Skip to content

Version 2.2 Fork / Login Form #43

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mkkeck wants to merge 27 commits into
base: master
Choose a base branch
from
Open

Version 2.2 Fork / Login Form #43

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
f664be1
Version 2.2 Fork / Login Form
mkkeck Mar 15, 2017
a0ed02f
Version 2.2 Fork / Description for login details in config
mkkeck Mar 16, 2017
748547b
Version 2.2 Fork / Update README.md
mkkeck Mar 16, 2017
d36e3aa
Version 2.2 Fork / Update README.md
mkkeck Mar 16, 2017
c74b005
Version 2.2 Fork / Update README.md
mkkeck Mar 16, 2017
16865f7
Version 2.2 Fork / Secure config and includes directories
mkkeck Mar 16, 2017
cde089d
Version 2.2 Fork / Security: option to force SSL
mkkeck Mar 16, 2017
53ddcd5
Version 2.2 Fork / Example Configs for CentOS 7.3
mkkeck Mar 18, 2017
e521a19
Version 2.2 Fork / Example Configs for CentOS 7.3
mkkeck Mar 18, 2017
da19d7d
Update config-example.php
mkkeck Mar 18, 2017
fc9be61
Version 2.2 Fork / Example Configs for CentOS 7.3: DB Settings
mkkeck Mar 19, 2017
0262fe0
Merge remote-tracking branch 'origin/master'
mkkeck Mar 19, 2017
21568a6
Change Password defaults to crypt + SAH512, Add User Expiry Date
Jan 20, 2020
25f10c7
bootstrap-datetimepicker
Jan 21, 2020
103d253
Added SSH public key fields and columns
Jan 22, 2020
696d79d
Added sftp configs
Jan 22, 2020
40e53cc
Add SSH Key support
Mar 19, 2020
46ac8fc
update to CRLF
Apr 12, 2021
7d790f6
Change Style
May 26, 2021
eb3fbd1
CSS und variable anpassung
Nov 17, 2022
ae88601
Anpassung für php8.x
Nov 17, 2022
98a7985
php8.1 and typing errors
Nov 17, 2022
e3b8423
php8.1 and typing errors
Nov 24, 2022
c5eb837
Add fix expiration
Nov 25, 2022
81e8053
Merge pull request #3 from preussal/master
mkkeck Mar 7, 2023
a45d286
Update tables.sql
jniltinho Dec 16, 2023
74d51ac
Merge pull request #4 from jniltinho/patch-1
mkkeck Dec 31, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
/nbproject/
/doctemp/
/docs/
/configs/auth.sqlite3
/configs/config.php
/configs/config_live.php
/configs/config_old.php
33 changes: 33 additions & 0 deletions CHANGELOG
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,41 @@
* @copyright Lex Brugman <lex_brugman@users.sourceforge.net>
* @copyright Christian Beer <djangofett@gmx.net>
* @copyright Ricardo Padilha <ricardo@droboports.com>
* @copyright Michael Keck <https://github.com/mkkeck>
*/


2020-01-22
----------
Changes: Alexander Preußner
* Added field "Expiry Date" for automatic Expire Accounts

2019-03-19
----------
Changes: Tom Larédo
* Added field "SSH public key" for SFTP management

2017-03-16
----------
Changes: Michael Keck <https://github.com/mkkeck>
* Login form
* Added session class for login form
* Display different navigations user is logged in / logged out
* Added security for Apache Webserver:
- `configs/` not accessible via browser
- `includes/` not accessible via browser
* Moved `tables*.sql` to `install/tables*.sql`
* Added `install/config-examples` for Linux Distributions
* Added `install/config-examples/debian` as example and info how to
setup on Debian Jessie
* Added config param `force_ssl` and check if secured connection is
used if `$cfg['force_ssl'] = true'`
* Fixed typos in follow files:
- `README.md`
- `includes/Session.php`
- `configs/config_sample.php`
- `install/config-example/debian/config-example.php`

Release: 2.2
Changes:
* added UID/GID limits (from Greg Arnold)
Expand Down
302 changes: 194 additions & 108 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,137 +2,223 @@

Graphical User Interface for ProFTPd with MySQL and sqlite3 support

&copy; 2004 The Netherlands, Lex Brugman <lex_brugman@users.sourceforge.net><br/>
&copy; 2012 Christian Beer <djangofett@gmx.net><br/>
&copy; 2015 Ricardo Padilha <ricardo@droboports.com>

Published under the GPLv2 License (see LICENSE for details)

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License version 2,
as published by the Free Software Foundation.
## About ProFTPd Admin

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, download from http://www.gnu.org/licenses/gpl-2.0.txt
This GUI for ProFTPd was written to support a basic user management feature
when using the SQL module. Originally written by Lex Brugmann in 2004,
updated by [Christian Beer](https://github.com/ChristianBeer/ProFTPd-Admin)
in 2012 to support the latest PHP version.
2017 updated by [Michael Keck](https://github.com/mkkeck) with build-in login for
the admin user, secure the directories _`configs/`_ and _`includes`_ and moved
_`tables*.sql`_ to _`install/tables*.sql`_.
Added _`install/config-examples`_ for [OS specific configurations](install/config-examples).

## Information about ProFTPd Admin
It's possible to use either of SHA1 and pbkdf2 with either of MySQL/MariaDB
and sqlite3. pbkdf2 is supported since ProFTPd 1.3.5.

This GUI for ProFTPd was written to support a basic user management feature when using the SQL module. Originally written by Lex Brugmann in 2004 it was updated by Christian Beer in 2012 to support the latest PHP version.
You can look at some [screenshots](screenshots/README.md) to see if this is
the tool you need.

There is no build-in security, so you have to protect the directory with something else, like Apache Basic Authentication.

It's possible to use either of SHA1 and pbkdf2 with either of MySQL/MariaDB and sqlite3. pbkdf2 is supported since ProFTPd 1.3.5.

You can look at some [screenshots](screenshots/README.md) to see if this is the tool you need.
## Installation

## To-Do
**Note:**
Please use, if available, a secured connection to your webserver via `https`.
You can do this by your webserver configurations or simple set in the
_`config.php`_:
```php
/**
* Force SSL usage
*
* Important: You should change this to true on live systems or configure
* your webserver to use SSL!
*/
$cfg['force_ssl'] = true; // default was false
```
Please notice that you need a SSL-certificate to use secured connection.

* add postgresql support (#26)
* Add default user settings to groups so it is easier to create a new user with default values (#28)
* Email new users with password (#35)

## Upgrade
#### (A) Using MySQL and SHA1

If you want to upgrade the hashing algorithm you have to change all passwords after changing the configs (both ProFTPd and ProFTPd Admin).
1. Install ProFTPd with MySQL support
2. Create a MySQL database, for example: "proftpd".
3. Use the file [install/tables.sql](install/tables.sql) to populate the database.
4. Add the following to your _`proftpd.conf`_ and _`sql.conf`_ (edit to your needs):

```ini
CreateHome on 775
AuthOrder mod_sql.c

SQLBackend mysql
SQLEngine on
SQLPasswordEngine on
SQLAuthenticate on
SQLAuthTypes SHA1

SQLConnectInfo database@localhost username password
SQLUserInfo users userid passwd uid gid homedir shell
SQLGroupInfo groups groupname gid members
SQLUserWhereClause "disabled != 1"
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "login_count=login_count+1, last_login=now() WHERE userid='%u'" users

# Used to track xfer traffic per user (without invoking a quota)
SQLLog RETR bytes-out-count
SQLNamedQuery bytes-out-count UPDATE "bytes_out_used=bytes_out_used+%b WHERE userid='%u'" users
SQLLog RETR files-out-count
SQLNamedQuery files-out-count UPDATE "files_out_used=files_out_used+1 WHERE userid='%u'" users

SQLLog STOR bytes-in-count
SQLNamedQuery bytes-in-count UPDATE "bytes_in_used=bytes_in_used+%b WHERE userid='%u'" users
SQLLog STOR files-in-count
SQLNamedQuery files-in-count UPDATE "files_in_used=files_in_used+1 WHERE userid='%u'" users
```

## Installation
5. Extract all files to your webspace (into a subdirectory like _`proftpdadmin`_).
6. Copy the _`configs/config_example.php`_ to _**`config.php`**_ and edit the new copied file
to your needs.
**Notice:** Change the default login settings!
```php
/**
* Login data
*
* Important: Please change this values in
* live systems!
*/
$cfg['login'] = array(
/* Username. Please use any username you want */
'username' => 'admin',
/* Password. CHANGE IT and use secure password! */
'password' => 'password',
/* Blowfish secret key (22 chars). CHANGE IT! */
'blowfish' => 'XBu5pjOTa8H7UIwYSzMZxD'
);
```
7. Optional remove or secure the folder _`install`_.
8. Start ProFTPd.
9. Go to `http://your.server.com/proftpdadmin/` and start using it!

### Using MySQL and SHA1

1. Install ProFTPd with MySQL support
- Debian: apt-get install proftpd-mod-mysql
- Gentoo: USE="mysql" emerge proftpd
2. Create a MySQL database (use something like phpMyAdmin for this), for example: "proftpd".
3. Use tables.sql to populate the database (you can use phpMyAdmin for this).
4. Add the following to your proftpd.conf and sql.conf (edit to your needs):
#### (B) Using sqlite3 and pbkdf2

```
CreateHome on 775
AuthOrder mod_sql.c

SQLBackend mysql
SQLEngine on
SQLPasswordEngine on
SQLAuthenticate on
SQLAuthTypes SHA1

SQLConnectInfo database@localhost username password
SQLUserInfo users userid passwd uid gid homedir shell
SQLGroupInfo groups groupname gid members
SQLUserWhereClause "disabled != 1"
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "login_count=login_count+1, last_login=now() WHERE userid='%u'" users

# Used to track xfer traffic per user (without invoking a quota)
SQLLog RETR bytes-out-count
SQLNamedQuery bytes-out-count UPDATE "bytes_out_used=bytes_out_used+%b WHERE userid='%u'" users
SQLLog RETR files-out-count
SQLNamedQuery files-out-count UPDATE "files_out_used=files_out_used+1 WHERE userid='%u'" users

SQLLog STOR bytes-in-count
SQLNamedQuery bytes-in-count UPDATE "bytes_in_used=bytes_in_used+%b WHERE userid='%u'" users
SQLLog STOR files-in-count
SQLNamedQuery files-in-count UPDATE "files_in_used=files_in_used+1 WHERE userid='%u'" users
1. Install ProFTPd with sqlite3 support
2. Use [install/tables-sqlite3.sql](install/tables-sqlite3.sql) to create an sqlite3 database:
`sqlite3 auth.sqlite3 < install/tables-sqlite3.sql`
3. Add the following to your _`proftpd.conf`_ and _`sql.conf`_ (edit to your needs):

```ini
CreateHome on 775
AuthOrder mod_sql.c

SQLBackend sqlite3
SQLEngine on
SQLPasswordEngine on
SQLAuthenticate on
SQLAuthTypes pbkdf2
SQLPasswordPBKDF2 sha1 5000 20
SQLPasswordUserSalt name Prepend
SQLPasswordEncoding hex

SQLConnectInfo /path/to/auth.sqlite3
SQLUserInfo users userid passwd uid gid homedir shell
SQLGroupInfo groups groupname gid members
SQLUserWhereClause "disabled != 1"
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "login_count=login_count+1, last_login=now() WHERE userid='%u'" users

# Used to track xfer traffic per user (without invoking a quota)
SQLLog RETR bytes-out-count
SQLNamedQuery bytes-out-count UPDATE "bytes_out_used=bytes_out_used+%b WHERE userid='%u'" users
SQLLog RETR files-out-count
SQLNamedQuery files-out-count UPDATE "files_out_used=files_out_used+1 WHERE userid='%u'" users

SQLLog STOR bytes-in-count
SQLNamedQuery bytes-in-count UPDATE "bytes_in_used=bytes_in_used+%b WHERE userid='%u'" users
SQLLog STOR files-in-count
SQLNamedQuery files-in-count UPDATE "files_in_used=files_in_used+1 WHERE userid='%u'" users
```

5. Extract all files to your webspace (into a subdirectory like "proftpdadmin").
6. Secure access to this directory (for example: create a .htaccess file if using apache)
7. Edit the configs/config_example.php file to your needs and rename it to config.php.
5. Extract all files to your webspace (into a subdirectory like _`proftpdadmin`_).
6. Copy the _`configs/config_example.php`_ to _**`config.php`**_ and edit the new copied file
to your needs.
**Notice:** Change the default login settings!
```php
/**
* Login data
*
* Important: Please change this values in
* live systems!
*/
$cfg['login'] = array(
/* Username. Please use any username you want */
'username' => 'admin',
/* Password. CHANGE IT and use secure password! */
'password' => 'password',
/* Blowfish secret key (22 chars). CHANGE IT! */
'blowfish' => 'XBu5pjOTa8H7UIwYSzMZxD'
);
```
7. Optional remove or secure the folder _`install`_.
8. Start ProFTPd.
9. Go to http://yourwebspace/proftpdadmin/ and start using it!
9. Go to `http://your.server.com/proftpdadmin/` and start using it!

### Using sqlite3 and pbkdf2

1. Install ProFTPd with sqlite3 support
2. Use tables-sqlite3.sql to create an sqlite3 database:
`sqlite3 auth.sqlite3 < tables-sqlite3.sql`
3. Add the following to your proftpd.conf and sql.conf (edit to your needs):
### Upgrade

If you want to upgrade the hashing algorithm you have to change all passwords after
changing the configs (both ProFTPd and ProFTPd Admin).

```
CreateHome on 775
AuthOrder mod_sql.c

SQLBackend sqlite3
SQLEngine on
SQLPasswordEngine on
SQLAuthenticate on
SQLAuthTypes pbkdf2
SQLPasswordPBKDF2 sha1 5000 20
SQLPasswordUserSalt name Prepend
SQLPasswordEncoding hex

SQLConnectInfo /path/to/auth.sqlite3
SQLUserInfo users userid passwd uid gid homedir shell
SQLGroupInfo groups groupname gid members
SQLUserWhereClause "disabled != 1"
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "login_count=login_count+1, last_login=now() WHERE userid='%u'" users

# Used to track xfer traffic per user (without invoking a quota)
SQLLog RETR bytes-out-count
SQLNamedQuery bytes-out-count UPDATE "bytes_out_used=bytes_out_used+%b WHERE userid='%u'" users
SQLLog RETR files-out-count
SQLNamedQuery files-out-count UPDATE "files_out_used=files_out_used+1 WHERE userid='%u'" users

SQLLog STOR bytes-in-count
SQLNamedQuery bytes-in-count UPDATE "bytes_in_used=bytes_in_used+%b WHERE userid='%u'" users
SQLLog STOR files-in-count
SQLNamedQuery files-in-count UPDATE "files_in_used=files_in_used+1 WHERE userid='%u'" users
```

5. Extract all files to your webspace (into a subdirectory like "proftpdadmin").
6. Secure access to this directory (for example: create a .htaccess file if using apache)
7. Edit the configs/config_example.php file to your needs and rename it to config.php.
8. Start ProFTPd.
9. Go to http://yourwebspace/proftpdadmin/ and start using it!

## Thanks / Links
## Plans

* Add postgresql support
» [Issue #26 / Feature request](https://github.com/ChristianBeer/ProFTPd-Admin/issues/26)

* Add default user settings to groups so it is easier to create a new user
with default values
» [Issue #28 / Feature request](https://github.com/ChristianBeer/ProFTPd-Admin/issues/28)

* Send e-mail to new users with their password
» [Issue #35 / Feature request](https://github.com/ChristianBeer/ProFTPd-Admin/issues/35)



## Thanks

- Lex Brugman for initiating this project
- Justin Vincent for the ezSQL library
- Ricardo Padilha for implementing sqlite3, pbkdf2 and bootstrap support
- Christian Beer for his update to support the latest PHP version
- Robert Tulke for the Debian Jessie example



## Copyright / License

- © 2004 The Netherlands, Lex Brugman; lex_brugman@users.sourceforge.net
- © 2012 Christian Beer; djangofett@gmx.net
- © 2015 Ricardo Padilha; ricardo@droboports.com
- © 2017 Robert Tulke; https://github.com/rtulke/
- © 2017 Michael Keck; https://github.com/mkkeck

---------------------------------------------------------------------------

Published under the GPLv2 License (see [LICENSE](LICENSE) for details)

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
version 2, as published by the Free Software Foundation.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

Lex Brugman for initiating this project<br/>
Justin Vincent for the ezSQL library<br/>
Ricardo Padilha for implementing sqlite3, pbkdf2 and bootstrap support
You should have received a copy of the GNU General Public License along with
this program; if not, download from
[http://www.gnu.org/licenses/gpl-2.0.txt](http://www.gnu.org/licenses/gpl-2.0.txt)
4 changes: 3 additions & 1 deletion add_group.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,11 @@
*
*/

global $cfg;

include_once ("configs/config.php");
include_once ("includes/Session.php");
include_once ("includes/AdminClass.php");
global $cfg;

$ac = new AdminClass($cfg);

Expand Down
Loading