format_interval(time()-filemtime($file)))); } else { return t('unknown'); } } /** * Returns an array containing the role ids of the roles to write into * the htgroup file. (selected in the admin page) * @return array */ function _htpasswdsync_roles() { return variable_get('htpasswdsync_roles', array()); } /** * Return an array containing the available hashes * @return array */ function _htpasswdsync_hashes() { return array ('crypt' => 'crypt', 'SHA-1' => 'SHA-1', 'SHA-256-crypt' => 'SHA-256-crypt', 'SHA-512-crypt' => 'SHA-512-crypt'); } /** * Returns the selected hash algorithm specified by _htpasswdsync_hashes(). * @return string */ function _htpasswdsync_hash() { return variable_get('htpasswdsync_hash', 'SHA-512-crypt'); } /** * Returns if the passwords shall be prefixed with curly braces indicating * the hashing algorithm used * @return bool */ function _htpasswdsync_prefix() { return variable_get('htpasswdsync_prefix', true); } /** * Returns if the htpasswd file shall be overwritten by drupal of not * overwritting will erase all manual entered users. Manual make the htpasswd * grow and contain renamed users. it will do the same for the htgroup * @return bool */ function _htpasswdsync_overwrite() { return variable_get('htpasswdsync_overwrite', true); } /** * Returns if spaces in group and user names shall be removed * @return bool */ function _htpasswdsync_names_without_whitespace() { return variable_get('htpasswdsync_names_without_whitespace', true); } /** * Returns if groups and user names shall be exported lowercase * @return bool */ function _htpasswdsync_names_lowercase() { return variable_get('htpasswdsync_names_lowercase', true); } /** * Returns the domain of which email addresses shall be exported as well * @return string */ function _htpasswdsync_email_domain() { return variable_get('htpasswdsync_export_email_domain', ''); } /** * Returns a random (safe) string for salts * Adopted from phpass by SolarDesigner and TimWolla on Stack Codereview * @param int $count * @return string */ function get_salt($count) { $charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/\\][{}\'";?.>, $path)); } else if(!is_dir(dirname($path))) { return t("File '!file' does not exists and the parent directory does not exist neither. Please check the path you entered or create the file manually.", array('!file' => $path)); } else if(!is_writable(dirname($path))) { return t("File '!file' does not exists and the parent directory is not writable. Please create the file manually.", array('!file' => $path)); } else if(file_put_contents($path, '') === false || !is_file($path) || !is_writable($path) || !is_readable($path)) { return t("File '!file' does not exists, and it could no be created properly. Please create the file manually.", array('!file' => $path)); } return false; } else if(!is_readable($path)) { return t("File '!file' exists but is not readable for the server. Use chmod command to change this.", array('!file' => $path)); } else if(!is_writable($path)) { return t("File '!file' exists but is not writable for the server. Use chmod command to change this.", array('!file' => $path)); } else { return t("File '!file' (dead branch check): Please inform the maintainer that there is a bug in function _htpasswdsync_check_file().", array('!file' => $path)); } } /** * Read htfile in an assoc. array (key=user, value=password hash) * @param string $file * @return array */ function _htpasswdsync_read_htfile($file) { $content = file_get_contents($file); if($content === false) { watchdog('HtPasswdSync', "Failed to read $file", WATCHDOG_ERROR); } else { $data = array(); $content = explode("\n", $content); foreach($content as $line) { $line = trim($line); if(!empty($line)) { $line = explode(':', $line, 2); if(count($line) == 2) { $line[0] = trim($line[0]); $line[1] = trim($line[1]); if(strlen($line[0]) > 0 && strlen($line[1]) > 0) { $data[$line[0]] = $line[1]; } } } } } return $data; } /** * Write an htfile * @param array &$data * @param string $file * @return void */ function _htpasswdsync_write_htfile(&$data, $file) { $content = array(); foreach($data as $u => $p) { if(strlen($u) > 0 && strlen($p) > 0) { $content[] = "$u:$p"; } } if(@file_put_contents($file, implode("\n", $content) . "\n") === false) { watchdog('HtPasswdSync', "Failed to write $file", WATCHDOG_ERROR); } } /** * Generate the htgroup content for each role configured (htpasswdsync_roles array), * list users and update the htgroup accordingly. * @return */ function _htpasswdsync_updategroup() { $file = _htpasswdsync_grpfilename(); $groups = array(); if($file == "") { return; } $mail_domain = _htpasswdsync_email_domain(); if(! _htpasswdsync_overwrite()) { $groups = _htpasswdsync_read_htfile($file); } foreach(_htpasswdsync_roles() as $rid) { $result = db_query('SELECT name FROM {role} WHERE rid = :rid', array(':rid' => $rid))->fetchCol(); $role = _htpasswdsync_sanitize_name(reset($result)); if(!empty($role)) { $users = db_query('SELECT u.name, u.mail FROM {users} AS u, {users_roles} AS ur WHERE ur.rid = :rid AND ur.uid = u.uid AND status = 1', array(':rid' => $rid)); $groups[$role] = array(); $group = &$groups[$role]; foreach($users as $user) { $group[] = _htpasswdsync_sanitize_name($user->name); if($mail_domain != '') { $user->mail = strtolower($user->mail); if(strpos($user->mail, $mail_domain) !== false) { $user->mail = reset(explode('@', $user->mail, 2)); $group[] = _htpasswdsync_sanitize_name($user->mail); } } } $group = implode(' ', $group); } } _htpasswdsync_write_htfile($groups, $file); } /** * Removes a group from a file given either by RID or by role name. * @param mixed $role */ function _htpasswdsync_remove_role($role) { if(is_numeric($role)) { $role = reset(db_query('SELECT name FROM {role} WHERE rid = :rid', array(':rid' => $role))->fetchCol()); } $role = _htpasswdsync_sanitize_name($role); $file = _htpasswdsync_grpfilename(); $groups = _htpasswdsync_read_htfile($file); if(isset($groups[$role])) { unset($groups[$role]); _htpasswdsync_write_htfile($groups, $file); } } /** * Generate the htpasswd content from the database update the htpasswd file * from the table htpasswdsync_passwd * @return void */ function _htpasswdsync_updatepasswd($removeDrupalUsers=false) { $file = _htpasswdsync_passfilename(); $passwords = array(); if($file == "") { return; } $overwrite = _htpasswdsync_overwrite(); $mail_domain = _htpasswdsync_email_domain(); if(!$overwrite) { $passwords = _htpasswdsync_read_htfile($file); } $res = db_query('SELECT A.username, A.passwd, B.mail FROM {htpasswdsync_htpasswd} AS A, {users} AS B WHERE name=username and status = 1'); foreach($res as $r) { if(!$overwrite) { if(isset($passwords[str_replace(' ','', $r->username)])) unset($passwords[str_replace(' ','', $r->username)]); if(isset($passwords[str_replace(' ','', strtolower($r->username))])) unset($passwords[str_replace(' ','', strtolower($r->username))]); if(isset($passwords[strtolower($r->username)])) unset($passwords[strtolower($r->username)]); } if(!$removeDrupalUsers) { if($r->passwd == "****DELETED" || $r->passwd == '') { if(isset($passwords[$r->username])) unset($passwords[$r->username]); if(isset($passwords[$r->mail])) unset($passwords[$r->mail]); } else { $passwords[_htpasswdsync_sanitize_name($r->username)] = $r->passwd; if($mail_domain != '') { $r->mail = strtolower($r->mail); if(strpos($r->mail, $mail_domain) !== false) { $r->mail = reset(explode('@', $r->mail, 2)); $passwords[_htpasswdsync_sanitize_name($r->mail)] = $r->passwd; } } } } } _htpasswdsync_write_htfile($passwords, $file); } /** * Update htpassword table with the new password of the user * @param object $edit * @return void */ function _htpasswdsync_update($edit) { if(isset($edit->pass) && $edit->pass != '' && isset($edit->name) && strlen(trim($edit->name)) > 0) { $user = $edit->name; $pass = _htpasswdsync_crypt($edit->pass); $passwds[$user] = $pass; if(isset($edit->uid) && $edit->uid > 0) { $ref_user = user_load($edit->uid); if($ref_user->name != $user) { db_query("DELETE FROM {htpasswdsync_htpasswd} WHERE username = :username", array(':username' => $ref_user->name)); } } db_query("DELETE FROM {htpasswdsync_htpasswd} WHERE username = :user", array(':user' => $user)); db_query("INSERT INTO {htpasswdsync_htpasswd} (username, passwd) VALUES(:user, :pass)", array(':user' => $user, ':pass' => $pass)); _htpasswdsync_commit_to_htpasswd(); } } /** * Update htpassword file with the new password of the user * @return void */ function _htpasswdsync_commit_to_htpasswd() { _htpasswdsync_updatepasswd(); _htpasswdsync_updategroup(); } /** * Remove the one user for the htpassword file * @param string $username * @return void */ function _htpasswdsync_delete_user($username) { db_query("DELETE FROM {htpasswdsync_htpasswd} WHERE username = :username", array(':username' => $username)); db_query("INSERT INTO {htpasswdsync_htpasswd} (username, passwd) VALUES(:username, :passwd)", array(':username' => $username, ':passwd' => "****DELETED") ); } /** * Remove the user for the htpassword file * @param object $account * @return void */ function _htpasswdsync_delete($account) { _htpasswdsync_delete_user($account->name); _htpasswdsync_commit_to_htpasswd(); } /** * User cancel hook * @param array $edit * @param object $account * @param string $method * @return void */ function htpasswdsync_user_cancel($edit, $account, $method) { _htpasswdsync_delete($account); } /** * User delete hook * @param object $account * @return void */ function htpasswdsync_user_delete($account) { _htpasswdsync_delete($account); } /** * User insert/edit hook. Used instead of htpasswdsync_user_insert() and * htpasswdsync_user_update() because at these states the password is already * hashed. * @param string $entity_type * @param object $entity * @param array $form * @param array $form_state * @return void */ function htpasswdsync_field_attach_submit($entity_type, $entity, $form, &$form_state) { if($entity_type != 'user') return; if(!empty($entity->name) && !empty($entity->pass)) { $result = db_query('SELECT pass FROM {users} WHERE uid=:uid', array(':uid' => $entity->uid))->fetchCol(); $r = reset($result); if($r != $entity->pass) { _htpasswdsync_update($entity); } } } /** * Run the _htpasswdsync_update function when a user is create; */ function htpasswdsync_user_insert(){ _htpasswdsync_updatepasswd(); } /** * Role delete hook * @param object $role * @return void */ function htpasswdsync_user_role_update($role) { _htpasswdsync_updategroup(); } /** * Role delete hook * @param object $role * @return void */ function htpasswdsync_user_role_delete($role) { _htpasswdsync_updategroup(); } /** * Returns help and module information * @param string $path which path of the site we're displaying help * @param array $arg Holds the current path as would be returned from arg() function * @return string */ function htpasswdsync_help($path, $arg) { if($path != 'admin/help#htpasswdsync') return ''; return '
' . htmlspecialchars(@file_get_contents(dirname(__FILE__) . '/README.txt'), null, 'UTF-8') . '
'; } /** * Returns the required permissions for the htpasswdsync module * @return array */ function htpasswdsync_permission() { return array( 'administer htpasswdsync' => array( 'title' => t('Administer htpasswd synchronization'), 'restrict access' => true ) ); } /** * Administration menu entry * @return array */ function htpasswdsync_menu() { $items = array(); $items['admin/config/people/htpasswdsync'] = array( 'title' => 'Htpasswd file synchronization', 'description' => 'Preferences for the HTPasswd Sync module', 'page callback' => 'drupal_get_form', 'page arguments' => array('htpasswdsync_admin_form'), 'access arguments' => array('administer htpasswdsync'), ); return $items; } /** * Returns the configuration form structure * @return array */ function htpasswdsync_admin_form() { // A workaround to update the files directly after saving the config form, // Because the form is displayed directly after saving. if(variable_get('htpasswdsync_flag_needs_rebuild', false)) { variable_del('htpasswdsync_flag_needs_rebuild'); _htpasswdsync_updatepasswd(); _htpasswdsync_updategroup(); } $form['htpasswdsync_htpasswd'] = array( '#type' => 'textfield', '#title' => t('htpasswd file'), '#default_value' => _htpasswdsync_passfilename(), '#size' => 100, '#maxlength' => 200, '#description' => t("The full path to the !file file (e.g. !eg_file).", array('!file' => 'htpasswd', '!eg_file' => '/etc/httpd/htpasswd')), '#required' => true, ); $form['htpasswdsync_htgroup'] = array( '#type' => 'textfield', '#title' => t('htgroup file'), '#default_value' => _htpasswdsync_grpfilename(), '#size' => 100, '#maxlength' => 200, '#description' => t("The full path to the !file file (e.g. /etc/httpd/htgroup). Leave blank if you don't need a group file. If you enter a group file here, then you must also define a htpasswd file above.", array('!file' => 'htgroup')), '#required' => false, ); $form['htpasswdsync_hash'] = array( '#type' => 'radios', '#title' => t('password hashing algorithm'), '#description' => t("How shall the password be hashed crypt (old unix), SHA1 (insecure, not salted!), SHA-256-crypt (safe) or SHA-512-crypt (best)"), '#options' => _htpasswdsync_hashes(), '#default_value' => _htpasswdsync_hash(), ); $form['htpasswdsync_prefix'] = array( '#type' => 'checkbox', '#title' => t('Add a curly braces prefix like {SHA512-crypt} to the password field (e.g. for Dovecot)'), '#description' => t("If yes, htpasswdsync will prefix all newly save passwords with {algorithm} except old unix-crypt which never gets prefixed for compatibility reasons."), '#default_value' => _htpasswdsync_prefix(), ); $form['htpasswdsync_roles'] = array( '#type' => 'checkboxes', '#title' => t('Roles to be exported into the htgroup file'), '#description' => t("Only users of these roles will be syncronized into the htpasswd/htgroup file. If none is specified, no user will be in the file (not 'default all')."), '#default_value' => _htpasswdsync_roles(), '#options' => user_roles(true), ); $form['htpasswdsync_overwrite'] = array( '#type' => 'checkbox', '#title' => t('htpasswd file is only managed by this module'), '#description' => t("If yes, manually added users in the user file will be removed (simply overwrites the files). If no, only the users stored in the database will be changed/added/deleted (Files will be analyzed and users not existing in the database will be left unchanged)."), '#default_value' => _htpasswdsync_overwrite(), ); $form['htpasswdsync_names_lowercase'] = array( '#type' => 'checkbox', '#title' => t('Export user names and group names lowercase'), '#description' => t("If yes, htpasswdsync will export the lowercase user names (e.g. 'User' will be exported as 'user'). Groups will always be exported lowercase (as the user does not need to enter a group, so this makes it easier to design the .htaccess files). Caution: this option may increase the file size of the htuser file."), '#default_value' => _htpasswdsync_names_lowercase(), ); $form['htpasswdsync_names_without_whitespace'] = array( '#type' => 'checkbox', '#title' => t('Remove whitespaces in user names and groups'), '#description' => t("If yes, htpasswdsync will remove all whitespaces in user names and groups (e.g. 'User 1' will be exported as 'User1'). Caution: this increases the file size of the htuser file. If you use groups, then you must check this setting because whitespaces are used as separators in the group file. This setting goes along with the checkbox above."), '#default_value' => _htpasswdsync_names_without_whitespace(), ); $form['htpasswdsync_export_email_domain'] = array( '#type' => 'textfield', '#title' => t('Additional user email domain'), '#default_value' => _htpasswdsync_email_domain(), '#size' => 100, '#maxlength' => 200, '#description' => t("Enter a domain here if you want that email account names shall be exported into the htpasswd file as well. E.g., if you enter 'example.org', then the email 'user1@example.org' would be exported as 'user1' into the htpasswd file. However, it should be more interesting for your own domain."), '#required' => false, ); // Small description ... $notewhitespaces = _htpasswdsync_names_lowercase() ? " Enter your login name without whitespaces and special characters." : ""; $txt = t('This is how a simple .htaccess file could look like:') . "
\t[...]\n"
            . "\tAuthType Basic\n"
            . "\tAuthName \"Protected members area.$notewhitespaces\"\n"
            ;

    if(_htpasswdsync_passfilename() != '') {
        $txt .= "\tAuthUserFile " . _htpasswdsync_passfilename() . "\n";
        if(_htpasswdsync_grpfilename() != '') {
            $txt .= "\tAuthGroupFile " . _htpasswdsync_grpfilename() . "\n";
        }

        $txt .=   "\trequire valid-user\n"
                . "\t#require group administrator\n"
                . "\n[OR]\n"
                . "\t[...]

"; } $form['htaccess_file_now_looks_like'] = array( '#markup' => $txt ); return system_settings_form($form); } /** * Form validation callback. Checks if htpasswd/htgroup file are writable * @param array $form * @param array& $form_state * @return void */ function htpasswdsync_admin_form_validate($form, &$form_state) { $form_state['values']['htpasswdsync_htpasswd'] = trim($form_state['values']['htpasswdsync_htpasswd']); $form_state['values']['htpasswdsync_htgroup'] = trim($form_state['values']['htpasswdsync_htgroup']); $error = false; if(empty($form_state['values']['htpasswdsync_htpasswd']) && empty($form_state['values']['htpasswdsync_htgroup'])) { form_set_error('htpasswdsync_htpasswd', 'You should at least specify the htpasswd file.'); $error = true; } else if(!empty($form_state['values']['htpasswdsync_htgroup']) && empty($form_state['values']['htpasswdsync_htpasswd'])) { form_set_error('htpasswdsync_htpasswd', 'The htgroup file makes no sense without the htpasswd file.'); $error = true; } else if($form_state['values']['htpasswdsync_htgroup'] == $form_state['values']['htpasswdsync_htpasswd']) { form_set_error('htpasswdsync_htpasswd', 'The htgroup file and the htpasswd file have to be different files.'); $error = true; } $file = $form_state['values']['htpasswdsync_htpasswd']; if(!empty($file)) { if($msg = _htpasswdsync_check_file($file)) { form_set_error('htpasswdsync_htpasswd', $msg); $error = true; } } $file = $form_state['values']['htpasswdsync_htgroup']; if(!empty($file)) { if($msg = _htpasswdsync_check_file($file)) { form_set_error('htpasswdsync_htgroup', $msg); $error = true; } if(!$form_state['values']['htpasswdsync_names_without_whitespace']) { form_set_error('htpasswdsync_htgroup', 'htgroup file access restriction can only work if you remove the whitespaces in user names and groups (see setting below)'); $error = true; } } // Directly apply changes if no validation errors if($error == false) { if($form_state['values']['htpasswdsync_htgroup'] == '' && _htpasswdsync_grpfilename() != '') { // Group file was unset, so the groups shpuld be all deleted foreach(_htpasswdsync_roles() as $role) { _htpasswdsync_remove_role($role); } } else { // Check which roles have to be removed // A workaround to update the files directly after saving the config form variable_set('htpasswdsync_flag_needs_rebuild', true); foreach(_htpasswdsync_roles() as $role) { if($role > 0 && !in_array($role, $form_state['values']['htpasswdsync_roles'])) { _htpasswdsync_remove_role($role); } } } } } /** * Runtime phase htgroup / htpasswd file check * @param string $phase * @return array */ function htpasswdsync_requirements($phase) { if($phase != 'runtime') { return array(); } else { $requirements = array(); if(_htpasswdsync_passfilename() != "") { $htpasswd_status_msg = _htpasswdsync_check_file(_htpasswdsync_passfilename()); $htpasswd_status_val = REQUIREMENT_ERROR; if (!$htpasswd_status_msg) { $htpasswd_status_msg = t('!file file is writable', array('!file' => 'htpasswd')) . " (" . _htpasswdsync_fileage(_htpasswdsync_passfilename()) . ")"; $htpasswd_status_val = REQUIREMENT_OK; } } else { $htpasswd_status_msg = 'Not required'; $htpasswd_status_val = REQUIREMENT_OK; } if(_htpasswdsync_grpfilename() != "") { $htgroup_status_msg = _htpasswdsync_check_file(_htpasswdsync_grpfilename()); $htgroup_status_val = REQUIREMENT_ERROR; if (!$htgroup_status_msg) { $htgroup_status_msg = t('!file file is writable', array('!file' => 'htgroup')) . " (" . _htpasswdsync_fileage(_htpasswdsync_grpfilename()) . ")"; $htgroup_status_val = REQUIREMENT_OK; } } else { $htgroup_status_msg = 'Not required'; $htgroup_status_val = REQUIREMENT_OK; } $status = $htpasswd_status_val != REQUIREMENT_OK && $htgroup_status_val != REQUIREMENT_OK; $requirements['htpasswdsync_status'] = array( 'title' => t('HTPasswd Sync Status'), 'value' => "htpasswd: " . $htpasswd_status_msg . "
" . "htgroup: " . $htgroup_status_msg . "
", 'severity' => $status, ); if($status != REQUIREMENT_OK) { $requirements['htpasswdsync_status']['description'] = t('Cannot access files, please check configuration.', array('!url' => url('admin/user/htpasswdsync'))); } return $requirements; } } /** * Cron hook * @return void */ function htpasswdsync_cron() { db_query('DELETE FROM {htpasswdsync_htpasswd} WHERE username NOT IN (SELECT name from {users})'); } ?>