The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Password protect directories

Discussion in 'General Discussion' started by bpmod, Oct 4, 2006.

  1. bpmod

    bpmod Well-Known Member

    Joined:
    Sep 23, 2004
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    Hello

    Is there a way to set up (and remove) users automatically (like in a cron for example) that have access to a password protected directory without going through cPanel. We have full root access to the server in question. We'd be taking orders through a web-based form and allowing access after approval. That access expires in, say, 15 days, so we'd run a cron to delete those users at the specified time.

    Thanks

    Brian
     
  2. mickalo

    mickalo Well-Known Member

    Joined:
    Apr 16, 2002
    Messages:
    765
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    N.W. Iowa
    well first you'd have to determine each user's total days so you know which user to remove, I assume from the htpasswd file storing the username/passwords. A script would need to deduct one day, each day, then when it hits 0 days, counting down from 15 days, the script would then find the user in the password file and remove them. This can be done via a cronjob each night. But first establish each user's total days is some sort of a database then count them down each nite.

    This would probably be the best approach. We've done this with many of the membership management system we've built for our clients.

    Mickalo
     
  3. bpmod

    bpmod Well-Known Member

    Joined:
    Sep 23, 2004
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    Yes, that part is all worked out. I have a form whereby the (potential) user enters all of his pertinent info, which is then entered into the db with a field called status (set to pending). The owner then approves the user, changing the status to approved. At that point there is an entry in the users table that has a field expiry (15 days hence) and each night the cron will run deleting the users who expire that day.

    My stumbling block is the script which actually adds/deletes the users in the htpasswd file.

    Thanks

    Brian
     
  4. mickalo

    mickalo Well-Known Member

    Joined:
    Apr 16, 2002
    Messages:
    765
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    N.W. Iowa
    is your current application written in Perl, PHP ... or what ?

    when the user is deleted from the database, then it can then remove the user from the password file at the same time.

    Mickalo
     
  5. fwwebs

    fwwebs Well-Known Member

    Joined:
    Feb 16, 2004
    Messages:
    329
    Likes Received:
    0
    Trophy Points:
    16
    User a simple wget for the URL
    or use something more like:

    $request="/frontend/x/htaccess/deluser.html?dir=/home/yourusername/public_html/yourdirectory&user=usernametodelete";
    cprq("yourdomain.tld", "2082", "cpusername", "cppassword", $request);
    function cprq($host,$port,$owner,$pass,$request) {
    $sock = fsockopen($host,$port);
    if(!$sock)
    {
    print('Socket error');
    exit();
    }
    $authstr = "cpusername:cppassword";
    $pass = base64_encode($authstr);
    $in = "GET $request\r\n";
    $in .= "HTTP/1.0\r\n";
    $in .= "Host:$domain\r\n";
    $in .= "Authorization: Basic $pass\r\n";
    $in .= "\r\n";
    fputs($sock, $in);
    while (!feof($sock)) {
    fgets ($sock,128);
    $result .= fgets ($sock,128);
    }
    fclose( $sock );
    return $result;
    }
     
  6. fwwebs

    fwwebs Well-Known Member

    Joined:
    Feb 16, 2004
    Messages:
    329
    Likes Received:
    0
    Trophy Points:
    16
    User a simple wget for the URL
    PHP:
    http://cpusername:cppassword@domain.tld:2082/frontend/x/htaccess/deluser.html?dir=/home/yourusername/public_html/yourdirectory&user=usernametodelete
    or use something more like:

    $request="/frontend/x/htaccess/deluser.html?dir=/home/yourusername/public_html/yourdirectory&user=usernametodelete";
    cprq("yourdomain.tld", "2082", "cpusername", "cppassword", $request);
    function cprq($host,$port,$owner,$pass,$request) {
    $sock = fsockopen($host,$port);
    if(!$sock)
    {
    print('Socket error');
    exit();
    }
    $authstr = "cpusername:cppassword";
    $pass = base64_encode($authstr);
    $in = "GET $request\r\n";
    $in .= "HTTP/1.0\r\n";
    $in .= "Host:$host\r\n";
    $in .= "Authorization: Basic $pass\r\n";
    $in .= "\r\n";
    fputs($sock, $in);
    while (!feof($sock)) {
    fgets ($sock,128);
    $result .= fgets ($sock,128);
    }
    fclose( $sock );
    return $result;
    }
     
  7. bpmod

    bpmod Well-Known Member

    Joined:
    Sep 23, 2004
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    It's written in PHP. My weak points are creating the encrypted password for adding to the file (I can see that the password I have assigned is not what is in the file), and quickly finding the record to delete without using up too much time & resources.

    I was hoping that there'd be a standard script already written.

    Thanks for your help.

    Brian
     
  8. bpmod

    bpmod Well-Known Member

    Joined:
    Sep 23, 2004
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    Done and working great!

    Thanks for the guidance.

    Brian
     
Loading...

Share This Page