LockedArea.com: DirectoryPass

#!/usr/bin/perl ######################################################### # DirectoryPass Version 1.0 by LockedArea.com # # http://www.locked-area.com/ # # Originally Released: 25th October 2001 (v1.0) # # Last Updated: 30th June 2003 # ######################################################### # # # COPYRIGHT NOTE: # # DirectoryPass may be used and modified free of charge # # by anyone so long as this copyright notice and the # # comments within remain intact. By using this code you # # agree to indemnify Neil Skirrow and LockedArea.com # # from any liability that might arise from its use. # # Selling the code for this program without prior # # written consent is expressly forbidden. In other # # words, please ask first before you try and make money # # off of our program. Obtain permission before # # redistributing this software over the Internet or in # # any other medium. In all cases copyright and header # # must remain intact. We cannot be held responsible # # for any harm this may cause. # # # ######################################################### ## changes for Coastlandtect.com users.. By Dr.D # ######################################################## $adminpass = "adminpass"; # This is the only variable that needs changing, please # # enter an administrators password for when using # # DirectoryPass. # ######################################################### $htpassfile = "$ENV{'QUERY_STRING'}/.htpasswd"; $htfile = "$ENV{'QUERY_STRING'}/.htaccess"; use CGI qw(:standard); $query = new CGI; # Script begins $adduser = $query->param('adduser'); &adduser if ($adduser && $ENV{'REQUEST_METHOD'} eq "POST"); $removeuser = $query->param('removeuser'); &removeuser if ($removeuser && $ENV{'REQUEST_METHOD'} eq "POST"); $create = $query->param('create'); &create if ($create && $ENV{'REQUEST_METHOD'} eq "POST"); &print_form if ($ENV{'REQUEST_METHOD'} eq "GET"); print "Content-type: text/html\n\n"; sub removeuser { $username = $query->param('username'); $actionpass = $query->param('actionpass'); $passfile = $query->param('passfile'); if ($actionpass eq $adminpass) { open (READHT, "$passfile"); @htpw = ; close (READHT); open (WRITEHT, ">$passfile"); flock (WRITEHT,2); foreach $passline (@htpw) { ($htdbuser, $htdbpass) = split(/\:/, $passline); if ($htdbuser eq $username) { } else { print WRITEHT $passline; } } flock (WRITEHT,8); close (WRITEHT); &header; print qq~

User Removed

$username has been removed from the database. ~; &footer; exit; } else { &error; } } sub create { $cobalt = $query->param('cobalt'); $htaccfile = $query->param('htaccfile'); $htpassfile = $query->param('htpassfile'); $actionpass = $query->param('actionpass'); if ($actionpass eq $adminpass) { if ($cobalt eq "yes") { open (HTACCESS, ">>$htaccfile"); flock (HTACCESS, 2); print HTACCESS "AuthType Basic\n"; print HTACCESS "AuthName \"Password Protected Area\"\n"; print HTACCESS "AuthUserFile $htpassfile\n"; print HTACCESS "require valid-user\n"; ## Dr.D added the next line for CT users.. but this will neve be used .hehehe no colbalt.. print HTACCESS "AuthPAM_Enabled off\n"; flock (HTACCESS, 8); close (HTACCESS); } else { open (HTACCESS, ">>$htaccfile"); flock (HTACCESS, 2); print HTACCESS "AuthType Basic\n"; print HTACCESS "AuthName \"Password Protected Area\"\n"; print HTACCESS "AuthUserFile $htpassfile\n"; print HTACCESS "require valid-user\n"; ## Dr.D Added the next line for CT users. print HTACCESS "AuthPAM_Enabled off\n"; flock (HTACCESS, 8); close (HTACCESS); } &header; print qq~

.htaccess

Your .htaccess file has been created. ~; &footer; exit; } else { &error; } } sub print_form { if ($ENV{'QUERY_STRING'}) { $usercount="0"; open (FILE54, "$htpassfile"); @lines54 =; close (FILE54); foreach $line54 (@lines54) { $usercount++; } &header; print qq~ Currently $usercount users.
~; if (-e $htpassfile) { print "$htpassfile already exists.
"; } else { print "$htpassfile does not exist.
"; } if (-e $htfile) { print "$htfile already exists.
"; } else { print "$htfile does not exist.
"; } print qq~

Add User

Remove User

.htaccess Maintanence
Clicking create below will create your .htaccess file in the directory that you've specified as the query string. Do not do this if you have already got a .htaccess file here.

Rate DirectoryPass
Rate DirectoryPass @ The CGI Resource Index
Rate DirectoryPass @ HotScripts.com
Rate DirectoryPass @ The CGI-Index.com
~; &footer; exit; } else { &header; print qq~ Script called incorrectly. Please try again.

Should be called something like:
dirpass.cgi?/home/username/path/to/members/dir
Basically after the ? you need to put the full/absolute server path to the directory you want to password protect or administrate. A relative path or enviroment variable will not work.
NO TRAILING SLASH PLEASE! ~; &footer; exit; } } sub adduser { $username = $query->param('username'); $password = $query->param('password'); $confirmpassword = $query->param('confirmpassword'); $actionpass = $query->param('actionpass'); $passfile = $query->param('passfile'); &error if ($actionpass ne $adminpass); $passwordok = $password if (($password eq $confirmpassword) && (length($password) > 4)); $usernameok = $username if (length($username) > 4); unless ($usernameok && $passwordok) { &header; print qq~

Add User Error

~; print "

You didn't enter a username or it was less than 5 characters in length.
" unless ($usernameok); print "" unless ($usernameok && $passwordok); print "

You didn't enter a password or confirm password, they didn't match or they were less than 5 characters in length.
" unless ($passwordok); print qq~
> ~; &footer; exit; } open (DATABASEA, "$passfile"); @wholebasea = ; close (DATABASEA); foreach $oldusera (@wholebasea) { chomp ($olduser); @usera = split(/\:/, $oldusera); if ($usernameok eq $usera[0]) { &header; print qq~

Add User Error

Username already taken! ~; &footer; exit; } } $usernameok =~ s/\://g; $passwordok =~ s/\://g; $enc_password = crypt($passwordok, "Cd"); open (DATABASEADD, ">>$passfile"); flock (DATABASEADD, 2); print DATABASEADD "$usernameok:$enc_password\n"; flock (DATABASEADD, 8); close (DATABASEADD); &header; print qq~ Currently $usercount users.
$passfile
$htfile

Add User Complete

User Added:
Username: $usernameok
Password: $passwordok
Encrypted Password: $enc_password
~; &footer; exit; } sub error { &header; print qq~

Password Error

Your administration password is incorrect. ~; &footer; exit; } sub header { print qq~ LockedArea.com: DirectoryPass

~; } sub footer { print qq~

Web-ScriptsUK: DirectoryPass
~; } sub dienice { ($errmsg) = @_; print "
Error
\n"; print "$errmsg
\n"; print " \n"; exit; }

Username:
Password:
Confirm Password:
Admin Password:

Username:
Password:
Confirm Password:
Admin Password:

Admin Password