Hi all, I've created a little plugin that creates a htpassword-file containing all passwords of the clients that are created in ispconfig3. I usually use this file to secure webapps like phpmyadmin. Maybe it is useful for others. This is my first ispconfig3-plugin. Comments are welcome Copy this file to /usr/local/ispconfig/server/plugins-available/adminpassword_plugin.inc.php Then create a symlink in /usr/local/ispconfig/server/plugins-available and create the entry $conf['services']['adminpassword'] = true; in /usr/local/ispconfig/lib/config.inc.php Code: <?php // this plugin automatically creates /var/www/.htpasswd_admin // TL Snelleman // borrowed some code from: http://www.howtoforge.com/forums/showthread.php?t=33026 class adminpassword_plugin { var $plugin_name = 'adminpassword_plugin'; var $class_name = 'adminpassword_plugin'; //* This function is called during ispconfig installation to determine // if a symlink shall be created for this plugin. function onInstall() { global $conf; if(@$conf['services']['adminpassword'] == true) { return true; } else { return false; } } /* This function is called when the plugin is loaded */ function onLoad() { global $app; /* Register for the events */ $app->plugins->registerEvent('client_insert',$this->plugin_name,'client_insert'); $app->plugins->registerEvent('client_update',$this->plugin_name,'client_update'); $app->plugins->registerEvent('client_delete',$this->plugin_name,'client_delete'); } function htpassword_update($event_name,$data) { global $app, $conf; $result = $app->db->queryAllRecords("SELECT * FROM client c"); $fp = fopen("/var/www/.htpasswd_admin","w"); if ($fp) { foreach($result as $row) { $username = $row['username']; $password = $row['password']; if ($password != "") { fwrite($fp,$username.":".$password."\n"); } } } fclose($fp); } function client_insert($event_name,$data) { global $app, $conf; $this->htpassword_update($event_name,$data); } function client_update($event_name,$data) { global $app, $conf; $this->htpassword_update($event_name,$data); } function client_delete($event_name,$data) { global $app, $conf; $this->htpassword_update($event_name,$data); } } //adminpassword_plugin ?>
Thanks for publishing your plugin! Just a small correction It must read: Then create a symlink in /usr/local/ispconfig/server/plugins-enabled
thanks theos..i'll try.. .. in the meanwhile, i am in test-phase (ispconfig3+centos5.4) but the main domain server is published, so i have protected the http://ispconfig.mydomain.com/phpmyadmin access through editing the following file: /etc/httpd/conf/sites-available/ispconfig.conf modifying the following code (red): # Except of the following directories that contain website scripts <Directory /usr/share/phpmyadmin> #Order allow,deny #Allow from all Order Deny,Allow Deny from all Allow from 127.0.0.1 192.168.1. </Directory> so only my 192.168.1.0/24 private net can access to it.. i wonder.. in some changes of ispconfig3 made through the http panel my above code modifications to /etc/httpd/conf/sites-available/ispconfig.conf will be overwritten ? i have not used the ".htaccess" file cause i saw that in http.conf the "AllowOverride" directive is set to "None".. wil cause ipsconfig related web sites problems if i set to "All" ? thanks, bye.
Does this only run when a new site is created? I installed as above and modified an existing site so ISPConfig3 would update but no .htpasswd_admin file was created.
Couldn't get it to work. The folder setup is different. I tried to use: /usr/local/ispconfig/server/lib/config.inc.php and not: /usr/local/ispconfig/lib/config.inc.php But it didn't work. I don't know if the directory issue is the problem or not. --- Is there a way to password protect the phpmyadmin, even by using just the standard process to make a password protected directory? htpasswd/htaccess? I don't feel like the server is secured while this is open. Thanks for the effort though.
I couldn't get it to work yet. I put this aside for a bit, while I worked on the ssl setup and configuration. I couldn't get it to work as instructed in the first post. I also cannot get .htpasswd or .htaccess to function correctly. Chmod ... they are rwrr ? folder used is /usr/share/phpmyadmin I may be in the wrong folder, but from what I can gather I believe that I am in the right directory. The end result is that the phpmyadmin is fully accessible via the various websites under /phpmyadmin. Any suggestions? T
