Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New to the CF scene
    Join Date
    Sep 2008
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    weird htaccess / passwd crossover

    Hi guys, great site.
    I'm having a strange issue with the password dialogues for linux password protected folders.
    One folder called admin is protected with
    .htaccess

    Code:
    AuthType Basic
    AuthName "Admin Console"
    AuthUserFile "/root/to/admin/passwd"
    require valid-user
    and .htpasswds/... as appropriate with user:cryptpass

    A php function within admin creates folders in another folder called ftp

    PHP Code:
    if ($form_sent) {

        
    // remove everything but letters and numbers from folder name
        
    $pattern "/[^A-Za-z0-9_]/";
        
    $folder_name preg_replace($pattern""$folder_name);
        
    // create folder and put index page in it which will include one central index page
        
    $dir "ftp/";
        if (
    is_dir($dir)) {
        
            
    // if folder doesnt already exist in ftp
            
    if (!is_dir($dir $folder_name)) {
            
                
    mkdir($dir $folder_name);
                
    chmod($dir $folder_name,0777);
                
    // copy the relevant files into new folder
                
    copy($dir "index.php"$dir $folder_name "/index.php");
                
                
    // do the passwords for ftp folders
                
    $passfile "/root/to/ftp/passwd";
                if (
    file_exists($passfile)) {
                
                    
    // open pw file for writing
                    
    $fp fopen($passfile,"w");
                    
    // open dir to read for usernames
                    
    $handle opendir("ftp");
                    
    // loop thru using dir name as user for each folder in ftp
                    
    while (false !== ($file readdir($handle))){
                    
                        if (
    $file != "." && $file != ".." && $file != "index.php" && $file != "ftp_console.php" && $file != ".htaccess") {
                        
                            
    $un $file;
                            
    $pw "password";
                            
    $pw2 crypt($pw);
                            
    $text "$un:$pw2";
                            
    // write encrypted pass to file
                            
    fwrite($fp"\n$text");
                            
                        }
                        
                    }
                            
                    
    // close file
                    
    fclose($fp);
                    
                } 
    // if file exists
                
            
    // if !isdir
            
        
    // if isdir

    // if form sent 
    The ftp folder has a .htaccess file as with admin that points to the password file generated above

    Code:
    AuthType Basic
    AuthName "West One Music FTP"
    AuthUserFile "/root/to/ftp/passwd"
    require valid-user
    This all works well except that when a user that hasnt logged in to the admin folder in the browser session tries to go to an ftp folder they are prompted for a password first for the ftp file as created above and then (and heres the hair ripper for me) they are prompted for the admin folder password (states realm as "Admin Console")!

    i remember reading a php bug report on something similar but cannot find it now however my first port of call, rather than to suggest a php bug, is to realise that i'm probably doing something stupid!

    Any help greatly appreciated
    Rich

  • #2
    Banned
    Join Date
    Aug 2008
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Post Make money

    Buy AdsTest drive our brand new real-time traffic estimator and create your campaign. Choose text, banner, or interstitial ads. Target by site, keyword, demographic. Create or upload multiple ads. Sell AdsFind out how we can help you generate more revenue from your ad space. Customize ads to match your site Approve and reject ads for your site Works alongside other ad programs Make money online,now!


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •