#!usr/bin/perl # # csPassword 1.15 - 051403 # ##################################################################### # # # Copyright © 1999-2001 CGISCRIPTS.NET - All Rights Reserved # # # ##################################################################### # # # THIS COPYRIGHT INFORMATION MUST REMAIN INTACT # # AND MAY NOT BE MODIFIED IN ANY WAY # # # ##################################################################### # # When you downloaded this script you agreed to accept the terms # of this Agreement. This Agreement is a legal contract, which # specifies the terms of the license and warranty limitation between # you and CGISCRIPTS.NET. You should carefully read the following # terms and conditions before installing or using this software. # Unless you have a different license agreement obtained from # CGISCRIPTS.NET, installation or use of this software indicates # your acceptance of the license and warranty limitation terms # contained in this Agreement. If you do not agree to the terms of this # Agreement, promptly delete and destroy all copies of the Software. # # Versions of the Software # Only one copy of the registered version of CGISCRIPTS.NET # may used on one web site. # # License to Redistribute # Distributing the software and/or documentation with other products # (commercial or otherwise) or by other than electronic means without # CGISCRIPTS.NET's prior written permission is forbidden. # All rights to the CGISCRIPTS.NET software and documentation not expressly # granted under this Agreement are reserved to CGISCRIPTS.NET. # # Disclaimer of Warranty # THIS SOFTWARE AND ACCOMPANYING DOCUMENTATION ARE PROVIDED "AS IS" AND # WITHOUT WARRANTIES AS TO PERFORMANCE OF MERCHANTABILITY OR ANY OTHER # WARRANTIES WHETHER EXPRESSED OR IMPLIED. BECAUSE OF THE VARIOUS HARDWARE # AND SOFTWARE ENVIRONMENTS INTO WHICH CGISCRIPTS.NET MAY BE USED, NO WARRANTY # OF FITNESS FOR A PARTICULAR PURPOSE IS OFFERED. THE USER MUST ASSUME THE # ENTIRE RISK OF USING THIS PROGRAM. ANY LIABILITY OF CGISCRIPTS.NET WILL BE # LIMITED EXCLUSIVELY TO PRODUCT REPLACEMENT OR REFUND OF PURCHASE PRICE. # IN NO CASE SHALL CGISCRIPTS.NET BE LIABLE FOR ANY INCIDENTAL, SPECIAL OR # CONSEQUENTIAL DAMAGES OR LOSS, INCLUDING, WITHOUT LIMITATION, LOST PROFITS # OR THE INABILITY TO USE EQUIPMENT OR ACCESS DATA, WHETHER SUCH DAMAGES ARE # BASED UPON A BREACH OF EXPRESS OR IMPLIED WARRANTIES, BREACH OF CONTRACT, # NEGLIGENCE, STRICT TORT, OR ANY OTHER LEGAL THEORY. THIS IS TRUE EVEN IF # CGISCRIPTS.NET IS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO CASE WILL # CGISCRIPTS.NET' LIABILITY EXCEED THE AMOUNT OF THE LICENSE FEE ACTUALLY PAID # BY LICENSEE TO CGISCRIPTS.NET. # # Credits: # Andy Angrick - Programmer - angrick@cgiscript.net # Mike Barone - Design - mbarone@cgiscript.net # # For information about this script or other scripts see # http://www.cgiscript.net # # Thank you for trying out our script. # If you have any suggestions or ideas for a new innovative script # please direct them to suggest@cgiscript.net. Thanks. # ##################################################################### # # # Configuration variables # # # ##################################################################### (! -e "setup.cgi")?($nosetup=1):(require("setup.cgi")); ##################################################################### # # # End Configuration Variables. # # # ##################################################################### require("libs.cgi"); $in{'cgiurl'} = $cgiurl.'/csPassword.cgi'; (!$htmlpath)&&($htmlpath=$cgipath); (!$htmlurl)&&($htmlurl=$cgiurl); $in{'htmlurl'} = $htmlurl; $in{'cinfo'} = qq|
Powered by csPassword - © 2000,2001 CGIScript.net
|; $| = 1; eval { &main; }; if ($@) { &cgierr("fatal error: $@"); } exit; sub main{ print "Content-type: text/html\n\n"; &getdata; ($in{'command'} eq '')&&($nosetup)&&(&Setup); ($in{'command'} eq 'login')&&(&Login); ($in{'command'} eq '')&&(&Login); ($in{'command'} eq 'savesetup')&&(($nosetup)?(&SaveSetup):(&PError("Error. Permission denied."))); #all require password below &GetLogin; ($in{'command'} eq 'a')&&(&Add); ($in{'command'} eq 'sa')&&(&ShowAdd); ($in{'command'} eq 'manage')&&(&Manage); ($in{'command'} eq 'edit')&&(&Edit); ($in{'command'} eq 'delete')&&(&Delete); ($in{'command'} eq 'savechanges')&&(&SaveChanges); ($in{'command'} eq 'browse')&&(&Browse); ($in{'command'} eq 'setdir')&&(&SetDir); exit; } sub Login{ &PageOut("$htmlpath/t_login.htm"); exit; } sub GetLogin{ &GetCookies; $in{'UserName'} = $cookie{'UserName'}; $in{'PassWord'} = $cookie{'PassWord'}; if(!$in{'UserName'}){ &PageOut("$htmlpath/t_login.htm"); exit; } else{ (($in{'UserName'} ne $username)||(($in{'PassWord'} ne $password)))&&(&PError("Error. Invalid username or password")); } } sub Edit{ open(DB,"<$cgipath/password.cgi"); while(){ chomp; (@f) = split("\t",$_); ($f[0] eq $in{'id'})&&($found=1)&&(last); } if($found){ ($in{'id'},$in{'title'},$in{'dirpath'},$in{'members'}) = split("\t",$_); $in{'title'} =~ s/&#(\d+);/pack("c",$1)/ge; $in{'members'} =~ s/&#(\d+);/pack("c",$1)/ge; $in{'members'} =~ s/~/\n/g; $in{'mcommand'} = 'savechanges'; &PageOut("$htmlpath/t_add.htm"); } else{ &PError("Error. No record found with that identifier"); } exit; } sub Manage{ open(DB,"<$cgipath/password.cgi"); while(){ chomp; (@f) = split("\t",$_); $f[1] =~ s/&#(\d+);/pack("c",$1)/ge; $f[2] =~ s/&#(\d+);/pack("c",$1)/ge; $in{'row'} .=" $f[1] $f[2]
\"Edit \"Delete
"; } (!$in{'row'})&&($in{'row'} = "No items in the database"); &PageOut("$htmlpath/t_manage.htm"); } sub ShowAdd{ if($in{'command'} eq 'savechanges'){ $in{'mcommand'} = 'savechanges'; } else{ $in{'mcommand'} = 'a'; } &PageOut("$htmlpath/t_add.htm"); exit; } sub Delete{ my (@l); open(DB,"+<$cgipath/password.cgi"); while(){ (@f) = split("\t",$_); ($f[0] ne $in{'id'})?(push(@l,$_)):(&DeleteAccess($f[2])); } seek(DB,0,0); foreach my $i (@l){ print DB $i; } truncate(DB, tell(DB)); close DB; print <<"EOF"; EOF exit; } sub SaveChanges{ my (@l); ($in{'refresh'} eq "Refresh")&&(&ShowAdd); (!$in{'title'})&&(&PError("Error. Please enter a title")); open(DB,"+<$cgipath/password.cgi"); while(){ (@f) = split("\t",$_); ($f[0] ne $in{'id'})&&(push(@l, $_)); if($f[0] eq $in{'id'}){ &DeleteAccess($f[2]); &CreateAccess; $in{'members'} =~ s/([^\w\s\n])/'&#'.ord($1).';'/ge; $in{'members'} =~ s/\r*\n/~/g; push(@l,"$f[0]\t$in{'title'}\t$in{'dirpath'}\t$in{'members'}\n"); } } seek(DB,0,0); foreach my $i (@l){ print DB $i; } truncate(DB, tell(DB)); close DB; print <<"EOF"; EOF exit; } sub Add{ ($in{'refresh'} eq "Refresh")&&(&ShowAdd); (!$in{'title'})&&(&PError("Error. Please enter a title")); &CreateAccess; #get uniqueid; open(DB,"<$cgipath/password.cgi"); while(){ (@f) = split("\t",$_); $exist{$f[1]}=1; $exist{$f[2]}=1; ($f[0] > $id)&&($id = $f[0]); } close DB; (!$id)&&($id=1); $id++; ($exist{$in{'title'}})&&(&PError("Error. Title exists")); ($exist{$in{'dirpath'}})&&(&PError("Error. Directory already protected")); $in{'members'} =~ s/([^\w\s\n])/'&#'.ord($1).';'/ge; $in{'members'} =~ s/\r*\n/~/g; open(DB,">>$cgipath/password.cgi"); print DB "$id\t$in{'title'}\t$in{'dirpath'}\t$in{'members'}\n"; close DB; print <<"EOF"; EOF exit; } sub Browse{ (!$in{'dir'})&&($in{'dir'} = $rootpath); ($in{'dir'} !~ /^$rootpath/)&&(&PError("Access denied")); ($in{'dir'} =~ /\.\./)&&(&PError("Access denied")); $in{'dir'} =~ s/\/\//\//g; $in{'dd'} =~ s/\/$//; $in{'dir'} =~ s/\/$//; chdir($in{'dir'}); ##find previous dir ($pdir,$tdir) = $in{'dir'} =~ /(.*)\/(.*)$/; ##find root and give prev dir if($in{'dir'} ne $rootpath){ $in{'line'} .= "   Previous Directory       "; }#end find root ###get the dirs opendir(DIR,"$in{'dir'}"); @files = grep(!/^\.\.?$/,readdir(DIR)); closedir(DIR); foreach $i (sort (@files)){ ##skip if not a direcotry next if (! -d "$i"); @info = stat($i); $mode = substr(sprintf("%lo",$info[2]),2); $mode = "($mode)"; $created = &ctime($info[10]); $size = $info[7]; $ei=$i; $ei =~ s/([^\w&=])/'%'.sprintf("%.2x",ord($1))/ge; $edir = $in{'dir'}; $edir =~ s/([^\w&=])/'%'.sprintf("%.2x",ord($1))/ge; # $in{'line'} .= " $i $size bytes $created $mode "; } $in{'disdir'} = $in{'dir'}; $in{'disdir'} =~ s/^$in{'dd'}/\//g; $in{'disdir'} =~ s/\/\//\//g; $siteurl = qq|$in{'dd'}|; (@e) = split("/",$in{'disdir'}); foreach $i (@e){ next if (!$i); $mdd .= "/$i"; $lnkd = qq|/$i|; $in{'dirdir'} .= $lnkd; } $in{'disdir'} = $siteurl.$in{'dirdir'}; &PageOut("$htmlpath/t_select.htm"); } sub SetDir{ $in{'dirpath'} = "$in{'dir'}/$in{'file'}"; $in{'dirpath'} =~ s/\/\//\//g; print <<"EOF"; EOF } sub DeleteAccess{ my ($op) = @_; unlink("$op/.htaccess"); unlink("$op/.htpasswd"); } sub CreateAccess{ ($in{'dirpath'} !~ /^$rootpath/)&&(&PError("Access denied")); ($in{'dirpath'} =~ /\.\./)&&(&PError("Access denied")); @am = split(/\r*\n/,$in{'members'}); foreach $i (@am){ ($u,$p) = split(":",$i); ($u =~ /\s/)&&(&PError("Error. Invalid user: $u.")); ($p =~ /\s/)&&(&PError("Error. Invalid password: $p.")); (!$p)&&(&PError("Error. Invalid password.")); (!$u)&&(&PError("Error. Invalid user.")); $ep = &encrypt_pass($p); $htpout .= "$u:$ep\n"; } open(HTPASSWD,">$in{'dirpath'}/.htpasswd")|| die print "$!:$in{'dirpath'}/.htpasswd"; print HTPASSWD $htpout; close HTPASSWD; open(HTACCESS,">$in{'dirpath'}/.htaccess")|| die print "$!:$in{'dirpath'}/.htaccess"; print HTACCESS <<"EOF"; AuthUserFile $in{'dirpath'}/.htpasswd AuthGroupFile /dev/null AuthName "$in{'title'}" AuthType Basic require valid-user EOF close HTACCESS; } sub encrypt_pass{ local($unencrypted_password) = @_; local(@salt_chars) = ('a'..'z','A'..'Z','0'..'9','.','/') ; local($salt) = $salt_chars[rand(63)].$salt_chars[rand(63)]; return crypt($unencrypted_password, $salt); } sub Setup{ $cgipath = `pwd`;chomp $cgipath; $cgiurl = "$ENV{'HTTP_HOST'}/$ENV{'SCRIPT_NAME'}"; $cgiurl =~ s/\/csPassword\.cgi//i; $cgiurl =~ s/\/\//\//g; $cgiurl = "http://".$cgiurl; $rooturl = "http://$ENV{'HTTP_HOST'}"; $rootpath = $ENV{'DOCUMENT_ROOT'}; $setup = "\$cgiurl = '$cgiurl'; \$cgipath = '$cgipath'; \$rooturl = '$rooturl'; \$rootpath = '$rootpath'; \$username='demo'; \$password='demo'; 1; "; print <<"EOF"; csPassword Setup
Current contents of your setup.cgi file
Please verify the information and modify if needed:

Definitions:

\$cgiurl = Full URL to the csPassword DIRECTORY
\$cgipath = Full PATH to the csPassword DIRECTORY
\$rooturl = Full URL to your website
\$rootpath = Full PATH to your website directory
\$username = username to enter management screens
\$password = password to enter management screens

Normal Installation Instructions:

In most cases, the script is already configured. Change the \$username and \$password variables to your liking and click 'Save'. If the setup portion of the script cannot find your sites variables automatically, you will might have to enter those in the above text area.

CGI-BIN Installation Instructions:

If your hosting service will not let you run scripts outside your cgi-bin directory, then follow these procedures:

Copy all the *.cgi files to a directory in your cgi-bin directory, making sure they are chmod'd to 755. For example, you could create a /cgi-bin/csPassword/ directory and place csPassword.cgi, libs.cgi, and setup.cgi if this file exists.

Create a directory outside your cgi-bin directory and copy all the remaining files and subdirectories there. For example, you could create a /cgi-script/csPassword and place the files there.

Edit the above variables (or manually edit setup.cgi) to the following:
\$cgiurl = URL to the csPassword directory INSIDE your cgi-bin directory (where the script is installed).
\$cgipath = FULL PATH to the csPassword directory INSIDE your cgi-bin directory (where the script is installed).
\$rooturl = Full URL to your website
\$rootpath = Full PATH to your website directory
ADD THE FOLLOWING VARIABLES TO THE ABOVE CONFIGURATION OR MANUALLY EDIT setup.cgi:
\$htmlurl =  FULL URL to the csPassword directory OUTSIDE your cgi-bin directory (where the remaining files where installed)
\$htmlpath = FULL PATH to the csPassword directory OUTSIDE your cgi-bin directory (where the remaining files where installed)
For Example, your new setup.cgi file might look something like this:
\$cgiurl='http://www.cgiscript.net/cgi-bin/csPassword';
\$cgipath='/www/vhosts/cgiscript.net/cgi-bin/csPassword';
\$rooturl='http://www.cgiscript.net';
\$rootpath='/www/vhosts/cgiscript.net';
\$htmlurl='http://www.cgiscript.net/cgi-script/csPassword';
\$htmlpath='/www/vhosts/cgiscript.net/cgi-script/csPassword';
\$username='myusername';
\$password=',mypassword';
1;

(note: the '1' at the end is to prevent errors from perl if \$password was left empty)

EOF exit; } sub SaveSetup{ (-e "$basepath/setup.cgi")&&(&PError("Error. Access Denied")); $in{'setup'} =~ s/\r*\n/\n/g; open(SETUP,">setup.cgi"); print SETUP $in{'setup'}; print SETUP "\n"; close SETUP; print <<"EOF"; EOF exit; }