Nancy Posted September 15, 2002 Share Posted September 15, 2002 My application of tep2.1 is a highly customized b2b application. I needed to protect the catalog with http authentication and have accomplished this successfully with users logging in via http authentication and automatically being logged into their tep catalog account :D . I addressed the issue of logging off by forcing the browser to close on loggoff (while not ideal, more than adequate to meet my needs). What I haven't been able to accomplish is in the create account process to automatically create the http user in the .htpasswd file at the same time that the user is created in tep. Account adding will moved to administration. What I've unsuccessfully tried is to hack together code from HTAdmin (http://www.hido.net/projects/htadmin/ - distributed under the GNU General Public License by Hidayet Dogan) to the create_account_process.php file. I've altered HTAdmin to use the same variables as tep and can get the modified HTAdmin version to run independantly, but I can't combine the two and get them to work. I've spent most of yesterday and half of today on trial and error and can't get past 'headers already sent' and 'first .htpasswd file not set in config file' errors. The following 2 files work independantly updating the .htpasswd file when placed in the protected catalog directory. If a php expert is bored, could you glance at these and provide any guidence as to what needs to be done to get them to work? I've tried stripping the form portion of add.php and placing it directly into create_account_process.php then tweaking from there, but can't get it right :( TIA -nan ###################### add.php <? // HTAdmin Copyright ? 2000, 2001, 2002 by Hidayet Dogan require './config.inc.php'; if ($_SERVER['REQUEST_METHOD'] == "GET") $id = '0'; else $id = '0'; read_passwd_file($id); if (isset($_POST['submit'])) { $username = trim($_POST['email_address']); $password = trim($_POST['password']); $passwordv = trim($_POST['confirmation']); $realname = trim($_POST['firstname']); $realname = ucwords($realname); $email = trim($_POST['email_address']); $email = strtolower($email_address); if (is_user($username)) { echo "<font class="tdmain">User "$username" already exists</font><p>n"; $username = ''; } elseif (is_valid_string($username)) { echo "<font class="tdmain">Username contains bad characters</font><p>n"; $username = ''; } elseif (is_valid_string($password)) { echo "<font class="tdmain">Password contains bad characters</font><p>n"; } elseif (is_valid_string($passwordv)) { echo "<font class="tdmain">Password (Verify) contains bad characters</font><p>n"; } elseif ($password != $passwordv) { echo "<font class="tdmain">Passwords don't match</font><p>n"; } elseif (is_valid_realname($realname)) { echo "<font class="tdmain">Realname contains bad characters</font><p>n"; $realname = ''; } elseif (is_valid_email($email)) { echo "<font class="tdmain">E-Mail contains bad characters</font><p>n"; $email = ''; } else { echo "<font class="tdmain">User "$username" addedd successfuly<p>n"; $userid = count($htpUser); $htpUser[$userid][username] = $username; $htpUser[$userid][password] = crypt_password($password); $htpUser[$userid][realname] = $realname; $htpUser[$userid] = $email; write_passwd_file($id); read_passwd_file($id); # clean form $username = ''; $realname = ''; $email = ''; } } ?> <table border="0" cellspacing="3" cellpadding="2" width="600"> <form method="post" action="<?php echo $PHP_SELF.'?'.random() ?>"> <input type="hidden" name="id" value="<?php echo $id ?>"> <tr> <td colspan="2" width="100%" align="left" class="tdheader"><?php echo $cfgProgName.' '.$cfgVersion ?></td> </tr> <tr> <td colspan="2" width="100%" align="left" class="tdheader">[ <?php echo $cfgHTPasswd[$id][D] ?> ]</td> </tr> <tr> <td width="30%" align="right" class="tdmain">Username:</td> <td width="70%" align="left" class="tdmain"><input type="text" name="username" size="25" maxlength="25" value="<?php echo $username ?>"></td> </tr> <tr> <td width="30%" align="right" class="tdmain">Password:</td> <td width="70%" align="left" class="tdmain"><input type="password" name="password" size="25" maxlength="25"></td> </tr> <tr> <td width="30%" align="right" class="tdmain">Password (Verify):</td> <td width="70%" align="left" class="tdmain"><input type="password" name="confirmation" size="25" maxlength="25"></td> </tr> <tr> <td width="30%" align="right" class="tdmain">Realname:</td> <td width="70%" align="left" class="tdmain"><input type="text" name="firstname" size="25" maxlength="100" value="<?php echo $realname ?>"></td> </tr> <tr> <td width="30%" align="right" class="tdmain">E-Mail:</td> <td width="70%" align="left" class="tdmain"><input type="text" name="email_address" size="25" maxlength="150" value="<?php echo $email ?>"></td> </tr> <tr> <td colspan="2" width="100%" align="center" class="tdmain"><input type="submit" name="submit" value=" Add User "></td> </tr> </form> </table> <table border="0" cellspacing="3" cellpadding="2" width="600"> <tr> <td width="100%" align="left" class="tdmain">[ <a href="index.php?<?php echo random() ?>">Main Page</a> | <a href="browse.php?id=<?php echo $id ?>&sid=<?php echo random() ?>">Browse User List</a> | Add New User | <a href="view-htpasswd.php?id=<?php echo $id ?>&sid=<?php echo random() ?>">View .htpasswd file</a> | <a href="create-htaccess.php?id=<?php echo $id ?>&sid=<?php echo random() ?>">Create a Simple .htaccess File</a> ]</td> </tr> </table> ############################## config.inc.php <? // HTAdmin Copyright ? 2000, 2001, 2002 by Hidayet Dogan $cfgProgName = 'HTAdmin'; $cfgVersion = '1.2.2'; $cfgUseAuth = true; $cfgSuperUser = 'advantag'; // shouldn't need with this modification $cfgSuperPass = '979112'; // same as above $cfgBadChars = '`~!#$%^&*()+=[]{};':"|,/<>? '; $cfgBadCharsE = '`~!#$%^&*()+=[]{};':"|,/<>?, '; $cfgBadCharsR = '`~!@#$%^&*()+=[]{};':"|,/<>?'; $cfgHTPasswd[0][N] = '/home/virtual/advantag/home/httpd/html/catalog/.htpasswd'; # Full path and filename $cfgHTPasswd[0][D] = 'Manco User Access'; # Description $htpUser = array(); $version = explode(".", phpversion()); if (intval($version[0]) < 5 && intval($version[1]) < 1) { $_POST = $HTTP_POST_VARS; $_GET = $HTTP_GET_VARS; $_SERVER = $HTTP_SERVER_VARS; } function is_valid_string($string) { global $cfgBadChars; if (empty($string)) return true; for ($i = 0; $i < strlen($cfgBadChars); $i++) { if (strstr($string, $cfgBadChars[$i])) return true; } return false; } function is_valid_email($string) { global $cfgBadCharsE; if (empty($string)) return false; for ($i = 0; $i < strlen($cfgBadCharsE); $i++) { if (strstr($string, $cfgBadCharsE[$i])) return true; } return false; } function is_valid_realname($string) { global $cfgBadCharsR; if (empty($string)) return false; for ($i = 0; $i < strlen($cfgBadCharsR); $i++) { if (strstr($string, $cfgBadCharsR[$i])) return true; } return false; } function ht_error($errmsg, $htfunction) { echo "<p><font class="tdmain"><b>Error:</b> (in function <i>$htfunction</i>) $errmsg</font><p>"; exit; } function init_passwd_file($filenum, $htfunction) { global $cfgHTPasswd; if (empty($cfgHTPasswd[0][N])) ht_error("First .htpasswd file is not set in config file", $htfunction); if (empty($cfgHTPasswd[$filenum][N])) return; if (!file_exists($cfgHTPasswd[$filenum][N])) ht_error(".htpasswd ($filenum) file is not exists", $htfunction); if (!is_readable($cfgHTPasswd[$filenum][N])) ht_error(".htpasswd ($filenum) file is not readable", $htfunction); if (!is_writeable($cfgHTPasswd[$filenum][N])) ht_error(".htpasswd ($filenum) file is not writeable", $htfunction); } function read_passwd_file($filenum) { global $cfgHTPasswd, $htpUser; init_passwd_file($filenum, "read_passwd_file"); $htpUser = array(); if (!($fpHt = fopen($cfgHTPasswd[$filenum][N], "r"))) { ht_error("Could not open ".$cfgHTPasswd[$filenum][N]." file for reading", "read_passwd_file"); } $htpCount = 0; while (!feof($fpHt)) { $fpLine = fgets($fpHt, 512); $fpLine = trim($fpLine); $fpData = explode(":", $fpLine); $fpData[0] = trim($fpData[0]); $fpData[1] = chop(trim($fpData[1])); if (empty($fpLine) || $fpLine[0] == '#' || $fpLine[0] == '*' || empty($fpData[0]) || empty($fpData[1])) continue; $htpUser[$htpCount][username] = $fpData[0]; $htpUser[$htpCount][password] = $fpData[1]; $htpUser[$htpCount][realname] = $fpData[2]; $htpUser[$htpCount] = $fpData[3]; $htpCount++; } fclose($fpHt); return; } function write_passwd_file($filenum) { global $cfgHTPasswd, $htpUser; init_passwd_file($filenum, "write_passwd_file"); if (($fpHt = fopen($cfgHTPasswd[$filenum][N], "w"))) { for ($i = 0; $i < count($htpUser); $i++) { if (!empty($htpUser[$i][username])) fwrite($fpHt, $htpUser[$i][username].":". $htpUser[$i][password].":". $htpUser[$i][realname].":". $htpUser[$i]."n"); } fclose($fpHt); } else { ht_error("Could not open ".$cfgHTPasswd[$filenum][N]." file for reading", "write_passwd_file"); } return; } function is_user($username) { global $htpUser; if (empty($username)) return false; for ($i = 0; $i < count($htpUser); $i++) { if ($htpUser[$i][username] == $username) return true; } return false; } function random() { srand ((double) microtime() * 1000000); return rand(); } function crypt_password($password) { if (empty($password)) return "** EMPTY PASSWORD **"; $salt = random(); $salt = substr($salt, 0, 2); return crypt($password, $salt); } function ht_auth() { global $cfgProgName, $cfgVersion, $cfgUseAuth; global $cfgSuperUser, $cfgSuperPass; global $_SERVER; if (!$cfgUseAuth) return; if (($_SERVER['PHP_AUTH_USER'] != $cfgSuperUser) || ($_SERVER['PHP_AUTH_PW'] != $cfgSuperPass)) { header("WWW-Authenticate: Basic realm="$cfgProgName $cfgVersion""); header("HTTP/1.0 401 Unauthorized"); echo "<h1>$cfgProgName $cfgVersion</h1><h3>Authentication failed.</h3>n". "Click <a href="index.php">here</a> to login again.n"; exit; } } ?> ######################## END Link to comment Share on other sites More sharing options...
Nancy Posted September 16, 2002 Author Share Posted September 16, 2002 FWIW, I've pared the code down considerably and have gotten it to add the user to both .htpasswd and tep databases properly, but still get the 'headers already sent by (output started at create_account_process.php:4) :( . This is pasted at line 4 of create_account_process.php: <? require './config.inc.php'; $id = '0'; read_passwd_file($id); $username = trim($_POST['email_address']); $password = trim($_POST['password']); $passwordv = trim($_POST['confirmation']); $userid = count($htpUser); $htpUser[$userid][username] = $username; $htpUser[$userid][password] = crypt_password($password); write_passwd_file($id); ?> ######################### This is config.inc.php: <? $cfgHTPasswd[0][N] = '/home/virtual/advantag/home/httpd/html/catalog/.htpasswd'; # Full path and filename $htpUser = array(); $_POST = $HTTP_POST_VARS; $_SERVER = $HTTP_SERVER_VARS; function init_passwd_file($filenum, $htfunction) { global $cfgHTPasswd; } function read_passwd_file($filenum) { global $cfgHTPasswd, $htpUser; init_passwd_file($filenum, "read_passwd_file"); $htpUser = array(); if (!($fpHt = fopen($cfgHTPasswd[$filenum][N], "r"))) { ht_error("Could not open ".$cfgHTPasswd[$filenum][N]." file for reading", "read_passwd_file"); } $htpCount = 0; while (!feof($fpHt)) { $fpLine = fgets($fpHt, 512); $fpLine = trim($fpLine); $fpData = explode(":", $fpLine); $fpData[0] = trim($fpData[0]); $fpData[1] = chop(trim($fpData[1])); if (empty($fpLine) || $fpLine[0] == '#' || $fpLine[0] == '*' || empty($fpData[0]) || empty($fpData[1])) continue; $htpUser[$htpCount][username] = $fpData[0]; $htpUser[$htpCount][password] = $fpData[1]; $htpCount++; } fclose($fpHt); } function write_passwd_file($filenum) { global $cfgHTPasswd, $htpUser; init_passwd_file($filenum, "write_passwd_file"); if (($fpHt = fopen($cfgHTPasswd[$filenum][N], "w"))) { for ($i = 0; $i < count($htpUser); $i++) { if (!empty($htpUser[$i][username])) fwrite($fpHt, $htpUser[$i][username].":". $htpUser[$i][password]."n"); } fclose($fpHt); } } Link to comment Share on other sites More sharing options...
Nancy Posted September 16, 2002 Author Share Posted September 16, 2002 Stupid newbie error apparantly. Left blank lines between ?> <? in create_account_process.php. I'm assuming this is a no-no. Once I eliminated the blank lines, the previously posted code worked fine in all aspects. Sorry to bother y'all with stupid errors. The 'headers already sent' error is addressed in the php FAQ, but didn't mention anything I could see about blank lines. Link to comment Share on other sites More sharing options...
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.