diff options
| author | Daniel Lange <DLange@git.local> | 2016-03-11 14:08:42 +0100 |
|---|---|---|
| committer | Daniel Lange <DLange@git.local> | 2016-03-11 14:08:42 +0100 |
| commit | f4b698433e902af3183deca7dc1879801cf5853e (patch) | |
| tree | d6ba5f34b139517ce77d9e74b2d463732bd41958 /HTPasswdSync.module | |
| parent | 3ad33fa7e8e0827508931ae939cc8277152a4bf7 (diff) | |
| parent | 7f1ce5d46e0e230d378690cc876e2507d27164a9 (diff) | |
| download | drupal_htpasswdsync-f4b698433e902af3183deca7dc1879801cf5853e.tar.gz drupal_htpasswdsync-f4b698433e902af3183deca7dc1879801cf5853e.tar.bz2 drupal_htpasswdsync-f4b698433e902af3183deca7dc1879801cf5853e.zip | |
Merge remote-tracking branch 'origin/7.x-1.x' as this is where the development happened upstream
This branch will be deleted and we move everything to master.
Conflicts:
HTPasswdSync.module
README.txt
Diffstat (limited to 'HTPasswdSync.module')
| -rw-r--r-- | HTPasswdSync.module | 1010 |
1 files changed, 668 insertions, 342 deletions
diff --git a/HTPasswdSync.module b/HTPasswdSync.module index 06bf48e..ac287da 100644 --- a/HTPasswdSync.module +++ b/HTPasswdSync.module @@ -1,376 +1,702 @@ -?php - -/* @file - * Synchronize users password and htpasswd file - * - * HTPasswd Sync module duplicates all users changes in the configured htpasswd - * file. Password a hashed with the crypt function. The htgroup file contains - * roles as groups. - */ - - /** - * return htpasswd file name - * - * @return - * full filname of the htpasswd - */ - function _htpasswdsync_passfilename() { - return variable_get('htpasswdsync_htpasswd', "/etc/httpd/htpasswd"); - } - - /** - * return htgroup file name - * - * @return - * full filname of the htgroup file - */ - function _htpasswdsync_grpfilename() { - return variable_get('htpasswdsync_htgroup', "/etc/httpd/htgroup"); - } - - /** - * return role to put in htgroup - * - * return the roles selectionned in the admin page to put into - * the htgroup file. - * - * @return - * array of role id - */ - function _htpasswdsync_roles() { +<?php + +/** + * Returns full file path of the htpasswd file + * @return string + */ +function _htpasswdsync_passfilename() { + return variable_get('htpasswdsync_htpasswd', '/etc/httpd/htpasswd'); +} + + +/** + * Returns full file path of the htgroup file + * @return string + */ +function _htpasswdsync_grpfilename() { + return variable_get('htpasswdsync_htgroup', ''); +} + + +/** + * Returns an array containing the role ids of the roles to write into + * the htgroup file. (selected in the admin page) + * @return array + */ +function _htpasswdsync_roles() { return variable_get('htpasswdsync_roles', array()); - } - -/** - * read an htfile - * - * read an htfile, format is key: value, one key per row - * - * @param &$arr - * array to read to - * @param $file - * file to read - * @return - * none - */ - - function _htpasswdsync_read_htfile(&$arr, $file) { - $f = fopen($file, "r"); - while ($l = fgets($f)) { - list($u, $p) = split(":", rtrim($l), 2); - if ($u != "") { - $arr[$u] = $p; - } - } - fclose($f); - } - - /** - * write an htfile - * - * write an array to an htfile, format is key: value, one key per row - * - * @param &$arr - * array to write - * @param $file - * file to write to +} + + +/** + * Return an array containing the available hashes + * @return array + */ +function _htpasswdsync_hashes() { + return array ('crypt' => 'crypt', 'SHA-1' => 'SHA-1'); +} + + +/** + * Returns the selected hash algorithm specified by _htpasswdsync_hashes(). + * @return string + */ +function _htpasswdsync_hash() { + return variable_get('htpasswdsync_hash', 'SHA-1'); +} + + +/** + * Returns if the htpasswd file shall be overwritten by drupal of not + * overwritting will erase all manual entered users. Manual make the htpasswd + * grow and contain renamed users. it will do the same for the htgroup + * @return array of role id + */ +function _htpasswdsync_overwrite() { + return variable_get('htpasswdsync_overwrite', true); +} + + +/** + * Returns if spaces in group and user names shall be removed + * @return bool + */ +function _htpasswdsync_names_without_whitespace() { + return variable_get('htpasswdsync_names_without_whitespace', true); +} + + +/** + * Returns if groups and user names shall be exported lowercase + * @return bool + */ +function _htpasswdsync_names_lowercase() { + return variable_get('htpasswdsync_names_lowercase', true); +} + + +/** + * Returns the domain of which email addresses shall be exported as well + * @return bool + */ +function _htpasswdsync_email_domain() { + return variable_get('htpasswdsync_export_email_domain', ''); +} + + +/** + * Sanatizes the user name to be htpasswd conform. Removes ":" character as it + * may cause trouble in the files. All non-word characters are removed to + * be htpasswd/htgroup compliant. + * @param string $name + * @return string + */ +function _htpasswdsync_sanatize_name($name) { + $name = trim(preg_replace('/[^\w\s]/i', '', $name), " \t\n\r"); + if(_htpasswdsync_names_without_whitespace()) $name = str_replace(' ','', $name); + if(_htpasswdsync_names_lowercase()) $name = strtolower($name); + return $name; +} + + +/** + * Returns the password hashed according to users preferences + * @param string $password + * @return string + */ +function _htpasswdsync_crypt($password) { + $hashes = _htpasswdsync_hashes(); + switch ($hashes[_htpasswdsync_hash()]) { + case 'crypt': + return crypt($password, chr(rand(65, 122)) . chr(rand(65, 122))); + break; + case 'SHA-1': + return '{SHA}' . base64_encode(sha1($password, TRUE)); + break; + default: + return _htpasswdsync_hash(); + } +} + + +/** + * Checks if a file (given by path) exitsts and is writable. Returns false + * on success, an error message on error. + * @param string $path + * @return mixed + */ +function _htpasswdsync_check_file($path) { + if(is_file($path) && is_writable($path) && is_readable($path)) { + return false; + } else if(!is_file($path)) { + if(is_dir($path)) { + return t("File '!file' that you specified is an existing directory. Please check your path setting.", array('!file' => $path)); + } else if(!is_dir(dirname($path))) { + return t("File '!file' does not exists and the parent directory does not exist neither. Please check the path you entered or create the file manually.", array('!file' => $path)); + } else if(!is_writable(dirname($path))) { + return t("File '!file' does not exists and the parent directory is not writable. Please create the file manually.", array('!file' => $path)); + } else if(file_put_contents($path, '') === false || !is_file($path) || !is_writable($path) || !is_readable($path)) { + return t("File '!file' does not exists, and it could no be created properly. Please create the file manually.", array('!file' => $path)); + } + return false; + } else if(!is_readable($path)) { + return t("File '!file' exists but is not readable for the server. Use chmod command to change this.", array('!file' => $path)); + } else if(!is_writable($path)) { + return t("File '!file' exists but is not writable for the server. Use chmod command to change this.", array('!file' => $path)); + } else { + return t("File '!file' (dead branch check): Please inform the maintainer that there is a bug in function _htpasswdsync_check_file().", array('!file' => $path)); + } +} + + +/** + * Read htfile in an assoc. array (key=user, value=password hash) + * @param string $file + * @return array + */ +function _htpasswdsync_read_htfile($file) { + $content = file_get_contents($file); + if($content === false) { + watchdog('HtPasswdSync', "Failed to read $file", WATCHDOG_ERROR); + } else { + $data = array(); + $content = explode("\n", $content); + foreach($content as $line) { + $line = trim($line); + if(!empty($line)) { + $line = explode(':', $line, 2); + if(count($line) == 2) { + $line[0] = trim($line[0]); + $line[1] = trim($line[1]); + if(strlen($line[0]) > 0 && strlen($line[1]) > 0) { + $data[$line[0]] = $line[1]; + } + } + } + } + } + return $data; +} + + +/** + * Write an htfile + * @param array &$data + * @param string $file + * @return void + */ +function _htpasswdsync_write_htfile(&$data, $file) { + $content = array(); + foreach($data as $u => $p) { + if(strlen($u) > 0 && strlen($p) > 0) { + $content[] = "$u:$p"; + } + } + if(@file_put_contents($file, implode("\n", $content) . "\n") === false) { + watchdog('HtPasswdSync', "Failed to write $file", WATCHDOG_ERROR); + } +} + + +/** + * Generate the htgroup content for each role configured (htpasswdsync_roles array), + * list users and update the htgroup accordingly. * @return - * none */ - function _htpasswdsync_write_htfile(&$arr, $file) { - $f = fopen($file, "w"); - foreach ($arr as $u => $p) { - if ($u != "" && $p != "") { - fputs($f, $u .":". $p ."\n"); +function _htpasswdsync_updategroup() { + $file = _htpasswdsync_grpfilename(); + $groups = array(); + + if($file == "") { + return; } - } - fclose($f); - } - -/* generate the htgroup content - * - * for each role configured (htpasswdsync_roles array), list users - * and update the htgroup accordingly - * - * @param - * @return - */ - function _htpasswdsync_updategroup() { - - $file = _htpasswdsync_grpfilename(); - $groups = array(); - _htpasswdsync_read_htfile($groups, $file); - - foreach (_htpasswdsync_roles() as $rid) { - // get role name - $res = db_fetch_object(db_query('SELECT name FROM {role} WHERE rid = %d', $rid)); - $name = $res->name; - - //empty group - $groups[$name] = ""; - - // add members to the group - $res = db_query('SELECT name FROM {users} u, {users_roles} ur WHERE ur.rid = %d AND ur.uid = u.uid', $rid); - while ($r = db_fetch_object($res)) { - $groups[$name] .= " ". $r->name; + + $mail_domain = _htpasswdsync_email_domain(); + + if(! _htpasswdsync_overwrite()) { + $groups = _htpasswdsync_read_htfile($file); } - } _htpasswdsync_write_htfile($groups, $file); - } + foreach(_htpasswdsync_roles() as $rid) { + $role = _htpasswdsync_sanatize_name(reset(db_query('SELECT name FROM {role} WHERE rid = :rid', array(':rid' => $rid))->fetchCol())); + if(!empty($role)) { + $users = db_query('SELECT u.name, u.mail FROM {users} AS u, {users_roles} AS ur WHERE ur.rid = :rid AND ur.uid = u.uid AND status = 1', array(':rid' => $rid)); + $groups[$role] = array(); + $group = &$groups[$role]; + foreach($users as $user) { + $group[] = _htpasswdsync_sanatize_name($user->name); + if($mail_domain != '') { + $user->mail = strtolower($user->mail); + if(strpos($user->mail, $mail_domain) !== false) { + $user->mail = reset(explode('@', $user->mail, 2)); + $group[] = _htpasswdsync_sanatize_name($user->mail); + } + } + } + $group = implode(' ', $group); + } + } + _htpasswdsync_write_htfile($groups, $file); +} + -/* generate the htpasswd content from the database - * - * update the htpasswd file from the table htpasswdsync_passwd - * - * @param - * @return - */ - function _htpasswdsync_updatepasswd() { - - $file = _htpasswdsync_passfilename(); - $passwords = array(); - _htpasswdsync_read_htfile($passwords, $file); - - //get all users - $res = db_query('SELECT username, passwd FROM {htpasswdsync_passwd}'); - while ($r = db_fetch_object($res)) { - if ($r->passwd == "****DELETED") { - unset($passwords[$r->username]); +/** + * Removes a group from a file given either by RID or by role name. + * @param mixed $role + */ +function _htpasswdsync_remove_role($role) { + if(is_numeric($role)) { + $role = reset(db_query('SELECT name FROM {role} WHERE rid = :rid', array(':rid' => $role))->fetchCol()); } - else { - $passwords[$r->username] = $r->passwd; + $role = _htpasswdsync_sanatize_name($role); + $file = _htpasswdsync_grpfilename(); + $groups = _htpasswdsync_read_htfile($file); + if(isset($groups[$role])) { + unset($groups[$role]); + _htpasswdsync_write_htfile($groups, $file); } - } - _htpasswdsync_write_htfile($passwords, $file); - } +} - -/* update htpassword with the new password of the user - * - * @param $account - * account of the user to update - * @return - */ - function _htpasswdsync_update($account) { - - // read current file - $f = _htpasswdsync_passfilename(); - $passwds = array(); - _htpasswdsync_read_htfile($passwds, $f); - - // update with the $account information received - // password crypted with the standard crypt (not MD5) function - $user = $account['name']; - $pass = crypt($account['pass'], chr(rand(65, 122)) . chr(rand(65, 122))); - $passwds[$user] = $pass; - - //save file - _htpasswdsync_write_htfile($passwds, $f); - - //update table - db_query("DELETE FROM {htpasswdsync_passwd} WHERE username = '%s'", $user); - db_query("INSERT INTO {htpasswdsync_passwd} (username, passwd) VALUES('%s', '%s')", $user, $pass); -} - -/* remove the user for the htpassword file - * - * @param $account - * array of account to delete - * @return - */ -function _htpasswdsync_delete($account) { - $f = _htpasswdsync_passfilename(); - $passwds = array(); - _htpasswdsync_read_htfile($passwds, $f); - - foreach ($account['accounts'] as $a) { - $r = db_query("SELECT name FROM {users} WHERE uid = %d", $a); - $user = db_fetch_object($r); - unset($passwds[$user->name]); - db_query("DELETE FROM {htpasswdsync_passwd} WHERE username = '%s'", $user->name); - db_query("INSERT INTO {htpasswdsync_passwd} (username, passwd) VALUES('%s', '%s')", $user->name, "****DELETED"); - } - _htpasswdsync_write_htfile($passwds, $f); - - _htpasswdsync_updategroup(); + +/** + * Generate the htpasswd content from the database update the htpasswd file + * from the table htpasswdsync_passwd + * @return void + */ + function _htpasswdsync_updatepasswd($removeDrupalUsers=false) { + $file = _htpasswdsync_passfilename(); + $passwords = array(); + + if($file == "") { + return; + } + + $overwrite = _htpasswdsync_overwrite(); + $mail_domain = _htpasswdsync_email_domain(); + + if(!$overwrite) { + $passwords = _htpasswdsync_read_htfile($file); + } + + $res = db_query('SELECT A.username, A.passwd, B.mail FROM {htpasswdsync_htpasswd} AS A, {users} AS B WHERE name=username and status = 1'); + foreach($res as $r) { + if(!$overwrite) { + if(isset($passwords[str_replace(' ','', $r->username)])) unset($passwords[str_replace(' ','', $r->username)]); + if(isset($passwords[str_replace(' ','', strtolower($r->username))])) unset($passwords[str_replace(' ','', strtolower($r->username))]); + if(isset($passwords[strtolower($r->username)])) unset($passwords[strtolower($r->username)]); + } + if(!$removeDrupalUsers) { + if($r->passwd == "****DELETED" || $r->passwd == '') { + if(isset($passwords[$r->username])) unset($passwords[$r->username]); + if(isset($passwords[$r->mail])) unset($passwords[$r->mail]); + } else { + $passwords[_htpasswdsync_sanatize_name($r->username)] = $r->passwd; + if($mail_domain != '') { + $r->mail = strtolower($r->mail); + if(strpos($r->mail, $mail_domain) !== false) { + $r->mail = reset(explode('@', $r->mail, 2)); + $passwords[_htpasswdsync_sanatize_name($r->mail)] = $r->passwd; + } + + } + } + } + } + _htpasswdsync_write_htfile($passwords, $file); } - /** -* Display help and module information -* @param path which path of the site we're displaying help -* @param arg array that holds the current path as would be returned from arg() function -* @return help text for the path -*/ -function htpasswdsync_help($path, $arg) { - $output = ''; //declare your output variable - switch ($path) { - case "admin/help#htpasswdsync": - $output = '<p>'. t("synchronize password with a htpasswd file") .'</p>'; - break; - } - return $output; -} // function htpasswdsync_help - -/** -* Valid permissions for this module -* @return array An array of valid permissions for the htpasswdsync module -*/ -function htpasswdsync_perm() { - return array('administer htpasswdsync'); -} // function htpasswdsync_perm() - -/* - * Implementation of hook_user() - */ -function htpasswdsync_user($op, &$edit, &$account, $category = NULL) { - switch ($op) { - case "delete": - _htpasswdsync_delete($edit); - break; - case "insert": - _htpasswdsync_update($edit); - break; - case "update": - _htpasswdsync_update($edit); - break; - } -} // function htpasswdsync_user() - - -function htpasswdsync_admin() { - - $form['htpasswdsync_htpasswd'] = array( - '#type' => 'textfield', - '#title' => t('htpasswd file'), - '#default_value' => _htpasswdsync_passfilename(), - '#size' => 100, - '#maxlength' => 200, - '#description' => t("Where is stored the !file file we want to synchronize with.", - array('!file' => 'htpasswd')), - '#required' => TRUE, - ); - $form['htpasswdsync_htgroup'] = array( - '#type' => 'textfield', - '#title' => t('htgroup file'), - '#default_value' => _htpasswdsync_grpfilename(), - '#size' => 100, - '#maxlength' => 200, - '#description' => t("Where is stored the !file file we want to synchronize with.", - array('!file' => 'htgroup')), - '#required' => TRUE, - ); - $form['htpasswdsync_roles'] = array( - '#type' => 'checkboxes', - '#title' => t('Roles to be exported in htgroup'), - '#default_value' => _htpasswdsync_roles(), - '#options' => user_roles(TRUE), - ); - - return system_settings_form($form); -} - - -/* Test if a file exist and is writable - * - * @param $filename - * name of the file - * @return - * return false on success, otherwise an error message - */ -function _htpasswdsync_check_file($file) { - $f = @fopen($file, "r"); - if (!$f) { - return t("File '!file' does not exists, you should create it.", - array('!file' => $file)); - } - else { - fclose($f); - $f = @fopen($file, "a"); - if (!$f) { - return t("cannot write to file '!file'.", array('!file' => $file)); + +/** + * Update htpassword table with the new password of the user + * @param object $edit + * @return void + */ +function _htpasswdsync_update($edit) { + if(isset($edit->pass) && $edit->pass != '' && isset($edit->name) && strlen(trim($edit->name)) > 0) { + $user = $edit->name; + $pass = _htpasswdsync_crypt($edit->pass); + $passwds[$user] = $pass; + if(isset($edit->uid) && $edit->uid > 0) { + $ref_user = user_load($edit->uid); + if($ref_user->name != $user) { + db_query("DELETE FROM {htpasswdsync_htpasswd} WHERE username = :username", array(':username' => $ref_user->name)); + } + } + db_query("DELETE FROM {htpasswdsync_htpasswd} WHERE username = :user", array(':user' => $user)); + db_query("INSERT INTO {htpasswdsync_htpasswd} (username, passwd) VALUES(:user, :pass)", array(':user' => $user, ':pass' => $pass)); + _htpasswdsync_commit_to_htpasswd(); } - else { - fclose($f); +} + + +/** + * Update htpassword file with the new password of the user + * @return void + */ +function _htpasswdsync_commit_to_htpasswd() { + _htpasswdsync_updatepasswd(); + _htpasswdsync_updategroup(); +} + + +/** + * Remove the one user for the htpassword file + * @param string $username + * @return void + */ +function _htpasswdsync_delete_user($username) { + db_query("DELETE FROM {htpasswdsync_htpasswd} WHERE username = :username", array(':username' => $username)); + db_query("INSERT INTO {htpasswdsync_htpasswd} (username, passwd) VALUES(:username, :passwd)", array(':username' => $username, ':passwd' => "****DELETED") ); +} + + +/** + * Remove the user for the htpassword file + * @param object $account + * @return void + */ +function _htpasswdsync_delete($account) { + _htpasswdsync_delete_user($account->name); + _htpasswdsync_commit_to_htpasswd(); +} + + +/** + * User cancel hook + * @param array $edit + * @param object $account + * @param string $method + * @return void + */ +function htpasswdsync_user_cancel($edit, $account, $method) { + _htpasswdsync_delete($account); +} + + +/** + * User delete hook + * @param object $account + * @return void + */ +function htpasswdsync_user_delete($account) { + _htpasswdsync_delete($account); +} + + +/** + * User insert/edit hook. Used instead of htpasswdsync_user_insert() and + * htpasswdsync_user_update() because at these states the password is already + * hashed. + * @param string $entity_type + * @param object $entity + * @param array $form + * @param array $form_state + * @return void + */ +function htpasswdsync_field_attach_submit($entity_type, $entity, $form, &$form_state) { + if($entity_type != 'user') return; + if(!empty($entity->name) && !empty($entity->pass)) { + $r = reset(db_query('SELECT pass FROM {users} WHERE uid=:uid', array(':uid' => $entity->uid))->fetchCol()); + if($r != $entity->pass) { + _htpasswdsync_update($entity); + } } - } - return FALSE; } -function htpasswdsync_admin_validate($form, &$form_state) { +/** + * Run the _htpasswdsync_update function when a user is create; + */ +function htpasswdsync_user_insert(){ + _htpasswdsync_updatepasswd(); +} + +/** + * Role delete hook + * @param object $role + * @return void + */ +function htpasswdsync_user_role_update($role) { + _htpasswdsync_updategroup(); +} - $file = $form_state['values']['htpasswdsync_htpasswd']; - if ($msg = _htpasswdsync_check_file($file)) { - form_set_error('htpasswdsync_htpasswd', $msg); - } - $file = $form_state['values']['htpasswdsync_htgroup']; - if ($msg = _htpasswdsync_check_file($file)) { - form_set_error('htpasswdsync_htpasswd', $msg); - } +/** + * Role delete hook + * @param object $role + * @return void + */ +function htpasswdsync_user_role_delete($role) { + _htpasswdsync_updategroup(); } + +/** + * Returns help and module information + * @param string $path which path of the site we're displaying help + * @param array $arg Holds the current path as would be returned from arg() function + * @return string + */ +function htpasswdsync_help($path, $arg) { + if($path != 'admin/help#htpasswdsync') return ''; + return '<pre>' . htmlspecialchars(@file_get_contents(dirname(__FILE__) . '/README.txt'), null, 'UTF-8') . '</pre>'; +} + + +/** +* Returns the required permissions for the htpasswdsync module +* @return array +*/ +function htpasswdsync_permission() { + return array( + 'administer htpasswdsync' => array( + 'title' => t('Administer htpasswd synchronization'), + 'restrict access' => true + ) + ); +} + + +/** + * Administration menu entry + * @return array + */ function htpasswdsync_menu() { + $items = array(); + $items['admin/config/people/htpasswdsync'] = array( + 'title' => 'Htpasswd file synchronization', + 'description' => 'Preferences for the HTPasswd Sync module', + 'page callback' => 'drupal_get_form', + 'page arguments' => array('htpasswdsync_admin_form'), + 'access arguments' => array('administer htpasswdsync'), + ); + return $items; +} + - $items = array(); +/** + * Returns the configuration form structure + * @return array + */ +function htpasswdsync_admin_form() { + // A workaround to update the files directly after saving the config form, + // Because the form is displayed directly after saving. + if(variable_get('htpasswdsync_flag_needs_rebuild', false)) { + variable_del('htpasswdsync_flag_needs_rebuild'); + _htpasswdsync_updatepasswd(); + _htpasswdsync_updategroup(); + } - $items['admin/user/htpasswdsync'] = array( - 'title' => 'HTPassword Sync', - 'description' => 'Preferences for the HTPasswd Sync module', - 'page callback' => 'drupal_get_form', - 'page arguments' => array('htpasswdsync_admin'), - 'access arguments' => array('access administration pages'), - 'type' => MENU_NORMAL_ITEM, - ); + $form['htpasswdsync_htpasswd'] = array( + '#type' => 'textfield', + '#title' => t('htpasswd file'), + '#default_value' => _htpasswdsync_passfilename(), + '#size' => 100, + '#maxlength' => 200, + '#description' => t("The full path to the !file file (e.g. !eg_file).", array('!file' => 'htpasswd', '!eg_file' => '/etc/httpd/htpasswd')), + '#required' => true, + ); + $form['htpasswdsync_htgroup'] = array( + '#type' => 'textfield', + '#title' => t('htgroup file'), + '#default_value' => _htpasswdsync_grpfilename(), + '#size' => 100, + '#maxlength' => 200, + '#description' => t("The full path to the !file file (e.g. /etc/httpd/htgroup). Leave blank if you don't need a group file. If you enter a group file here, then you must also define a htpasswd file above.", array('!file' => 'htgroup')), + '#required' => false, + ); + $form['htpasswdsync_hash'] = array( + '#type' => 'radios', + '#title' => t('password hashing algorythm'), + '#description' => t("How shall the password be hashed (crypt only available for unix, SHA1 can be used on all platforms)"), + '#options' => _htpasswdsync_hashes(), + '#default_value' => _htpasswdsync_hash(), + ); + $form['htpasswdsync_roles'] = array( + '#type' => 'checkboxes', + '#title' => t('Roles to be exported into the htgroup file'), + '#description' => t("Only users of these roles will be syncronized into the htpasswd/htgroup file. If none is specified, no user will be in the file (not 'default all')."), + '#default_value' => _htpasswdsync_roles(), + '#options' => user_roles(true), + ); + $form['htpasswdsync_overwrite'] = array( + '#type' => 'checkbox', + '#title' => t('htpasswd file is only managed by this module'), + '#description' => t("If yes, manually added users in the user file will be removed (simply overwrites the files). If no, only the users stored in the database will be changed/added/deleted (Files will be analyzed and users not existing in the database will be left unchanged)."), + '#default_value' => _htpasswdsync_overwrite(), + ); + $form['htpasswdsync_names_lowercase'] = array( + '#type' => 'checkbox', + '#title' => t('Export user names and group names lowercase'), + '#description' => t("If yes, htpasswdsync will export the lowercase user names (e.g. 'User' will be exported as 'user'). Groups will always be exported lowercase (as the user does not need to enter a group, so this makes it easier to design the .htaccess files). Caution: this option may increase the file size of the htuser file."), + '#default_value' => _htpasswdsync_names_lowercase(), + ); + $form['htpasswdsync_names_without_whitespace'] = array( + '#type' => 'checkbox', + '#title' => t('Remove whitespaces in user names and groups'), + '#description' => t("If yes, htpasswdsync will remove all whitespaces in user names and groups (e.g. 'User 1' will be exported as 'User1'). Caution: this increases the file size of the htuser file. If you use groups, then you must check this setting because whitespaces are used as separators in the group file. This setting goes along with the checkbox above."), + '#default_value' => _htpasswdsync_names_without_whitespace(), + ); + $form['htpasswdsync_export_email_domain'] = array( + '#type' => 'textfield', + '#title' => t('Additional user email domain'), + '#default_value' => _htpasswdsync_email_domain(), + '#size' => 100, + '#maxlength' => 200, + '#description' => t("Enter a domain here if you want that email account names shall be exported into the htpasswd file as well. E.g., if you enter 'example.org', then the email 'user1@example.org' would be exported as 'user1' into the htpasswd file. However, it should be more interesting for your own domain."), + '#required' => false, + ); + + // Small description ... + $notewhitespaces = _htpasswdsync_names_lowercase() ? " Enter your login name without whitespaces and special characters." : ""; + + $txt = t('This is how a simple .htaccess file could look like:') + . "<pre>\t[...]\n" + . "\tAuthType Basic\n" + . "\tAuthName \"Protected members area.$notewhitespaces\"\n" + ; + + if(_htpasswdsync_passfilename() != '') { + $txt .= "\tAuthUserFile " . _htpasswdsync_passfilename() . "\n"; + if(_htpasswdsync_grpfilename() != '') { + $txt .= "\tAuthGroupFile " . _htpasswdsync_grpfilename() . "\n"; + } + + $txt .= "\trequire valid-user\n" + . "\t#require group administrator\n" + . "\n[OR]\n" + . "\t[...]</pre></p>"; + } - return $items; + $form['htaccess_file_now_looks_like'] = array( + '#markup' => $txt + ); + return system_settings_form($form); +} + + +/** + * Form validation callback. Checks if htpasswd/htgroup file are writable + * @param array $form + * @param array& $form_state + * @return void + */ +function htpasswdsync_admin_form_validate($form, &$form_state) { + $form_state['values']['htpasswdsync_htpasswd'] = trim($form_state['values']['htpasswdsync_htpasswd']); + $form_state['values']['htpasswdsync_htgroup'] = trim($form_state['values']['htpasswdsync_htgroup']); + $error = false; + + if(empty($form_state['values']['htpasswdsync_htpasswd']) && empty($form_state['values']['htpasswdsync_htgroup'])) { + form_set_error('htpasswdsync_htpasswd', 'You should at least specify the htpasswd file.'); + $error = true; + } else if(!empty($form_state['values']['htpasswdsync_htgroup']) && empty($form_state['values']['htpasswdsync_htpasswd'])) { + form_set_error('htpasswdsync_htpasswd', 'The htgroup file makes no sense without the htpasswd file.'); + $error = true; + } else if($form_state['values']['htpasswdsync_htgroup'] == $form_state['values']['htpasswdsync_htpasswd']) { + form_set_error('htpasswdsync_htpasswd', 'The htgroup file and the htpasswd file have to be different files.'); + $error = true; + } + + $file = $form_state['values']['htpasswdsync_htpasswd']; + if(!empty($file)) { + if($msg = _htpasswdsync_check_file($file)) { + form_set_error('htpasswdsync_htpasswd', $msg); + $error = true; + } + } + + $file = $form_state['values']['htpasswdsync_htgroup']; + if(!empty($file)) { + if($msg = _htpasswdsync_check_file($file)) { + form_set_error('htpasswdsync_htgroup', $msg); + $error = true; + } + if(!$form_state['values']['htpasswdsync_names_without_whitespace']) { + form_set_error('htpasswdsync_htgroup', 'htgroup file access restriction can only work if you remove the whitespaces in user names and groups (see setting below)'); + $error = true; + } + } + + // Directly apply changes if no validation errors + if($error == false) { + if($form_state['values']['htpasswdsync_htgroup'] == '' && _htpasswdsync_grpfilename() != '') { + // Group file was unset, so the groups shpuld be all deleted + foreach(_htpasswdsync_roles() as $role) { + _htpasswdsync_remove_role($role); + } + } else { + // Check which roles have to be removed + // A workaround to update the files directly after saving the config form + variable_set('htpasswdsync_flag_needs_rebuild', true); + foreach(_htpasswdsync_roles() as $role) { + if($role > 0 && !in_array($role, $form_state['values']['htpasswdsync_roles'])) { + _htpasswdsync_remove_role($role); + } + } + } + } } + +/** + * Runtime phase htgroup / htpasswd file check + * @param string $phase + * @return array + */ function htpasswdsync_requirements($phase) { + if($phase != 'runtime') { + return array(); + } else { + $requirements = array(); + + if(_htpasswdsync_passfilename() != "") { + $htpasswd_status_msg = _htpasswdsync_check_file(_htpasswdsync_passfilename()); + $htpasswd_status_val = REQUIREMENT_ERROR; + if (!$htpasswd_status_msg) { + $htpasswd_status_msg = t('!file file is writable', array('!file' => 'htpasswd')); + $htpasswd_status_val = REQUIREMENT_OK; + } + } else { + $htpasswd_status_msg = 'Not required'; + $htpasswd_status_val = REQUIREMENT_OK; + } + + if(_htpasswdsync_grpfilename() != "") { + $htgroup_status_msg = _htpasswdsync_check_file(_htpasswdsync_grpfilename()); + $htgroup_status_val = REQUIREMENT_ERROR; + if (!$htgroup_status_msg) { + $htgroup_status_msg = t('!file file is writable', array('!file' => 'htgroup')); + $htgroup_status_val = REQUIREMENT_OK; + } + } else { + $htgroup_status_msg = 'Not required'; + $htgroup_status_val = REQUIREMENT_OK; + } + + $status = $htpasswd_status_val != REQUIREMENT_OK && $htgroup_status_val != REQUIREMENT_OK; - $requirements = array(); - - // if not runtime query, exit - if ($phase != 'runtime') { - return $requirements; - } - - $htpasswd_status_msg = _htpasswdsync_check_file(_htpasswdsync_passfilename()); - $htpasswd_status_val = REQUIREMENT_ERROR; - if (!$htpasswd_status_msg) { - $htpasswd_status_msg = t('!file file is available', array('!file' => 'htpasswd')); - $htpasswd_status_val = REQUIREMENT_OK; - } - - $htgroup_status_msg = _htpasswdsync_check_file(_htpasswdsync_grpfilename()); - $htgroup_status_val = REQUIREMENT_ERROR; - if (!$htgroup_status_msg) { - $htgroup_status_msg = t('!file file is available', array('!file' => 'htgroup')); - $htgroup_status_val = REQUIREMENT_OK; - } - - $status = $htpasswd_status_val > $htgroup_status_val ? - $htpasswd_status_val : $htgroup_status_val; - - $requirements['htpasswdsync_status'] = array( - 'title' => t('HTPasswd Sync Status'), - 'value' => $htpasswd_status_msg ."<br>". - $htgroup_status_msg ."<br>". - t('last update !time ago.', array( + $requirements['htpasswdsync_status'] = array( + 'title' => t('HTPasswd Sync Status'), + 'value' => $htpasswd_status_msg . "<br>" . $htgroup_status_msg . "<br>" . + t('last update !time ago.', array( '!time' => format_interval(time()-variable_get('htpasswdsync_cron_time', 0)))), - 'severity' => $status, - ); - if ($status != REQUIREMENT_OK) { - $requirements['htpasswdsync_status']['description'] = - t('Cannot access files, please <a href="!url">check configuration</a>.', - array('!url' => url('admin/user/htpasswdsync'))); - } + 'severity' => $status, + ); - return $requirements; + if($status != REQUIREMENT_OK) { + $requirements['htpasswdsync_status']['description'] = + t('Cannot access files, please <a href="!url">check configuration</a>.', + array('!url' => url('admin/user/htpasswdsync'))); + } + return $requirements; + } } + +/** + * Cron hook + * @return void + */ function htpasswdsync_cron() { - $time = variable_get('htpasswdsync_cron_time', 0); - _htpasswdsync_updatepasswd(); - _htpasswdsync_updategroup(); - variable_set('htpasswdsync_cron_time', time()); + db_query('DELETE FROM {htpasswdsync_htpasswd} WHERE username NOT IN (SELECT name from {users})'); } +?> |