PHPhulp.nl
35k+ leden Over PHPhulp Offerte opdracht Contact
Scripts

Directory beveiligen

Door cynthia Fridsma -02-05-2006 00:00 -9.238 views

Ik had een klein programma gemaakt voor het beveiligen van een directory, het maakt gebruik van de bestanden .htaccess en .htpasswd (waarin de gebruikers en wachtwoorden worden opgeslagen). Om de scripts te kunnen gebruiken op je server, moet je wel .htaccess en .htpasswd met chmod 777 aanpassen zodat naar deze bestanden gelezen en geschreven kan worden. Ik heb het zelf op mijn eigen linux server toegepast en werkt fantastisch! Op een windows server het ik het niet getest (heb geen windows server). Gebruik van de scripts is natuurlijk wel op eigen risico (dus vergeet niet je gebruikersnaam en wachtwoord) :-) edit : de volgende wijzigingen in het script password.php aangepast: $username = $_POST['username']; $password = $_POST['yourpw']; $check = $_POST['checkpw']; -- dit was : $username = $_POST ; $password = $_POST ; $check = $_POST ;

Download alle bestanden als ZIP
directory-beveiligen
-- _begin.php -----------------

[code]
<html>
<head>
<title>Password program</title>
</head>
<body>
<table width="700" cellpadding="0" cellspacing="0" border="0">
<tr>
  <td height="1999" valign="top">&nbsp;</td>
  <td></td>
<td valign="top"><table width="635" border="0" cellpadding="0" cellspacing="0">
<tr>
<td><strong>Password program</strong> </a><br></td>
</tr>

<tr bgcolor="#006699">
<td></td>
</tr>
<tr>
  <td><form action="password.php" method="post" enctype="application/x-www-form-urlencoded" name="form1">
  <table width="500" border="0">
    <tr>
      <td width="190"><strong>Username</strong></td>
      <td width="300"><input name="username" type="text" id="username" size="50"></td>
    </tr>
    <tr>
      <td><strong>Password</strong></td>
      <td><input name="yourpw" type="password" id="yourpw" size="15"></td>
    </tr>
    <tr>
      <td><strong>Retype password </strong></td>
      <td><input name="checkpw" type="password" id="checkpw" size="15"></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input type="submit" name="Submit" value="Submit">
      <input type="reset" name="Reset" value="Reset"></td>
    </tr>
  </table>
</form>


   </td>
</tr>

  <tr>
  <td><p ></td>
  </tr>  

<tr bgcolor="#006699">
<td></td>
</tr>
</table></td>
</tr>
</table>
</body>
</html>
[/code]

----- einde : _begin.php -----------------------------

De informatie van het formulier _begin.php wordt in 
password.php verwerkt. Tevens wordt gecontrolleerd of de 
twee wachtwoorden $yourpw en $checkpw met elkaar overéén komen.



----- password.php -------------------------

[code]
<HTML><head>
<title>Create users and passwords</title>
<style type="text/css">
<!--
.style1 {color: #FFFFFF}
-->
</style>

</head>
<body>
<table width="700" cellpadding="0" cellspacing="0" border="0">
<tr>
<td height="1999" valign="top"><table width="200" cellpadding="0" cellspacing="0" border="0">

<tr>
<td align="left" valign="top" bgcolor="#006699"><p class="style1">Please wait until you received a message that everything is allright! </p>
  </td>
</tr>

<tr>
<td></td>
</tr>
<tr>
<td bgcolor="#006699"></td>
</tr>

    <tr>
    <td>&nbsp;</td>
    </tr>
        <tr>
    <td>&nbsp;</td>
    </tr>
        <tr>
    <td><p>&nbsp;</p>
      </td>
    </tr>
    </table></td>

<td></td>

<td valign="top"><table width="635" border="0" cellpadding="0" cellspacing="0">

<tr>
<td>Create Passwords and users</a><br></td>
</tr>

<tr bgcolor="#006699">
<td></td>
</tr>

<tr>
  <td><?
 # Secured directory, a script written by
 # Cynthia Fridsma.
 #
 # Works only on an appache environment in combination with
 # a linux server.
 
  
function htpasswd($pass)
{ 
     $pass = crypt(trim($pass),base64_encode(CRYPT_STD_DES)); 
     return $pass; 
}

# Get the information from the 
# form, transmitted by _begin.php

$username = $_POST['username'];
$password = $_POST['yourpw'];
$check = $_POST['checkpw'];



// check if the password and check password are the same.
if ($check == $password):
// encode the password
 $secret = htpasswd($password); 

// write the password & user to into the password file
$secure = ".htpasswd";
  $fd = fopen($secure, "a+") or die ("I'm sorry but I can't write to .htpassword");
  $line = fwrite($fd, $username);
  $space = fwrite($fd, ":");
  $content = fwrite($fd, $secret);
  $break = fwrite($fd, "\n");
  fclose($fd);
echo ("Username and password are being written into .htaccess<br><br>"); 
echo ("<a href=" . chr(34) . "_begin.php" . chr(34) . ">Click here</a> to add a new user for the  secured directory<br><br>");
echo ("<a href=" . chr(34) . "_initialize.php" . chr(34) . ">Click here</a> to seucre the directory now <br><h2>Use this function only once!</h2><br>");
endif;

if ($check != $password):
echo ("<br>I am sorry, but the passwords didn't match, please try again.<br><br>");
echo ("<a href=" . chr(34) . "_begin.php" . chr(34) . ">Try again </a>");
endif;

?>


   </td>
</tr>

  <tr>
  <td><p ></td>
  </tr>

    

<tr bgcolor="#006699">
<td></td>
</tr>
</table></td>
</tr>
</table>
</body>
</html>
[/code]

---------- einde password.php ---------------

Tot slot het script _initialize.php, deze beveiligd de
directory 

---- _initialize.php ----------------------------
[code]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Initialize</title>
<style type="text/css">
<!--
.style1 {color: #FFFFFF}
-->
</style>
</head>
<body>
<table width="700" cellpadding="0" cellspacing="0" border="0">
<tr>
<td height="1999" valign="top"><table width="200" cellpadding="0" cellspacing="0" border="0">

<tr>
<td bgcolor="#006699"><span class="style1">This procedure will secure your current directory and can't be undone! </span></td>
</tr>

<tr>
<td></td>
</tr>


<tr>
<td bgcolor="#006699"></td>
</tr>

    <tr>
    <td>&nbsp;</td>
    </tr>
        <tr>
    <td>&nbsp;</td>
    </tr>
        <tr>
    <td><p>&nbsp;</p>
      </td>
    </tr>
    </table></td>

<td></td>

<td valign="top"><table width="635" border="0" cellpadding="0" cellspacing="0">

<tr>
<td>Secure the current directory</a><br></td>
</tr>

<tr bgcolor="#006699">
<td></td>
</tr>

<tr>
  <td>
<?php
# Secure the directory
# written by Cynthia Fridsma


// get the absolute directory
$hello = getcwd();

// this are the lines that will be written into 
// .htaccess, used by Appache in a Linux environment

# $first = "AuthUserFile " . $hello . "/.htpasswd";

// If you have a windows environment than use this line instead :
 $first = "AuthUserFile " . $hello . "\.htpasswd";



$second = "AuthName " . chr(34) . "Restricted Area Name" . chr(34);
$third = "AuthType Basic";
$last = "require valid-user";

echo ($first . "<br>");
echo ($second . "<br>");
echo ($third . "<br>");
echo ($last . "<br>");

$secure = ".htaccess";

// okay, now we will write the data into .htaccess

$fd = fopen($secure, "w") or die ("I'm sorry but I can't write to .htaccess");
  $line = fwrite($fd, $first);
  $space = fwrite($fd, "\n");
  $content = fwrite($fd, $second);
  $space = fwrite($fd, "\n");
  $content = fwrite($fd, $third);
  $space = fwrite($fd, "\n");
  $content = fwrite($fd, $last);
  fclose($fd);
        echo ("<hr>Done ... the directory is now secured!<hr>");  

?>
   </td>
</tr>

  <tr>
  <td><p ></td>
  </tr>

    

<tr bgcolor="#006699">
<td></td>
</tr>
</table></td>
</tr>
</table>
</body>
</html>
[/code]
---------- einde _initialize.php ------------------

Reacties

0
Nog geen reacties.