Gérer un .htpasswd

Contenu du snippet

Une mini source sans grande prétention: le but est de gérer un fichier .htpasswd de manière à ce que seuls les utilisateurs d'un site aient accès aux fichiers d'un répertoire.

Je travaille en supposant qu'une connexion à une base de données existe et qu'une table users existe avec les champs suivants:
  • actif: si 1, l'utilisateur peut se loger
  • psw_htpasswd: champ qui contient le mot de passe pour le fichier .htpasswd
  • pseudo: 3 caractères qui désigne l'utilisateur

Source / Exemple :


Voici un exemple d'utilisation:
<?
$htaccess = new htaccess( );
$htaccess->set_folder( 'folder/' ); // dossier contenant le .htpasswd

// si vous voulez ajouter un user à votre base de données:
$psw_sha = $htaccess->non_salted_sha1( $psw ); // retourne le passord encodé que vous pouvez sauver

// si vous voulez créer le fichier à partir de la base de données
if( !$htaccess->create_htpasswd_from_bdd( ) )
  die( 'Erreur' );
if( !$htaccess->write_files( ) )
  die( 'Erreur' );

// si vous voulez ajouter un utilisateur
if( !$htaccess->load_htpasswd( ) )
  die( 'Erreur' );
$htaccess->add_user( $pseudo, $psw );
if( !$htaccess->write_files( ) )
  die( 'Erreur' );

// si vous voulez supprimer un user
if( !$htaccess->load_htpasswd( ) )
$htaccess->remove_user_from_htpasswd( $pseudo );
if( !$htaccess->write_files( ) )
  die( 'Erreur' );
?>

<?php
/*
		htaccess.class.php
		Classe de gestion des fichiers .htaccess et .htpasswd
		Rafael GUGLIELMETTI
		Début: 28.02.2009, derniere modif 28.02.2009

  • /
class htaccess { public $error = NULL; private $htpasswd_content = NULL; private $htpasswd_rows = 0; private $folder = 'data/'; /* load_htpasswd Lit le fichier des mots de passe Retour: bool
  • /
public function load_htpasswd( ) { if( !file_exists( $this->folder . '.htpasswd' ) ) { $this->htpasswd_rows = 0; $this->htpasswd_content = array( ); return true; } if( ( $this->htpasswd_content = file( $this->folder . '.htpasswd' ) ) === false ) { $this->error = 'LOAD_HTPASSWD'; return false; } $this->htpasswd_content = array_map( 'rtrim', $this->htpasswd_content ); $this->htpasswd_rows = count( $this->htpasswd_content ); return true; } /* write_files Ecrit les fichiers Retour: bool
  • /
public function write_files( ) { // ------------------------------------------------------------------ // .htpasswd if( !$this->htpasswd_rows ) { if( @file_put_contents( $this->folder . '.htpasswd', ' ' ) === false ) return false; } else { if( @file_put_contents( $this->folder . '.htpasswd', implode( "\n", $this->htpasswd_content ) ) === false ) return false; } // ------------------------------------------------------------------ // .htaccess if( !file_exists( $this->folder . '.htaccess' ) ) { $data = 'AuthName "Veuillez entrer votre visa et votre mot de passe"' . "\n"; $data .= "AuthType Basic\n"; $data .= 'AuthUserFile "' . realpath( $this->folder . '.htpasswd' ) . '"' . "\n"; $data .= "Require valid-user\n"; if( @file_put_contents( $this->folder . '/.htaccess', $data ) === false ) return false; } return true; } /* add_user Ajoute un utilisateur
  • /
public function add_user( $visa, $psw ) { if( isset( $this->htpasswd_content ) ) $this->remove_user_from_htpasswd( $visa ); // suppression des anciennes occurences else $this->htpasswd_content[ ] = array( ); $visa = strtoupper( $visa ); $psw = $this->non_salted_sha1( $psw ); $this->htpasswd_rows = count( $this->htpasswd_content ); $this->htpasswd_content[ ] = $visa . ':' . $psw; $this->htpasswd_content[ ] = strtolower( $visa ) . ':' . $psw; $this->htpasswd_rows += 2; return $psw; } /* create_htpasswd_from_bdd Crée le fichier depuis la bdd Retour: bool
  • /
public function create_htpasswd_from_bdd( ) { if( !( $ret = mysql_query( 'SELECT pseudo, psw_htpasswd FROM users WHERE actif=1' ) ) ) { $this->error = 'GET_DATA'; return false; } $this->htpasswd_content = array( ); while( $row = mysql_fetch_row( $ret ) ) { if( empty( $row[1] ) ) continue ; $this->htpasswd_content[ ] = $row[0] . ':' . $row[1]; $this->htpasswd_content[ ] = strtolower( $row[0] ) . ':' . $row[1]; } $this->htpasswd_rows = count( $this->htpasswd_content ); return true; } public function remove_user_from_htpasswd( $visa ) { $find = $this->find_visa_in_array( $visa ); $find_ = count( $find ); $j = 0; for( $i = 0; $i < $find_; $i++ ) { array_splice( $this->htpasswd_content, $find[$i] - $j, 1 ); $j++; } $this->htpasswd_rows = count( $this->htpasswd_content ); } /* find_visa_in_array Cherche les occurences d'un visa (insensible à la casse)
  • /
private function find_visa_in_array( $visa ) { $find = array( ); $visa = strtolower( $visa ); for( $i = 0; $i < $this->htpasswd_rows; $i++ ) { if( strlen( $this->htpasswd_content[$i] ) < 4 ) continue ; if( strtolower( substr( $this->htpasswd_content[$i], 0, 3 ) ) == $visa ) $find[ ] = $i; } return $find; } public function set_folder( $folder ) { if( ( $len = strlen( $folder ) ) > 0 ) { if( $folder[$len - 1] != '/' ) $folder .= '/'; } $this->folder = $folder; } // .htpasswd file functions // Copyright (C) 2004,2005 Jarno Elonen <elonen@iki.fi> // // Redistribution and use in source and binary forms, with or without modification, // are permitted provided that the following conditions are met: // // * Redistributions of source code must retain the above copyright notice, this // list of conditions and the following disclaimer. // * Redistributions in binary form must reproduce the above copyright notice, // this list of conditions and the following disclaimer in the documentation // and/or other materials provided with the distribution. // * The name of the author may not be used to endorse or promote products derived // from this software without specific prior written permission. // // THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED // WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY // AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR // BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL // DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; // LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND // ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING // NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, // EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. // // Thanks to Jonas Wagner for SHA1 support. // Generate a SHA1 password hash *without* salt public function non_salted_sha1( $pass ) { return "{SHA}" . base64_encode(pack("H*", sha1($pass))); } } ?>

A voir également