View Single Post
  #9  
Old 5th July 2007, 12:13
Croydon Croydon is offline
ISPConfig Developer
 
Join Date: Jul 2007
Location: Koblenz, Germany
Posts: 756
Thanks: 15
Thanked 215 Times in 166 Posts
Default

PSIplus, thanks for the great script

As lighttp does not recognize .htaccess files I ran into problems migrating to lighttp.
I extended your script so it now has a (very) rudimentary support for htaccess.

first I changed the modules section to include mod_auth and mod_rewrite
Code:
echo "server.modules=(\"mod_auth\",\"mod_access\",\"mod_cgi\",\"mod_accesslog\",\"mod_fastcgi\",\"mod_ssi\",\"mod_alias\",\"mod_rewrite\")\n";
then I added function calls to the end of the script

Code:
...

    echo "\n\t## Error-Handling ##\n";
    echo "\talias.url=(\"/error/\"=>\"$docroot/$prefix_web$parm[id]/web/error/\")\n";
    if($parm["error"])
    {
        /*
        ErrorDocument 400 /error/invalidSyntax.html
        ErrorDocument 401 /error/authorizationRequired.html
        ErrorDocument 403 /error/forbidden.html
        ErrorDocument 404 /error/fileNotFound.html
        ErrorDocument 405 /error/methodNotAllowed.html
        ErrorDocument 500 /error/internalServerError.html
        ErrorDocument 503 /error/overloaded.html
        AliasMatch ^/~([^/]+)(/(.*))? /var/www/web12/user/$1/web/$3
        AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web12/user/$1/web/$3
        */
    }
    // search for .htaccess files and prevent direct access
    echo "\n\turl.access-deny = ( \".htaccess\", \".htpasswd\")\n";
    list($data, $rewdata) = recurse_htaccess("", "$docroot/$prefix_web$parm[id]/web");
    
    echo $data;
    echo $rewdata;

    echo "}\n\n";
...

finally I added my new functions to the end of the script

Code:
function recurse_htaccess($curdir, $basedir) {
    $dir = opendir($basedir . $curdir);
    
    $data = "";
    $rewdata = "";
    
    while (false !== ($file = readdir($dir))) {
        if ($file != "." && $file != "..") {
            if(is_dir($basedir . $curdir . "/" . $file)) {
                list($ndata, $rdata) = recurse_htaccess($curdir . "/" . $file, $basedir);
                $data .= $ndata;
                $rewdata .= $rdata;
            } elseif($file == ".htaccess") {
                list($ndata, $rdata) = get_htaccess($curdir . "/" . $file, $basedir);
                $data .= $ndata;
                $rewdata .= $rdata;
            }
        }
    }
    
    return array($data, $rewdata);
}

function get_htaccess($file, $basedir) {
    $data = "";
    
    $rewexp = array();
    
    $fpath = $basedir . $file;
    $file = str_replace(".htaccess", "", $file);

    $fp = fopen($fpath, "r");
    if(!$fp) return "";

    if(!file_exists($fpath)) return "";

    $lines = file($fpath);
    if(!is_array($lines) || count($lines) < 1) return "";

    $match = false;
    $data = "";
    $data .= "\t\$HTTP[\"url\"] =~ \"^$file\" {\n";
    $data .= "\t\tauth.backend = \"htpasswd\"\n";
    
    $rewbase = "";
    
    $reqdata = "\"$file\" => (\n";
    // method / realm / require...
    $first = true;
    foreach($lines as $line) {
        if(preg_match("'authtype\s+(\w+)'is", $line, $matches)) {
            $match = true;
            if(!$first) $reqdata .= ",\n";
            $reqdata .= "\t\t\t\"method\" => \"" . strtolower(trim($matches[1])) . "\"";
        } elseif(preg_match("'authname\s+\"?([^\"]+)\"?'is", $line, $matches)) {
            $match = true;
            if(!$first) $reqdata .= ",\n";
            $reqdata .= "\t\t\t\"realm\" => \"" . trim($matches[1]) . "\"";
        } elseif(preg_match("'require\s+\"?([^\"]+)\"?'is", $line, $matches)) {
            $match = true;
            if(!$first) $reqdata .= ",\n";
            $reqdata .= "\t\t\t\"require\" => \"" . trim($matches[1]) . "\"";
        } elseif(preg_match("'authuserfile\s+\"?([^\"]+)\"?'is", $line, $matches)) {
            $match = true;
            if(trim($matches[1]) != "") $data .= "\t\tauth.backend.htpasswd.userfile = \"" . trim($matches[1]) . "\"\n";
        } elseif(preg_match("'rewritebase\s+(\S+)'is", $line, $matches)) {
            $rewbase = trim($matches[1]);
        } elseif(preg_match("'rewriterule\s+(\S+)\s+(\S+)'is", $line, $matches)) {
            $srch = trim($matches[1]);
            $rewexp["$srch"] = trim($matches[2]);
        }
        
        $first = false;
    }
    $data .= "\t\tauth.require = ( ";
    $data .= $reqdata . ")\n\t\t)\n";
    $data .= "\t}\n";
    if($match == false) $data = ""; // reset it

    $rewdata = "";

    if(count($rewexp) > 0) {
        $rewdata = "\n\turl.rewrite-once = ( ";
        $first = true;
        foreach($rewexp as $search => $replace) {
            if($first == false) $rewdata .= ",";
            if($rewbase != "") {
                $search = preg_replace("'^\^'", "^$rewbase", $search);
            }
            $rewdata .= "\n\t\t\"$search\" => \"$replace\"";
            
            $first = false;
        }
        $rewdata .= ")\n";
    }
    
    

    return array($data, $rewdata);
}
Sorry for the missing code comments... But I had no time for these.

As I said this is VERY basic .htaccess support...
I managed to get all my .htaccess directory access limits running.
My basic rewrite rules are working, too (no rewrite conditions).

Host-based or file-based access limit in .htacess files does not yet work, maybe I'll get this to work later
Reply With Quote