Password protect directories

[bpmod]

Hello

Is there a way to set up (and remove) users automatically (like in a cron for example) that have access to a password protected directory without going through cPanel. We have full root access to the server in question. We'd be taking orders through a web-based form and allowing access after approval. That access expires in, say, 15 days, so we'd run a cron to delete those users at the specified time.

Thanks

Brian

 

[mickalo]

Hello

Is there a way to set up (and remove) users automatically (like in a cron for example) that have access to a password protected directory without going through cPanel. We have full root access to the server in question. We'd be taking orders through a web-based form and allowing access after approval. That access expires in, say, 15 days, so we'd run a cron to delete those users at the specified time.

Thanks

Brian

well first you'd have to determine each user's total days so you know which user to remove, I assume from the htpasswd file storing the username/passwords. A script would need to deduct one day, each day, then when it hits 0 days, counting down from 15 days, the script would then find the user in the password file and remove them. This can be done via a cronjob each night. But first establish each user's total days is some sort of a database then count them down each nite.

This would probably be the best approach. We've done this with many of the membership management system we've built for our clients.

Mickalo

 

[bpmod]

Yes, that part is all worked out. I have a form whereby the (potential) user enters all of his pertinent info, which is then entered into the db with a field called status (set to pending). The owner then approves the user, changing the status to approved. At that point there is an entry in the users table that has a field expiry (15 days hence) and each night the cron will run deleting the users who expire that day.

My stumbling block is the script which actually adds/deletes the users in the htpasswd file.

Thanks

Brian

 

[mickalo]

Yes, that part is all worked out. I have a form whereby the (potential) user enters all of his pertinent info, which is then entered into the db with a field called status (set to pending). The owner then approves the user, changing the status to approved. At that point there is an entry in the users table that has a field expiry (15 days hence) and each night the cron will run deleting the users who expire that day.

My stumbling block is the script which actually adds/deletes the users in the htpasswd file.

Thanks

Brian

is your current application written in Perl, PHP ... or what ?

when the user is deleted from the database, then it can then remove the user from the password file at the same time.

Mickalo

 

[fwwebs]

User a simple wget for the URL

http://cpusername:cppas[email protected]_html/yourdirectory&user=usernametodelete

or use something more like:

$request="/frontend/x/htaccess/deluser.html?dir=/home/yourusername/public_html/yourdirectory&user=usernametodelete";
cprq("yourdomain.tld", "2082", "cpusername", "cppassword", $request);
function cprq($host,$port,$owner,$pass,$request) {
$sock = fsockopen($host,$port);
if(!$sock)
{
print('Socket error');
exit();
}
$authstr = "cpusername:cppassword";
$pass = base64_encode($authstr);
$in = "GET $request\r\n";
$in .= "HTTP/1.0\r\n";
$in .= "Host:$domain\r\n";
$in .= "Authorization: Basic $pass\r\n";
$in .= "\r\n";
fputs($sock, $in);
while (!feof($sock)) {
fgets ($sock,128);
$result .= fgets ($sock,128);
}
fclose( $sock );
return $result;
}

 

[fwwebs]

User a simple wget for the URL

http://cpusername:[email protected]:2082/frontend/x/htaccess/deluser.html?dir=/home/yourusername/public_html/yourdirectory&user=usernametodelete

or use something more like:

$request="/frontend/x/htaccess/deluser.html?dir=/home/yourusername/public_html/yourdirectory&user=usernametodelete";
cprq("yourdomain.tld", "2082", "cpusername", "cppassword", $request);
function cprq($host,$port,$owner,$pass,$request) {
$sock = fsockopen($host,$port);
if(!$sock)
{
print('Socket error');
exit();
}
$authstr = "cpusername:cppassword";
$pass = base64_encode($authstr);
$in = "GET $request\r\n";
$in .= "HTTP/1.0\r\n";
$in .= "Host:$host\r\n";
$in .= "Authorization: Basic $pass\r\n";
$in .= "\r\n";
fputs($sock, $in);
while (!feof($sock)) {
fgets ($sock,128);
$result .= fgets ($sock,128);
}
fclose( $sock );
return $result;
}

 

[bpmod]

It's written in PHP. My weak points are creating the encrypted password for adding to the file (I can see that the password I have assigned is not what is in the file), and quickly finding the record to delete without using up too much time & resources.

I was hoping that there'd be a standard script already written.

Thanks for your help.

Brian

 

[bpmod]

Done and working great!

Thanks for the guidance.

Brian