Version: 1.0

Type: README

Category: HTTP

License: GNU General Public License

Description: You must have always wondered to provide Authenticated access to your webpages or a web directory and provide the User management to the admin of the website. But then if the webpages are static pages then you have to use the .htaccess authentication system and then comes the problem of providing administration to the admin for adding, modifying and deleting users. But I have developed a web based administartion module for .htaccess authentication system which provides the admin with an interface to add, modify and delete the users from the .htpasswd file which is used to store the Usernames and Passwords. The System requires PHP, Perl and MySQL.



.Htaccess User Authentication and Management System


Installation :
---------------

1) create the User Database in MySQL
   # Table structure for table `users`#

 CREATE TABLE users (
 id int(11) NOT NULL auto_increment,
 Username varchar(100) NOT NULL default '',
  Password varchar(100) NOT NULL default '',
  Group varchar(50) NOT NULL default '',
  PRIMARY KEY (id)
) TYPE=MyISAM COMMENT='Gospel Website Authenticated Users';


# Dump data for table `users`

INSERT INTO users VALUES (1, 'admin', ',9zDjdoVKQGxg', 'GCPL');
   

2) Copy the index.php and connect.php to the admin directory

   index.php :-

/* index.php starts here */
<?PHP

include("connect.php");


switch ($opt) {

	case "edit" :	user_edit(); break;
	case "editsave" : user_editsave(); break;
	case "del" :	user_del(); break;
	case "delnow" : 	user_delnow(); break;
	case "add" : 	user_add(); break;
	case "addnow" :	user_addnow(); break;
	default : show_users(); break;
}


function show_users()
{

$query = mysql_query("SELECT * FROM users");

echo "<center>List of Users</center>";
echo "<p><a href='index.php?opt=add'>Add New User</a></p><p>";
echo "<table width=90% border>";
while($rows = mysql_fetch_array($query))
{

  echo "<tr><td>".$rows['Username']."</td>".
       "<td>[ <a href='index.php?id=".$rows['id']."&&opt=edit'>Modify</a> ] [ <a href='index.php?id=".$rows['id']."&&opt=del'>Delete User</a> ]</td></tr><br>";

}


}


function user_add()
{

  echo "<center><h4>Add New User</h4></center>";

  echo "<form action='index.php' method=post>
	<table width=75% border=0>
       <tr><td>Username : </td><td><input type=text name=username size=20 value=".$GLOBALS['username']."></td></tr>
	<tr><td>Password :</td><td><input type=password name=password size=20></td></tr>
	<tr><td>Re-enter Password :</td><td><input type=password name=password1 size=20></td></tr>
	<tr><td colspan=2 align=center><input type=submit value='Add User'><input type=hidden name=opt value='addnow'></td></tr></table></form>";
	

}

function user_addnow()
{

   if($GLOBALS['password'] != $GLOBALS['password1'])
   {
  	echo "<p><font color=red>Passwords donot match. Please try again.</font><p>";

   user_add();
   }
   else
   {
	$username = $GLOBALS['username']; $pass = $GLOBALS['password'];
	
	
	$cryptpass =  exec("perl -e 'print crypt(\"$pass\",\",9r-jd8,.\")'");

	$chkpass = mysql_query("SELECT username FROM users WHERE username='$username'");
	if(mysql_num_rows($chkpass)>0)
	{
	   echo "<font color=red>This Username already exists please try again with some different Username.</font><p>";
	}
	else
	{
	  if(!$handle = fopen("/home/ws/home/gospel/.htpasswd", 'a'))
	  {
 	     echo "Unable to open the file"; exit();
	  }
	  $userdetails = "$username:$cryptpass\n";
	  if(!fwrite($handle, $userdetails))
	  {
	    echo "Unable to write user details to the file"; exit();
	  }

mysql_query("INSERT INTO users values (NULL, '$username', '$cryptpass', '$group')");

//	echo "INSERT INTO users values ('$username', '$cryptpass', '$group')";

	echo "<p><center>User added successfully<br></p>
	      <a href='index.php'>Go back Home</a>";
	}
}

}

function user_edit()
{

  echo "<center><h4>Modify User Details</h4></center>";
  $id = $GLOBALS['id'];
  $query = mysql_query("SELECT * FROM users WHERE id=$id");
  $user = mysql_fetch_array($query);

  echo "<form action='index.php' method=post>
        <table width=75% border=0>
       <tr><td>Username : </td><td>".$user['Username']."</td></tr>
        <tr><td>Password :</td><td><input type=password name=password size=20></td></tr>
        <tr><td>Re-enter Password :</td><td><input type=password name=password1 size=20></td></tr>
        <tr><td colspan=2 align=center><input type=submit value='Modify User'><input type=hidden name
=opt value='editsave'><input type=hidden name=username value='".$user['Username']."'><input type=hidden name=id value='".$user['id']."'></td></tr></table></form>";


}

function user_editsave()
{

   if($GLOBALS['password'] != $GLOBALS['password1'])
   {
        echo "<p><font color=red>Passwords donot match. Please try again.</font><p>";

   user_edit();
   }
   else
   {
        $id = $GLOBALS['id']; $username = $GLOBALS['username']; $pass = $GLOBALS['password'];


        $cryptpass =  exec("perl -e 'print crypt(\"$pass\",\",9r-jd8,.\")'");

  
          if(!$handle = fopen("/home/ws/home/gospel/.htpasswd", 'w+'))
          {
             echo "Unable to open the file"; exit();
          }

	  if(!$query = mysql_query("UPDATE users SET Password='$cryptpass' WHERE id=$id and Username='$username'"))
	  {
	     echo "Unable to update . Please try again later"; exit();
	  }

	  $query = mysql_query("SELECT * FROM users");
 	  while($users = mysql_fetch_array($query))
	  {
 	      $userdetails = $users['Username'].":".$users['Password']."\n";
	      if(!fwrite($handle, $userdetails))
	      {
        	echo "Unable to write user details to the file"; exit();
	      }
          }

	echo "<p><center>User Details modified successfully.</p><p>
	      <a href='index.php'>Go back Home</a>";
	
    }
}	

function user_del()
{

	$id = $GLOBALS['id'];
	$query = mysql_query("SELECT * FROM users WHERE id=$id");
	$user = mysql_fetch_array($query);
	echo "<p><center>Are you sure you want to delete the user <b><i>".$user['Username']."</b></i> ?<br><br>
	<a href='index.php?id=$id&&opt=delnow'>Yes</a> &nbsp;&nbsp;&nbsp; <a href='index.php'>No</a><br></center>";
}

function user_delnow()
{

	$id = $GLOBALS['id'];

	
        if(!$handle = fopen("/home/ws/home/gospel/.htpasswd", 'w+'))
        {
            echo "Unable to open the file"; exit();
        }


	if($query = mysql_query("DELETE FROM users WHERE id=$id"))
	{

	  $query = mysql_query("SELECT * FROM users");
          while($users = mysql_fetch_array($query))
          {
              $userdetails = $users['Username'].":".$users['Password']."\n";
              if(!fwrite($handle, $userdetails))
              {
                echo "Unable to write user details to the file"; exit();
              }
          }

	echo "<p><center>User deleted successfully.</center>";
	}


}
?>
/* index.php ends here */


/* connect.php starts here */

<?PHP


$conn = mysql_connect("HOSTNAME", "Mysql_Username","Mysql_Password");

mysql_select_db("DBNAME",$conn);


?>


/* connect.php starts here */

3) Copy the .htaccess and .htpasswd file (chmod to 777) to the document root of your website

/* .htaccess file starts here */

AuthUserFile /PATH/TO/DOCUMENTROOT/.htpasswd
AuthName "restricted access"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>

/* .htaccess file ends here */

/* .htpasswd file starts here */

admin:,9zDjdoVKQGxg

*/ .htpasswd file ends here */

4) Copy the following .htacces file code as .htaccess to the admin directory so that only the admin user gets access to the administration of this system.

/* .htaccess file starts here */

AuthUserFile /PATH/TO/DOCUMENTROOT/.htpasswd
AuthName "restricted access"
AuthType Basic
<Limit GET POST>
require user admin
</Limit>

/* .htaccess file ends here */

You are done with now...


Configuration :
-----------------
1) Edit the connect.php file and change the Database server setting to connect to your Mysql server.


Usage :
-------
1) Open the admin/index.php in your browser. You shall be asked for admin username and password. 
Username : admin
Password : admin

2) You shall be displayed with the Menu to add, modify, delete users now.


3) Open the documentroot pages in your browser .You shall be prompted for username and password. Your documents are now .htaccess authenticated....