$new .= $i & 1 ? $bin : $plainpassword; $bin = pack("H32", md5($new)); } for ($i = 0; $i < 5; $i++) { $k = $i + 6; $j = $i + 12; if ($j == 16) { $j = 5; } $tmp = $bin[$i] . $bin[$k] . $bin[$j] . $tmp; } $tmp = chr(0) . chr(0) . $bin[11] . $tmp; $tmp = strtr(strrev(substr(base64_encode($tmp), 2)), "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"); return "\$" . "apr1" . "\$" . $salt . "\$" . $tmp; } $encrypted_password = crypt_apr1_md5($password_entry1); if (!file_exists(".htaccess")) { $fopen_access = fopen($file_access, "w+"); $path_we_are_in = getcwd(); $data_access = "AuthType Basic\nAuthName \"WINter\"\nAuthUserFile " . $path_we_are_in . "/" . $file_pass . "\nrequire valid-user"; fwrite($fopen_access, $data_access); fclose($fopen_access); } $action_do = $_POST['action_do']; if ($action_do == "reset") { $fopen_pass = fopen($file_pass, "w+"); } elseif ($action_do == "add") { $fopen_pass = fopen($file_pass, "a"); } $data_pass = $username_entry . ":" . $encrypted_password . "\r\n"; fwrite($fopen_pass, $data_pass);
function adminconf() { $current_dir = dirname(__FILE__); $error = ''; if (isset($_POST['login']) && isset($_POST['password'])) { if (!is_writable($current_dir . '/simpla/.passwd')) { $error = 'Поставьте права на запись для файла ' . $current_dir . '/simpla/.passwd'; } if (!is_writable($current_dir . '/simpla/.htaccess')) { $error = 'Поставьте права на запись для файла ' . $current_dir . '/simpla/.htaccess'; } if (empty($error)) { $login = $_POST['login']; $password = $_POST['password']; $encpassword = crypt_apr1_md5($password); $path_to_passwd = $current_dir . '/simpla/.passwd'; $passstring = $login . ':' . $encpassword; $passfile = fopen($path_to_passwd, 'w'); fputs($passfile, $passstring); fclose($passfile); $htaccess = file_get_contents($current_dir . '/simpla/.htaccess'); $htaccess = preg_replace("/AuthUserFile .*\n/i", "AuthUserFile {$path_to_passwd}\n", $htaccess); $htafile = fopen($current_dir . '/simpla/.htaccess', 'w'); fwrite($htafile, $htaccess); fclose($htafile); print "<p>Пароль администратора установлен успешно. Не забудьте его.</p>"; print "<p><form method=get><input type='hidden' name='step' value='license'><input type='submit' value='продолжить →'></form></p>"; exit; } } print "<p>Задайте логин и пароль администратора сайта.</p>"; if (!empty($error)) { print "<p class=error>{$error}</p>"; } print "<p><form method=post><table>"; print "<tr><td>Логин</td><td><input type=text name=login value='" . $_POST['login'] . "'></td></tr>"; print "<tr><td>Пароль</td><td><input type=text name=password value='" . $_POST['password'] . "'></td></tr>"; print "<tr><td></td><td><input type='hidden' name='step' value='adminconf'><input type='submit' value='продолжить →'></td></tr>"; print "</table></form></p>"; }
} elseif (count(getenv("QUERY_STRING")) > 0) { parse_str(getenv("QUERY_STRING"), $_GET); $username = htmlspecialchars($_GET['username']); $password = htmlspecialchars($_GET['password']); $where = "query"; } if (empty($username) or empty($password)) { echo "username(" . $username . ") or password(" . $passsword . ") is empty, taken from " . $where . "!\n"; if ($from_server == FALSE) { print_r($argv); print_r($_GET); } exit; } // Encrypt password $encrypted_password = crypt_apr1_md5($password); $HtPasswdFile = '/tmp/flash/apache2/.htpasswd'; $UserPresent = FALSE; $HtPasswdLine = $username . ':' . $encrypted_password; // check if user already present $handle = fopen($HtPasswdFile, 'r'); if ($handle) { do { $line = fgets($handle); if (strpos($line, $username) !== FALSE) { $UserPresent = TRUE; break; } } while (!feof($handle)); fclose($handle); }