#!/usr/bin/perl

# Secure Area - Spaceports Security Script
# Allows you to add or edit .htaccess and .htpasswd files in your directories using a simple form

# Important note: Use this script with caution, and never leave it in a publically accessible directory

# Adapted from Floyd Morrissette's access3.cgi ( http://www.newwebsite.com - Floyd@NewWebSite.com)
# By Wysardry ( http://io.spaceports.com/~wysardry - wysardry@r67.net)
# With permission from Floyd Morrissette

# This script is provided free of charge, but please keep the credits intact

use CGI;
use CGI::Carp qw/fatalsToBrowser/;

read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) {  ($name, $value) = split(/=/, $pair);
  $value =~ tr/+/ /;
  $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
  $value =~ s/~!/ ~!/g;  $FORM{$name} = $value;}

# Change the following variable to the path the form should use to call this script on your system
# No trailing /

$action = "http://cgi-bin.spaceports.com/~username/access";

# Change the following variable to the absolute path to your root directory
# No trailing /

$base = "/home/username/public_html";

# You should not need to edit anything below this line as long as the filename is access3w.cgi
# Just run the script from your browser and fill out the form

$path = $base.$FORM{'path'};

$name = $FORM{'name'};

$password = $FORM{'password'};

$newpass = crypt($password, tnnntv);



print "Content-type: text/html\n\n";


if ($FORM{'submit'} eq "Enter") {
	&encrypt
	}else{
		&form
		}

sub form{
print "<html>\n<head>\n<title>access3w password form</title></head>\n<body bgcolor=\"#ffffcc\">\n";
print "<b>Please enter the user name, password and the directory you want to protect.</b><br>\n";
print "The path to your main directory is added by the script.<br>\n";
print "Put a leading / in front of the directory that you type in, but not a trailing one.<br>\n";
print "To protect the root directory (not advisable) just enter /<br>\n";
print "Just remember that protecting a directory also protects any subdirectories it contains.\n";
print "If you protect your root directory, nobody will be able to access any of the files on your CGI account without knowing the username and password.<br>\n";
print "This is probably not the desired effect.<br>\n";
print "<FORM METHOD=POST ACTION=\"$action/access3w.cgi\">\n";
print "Username: <INPUT type=\"text\" NAME=\"name\" size=20><BR><br>\n";
print "Password:  <INPUT type=\"text\" NAME=\"password\" size=20><BR><br>\n";
print "Directory: <INPUT type=\"text\" NAME=\"path\" size=20><BR><br>\n";


print "<input type=submit name=\"submit\" value=\"Enter\"><p>\n";
print "This script is designed to be used for only one user.<br>\n If there is already a .htaccess and .htpasswd file is the path you want to protect, then it will be overwritten with the new files that this script creates.<br>\n Each time the script is run it will overwrite any existing .htaccess and .htpasswd files that are in the directory you specify.\n";
print "</body>\n</html>\n";

}



sub encrypt{

open (HTACCESS, ">$path/.htaccess")|| die "Content-type: text/html\n\nError opening .htaccess\n";
print HTACCESS "AuthUserFile $path/.htpasswd\nAuthName \"Secure Area\"\nAuthType Basic\n<limit GET>\nrequire user $name\n</limit>\n";
close (HTACCESS);

open (PASS, ">$path/.htpasswd")|| die print "Error opening $path\n";
print PASS "$name:$newpass\n"; 
close (PASS);



print "<html>\n<head>\n<title>Password Set</title></head>\n<body bgcolor=\"#ffffff\">\n";
print "<b>The user name and password have been written to the .htaccess and .htpasswd files.</b><br>\n";
print "<b>The user name is <i>$name</i> and the password is <i>$password</i>.<br>\n";
print "<b>The path that is protected and requires the user name and password is <i>$path</i>.<br>\n";
#print "@html";
print "</body>\n</html>\n";

}