<html>
<title>
<?php echo $_SERVER['PHP_SELF']; ?>
</title>
To add and remove customers/users to an htpasswd file<br \> <br \>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table width="100%" border="1" cellpadding="4">
<tr><td>
<table border="1" cellpadding="4">
<!-- ############ TABLE WITH EXCLUSIVE ACTIONS POSSIBLE ########### -->
<tr><td>
<input type="radio" name="action" value="AddUser">Add a user or change the password
</td>
</tr>
<tr><td>
<input type="radio" name="action" value="RemoveUser">Remove a user
</td>
</tr>
<tr><td>
<input type="radio" name="action" value="DisplayUsers">Display the user list (without showing passwords)
</td>
</tr>
</table>
<!-- ########## END FIRST "ROW" WITH CHOICES, BEGIN NEXT ROW ############ -->
<tr><td align="center">
<br \> <br \>
username (email address is case sensitive): <input type="text" name="username" maxlength="128" />
<br \> <br \>
password: <input type="text" name="password" maxlength="128" />
<br \> <br \>
<i>(Usernames should be the email address all lowercase. Neither username or password should contain slashes!)"
<br \>You don't have to type in a password to remove a user.</i>
<br \> <br \>
<input type="radio" name="action" value="DisplayLog">Display the Log of Changes to the password file
</table>
<input type="Submit" value="Submit" />
</form>
<?php
// functions go here
function display_users($filename)
{// displays the users (but not the encrypted password text after the :
if(file_exists($filename))
{
$fp = fopen($filename, 'r');
$buffer = file_get_contents( $filename );
$arr = explode("\n", $buffer);
sort($arr);
foreach ($arr as $value)
{
$extractedUsername = split(":", $value);
echo $extractedUsername[0] . "<br \>";
}
fclose($fp);
}//end file_exists
else{ echo $filename . " does not exist!"; }
}//end function display users
function add_user($scriptname)
{// adds a user to a password file and records it in the log
// relies on linux bash and "expect" scripts to run htpasswd command
if( empty($_POST['username']))
{ echo "<b> Username not filled in!</b>"; }
else if(empty($_POST['password']))
{ echo "<b> Password not filled in! </b>"; }
else
{
$newUser = stripslashes($_POST['username']);
$newPass = stripslashes($_POST['password']);
echo "<b>" . $newUser . ":" . $newPass . "</b> added to file.\n<br />";
exec('./' . escapeshellarg($scriptname) . ' ' . escapeshellarg($newUser) . ' ' . escapeshellarg($newPass));
$fp = fopen("htpasswd-changes.log", 'a');
$buffer = date("c") . " " . $newUser . " ". $scriptname . "\n";
fwrite($fp, $buffer);
fclose($fp);
}
}//end function add_user
function remove_user($scriptname)
{// removes a user to a password file and records it in the log
if( empty($_POST['username']))
{ echo "<b> Username not filled in!</b>"; }
else
{
$user = stripslashes($_POST['username']);
exec('./' . escapeshellarg($scriptname) . ' ' . escapeshellarg($user) );
}
echo "<b>" . $user . " removed.</b>\n<br />";
$fp = fopen("htpasswd-changes.log", 'a');
$buffer = date("c") . " " . $user . " ". $scriptname . "\n";
fwrite($fp, $buffer);
fclose($fp);
}//end function remove_user
?>
<?php
// consider this main()
if(!isset($_POST['action']))
{
echo "Please choose one of the radio button options";
}
else
{
switch($_POST['action'])
{
case "AddUser":
add_user( "add-user-script-caller.sh" );
display_users( "/protected-dir/User.password" );
break;
case "RemoveUser":
remove_user( "remove-user-script-caller.sh" );
display_users( "/protected-dir/User.password" );
break;
case "DisplayUser":
echo "<b>Displaying Users...</b><br \>";
display_users( "/protected-dir/User.password" );
break;
case "DisplayLog":
echo "<b>Displaying chronological log of changes to password files...</b><br \>";
$fp = fopen("htpasswd-permission.log", 'r');
$buffer = file( "htpasswd-permission.log" );
foreach ($buffer as $line)
{
echo htmlspecialchars($line) . "<br />\n";
}
fclose($fp);
break;
default:
break;
}//end switch of action Add, Remove, Display
}//end if radio button action has been selected
?>
</html>