htAdmin

htAdmin is a web interface to administering your username and password access to directories on web pages served by the Apache web server. I wrote this for clients who do not really understand or wish to understand how basic authentication of a web server works. The program will create a configuration file (eg .htaccess) and a password file (eg. .htpasswd).

There are two levels of protection. The directory which contains the htAdmin program files can be protected. In the configuration file of the program several other directories can be specified that should be protected.

Once on the htAdmin menu, users can be added, deleted and edited. One way encryption is used and therefore, we cannot retrieve a users password. For this reason I create a control file which has all the passwords in plain text. This function can be disabled as it makes this, "not very secure" authentication even more insecure. However, this system is not meant for encryption against vandals who have nothing better to do than destroying other peoples' property. The information protected by the system should thus preferably be of no interest to such idiots.

The password file has been extended to include an expiry date and an email address. This allows two things:

All usernames that have expired can be removed from the password file with a menu item.
An email message can be sent to a user which includes his username and password.

The following is a summary of the systems features:

Add a username, password, expiry date, email address.
Add an email address and expiry date, the username and password is automatically generated and can be emailed to the user with an admin message.
Adding multiple email addresses. The administrator specifies a usernumber to start usernames with and gives a list of email addresses and expiry dates. Usernames and passwords are automatically generated and an email messages with the username and password can be sent to the user.
Usernames can be deleted using the username.
Usernames can be deleted using the email address.
List all the usernames on file.
Edit a record after finding it by username.
Edit a record after finding it by email address.
Remove expired users.
Resubmit the password file from the control file.

Try the htAdmin system. The username is administrator and the password is password. Add a username and password for yourself to get access to the protected directories. Don't use the multi-add or email add, since the mailing is switched off, you won't be able to get your password.

Although everything seems to work so far, it is still a work in progress. I hope to make it more user friendly and maybe add a few more features. Any comments will be welcome.