HTML,"/")."\/.\/[^\/]*\/(.*)\/\.htpasswd/"; $r = array(); for($i = 0;$ilog("hta","is_protected",$dir); $absolute = ALTERNC_HTML."/".substr($mem->user["login"],0,1)."/".$mem->user["login"]."/$dir"; if (file_exists("$absolute/.htpasswd")){ return true; } else { return false; } } /** * Returns the list of login for a protected folder. * * @global m_mem $mem * @global m_err $err * @param string $dir The folder to lookup (relative to user root) * @return array An array containing the list of logins from the .htpasswd file, or FALSE */ function get_hta_detail($dir) { global $mem,$err; $err->log("hta","get_hta_detail"); $absolute = ALTERNC_HTML."/".substr($mem->user["login"],0,1)."/".$mem->user["login"]."/$dir"; if (file_exists("$absolute/.htaccess")) { /* if (!_reading_htaccess($absolute)) { return false; } */ } $file = @fopen("$absolute/.htpasswd","r"); $i = 0; $res = array(); if (!$file) { return false; } // TODO: Tester la validité du .htpasswd while (!feof($file)) { $s = fgets($file,1024); $t = explode(":",$s); if ($t[0]!=$s) { $res[$i] = $t[0]; $i = $i+1; } } fclose($file); return $res; } /** * Unprotect a folder * * @global m_mem $mem * @global m_bro $bro * @global m_err $err * @param string $dir Folder to unprotect, relative to user root * @param boolean $skip For testing purpose mainly, skips the full user path search * @return boolean TRUE if the folder has been unprotected, or FALSE if an error occurred */ function DelDir($dir,$skip = false) { global $mem,$bro,$err; $err->log("hta","deldir",$dir); $dir = $bro->convertabsolute($dir,$skip); if (!$dir) { $err->raise("hta",printf(("The folder '%s' does not exist"),$dir)); return false; } $htaccess_file = "$dir/.htaccess"; if( !is_readable($htaccess_file)){ $err->raise("hta",printf(_("I cannot read the file '%s'"),$htaccess_file)); } $fileLines = file($htaccess_file); $patternList = array( "AuthUserFile.*$", "AuthName.*$", "AuthType Basic.*$", "require valid-user.*$" ); $count_lines = 0; foreach($fileLines as $key => $line){ foreach ($patternList as $pattern) { if(preg_match("/".$pattern."/", $line)){ $count_lines++; unset($fileLines[$key]); } } } // If no changes if( ! $count_lines ){ $err->raise("hta",printf(_("Unexpected: No changes made to '%s'"),$htaccess_file)); } // If file is empty, remove it if( !count($fileLines)){ if( ! unlink( $htaccess_file)){ $err->raise("hta",printf(_("I could not delete the file '%s'"),$htaccess_file)); } }else{ file_put_contents($htaccess_file, implode("\n",$fileLines)); } $htpasswd_file = "$dir/.htpasswd"; if( ! is_writable($htpasswd_file)){ $err->raise("hta",printf(_("I cannot read the file '%s'"),$htpasswd_file)); } else if ( ! unlink($htpasswd_file)) { $err->raise("hta",printf(_("I cannot delete the file '%s/.htpasswd'"),$dir)); return false; } return true; } /** * Add a user to a protected folder * * @global m_err $err * @global m_bro $bro * @global m_admin $admin * @param string $user * @param string $password * @param string $dir * @param string $password The password to add (cleartext) * @param string $dir The folder we add it to (relative to user root). * @return boolean TRUE if the user has been added, or FALSE if an error occurred */ function add_user($user,$password,$dir) { global $err, $bro, $admin; $err->log("hta","add_user",$user."/".$dir); if (empty($user)) { $err->raise('hta',_("Please enter a user")); return false; } if (empty($password)) { $err->raise('hta',_("Please enter a password")); return false; } $absolute = $bro->convertabsolute($dir,0); if (!file_exists($absolute)) { $err->raise("hta",printf(("The folder '%s' does not exist"),$dir)); return false; } // @todo delete cf!. functions.php checkloginemail definition if (checkloginmail($user)){ // Check this password against the password policy using common API : if (is_callable(array($admin,"checkPolicy"))) { if (!$admin->checkPolicy("hta",$user,$password)) { return false; // The error has been raised by checkPolicy() } } $file = @fopen("$absolute/.htpasswd","a+"); if (!$file) { $err->raise("hta",_("File already exist")); return false; } fseek($file,0); while (!feof($file)) { $s = fgets($file,1024); $t = explode(":",$s); if ($t[0]==$user) { $err->raise("hta",_("The user '%s' already exist for this folder"),$user); return false; } } fseek($file,SEEK_END); if ( empty($t[1]) || substr($t[1],-1)!="\n") { fwrite($file,"\n"); } fwrite($file, "$user:"._md5cr($password)."\n"); fclose($file); return true; } else { $err->raise("hta",_("Please enter a valid username")); return false; } } /** */ /** * Delete a user from a protected folder. * * @global m_bro $bro * @global m_err $err * @param array $lst An array with login to delete. * @param string $dir The folder, relative to user root, where we want to delete users. * @return boolean TRUE if users has been deleted, or FALSE if an error occurred. */ function del_user($lst,$dir) { global $bro,$err; $err->log("hta","del_user",$lst."/".$dir); $absolute = $bro->convertabsolute($dir,0); if (!file_exists($absolute)) { $err->raise("hta",printf(_("The folder '%s' does not exist"),$dir)); return false; } touch("$absolute/.htpasswd.new"); $file = fopen("$absolute/.htpasswd","r"); $newf = fopen("$absolute/.htpasswd.new","a"); if (!$file || !$newf) { $err->raise("hta",_("File already exist")); return false; } reset($lst); fseek($file,0); while (!feof($file)) { $s = fgets($file,1024); $t = explode(":",$s); if (!in_array($t[0],$lst) && ($t[0]!="\n")) { fseek($newf,0); fwrite($newf, "$s"); } } fclose($file); fclose($newf); unlink("$absolute/.htpasswd"); rename("$absolute/.htpasswd.new", "$absolute/.htpasswd"); return true; } /** * @param string $user The users whose password should be changed * @param string $newpass The new password of this user * @param string $dir The folder, relative to user root, in which we will change a password * @return boolean TRUE if the password has been changed, or FALSE if an error occurred */ /** * Change the password of a user in a protected folder * * @global m_bro $bro * @global m_err $err * @global m_admin $admin * @param string $user * @param string $newpass * @param string $dir * @return boolean */ function change_pass($user,$newpass,$dir) { global $bro,$err,$admin; $err->log("hta","change_pass",$user."/".$dir); $absolute = $bro->convertabsolute($dir,0); if (!file_exists($absolute)) { $err->raise("hta",printf(_("The folder '%s' does not exist"),$dir)); return false; } // Check this password against the password policy using common API : if (is_callable(array($admin,"checkPolicy"))) { if (!$admin->checkPolicy("hta",$user,$newpass)) { return false; // The error has been raised by checkPolicy() } } touch("$absolute/.htpasswd.new"); $file = fopen("$absolute/.htpasswd","r"); $newf = fopen("$absolute/.htpasswd.new","a"); if (!$file || !$newf) { $err->raise("hta",_("File already exist")); return false; } while (!feof($file)) { $s = fgets($file,1024); $t = explode(":",$s); if ($t[0]!=$user) { fwrite($newf, "$s"); } } fwrite($newf, "$user:"._md5cr($newpass)."\n"); fclose($file); fclose($newf); unlink("$absolute/.htpasswd"); rename("$absolute/.htpasswd.new", "$absolute/.htpasswd"); return true; } /** * Check that a .htaccess file is valid (for authentication) * * @global m_err $err * @param type $absolute * @param string $absolute Folder we want to check (relative to user root) * @return boolean TRUE is the .htaccess is protecting this folder, or FALSE else */ private function _reading_htaccess($absolute) { global $err; $err->log("hta","_reading_htaccess",$absolute); $file = fopen("$absolute/.htaccess","r+"); $lignes = array(1,1,1); $errr = 0; if (!$file) { return false; } while (!feof($file) && !$errr) { $s = fgets($file,1024); if (substr($s,0,12)!="RewriteCond " && substr($s,0,14)!="ErrorDocument " && substr($s,0,12)!="RewriteRule " && substr($s,0,14)!="RewriteEngine " && trim($s)!="") { $errr = 1; } if (strtolower(trim($s))==strtolower("authuserfile $absolute/.htpasswd")) { $lignes[0] = 0; $errr = 0; } // authuserfile if (strtolower(trim($s))=="require valid-user") { $lignes[1] = 0; $errr = 0; } //require if (strtolower(trim($s))=="authtype basic") { $lignes[2] = 0; $errr = 0; } //authtype } // Reading config file fclose($file); if ($errr || in_array(0,$lignes)) { $err->raise("hta",_("An incompatible .htaccess file exists in this folder")); return false; } return true; } } /* CLASS m_hta */