Category: Web Stuff
Author/Contact Info /msg cjf
Description: Uses Apache::Htpasswd to add, delete, or change the password of a user in a .htaccess file. User input is web-based using forms, includes an authorization check.
#!/usr/bin/perl -wT

use strict;
use CGI;
use Apache::Htpasswd;

my $q  = new CGI;
my $ht = new Apache::Htpasswd("/home/cjf/httpd/.htaccess");

my $username   = $q->param("username");
my $passwd     = $q->param("password");

my $action     = $q->param("action");
my $user       = $q->param("user");
my $new_passwd = $q->param("new_passwd");
my $old_passwd = $q->param("old_passwd");

if ($new_passwd eq '') {
    error("You didn't enter a password");

my $valid_user = "cjf";
my $valid_passwd = "J10A1P16H8";

if (($username eq $valid_user) && ($passwd eq $valid_passwd)) {

    if ($action eq "add") {
        $ht->htpasswd($user, $new_passwd);
    } elsif ($action eq "change_passwd") {
        $ht->htpasswd($user, $new_passwd, $old_passwd);
    } elsif ($action eq "delete_user") {
    } else {
        error("No action was submitted.");

} else {
    error("Login Incorrect.");

sub error {
    my $error = shift;
    print $q->header("text/html"),
Replies are listed 'Best First'.
Re: Modify .htaccess files
by merlyn (Sage) on Feb 04, 2002 at 23:41 UTC
Re: Modify .htaccess files
by grinder (Bishop) on Feb 05, 2002 at 08:35 UTC
    There is also user_manage written by Lincoln Stein that is worth looking at.

    From that web page....

    For obscure reasons, there isn't a satisfactory remote tool for the Apache Web server that allows authorized users to change their passwords remotely. As a result, the onerous task of managing the password and group files falls on the Webmaster. user_manage was written to fill this need. In addition to its basic role as a password changer, this script allows the Webmaster to add, edit and delete users and groups, all via a form-based interface.

    user_manage handles most variants of the Apache "Basic" and "Digest" authentication scheme. Using one simple interface, it manages each of the following types of password and group files:

    1. Human readable text files.
    2. DBM database files.
    3. Berkeley DB database files.
    4. SQL databases.

    In addition to running as a CGI script, user_manage can be used from the command-line to manipulate users and groups, replacing both dbmmanage and htpasswd with a simple and consistent interface. Furthermore, by allowing you to define security "realms" consisting of paired password and group files, it avoids operator errors that often result in the incorrect password file being modified.

    Many of user_manage's functions will also work with other Unix Web servers, including NCSA httpd, and the CERN server. There is support for Netscape user (but not group) databases. This script has not been tested with Windows NT servers.

    g r i n d e r
    print@_{sort keys %_},$/if%_=split//,'= & *a?b:e\f/h^h!j+n,o@o;r$s-t%t#u';