plugin for htpasswd for admins [Archive] - HowtoForge Forums | HowtoForge

theos

26th January 2010, 20:43

Hi all,

I've created a little plugin that creates a htpassword-file containing all passwords of the clients that are created in ispconfig3.
I usually use this file to secure webapps like phpmyadmin.

Maybe it is useful for others. This is my first ispconfig3-plugin. Comments are welcome :)

Copy this file to /usr/local/ispconfig/server/plugins-available/adminpassword_plugin.inc.php
Then create a symlink in /usr/local/ispconfig/server/plugins-available
and create the entry $conf['services']['adminpassword'] = true; in /usr/local/ispconfig/lib/config.inc.php

<?php
// this plugin automatically creates /var/www/.htpasswd_admin
// TL Snelleman
// borrowed some code from: http://www.howtoforge.com/forums/showthread.php?t=33026

class adminpassword_plugin {

var $plugin_name = 'adminpassword_plugin';
var $class_name = 'adminpassword_plugin';

//* This function is called during ispconfig installation to determine
// if a symlink shall be created for this plugin.
function onInstall() {
global $conf;

if(@$conf['services']['adminpassword'] == true) {
return true;
} else {
return false;
}
}

/*
This function is called when the plugin is loaded
*/
function onLoad() {
global $app;

/*
Register for the events
*/

$app->plugins->registerEvent('client_insert',$this->plugin_name,'client_insert');
$app->plugins->registerEvent('client_update',$this->plugin_name,'client_update');
$app->plugins->registerEvent('client_delete',$this->plugin_name,'client_delete');
}

function htpassword_update($event_name,$data) {
global $app, $conf;
$result = $app->db->queryAllRecords("SELECT * FROM client c");

$fp = fopen("/var/www/.htpasswd_admin","w");
if ($fp) {
foreach($result as $row)
{
$username = $row['username'];
$password = $row['password'];
if ($password != "") {
fwrite($fp,$username.":".$password."\n");
}
}
}
fclose($fp);
}

function client_insert($event_name,$data) {
global $app, $conf;
$this->htpassword_update($event_name,$data);
}

function client_update($event_name,$data) {
global $app, $conf;
$this->htpassword_update($event_name,$data);
}

function client_delete($event_name,$data) {
global $app, $conf;
$this->htpassword_update($event_name,$data);
}

} //adminpassword_plugin
?>

till

27th January 2010, 12:53

Thanks for publishing your plugin! Just a small correction :) It must read:

Then create a symlink in /usr/local/ispconfig/server/plugins-enabled

prisfeo

27th January 2010, 16:41

thanks theos..i'll try..
..
in the meanwhile, i am in test-phase (ispconfig3+centos5.4)
but the main domain server is published,
so i have protected the http://ispconfig.mydomain.com/phpmyadmin
access through editing the following file:
/etc/httpd/conf/sites-available/ispconfig.conf
modifying the following code (red):

# Except of the following directories that contain website scripts
<Directory /usr/share/phpmyadmin>
#Order allow,deny
#Allow from all
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 192.168.1.
</Directory>

so only my 192.168.1.0/24 private net can access to it..
i wonder..
in some changes of ispconfig3 made through the http panel
my above code modifications to /etc/httpd/conf/sites-available/ispconfig.conf will be overwritten ?

i have not used the ".htaccess" file cause i saw that in http.conf
the "AllowOverride" directive is set to "None"..
wil cause ipsconfig related web sites problems if i set to "All" ?

thanks,
bye.

BorderAmigos

2nd February 2010, 19:15

Does this only run when a new site is created? I installed as above and modified an existing site so ISPConfig3 would update but no .htpasswd_admin file was created.

fathertime

4th February 2010, 13:38

The folder setup is different. I tried to use:
/usr/local/ispconfig/server/lib/config.inc.php

and not:

/usr/local/ispconfig/lib/config.inc.php

But it didn't work. I don't know if the directory issue is the problem or not.

---

Is there a way to password protect the phpmyadmin, even by using just the standard process to make a password protected directory?

htpasswd/htaccess?

I don't feel like the server is secured while this is open.

Thanks for the effort though.

admins

16th February 2010, 22:30

no answer?
it doesnt work.

thanks
admins

fathertime

17th February 2010, 01:38

I put this aside for a bit, while I worked on the ssl setup and configuration.

I couldn't get it to work as instructed in the first post.

I also cannot get .htpasswd or .htaccess to function correctly.

Chmod ... they are rwrr ?

folder used is /usr/share/phpmyadmin

I may be in the wrong folder, but from what I can gather I believe that I am in the right directory.

The end result is that the phpmyadmin is fully accessible via the various websites under /phpmyadmin.

Any suggestions?

T