README

Author: soster

.gitignore

@@ -6,4 +6,7 @@ app/htadmin/config/config.ini
 app/test/.htpasswd
 app/test/.htmeta
 app/test/.htaccess
+app/.htpasswd
+app/.htmeta
+app/.htaccess
 app/index.html

README.md

@@ -1,17 +1,17 @@
 HTAdmin
 =======
 
-HTAdmin is a simple .htaccess and .htpasswd editor implemented in PHP with a nice frontend (based on bootstrap). It's intended to secure a folder of plain html files with multiple users. The admin has to create a user, but every user can change his password by himself using a self service area. It is also possible to send a password reset mail. You can use the .htpasswd with nginx and Apache, in the example we use nginx.
+HTAdmin is a simple htpasswd editor implemented in PHP with a nice frontend (based on bootstrap). It's intended to update and maintain users and password hashes in a .htpasswd file. The admin has to create a user, but every user can change his password by himself using a self service area. It is also possible to send a password reset mail. You can use the .htpasswd with nginx and Apache, in the example we use nginx.
 
 It comes with a preconfigured docker-compose.yml, so you don't have to install a LAMP stack locally for testing but can use docker instead.
 
 You find the application in `sites/html/htadmin`.
 
 ![Screenshot](screenshot.png "Screenshot")
 
-After cloning set the appropriate rights, change `user` with your user:
+Since both the nginx and the php-fpm run as the www-data user, change the group for the app folder and everything within:
 
-`chown -R user:www-data app`
+`chgrp -R www-data app`
 
 PHP needs write permission for the user www-data.
 

app/htadmin/config/config.ini.example

@@ -6,7 +6,7 @@
 app_title = HTAdmin
 
 ; Path to html files which have to be secured: 
-secure_path  = /app/test/
+secure_path  = /app/
 
 ; Use metadata (necessary e.g. for password reset via mail):
 use_metadata = true

app/htadmin/index.php

@@ -24,7 +24,7 @@
 		$meta_model->user = $username;
 		$meta_model->email = $_POST ['email'];
 		$meta_model->name = $_POST ['name'];
-		$meta_model->mailkey = random_password(8);
+		$meta_model->mailkey = random_password(PASSWORD_LENGTH);
 	}
 
 	if (! check_username ( $username ) || ! check_password_quality ( $passwd )) {

app/htadmin/tools/.htaccess

@@ -19,19 +19,10 @@ class htpasswd {
 	const HTMETA_NAME = ".htmeta";
 	function __construct($configpath, $use_metadata = false) {
 		$path = realpath ( $configpath );
-		$htaccessfile = $path . "/" . self::HTACCESS_NAME;
 		$htpasswdfile = $path . "/" . self::HTPASSWD_NAME;
 		@$this->use_metadata = $use_metadata;
-		
-		if (! file_exists ( $htaccessfile )) {
-			$could_write = $bdfp = fopen ( $htaccessfile, 'w' );
-			$htaccess_content = "AuthType Basic\nAuthName \"Password Protected Area\"\nAuthUserFile \"" . $htpasswdfile . "\"\nRequire valid-user" . "\n<Files .ht*>\nOrder deny,allow\nDeny from all\n</Files>";
-			if (! $could_write || !fwrite ( $bdfp, $htaccess_content )) {
-				echo ("can not write to file " . $htaccessfile);
-			}
-		}
-
 
+		
 		@$this->fp = @$this::open_or_create ( $htpasswdfile );
 
 		if ($this->fp == null) {
@@ -168,9 +159,11 @@ function user_update($username, $password) {
 		$usernames = explode ( ":", $line = rtrim ( fgets ( $this->fp ) ) );
 		trim ( $lusername = array_shift ( $usernames ) );
 			if ($lusername == $username) {
-				fseek ( $this->fp, (- 15 - strlen ( $username )), SEEK_CUR );
-				fwrite ( $this->fp, $username . ':' . self::htcrypt ( $password ) . "\n" );
-				return true;
+                fseek ( $this->fp, (- 1 - strlen($line)), SEEK_CUR );
+                self::delete($this->fp, $username, $this->filename, false);
+                file_put_contents ( $this->filename, 
+                    $username . ':' . self::htcrypt ( $password ) . "\n" ,
+                    FILE_APPEND | LOCK_EX);
 			}
 		}
 		return false;

app/htadmin/tools/htpasswd.php

@@ -25,6 +25,9 @@ function check_username($username) {
 
 }
 
+// default password / mailkey length:
+const PASSWORD_LENGTH = 18;
+
 function random_password($length) {
 	$alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ1234567890';
 	$pass = array(); //remember to declare $pass as an array

app/htadmin/tools/util.php

@@ -1,7 +1,9 @@
 version: '3'
 services:
     web:
-        image: nginx:1.21
+        build:
+            context: .
+            dockerfile: nginx.dockerfile
         ports:
             - "80:80"
         volumes:

docker-compose.yml

@@ -16,7 +16,7 @@ http {
 
         location /test {
             auth_basic           "Secured by htadmin";
-            auth_basic_user_file /app/test/.htpasswd;
+            auth_basic_user_file /app/.htpasswd;
         }
 
         location /htadmin/config {

nginx.conf

@@ -0,0 +1,14 @@
+FROM nginx:1.21
+
+
+# Customization of the nginx user and group ids in the image. It's 101:101 in
+# the base image. Here we use 33 which is the user id and group id for www-data
+# on Ubuntu, Debian, etc.
+ARG nginx_uid=33
+ARG nginx_gid=33
+
+# The worker processes in the nginx image run as the user nginx with group
+# nginx. This is where we override their respective uid and guid to something
+# else that lines up better with file permissions.
+# The -o switch allows reusing an existing user id
+RUN usermod -u $nginx_uid -o nginx && groupmod -g $nginx_gid -o nginx