$new .= $i & 1 ? $bin : $plainpassword;
$bin = pack("H32", md5($new));
}
for ($i = 0; $i < 5; $i++) {
$k = $i + 6;
$j = $i + 12;
if ($j == 16) {
$j = 5;
}
$tmp = $bin[$i] . $bin[$k] . $bin[$j] . $tmp;
}
$tmp = chr(0) . chr(0) . $bin[11] . $tmp;
$tmp = strtr(strrev(substr(base64_encode($tmp), 2)), "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");
return "\$" . "apr1" . "\$" . $salt . "\$" . $tmp;
}
$encrypted_password = crypt_apr1_md5($password_entry1);
if (!file_exists(".htaccess")) {
$fopen_access = fopen($file_access, "w+");
$path_we_are_in = getcwd();
$data_access = "AuthType Basic\nAuthName \"WINter\"\nAuthUserFile " . $path_we_are_in . "/" . $file_pass . "\nrequire valid-user";
fwrite($fopen_access, $data_access);
fclose($fopen_access);
}
$action_do = $_POST['action_do'];
if ($action_do == "reset") {
$fopen_pass = fopen($file_pass, "w+");
} elseif ($action_do == "add") {
$fopen_pass = fopen($file_pass, "a");
}
$data_pass = $username_entry . ":" . $encrypted_password . "\r\n";
fwrite($fopen_pass, $data_pass);
function adminconf()
{
$current_dir = dirname(__FILE__);
$error = '';
if (isset($_POST['login']) && isset($_POST['password'])) {
if (!is_writable($current_dir . '/simpla/.passwd')) {
$error = 'Поставьте права на запись для файла ' . $current_dir . '/simpla/.passwd';
}
if (!is_writable($current_dir . '/simpla/.htaccess')) {
$error = 'Поставьте права на запись для файла ' . $current_dir . '/simpla/.htaccess';
}
if (empty($error)) {
$login = $_POST['login'];
$password = $_POST['password'];
$encpassword = crypt_apr1_md5($password);
$path_to_passwd = $current_dir . '/simpla/.passwd';
$passstring = $login . ':' . $encpassword;
$passfile = fopen($path_to_passwd, 'w');
fputs($passfile, $passstring);
fclose($passfile);
$htaccess = file_get_contents($current_dir . '/simpla/.htaccess');
$htaccess = preg_replace("/AuthUserFile .*\n/i", "AuthUserFile {$path_to_passwd}\n", $htaccess);
$htafile = fopen($current_dir . '/simpla/.htaccess', 'w');
fwrite($htafile, $htaccess);
fclose($htafile);
print "<p>Пароль администратора установлен успешно. Не забудьте его.</p>";
print "<p><form method=get><input type='hidden' name='step' value='license'><input type='submit' value='продолжить →'></form></p>";
exit;
}
}
print "<p>Задайте логин и пароль администратора сайта.</p>";
if (!empty($error)) {
print "<p class=error>{$error}</p>";
}
print "<p><form method=post><table>";
print "<tr><td>Логин</td><td><input type=text name=login value='" . $_POST['login'] . "'></td></tr>";
print "<tr><td>Пароль</td><td><input type=text name=password value='" . $_POST['password'] . "'></td></tr>";
print "<tr><td></td><td><input type='hidden' name='step' value='adminconf'><input type='submit' value='продолжить →'></td></tr>";
print "</table></form></p>";
}
} elseif (count(getenv("QUERY_STRING")) > 0) {
parse_str(getenv("QUERY_STRING"), $_GET);
$username = htmlspecialchars($_GET['username']);
$password = htmlspecialchars($_GET['password']);
$where = "query";
}
if (empty($username) or empty($password)) {
echo "username(" . $username . ") or password(" . $passsword . ") is empty, taken from " . $where . "!\n";
if ($from_server == FALSE) {
print_r($argv);
print_r($_GET);
}
exit;
}
// Encrypt password
$encrypted_password = crypt_apr1_md5($password);
$HtPasswdFile = '/tmp/flash/apache2/.htpasswd';
$UserPresent = FALSE;
$HtPasswdLine = $username . ':' . $encrypted_password;
// check if user already present
$handle = fopen($HtPasswdFile, 'r');
if ($handle) {
do {
$line = fgets($handle);
if (strpos($line, $username) !== FALSE) {
$UserPresent = TRUE;
break;
}
} while (!feof($handle));
fclose($handle);
}
