Password protect directories

bpmod

Well-Known Member
Sep 23, 2004
49
0
156
Hello

Is there a way to set up (and remove) users automatically (like in a cron for example) that have access to a password protected directory without going through cPanel. We have full root access to the server in question. We'd be taking orders through a web-based form and allowing access after approval. That access expires in, say, 15 days, so we'd run a cron to delete those users at the specified time.

Thanks

Brian
 

mickalo

Well-Known Member
Apr 16, 2002
782
5
318
N.W. Iowa
bpmod said:
Hello

Is there a way to set up (and remove) users automatically (like in a cron for example) that have access to a password protected directory without going through cPanel. We have full root access to the server in question. We'd be taking orders through a web-based form and allowing access after approval. That access expires in, say, 15 days, so we'd run a cron to delete those users at the specified time.

Thanks

Brian
well first you'd have to determine each user's total days so you know which user to remove, I assume from the htpasswd file storing the username/passwords. A script would need to deduct one day, each day, then when it hits 0 days, counting down from 15 days, the script would then find the user in the password file and remove them. This can be done via a cronjob each night. But first establish each user's total days is some sort of a database then count them down each nite.

This would probably be the best approach. We've done this with many of the membership management system we've built for our clients.

Mickalo
 

bpmod

Well-Known Member
Sep 23, 2004
49
0
156
Yes, that part is all worked out. I have a form whereby the (potential) user enters all of his pertinent info, which is then entered into the db with a field called status (set to pending). The owner then approves the user, changing the status to approved. At that point there is an entry in the users table that has a field expiry (15 days hence) and each night the cron will run deleting the users who expire that day.

My stumbling block is the script which actually adds/deletes the users in the htpasswd file.

Thanks

Brian
 

mickalo

Well-Known Member
Apr 16, 2002
782
5
318
N.W. Iowa
bpmod said:
Yes, that part is all worked out. I have a form whereby the (potential) user enters all of his pertinent info, which is then entered into the db with a field called status (set to pending). The owner then approves the user, changing the status to approved. At that point there is an entry in the users table that has a field expiry (15 days hence) and each night the cron will run deleting the users who expire that day.

My stumbling block is the script which actually adds/deletes the users in the htpasswd file.

Thanks

Brian
is your current application written in Perl, PHP ... or what ?

when the user is deleted from the database, then it can then remove the user from the password file at the same time.

Mickalo
 

fwwebs

Well-Known Member
Feb 16, 2004
329
0
166
User a simple wget for the URL
or use something more like:

$request="/frontend/x/htaccess/deluser.html?dir=/home/yourusername/public_html/yourdirectory&user=usernametodelete";
cprq("yourdomain.tld", "2082", "cpusername", "cppassword", $request);
function cprq($host,$port,$owner,$pass,$request) {
$sock = fsockopen($host,$port);
if(!$sock)
{
print('Socket error');
exit();
}
$authstr = "cpusername:cppassword";
$pass = base64_encode($authstr);
$in = "GET $request\r\n";
$in .= "HTTP/1.0\r\n";
$in .= "Host:$domain\r\n";
$in .= "Authorization: Basic $pass\r\n";
$in .= "\r\n";
fputs($sock, $in);
while (!feof($sock)) {
fgets ($sock,128);
$result .= fgets ($sock,128);
}
fclose( $sock );
return $result;
}
 

fwwebs

Well-Known Member
Feb 16, 2004
329
0
166
User a simple wget for the URL
PHP:
http://cpusername:[email protected]:2082/frontend/x/htaccess/deluser.html?dir=/home/yourusername/public_html/yourdirectory&user=usernametodelete
or use something more like:

$request="/frontend/x/htaccess/deluser.html?dir=/home/yourusername/public_html/yourdirectory&user=usernametodelete";
cprq("yourdomain.tld", "2082", "cpusername", "cppassword", $request);
function cprq($host,$port,$owner,$pass,$request) {
$sock = fsockopen($host,$port);
if(!$sock)
{
print('Socket error');
exit();
}
$authstr = "cpusername:cppassword";
$pass = base64_encode($authstr);
$in = "GET $request\r\n";
$in .= "HTTP/1.0\r\n";
$in .= "Host:$host\r\n";
$in .= "Authorization: Basic $pass\r\n";
$in .= "\r\n";
fputs($sock, $in);
while (!feof($sock)) {
fgets ($sock,128);
$result .= fgets ($sock,128);
}
fclose( $sock );
return $result;
}
 

bpmod

Well-Known Member
Sep 23, 2004
49
0
156
It's written in PHP. My weak points are creating the encrypted password for adding to the file (I can see that the password I have assigned is not what is in the file), and quickly finding the record to delete without using up too much time & resources.

I was hoping that there'd be a standard script already written.

Thanks for your help.

Brian