article in Tech
programming
SCRIPT: Change password script for htpasswd files.
Someday, I plan on setting up a SVN server for my personal projects. Until then, here is a quick script I wrote for changing your password. Just place this file in your web accessable folder. Update the path to your htpasswd file and make sure the htpasswd file is owned by the as user as the webserver.
(note, you are opening yourself up to some security risks by doing this.... this means that if someone can upload and execute a script on your server.... they can add, change, and delete users from your htpasswd file. This may be OK, as it is for me in many cases.)
<?
///////////////////////////////////////////////////////////////////////
// Change Htpasswd Script.
///////////////////////////////////////////////////////////////////////
// Quick script to change passwords for htpasswd files.
//
// Installation:
// Simply copy this file into a directory that is web protected and
// update the script to point to the path of your actual htpasswd file.
// Also, insure that the webserver has read and write permissions.
//
// Author: David A. Horner (DAH) http://dave.thehorners.com
// License: Public Domain
///////////////////////////////////////////////////////////////////////
if(!include('File/Passwd/Authbasic.php')) {
echo "Error, you must install some files into your pear configuration before continuing.<br>";
echo "At the commandline (you might want to be root, or anyone with access to pear)<br>";
echo "Run the following commands<br>";
echo "pear install Auth<br>";
echo "pear install File_Passwd<br>";
exit();
}
$HTPASSWD_PATH = "../htpasswd";
$REDIRECT_URL = "/";
$MIN_PASSLEN = 6;
$MAX_PASSLEN = -1;
if(strlen($_SERVER["REMOTE_USER"])==0) {
echo "Failed reading username from enviroment!<br>";
echo "This program must be run from within a protected HTTP directory!";
exit(0);
}
$user=$_SERVER["REMOTE_USER"];
$save_changes=false;
echo "<html><head><title>Change Password Script</title></head><body>";
$passfile = new File_Passwd_Authbasic($HTPASSWD_PATH);
$ret = $passfile->load();
if(!PEAR::isError($ret)) {
echo "Hello $user, welcome to the password change script.<br>";
$verified=false;
if(strlen($_REQUEST["currpass"])) {
if($passfile->verifyPasswd($user,$_REQUEST["currpass"])) {
$verified=true;
} else {
echo "Failed current password validation!<br>";
}
}
$confirmed=false;
if(strlen($_REQUEST["newpass"])) {
if(strcmp($_REQUEST["newpass"],$_REQUEST["newpass2"])==0) {
$confirmed=true;
} else {
echo "Failed new password and confirmed password don't match!";
}
} else if($verified) {
echo "Failed you must supply a new password!";
}
if($verified && $confirmed) {
$passfile->changePasswd($user, $_REQUEST["newpass"]);
$save_changes=true;
} else {
echo "<table border=0>";
echo "<tr><td colspan=2 bgcolor=cccccc>Change your password</td></tr>";
echo "<form method=\"post\" action=\"$PHP_SELF\">";
echo "<tr><td>Verify Current Password: </td>";
echo "<td><input type=\"password\" name=\"currpass\"></td></tr>";
echo "<tr><td>New Password: </td>";
echo "<td><input type=\"password\" name=\"newpass\"></td></tr>";
echo "<tr><td>New Password Again(to confirm): </td>";
echo "<td><input type=\"password\" name=\"newpass2\"></td></tr>";
echo "<tr><td colspan=2>";
echo "<input type=\"submit\" name=\"submit\" value=\"Change Pass\">";
echo "<input type=\"hidden\" name=\"redirect\" value=\"true\">";
echo "</td></tr>";
echo "</form>";
echo "</table>";
}
/*
if(strlen($_REQUEST["newuser"]) && $confirmed) {
$newuser=$_REQUEST["newuser"];
$newpass=$_REQUEST["newpass"];
echo "Adding user $newuser with password $newpass...<br>";
$ret=$passfile->addUser($newuser,$newpass);
if(!PEAR::isError($ret)) {
echo "Added user successfully!<br>";
$save_changes=true;
} else {
echo "Failed to add user to password file!<br>";
echo "(".$ret->getMessage().")<br>";
}
} else {
echo "<table border=0>";
echo "<tr><td colspan=2 bgcolor=cccccc>Add new user</td></tr>";
echo "<form method=\"post\" action=\"$PHP_SELF\">";
echo "<tr><td>New Username: </td>";
echo "<td><input type=\"text\" name=\"newuser\"></td></tr>";
echo "<tr><td>New Password: </td>";
echo "<td><input type=\"password\" name=\"newpass\"></td></tr>";
echo "<tr><td>New Password Again(to confirm): </td>";
echo "<td><input type=\"password\" name=\"newpass2\"></td></tr>";
echo "<tr><td colspan=2>";
echo "<input type=\"submit\" name=\"submit\" value=\"Add User\">";
echo "</td></tr>";
echo "</form>";
echo "</table>";
}
*/
if($save_changes) {
echo "Saving password file...<br>";
$ret=$passfile->save();
if(!PEAR::isError($ret)) {
echo "Password file successfully updated!<br>";
if(isset($_REQUEST["redirect"])) {
echo "The browser will request your new username/password in 5 seconds....<br>";
echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"5; URL=$REDIRECT_URL\">";
}
} else {
echo "Failed to write password file!<br>";
echo "(".$ret->getMessage().")<br>";
}
}
} else {
echo "Failed to open password file!<br>";
echo "(".$ret->getMessage().")<br>";
}
echo "</body></html>";
//$users=$passfile->listUser();
//print_r($users);
?>
Created: 2006-05-03 10:53:21
Modified: 2006-05-03 10:54:00