plugin for htpasswd for admins

Discussion in 'Tips/Tricks/Mods' started by theos, Jan 26, 2010.

  1. theos

    theos New Member

    Hi all,

    I've created a little plugin that creates a htpassword-file containing all passwords of the clients that are created in ispconfig3.
    I usually use this file to secure webapps like phpmyadmin.

    Maybe it is useful for others. This is my first ispconfig3-plugin. Comments are welcome :)

    Copy this file to /usr/local/ispconfig/server/plugins-available/
    Then create a symlink in /usr/local/ispconfig/server/plugins-available
    and create the entry $conf['services']['adminpassword'] = true; in /usr/local/ispconfig/lib/

      // this plugin automatically creates /var/www/.htpasswd_admin
      // TL Snelleman
      // borrowed some code from:
    class adminpassword_plugin {
            var $plugin_name = 'adminpassword_plugin';
            var $class_name  = 'adminpassword_plugin';
            //* This function is called during ispconfig installation to determine
            //  if a symlink shall be created for this plugin.
            function onInstall() {
                    global $conf;
                    if(@$conf['services']['adminpassword'] == true) {
                            return true;
                    } else {
                            return false;
                    This function is called when the plugin is loaded
            function onLoad() {
                    global $app;
                    Register for the events
            function htpassword_update($event_name,$data) {
                    global $app, $conf;
                    $result = $app->db->queryAllRecords("SELECT * FROM client c");
                	$fp = fopen("/var/www/.htpasswd_admin","w");
                    if ($fp) {
    			foreach($result as $row)
    			    $username       = $row['username'];
    			    $password       = $row['password'];
    			    if ($password != "") {
    	function client_insert($event_name,$data) {
                    global $app, $conf;
            function client_update($event_name,$data) {
                    global $app, $conf;
            function client_delete($event_name,$data) {
                    global $app, $conf;
    } //adminpassword_plugin
    Last edited: Jan 26, 2010
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Thanks for publishing your plugin! Just a small correction :) It must read:

    Then create a symlink in /usr/local/ispconfig/server/plugins-enabled
  3. prisfeo

    prisfeo New Member

    thanks theos..i'll try..
    in the meanwhile, i am in test-phase (ispconfig3+centos5.4)
    but the main domain server is published,
    so i have protected the
    access through editing the following file:
    modifying the following code (red):

    # Except of the following directories that contain website scripts
    <Directory /usr/share/phpmyadmin>
    #Order allow,deny
    #Allow from all

    Order Deny,Allow
    Deny from all
    Allow from 192.168.1.


    so only my private net can access to it..
    i wonder..
    in some changes of ispconfig3 made through the http panel
    my above code modifications to /etc/httpd/conf/sites-available/ispconfig.conf will be overwritten ?

    i have not used the ".htaccess" file cause i saw that in http.conf
    the "AllowOverride" directive is set to "None"..
    wil cause ipsconfig related web sites problems if i set to "All" ?

  4. BorderAmigos

    BorderAmigos New Member

    Does this only run when a new site is created? I installed as above and modified an existing site so ISPConfig3 would update but no .htpasswd_admin file was created.
    Last edited: Feb 2, 2010
  5. fathertime

    fathertime New Member

    Couldn't get it to work.

    The folder setup is different. I tried to use:

    and not:


    But it didn't work. I don't know if the directory issue is the problem or not.


    Is there a way to password protect the phpmyadmin, even by using just the standard process to make a password protected directory?


    I don't feel like the server is secured while this is open.

    Thanks for the effort though.
    Last edited: Feb 4, 2010
  6. admins

    admins Member

    no answer?
    it doesnt work.

  7. fathertime

    fathertime New Member

    I couldn't get it to work yet.

    I put this aside for a bit, while I worked on the ssl setup and configuration.

    I couldn't get it to work as instructed in the first post.

    I also cannot get .htpasswd or .htaccess to function correctly.

    Chmod ... they are rwrr ?

    folder used is /usr/share/phpmyadmin

    I may be in the wrong folder, but from what I can gather I believe that I am in the right directory.

    The end result is that the phpmyadmin is fully accessible via the various websites under /phpmyadmin.

    Any suggestions?


Share This Page