#!/bin/bash

# apm--Apache Password Manager-allows-A the administrator to easily
#   add, update, or delete accounts and passwords for a subdirectory
#   of a typical Apache configuration (where the config file is called
#   .htaccess).

echo "Content-type: text/html"
echo ""
echo "<html><title>Apache Password Manager Utility</title><body>"

setglobal basedir = $[pwd]
setglobal myname = $[basename $0]
setglobal footer = ""$basedir/apm-footer.html""
setglobal htaccess = ""$basedir/.htaccess""

setglobal htpasswd = ""$[which htpasswd] -b""

# It's highly suggested you include the following code for security purposes:
#
# if [ "$REMOTE_USER" != "admin" -a -s $htpasswd ] ; then
#   echo "Error: You must be user <b>admin</b> to use APM."
#   exit 0
# fi

# Now get the password filename from the .htaccess file.

if test ! -r $htaccess  {
  echo "Error: cannot read $htaccess file."
  exit 1
}

setglobal passwdfile = $[grep "AuthUserFile" $htaccess | cut -d' '  -f2]
if test ! -r $passwdfile  {
  echo "Error: can't read password file: can't make updates."
  exit 1
} elif test ! -w $passwdfile  {
  echo "Error: can't write to password file: can't update."
  exit 1
}

echo "<center><h1 style='background:#ccf;border-radius:3px;border:1px solid #99c;padding:3px;'>"
echo "Apache Password Manager</h1>"

setglobal action = $[echo $QUERY_STRING | cut -c3]
setglobal user = $[echo $QUERY_STRING|cut -d'&' -f2|cut -d= -f2|tr '[:upper:]' '[:lower:]]

match $action {
  with A  echo "<h3>Adding New User <u>$user</u></h3>"
        if test ! -z $[grep -E "^$(user):" $passwdfile]  {
          echo "Error: user <b>$user</b> already appears in the file."
        } else {
          setglobal pass = $[echo $QUERY_STRING|cut -d'&' -f3|cut -d= -f2]
           if test ! -z $[echo $pass|tr -d '[[:upper:][:lower:][:digit:]]]
          {
            echo "Error: passwords can only contain a-z A-Z 0-9 ($pass)"
          } else {
            $htpasswd $passwdfile $user $pass
            echo "Added!<br>"
          }
        }
        
  with U  echo "<h3>Updating Password for user <u>$user</u></h3>"
        if test -z $[grep -E "^$(user):" $passwdfile]  {
          echo "Error: user <b>$user</b> isn't in the password file?"
          echo "searched for &quot;^$(user):&quot; in $passwdfile"
        } else {
          setglobal pass = $[echo $QUERY_STRING|cut -d'&' -f3|cut -d= -f2]
          if test ! -z $[echo $pass|tr -d '[[:upper:][:lower:][:digit:]]]
          {
            echo "Error: passwords can only contain a-z A-Z 0-9 ($pass)"
          } else {
            grep -vE "^$(user):" $passwdfile | tee $passwdfile > /dev/null
            $htpasswd $passwdfile $user $pass
            echo "Updated!<br>"
          }
        }
        
  with D  echo "<h3>Deleting User <u>$user</u></h3>"
        if test -z $[grep -E "^$(user):" $passwdfile]  {
          echo "Error: user <b>$user</b> isn't in the password file?"
        } elif test $user = "admin"  {
          echo "Error: you can't delete the 'admin' account."
        } else {
          grep -vE "^$(user):" $passwdfile | tee $passwdfile >/dev/null
          echo "Deleted!<br>"
        }
        
}

# Always list the current users in the password file...

echo "<br><br><table border='1' cellspacing='0' width='80%' cellpadding='3'>"
echo "<tr bgcolor='#cccccc'><th colspan='3'>List "
echo "of all current users</td></tr>"
setglobal oldIFS = $IFS ; setglobal IFS = '":'"   # Change word split delimiter...
while read acct pw {
  echo "<tr><th>$acct</th><td align=center><a href=\"$myname?a=D&u=$acct\">"
  echo "[delete]</a></td></tr>"
} < $passwdfile
echo "</table>"
setglobal IFS = $oldIFS             # ...and restore it.

# Build selectstring with all accounts included...
setglobal optionstring = $[cut -d: -f1 $passwdfile | sed 's/^/<option>/'|tr '\n' ' ]

if test ! -r $footer  {
  echo "Warning: can't read $footer"
} else {
  # ...and output the footer.
sed -e "s/--myname--/$myname/g" -e "s/--options--/$optionstring/g" < $footer
}

exit 0