$path)); } else if(!is_readable($path)) { return t("File '!file' exists but is not readable for the server. Use chmod command to change this.", array('!file' => $path)); } else { return t("File '!file' exists but is not writable for the server. Use chmod command to change this.", array('!file' => $path)); } } /** * Read htfile in an assoc. array (key=user, value=password hash) * @param string $file * @return array */ function _htpasswdsync_read_htfile($file) { $content = file_get_contents($file); if($content === false) { watchdog('HtPasswdSync', "Failed to read $file", WATCHDOG_ERROR); } else { $data = array(); $content = explode("\n", $content); foreach($content as $line) { $line = trim($line); if(!empty($line)) { $line = explode(':', $line, 2); if(count($line) == 2) { $line[0] = trim($line[0]); $line[1] = trim($line[1]); if(strlen($line[0]) > 0 && strlen($line[1]) > 0) { $data[$line[0]] = $line[1]; } } } } } return $data; } /** * Write an htfile * @param array &$data * @param string $file * @return void */ function _htpasswdsync_write_htfile(&$data, $file) { $content = array(); foreach($data as $u => $p) { if(strlen($u) > 0 && strlen($p) > 0) { $content[] = "$u:$p"; } } if(@file_put_contents($file, implode("\n", $content) . "\n") === false) { watchdog('HtPasswdSync', "Failed to write $file", WATCHDOG_ERROR); } } /** * Generate the htgroup content * for each role configured (htpasswdsync_roles array), list users * and update the htgroup accordingly * @return */ function _htpasswdsync_updategroup() { $file = _htpasswdsync_grpfilename(); $groups = array(); if($file == "") { return; } $mail_domain = _htpasswdsync_email_domain(); if(! _htpasswdsync_overwrite()) { $groups = _htpasswdsync_read_htfile($file); } foreach(_htpasswdsync_roles() as $rid) { $roles = db_query('SELECT name FROM {role} WHERE rid = :rid', array(':rid' => $rid)); foreach($roles as $role) { if(strlen(trim($role->name)) > 0) { $role = _htpasswdsync_sanatize_name($role->name); $groups[$role] = ''; $users = db_query('SELECT u.name, u.mail FROM {users} AS u, {users_roles} AS ur WHERE ur.rid = :rid AND ur.uid = u.uid AND status = 1', array(':rid' => $rid)); foreach($users as $user) { $groups[$role] .= ' ' . _htpasswdsync_sanatize_name($user->name); if($mail_domain != '') { $user->mail = strtolower($user->mail); if(strpos($user->mail, $mail_domain) !== false) { $user->mail = reset(explode('@', $user->mail, 2)); $groups[$role] .= ' ' . _htpasswdsync_sanatize_name($user->mail); } } } } break; // fetch max. one role } } _htpasswdsync_write_htfile($groups, $file); } /** * Generate the htpasswd content from the database update the htpasswd file * from the table htpasswdsync_passwd * @return void */ function _htpasswdsync_updatepasswd() { $file = _htpasswdsync_passfilename(); $passwords = array(); if($file == "") { return; } $overwrite = _htpasswdsync_overwrite(); $mail_domain = _htpasswdsync_email_domain(); if(!$overwrite) { $passwords = _htpasswdsync_read_htfile($file); } $res = db_query('SELECT A.username, A.passwd, B.mail FROM {htpasswdsync_htpasswd} AS A, {users} AS B WHERE name=username and status = 1'); foreach($res as $r) { if(!$overwrite) { if(isset($passwords[str_replace(' ','', $r->username)])) unset($passwords[str_replace(' ','', $r->username)]); if(isset($passwords[str_replace(' ','', strtolower($r->username))])) unset($passwords[str_replace(' ','', strtolower($r->username))]); if(isset($passwords[strtolower($r->username)])) unset($passwords[strtolower($r->username)]); } if($r->passwd == "****DELETED" || $r->passwd == '') { if(isset($passwords[$r->username])) unset($passwords[$r->username]); if(isset($passwords[$r->mail])) unset($passwords[$r->mail]); } else { $passwords[_htpasswdsync_sanatize_name($r->username)] = $r->passwd; if($mail_domain != '') { $r->mail = strtolower($r->mail); if(strpos($r->mail, $mail_domain) !== false) { $r->mail = reset(explode('@', $r->mail, 2)); $passwords[_htpasswdsync_sanatize_name($r->mail)] = $r->passwd; } } } } _htpasswdsync_write_htfile($passwords, $file); } /** * Update htpassword table with the new password of the user * @param object $edit * @return void */ function _htpasswdsync_update($edit) { if(isset($edit->pass) && $edit->pass != '' && isset($edit->name) && strlen(trim($edit->name)) > 0) { $user = $edit->name; $pass = _htpasswdsync_crypt($edit->pass); $passwds[$user] = $pass; if(isset($edit->uid) && $edit->uid > 0) { $ref_user = user_load($edit->uid); if($ref_user->name != $user) { db_query("DELETE FROM {htpasswdsync_htpasswd} WHERE username = :username", array(':username' => $ref_user->name)); } } db_query("DELETE FROM {htpasswdsync_htpasswd} WHERE username = :user", array(':user' => $user)); db_query("INSERT INTO {htpasswdsync_htpasswd} (username, passwd) VALUES(:user, :pass)", array(':user' => $user, ':pass' => $pass)); _htpasswdsync_commit_to_htpasswd(); } } /** * Update htpassword file with the new password of the user * @return void */ function _htpasswdsync_commit_to_htpasswd() { _htpasswdsync_updatepasswd(); _htpasswdsync_updategroup(); } /** * Remove the one user for the htpassword file * @param string $username * @return void */ function _htpasswdsync_delete_user($username) { db_query("DELETE FROM {htpasswdsync_htpasswd} WHERE username = :username", array(':username' => $username)); db_query("INSERT INTO {htpasswdsync_htpasswd} (username, passwd) VALUES(:username, :passwd)", array(':username' => $username, ':passwd' => "****DELETED") ); } /** * Remove the user for the htpassword file * @param object $account * @return void */ function _htpasswdsync_delete($account) { _htpasswdsync_delete_user($account->name); _htpasswdsync_commit_to_htpasswd(); } /** * Validate user form input here we refuse username with characters that are * not supported in htpasswd files * @param $edit field submited * @return none */ function _htpasswdsync_validate($edit, $account) { if(isset($edit['name'])) { if (ereg('[:[:space:]]', $edit['name'])) { form_set_error('htpasswdsync', t('The username contains an illegal character, like <space>, :')); } } } /** * Returns help and module information * @param string $path which path of the site we're displaying help * @param array $arg Holds the current path as would be returned from arg() function * @return string */ function htpasswdsync_help($path, $arg) { $output = ''; //declare your output variable switch ($path) { case "admin/help#htpasswdsync": $output = '

'. t("synchronize password with a htpasswd file") .'

'; break; } return $output; } /** * Returns the required permissions for the htpasswdsync module * @return array */ function htpasswdsync_permission() { return array( 'administer htpasswdsync' => array( 'title' => t('Administer htpasswd synchronization'), 'restrict access' => true ) ); } /** * User cancel hook * @param array $edit * @param object $account * @param string $method * @return void */ function htpasswdsync_user_cancel($edit, $account, $method) { _htpasswdsync_delete($account); } /** * User delete hook * @param object $account * @return void */ function htpasswdsync_user_delete($account) { _htpasswdsync_delete($account); } /** * User insert/edit hook. Used instead of htpasswdsync_user_insert() and * htpasswdsync_user_update() because at these states the password is already * hashed. * @param array &$edit * @param object $account * @param string $category * @return void */ function htpasswdsync_field_attach_submit($entity_type, $entity, $form, &$form_state) { if($entity_type != 'user') return; if(!empty($entity->name) && !empty($entity->pass)) { _htpasswdsync_update($entity); } } /** * Role delete hook * @param object $role * @return void */ function htpasswdsync_user_role_update($role) { _htpasswdsync_updategroup(); } /** * Role delete hook * @param object $role * @return void */ function htpasswdsync_user_role_delete($role) { _htpasswdsync_updategroup(); } /** * Returns the configuration form structure * @return array */ function htpasswdsync_admin() { $form['htpasswdsync_htpasswd'] = array( '#type' => 'textfield', '#title' => t('htpasswd file'), '#default_value' => _htpasswdsync_passfilename(), '#size' => 100, '#maxlength' => 200, '#description' => t("The full path to the !file file (e.g. !eg_file).", array('!file' => 'htpasswd', '!eg_file' => '/etc/httpd/htpasswd')), '#required' => true, ); $form['htpasswdsync_htgroup'] = array( '#type' => 'textfield', '#title' => t('htgroup file'), '#default_value' => _htpasswdsync_grpfilename(), '#size' => 100, '#maxlength' => 200, '#description' => t("The full path to the !file file (e.g. /etc/httpd/htgroup). Leave blank if you don't need a group file. If you enter a group file here, then you must also define a htpasswd file above.", array('!file' => 'htgroup')), '#required' => false, ); $form['htpasswdsync_hash'] = array( '#type' => 'radios', '#title' => t('password hashing algorythm'), '#description' => t("How shall the password be hashed (crypt only available for unix, SHA1 can be used on all platforms)"), '#options' => _htpasswdsync_hashes(), '#default_value' => _htpasswdsync_hash(), ); $form['htpasswdsync_roles'] = array( '#type' => 'checkboxes', '#title' => t('Roles to be exported into the htgroup file'), '#default_value' => _htpasswdsync_roles(), '#options' => user_roles(true), ); $form['htpasswdsync_overwrite'] = array( '#type' => 'checkbox', '#title' => t('htpasswd file is only managed by this module'), '#description' => t("If yes, manually added users in the user file will be removed. If no, only the users stored in the database will be changed/added/deleted."), '#default_value' => _htpasswdsync_overwrite(), ); $form['htpasswdsync_names_lowercase'] = array( '#type' => 'checkbox', '#title' => t('Export user names and group names lowercase'), '#description' => t("If yes, htpasswdsync will export the lowercase user names as well (e.g. 'User' will be exported as 'User' and 'user'). Groups will always be exported lowercase (as the user does not need to enter a group, so this makes it easier to design the .htaccess files). Caution: this option may increase the file size of the htuser file."), '#default_value' => _htpasswdsync_names_lowercase(), ); $form['htpasswdsync_names_without_whitespace'] = array( '#type' => 'checkbox', '#title' => t('Remove whitespaces in user names and groups'), '#description' => t("If yes, htpasswdsync will remove all whitespaces in user names and groups (e.g. 'User 1' will be exported as 'User1'). Caution: this increases the file size of the htuser file. If you use groups, then you must check this setting because whitespaces are used as separators in the group file. This setting goes along with the checkbox above."), '#default_value' => _htpasswdsync_names_without_whitespace(), ); $form['htpasswdsync_export_email_domain'] = array( '#type' => 'textfield', '#title' => t('Additional user email domain'), '#default_value' => _htpasswdsync_email_domain(), '#size' => 100, '#maxlength' => 200, '#description' => t("Enter a domain here if you want that email account names shall be exported into the htpasswd file as well. E.g., if you enter 'example.org', then the email 'user1@example.org' would be exported as 'user1' into the htpasswd file. However, it should be more interesting for your own domain."), '#required' => false, ); // Small description ... $notewhitespaces = _htpasswdsync_names_lowercase() ? " Enter your login name without whitespaces and special characters." : ""; $txt = t('This is how a simple .htaccess file could look like:') . "
\t[...]\n"
            . "\tAuthType Basic\n"
            . "\tAuthName \"Protected members area.$notewhitespaces\"\n"
            ;

    if(_htpasswdsync_passfilename() != '') {
        $txt .= "\tAuthUserFile " . _htpasswdsync_passfilename() . "\n";
        if(_htpasswdsync_grpfilename() != '') {
            $txt .= "\tAuthGroupFile " . _htpasswdsync_grpfilename() . "\n";
        }

        $txt .=   "\trequire valid-user\n"
                . "\t#require group administrator\n"
                . "\n[OR]\n"
                . "\t[...]

"; } $form['htaccess_file_now_looks_like'] = array( '#markup' => $txt ); return system_settings_form($form); } /** * Form validation callback. Checks if htpasswd/htgroup file are writable * @param array $form * @param array& $form_state * @return void */ function htpasswdsync_admin_validate($form, &$form_state) { $form_state['values']['htpasswdsync_htpasswd'] = trim($form_state['values']['htpasswdsync_htpasswd']); $form_state['values']['htpasswdsync_htgroup'] = trim($form_state['values']['htpasswdsync_htgroup']); $error = false; if(empty($form_state['values']['htpasswdsync_htpasswd']) && empty($form_state['values']['htpasswdsync_htgroup'])) { form_set_error('htpasswdsync_htpasswd', 'You should at least specify the htpasswd file.'); } else if(!empty($form_state['values']['htpasswdsync_htgroup']) && empty($form_state['values']['htpasswdsync_htpasswd'])) { form_set_error('htpasswdsync_htpasswd', 'The htgroup file makes no sense without the htpasswd file.'); } $file = $form_state['values']['htpasswdsync_htpasswd']; if(!empty($file)) { if($msg = _htpasswdsync_check_file($file)) { form_set_error('htpasswdsync_htpasswd', $msg); $error = true; } } $file = $form_state['values']['htpasswdsync_htgroup']; if(!empty($file)) { if($msg = _htpasswdsync_check_file($file)) { form_set_error('htpasswdsync_htgroup', $msg); $error = true; } if(!$form_state['values']['htpasswdsync_names_without_whitespace']) { form_set_error('htpasswdsync_htgroup', 'htgroup file access restriction can only work if you remove the whitespaces in user names and groups (see setting below)'); $error = true; } } // Directly apply changes if no validation errors if(!$error) { _htpasswdsync_updatepasswd(); _htpasswdsync_updategroup(); } } /** * Administration menu entry * @return array */ function htpasswdsync_menu() { $items = array(); $items['admin/config/people/htpasswdsync'] = array( 'title' => 'Htpasswd file synchronization', 'description' => 'Preferences for the HTPasswd Sync module', 'page callback' => 'drupal_get_form', 'page arguments' => array('htpasswdsync_admin'), 'access arguments' => array('administer htpasswdsync'), ); return $items; } /** * Runtime phase htgroup / htpasswd file check * @param string $phase * @return array */ function htpasswdsync_requirements($phase) { if($phase != 'runtime') { return array(); } else { $requirements = array(); if(_htpasswdsync_passfilename() != "") { $htpasswd_status_msg = _htpasswdsync_check_file(_htpasswdsync_passfilename()); $htpasswd_status_val = REQUIREMENT_ERROR; if (!$htpasswd_status_msg) { $htpasswd_status_msg = t('!file file is writable', array('!file' => 'htpasswd')); $htpasswd_status_val = REQUIREMENT_OK; } } else { $htpasswd_status_msg = 'Not required'; $htpasswd_status_val = REQUIREMENT_OK; } if(_htpasswdsync_grpfilename() != "") { $htgroup_status_msg = _htpasswdsync_check_file(_htpasswdsync_grpfilename()); $htgroup_status_val = REQUIREMENT_ERROR; if (!$htgroup_status_msg) { $htgroup_status_msg = t('!file file is writable', array('!file' => 'htgroup')); $htgroup_status_val = REQUIREMENT_OK; } } else { $htgroup_status_msg = 'Not required'; $htgroup_status_val = REQUIREMENT_OK; } $status = $htpasswd_status_val != REQUIREMENT_OK && $htgroup_status_val != REQUIREMENT_OK; $requirements['htpasswdsync_status'] = array( 'title' => t('HTPasswd Sync Status'), 'value' => $htpasswd_status_msg . "
" . $htgroup_status_msg . "
" . t('last update !time ago.', array( '!time' => format_interval(time()-variable_get('htpasswdsync_cron_time', 0)))), 'severity' => $status, ); if($status != REQUIREMENT_OK) { $requirements['htpasswdsync_status']['description'] = t('Cannot access files, please check configuration.', array('!url' => url('admin/user/htpasswdsync'))); } return $requirements; } } /** * Cron hook * @return void */ function htpasswdsync_cron() { $time = variable_get('htpasswdsync_cron_time', 0); _htpasswdsync_commit_to_htpasswd(); $res = db_query('DELETE FROM {htpasswdsync_htpasswd} WHERE username NOT IN (SELECT name from {users})'); variable_set('htpasswdsync_cron_time', time()); } ?>