tdack · December 27, 2015 21:39
diff --git a/README.md b/README.md
diff --git a/ht-admin.php b/ht-admin.php
 <?php
    // -- Read the file into a variable
    $filename = '/path/to/.htpasswd';
    $fp = fopen( $filename, 'r' );
    $file_contents = fread( $fp, filesize( $filename ) );
    fclose( $fp );

    // -- Get the users and their passwords in a nice array
   $lines = explode("\n",$file_contents);
   foreach($lines as $line)
   {
        $bits = explode(":",trim($line));
        // make sure we don't have any blank users
        if ($bits[0] != '') {
 	        $users[$bits[0]] = trim($bits[1]);
 		}
    }
    
    if (isset($_GET['action']))
 	{
 		$action = $_GET['action'];
 		if ($action == 'add' || $action == 'delete')
 		{
 			$username = $_GET['username'];
 			// -- See if a user exists
 			if (isset($users[$username]))
 			{
 				switch ($action) {
 					case "add":
 						$users[$username] = crypt($_GET['paswd']);
 						break;
 					case "delete":
 						unset($users[$username]);
 						break;
 				}
 			} elseif ($action == 'add') {
 				// TODO: make sure $username is acutally safe to put into .htpasswd file
 				$users[$username] = crypt($_GET['paswd']);
 			}
 			// -- Write back the new details
 			$newfile = '';
 			foreach($users as $username => $password)
 			{
 				$newfile .= $username.":".$password."\n";
 			}
 			$fp = fopen($filename,'w');
 			fwrite($fp,$newfile);
 			fclose($fp);
 			header('Location: http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']);
 		}
 	}
 ?>
 <html>
 <head>
 	<title>htpasswd Admin</title>
 	<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script>
 	<script type="text/javascript">
 		$(document).ready(function() {
 			$('#add').click(function() {
 				window.location.href = '?action=add&username=' + $('#user').val() + '&paswd=' + $('#paswd').val();
 				});
 			});
 	</script>
 </head>
 <body>
 	<div style="text-align:center">
 		<h1>Users</h1>
 	</div>
 	<hr />
 	<table style="margin-left: 20%; margin-right:20%; width: 60%">
 		<tr>
 			<th>Username</th>
 			<th>Action</th>
 		</tr>
 <?php
 	foreach ($users as $username => $password)
 	{
 		if (trim($username))
 		{
 ?>
 		<tr>
 			<td style="width: 75%">
 <?php
 			echo '				' . $username . "\n";
 ?>
 			</td>
 			<td style="text-align: center">
 				<button onclick="window.location.href='?action=delete&username=<?php echo $username; ?>'">Delete</button>
 			</td>
 		</tr>
 <?php
 		}
 	}
 ?>
 		<tr>
 			<td>
 				Username: <input type="text" id="user" name="user" size="10" /> 
 				Password: <input type="password" id="paswd" name="paswd" size="10" />
 			</td>
 			<td style="text-align: center">
 				<button id="add" name="add">Add</button>
 			</td>
 		</tr>
 	</table>
 	<hr />
 	<h2>Instructions</h2>
 	<p>To add a new user enter the username and password then click 'Add'.<br /><br />
 	To change a users password enter the existing username and then their new password
 	then click 'Add'<br /><br />
 	To delete a user simply click the 'Delete' button beside the username that you wish 
 	to remove.<br /><br />
 	Note: If you delete all the user names you won't be able to access this page and will 
 	have to manually update the password file from the command line using the htpasswd 
 	utility.
 	</p>
 </body>
 </html>
diff --git a/login.html b/login.html
 <html>
  <head>
    <title>htpasswd Admin</title>
  </head>
  <body>
    <div style="text-align: center" markdown="1">
    Login
    <form method="post" action="">
 	    <table>
 	      <tr><td>User:</td><td> <input type="text" name="httpd_username" value="" /></td></tr>
 	      <tr><td>Password:</td><td> <input type="password" name="httpd_password" value="" /></td></tr>
 	    </table>
 	    <br />
 	    <input type="submit" name="login" value=" Login " />
    </form>
    </div>
  </body>
 </html>
diff --git a/vhost.conf b/vhost.conf
   <LocationMatch "ht-admin.php">

    	AuthFormProvider   file
      AuthType           form
      AuthName           "htpasswd Admin!"

    	Session On
    	SessionCookieName session path=/

   	# This is the login page
    	ErrorDocument 401 /login.html

    	# This is the file containing users login data
    	AuthUserFile /path/to.htpasswd
    	Require valid-user

   </LocationMatch>
	<?php
	// -- Read the file into a variable
	$filename = '/path/to/.htpasswd';
	$fp = fopen( $filename, 'r' );
	$file_contents = fread( $fp, filesize( $filename ) );
	fclose( $fp );

	// -- Get the users and their passwords in a nice array
	$lines = explode("\n",$file_contents);
	foreach($lines as $line)
	{
	$bits = explode(":",trim($line));
	// make sure we don't have any blank users
	if ($bits[0] != '') {
	$users[$bits[0]] = trim($bits[1]);
	}
	}

	if (isset($_GET['action']))
	{
	$action = $_GET['action'];
	if ($action == 'add' \|\| $action == 'delete')
	{
	$username = $_GET['username'];
	// -- See if a user exists
	if (isset($users[$username]))
	{
	switch ($action) {
	case "add":
	$users[$username] = crypt($_GET['paswd']);
	break;
	case "delete":
	unset($users[$username]);
	break;
	}
	} elseif ($action == 'add') {
	// TODO: make sure $username is acutally safe to put into .htpasswd file
	$users[$username] = crypt($_GET['paswd']);
	}
	// -- Write back the new details
	$newfile = '';
	foreach($users as $username => $password)
	{
	$newfile .= $username.":".$password."\n";
	}
	$fp = fopen($filename,'w');
	fwrite($fp,$newfile);
	fclose($fp);
	header('Location: http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']);
	}
	}
	?>
	<html>
	<head>
	<title>htpasswd Admin</title>
	<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script>
	<script type="text/javascript">
	$(document).ready(function() {
	$('#add').click(function() {
	window.location.href = '?action=add&username=' + $('#user').val() + '&paswd=' + $('#paswd').val();
	});
	});
	</script>
	</head>
	<body>
	<div style="text-align:center">
	<h1>Users</h1>
	</div>
	<hr />
	<table style="margin-left: 20%; margin-right:20%; width: 60%">
	<tr>
	<th>Username</th>
	<th>Action</th>
	</tr>
	<?php
	foreach ($users as $username => $password)
	{
	if (trim($username))
	{
	?>
	<tr>
	<td style="width: 75%">
	<?php
	echo ' ' . $username . "\n";
	?>
	</td>
	<td style="text-align: center">
	<button onclick="window.location.href='?action=delete&username=<?php echo $username; ?>'">Delete</button>
	</td>
	</tr>
	<?php
	}
	}
	?>
	<tr>
	<td>
	Username: <input type="text" id="user" name="user" size="10" />
	Password: <input type="password" id="paswd" name="paswd" size="10" />
	</td>
	<td style="text-align: center">
	<button id="add" name="add">Add</button>
	</td>
	</tr>
	</table>
	<hr />
	<h2>Instructions</h2>
	<p>To add a new user enter the username and password then click 'Add'.<br /><br />
	To change a users password enter the existing username and then their new password
	then click 'Add'<br /><br />
	To delete a user simply click the 'Delete' button beside the username that you wish
	to remove.<br /><br />
	Note: If you delete all the user names you won't be able to access this page and will
	have to manually update the password file from the command line using the htpasswd
	utility.
	</p>
	</body>
	</html>
	<LocationMatch "ht-admin.php">

	AuthFormProvider file
	AuthType form
	AuthName "htpasswd Admin!"

	Session On
	SessionCookieName session path=/

	# This is the login page
	ErrorDocument 401 /login.html

	# This is the file containing users login data
	AuthUserFile /path/to.htpasswd
	Require valid-user

	</LocationMatch>