JulienBreux
4/29/2013 - 10:01 AM
This little script will protect access to dirs. Use like this: /home/<user>/www/fichiers/admin/index.php /home/<user>/www/fichiers/<fir
This little script will protect access to dirs.
Use like this: /home//www/fichiers/admin/index.php /home//www/fichiers/<first-directory>/ /home//www/fichiers/<second-directory>/
<?php
/////// FUNCTIONS
function removeHtaccess($path, $filename = '.htaccess')
{
file_exists($path.DIRECTORY_SEPARATOR.$filename) && unlink($path.DIRECTORY_SEPARATOR.$filename);
}
function removeHtpasswd($path, $filename = '.htpasswd')
{
file_exists($path.DIRECTORY_SEPARATOR.$filename) && unlink($path.DIRECTORY_SEPARATOR.$filename);
}
function createHtaccess($path, $filename = '.htaccess')
{
$data = 'AuthUserFile '.$path.DIRECTORY_SEPARATOR.'.htpasswd'.PHP_EOL;
$data .= 'AuthGroupFile /dev/null'.PHP_EOL;
$data .= 'AuthName "Acces Restreint"'.PHP_EOL;
$data .= 'AuthType Basic'.PHP_EOL;
$data .= 'require valid-user'.PHP_EOL;
return file_put_contents($path.DIRECTORY_SEPARATOR.$filename, $data);
}
function createHtpasswd($path, $username, $password, $filename = '.htpasswd')
{
$passwordEncrypted = crypt($password, base64_encode($password));
$data = "$username:$passwordEncrypted".PHP_EOL;
return file_put_contents($path.DIRECTORY_SEPARATOR.$filename, $data);
}
function getHtpasswdData($path, $filename = '.htpasswd')
{
if (file_exists($path.DIRECTORY_SEPARATOR.$filename)) {
$contents = file_get_contents($path.DIRECTORY_SEPARATOR.$filename);
return explode(':', $contents);
}
return '';
}
function authExists($path)
{
return
file_exists($path.DIRECTORY_SEPARATOR.'.htaccess') &&
file_exists($path.DIRECTORY_SEPARATOR.'.htpasswd');
}
/////// PROCEDURAL
$path = realpath(__DIR__.DIRECTORY_SEPARATOR.'..'.DIRECTORY_SEPARATOR);
$ignoredDirs = array('admin');
$dirs = new DirectoryIterator($path);
/////// SUBMISSION
if (!empty($_POST['dir']) && !empty($_POST['username']) && !empty($_POST['password'])) {
$dir = $_POST['dir'];
$username = $_POST['username'];
$password = $_POST['password'];
createHtaccess($path.DIRECTORY_SEPARATOR.$dir);
createHtpasswd($path.DIRECTORY_SEPARATOR.$dir, $username, $password);
header('Location: ?success');
exit;
}
/////// UNPROTECTION
if (!empty($_GET['unprotect'])) {
$dir = $_GET['unprotect'];
removeHtaccess($path.DIRECTORY_SEPARATOR.$dir);
removeHtpasswd($path.DIRECTORY_SEPARATOR.$dir);
header('Location: ?success-unprotect');
exit;
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Administration</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link href="//netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
</head>
<body>
<!-- Content -->
<table class="table table-bordered">
<thead>
<tr>
<th>Dossier</th>
<th>Protégé</th>
<th>Utilisateur</th>
<th>Mot de passe</th>
<th> </th>
</tr>
</thead>
<tbody>
<?php foreach ($dirs as $dir): ?>
<?php if (!$dir->isDot() && $dir->isDir() && !in_array($dir, $ignoredDirs)): ?>
<?php $subPath = $dir->getPath().DIRECTORY_SEPARATOR.$dir->getFilename(); ?>
<?php $auth = getHtpasswdData($subPath); ?>
<form method="post" action="">
<tr>
<td>
<a href="../<?php echo $dir->getFilename(); ?>" target="_blank"><?php echo $dir->getFilename(); ?></a>
</td>
<td>
<?php if (authExists($subPath)): ?>
<span class="label label-success">oui</span> <small><a href="?unprotect=<?php echo $dir->getFilename(); ?>">(Déprotéger)</a></small>
<?php else: ?>
<span class="label label-warning">non</span>
<?php endif; ?>
</td>
<td>
<input type="text" name="username" value="<?php echo $auth[0]; ?>">
</td>
<td>
<input type="password" name="password">
</td>
<td>
<input type="hidden" name="dir" value="<?php echo $dir->getFilename(); ?>">
<input type="submit" name="<?php echo $dir->getFilename(); ?>" value="Enregistrer" class="btn">
</td>
</tr>
</form>
<?php endif; ?>
<?php endforeach; ?>
</tbody>
</table>
<!-- Scripts -->
<script src="//netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
</body>
</html>