htpasstool v1.04

htpasstool is a web-based management tool for Apache .htpasswd files.

It's small (just 1 php file), free as in freedom (released under the GPL) and straightforward to use.

It can protect/unprotect directories in your webspace, add users, rename users, remove users, and change passwords in the .htpasswd file. And it can assign random passwords to users, and send them an e-mail with their new password. All through a friendly, simple web interface. And it is trivial to install.

You can download htpasstool here.


To get you started, here are some screenshots. The first time you browse to your htpasstool installation (and you have not put any .htaccess or .htpasswd files in that directory), you will see something like this.

As you can see, the base directory that htpasstool operates on is indicated (in this example, it's /var/www/htpasstool) , and there is no .htaccess file (the red 'unprotected' indication), nor is there an .htpasswd file.

The first thing you should do is add a user.

The 'Add user' page has a few fields that are required (indicated with a red asterisk). It also has a checkbox labelled 'Assign random password'. If you check that, the password fields will disappear and the form will look like this:

If we'd click on 'Add' now, we would get a form with a message to be sent to the user. But let's not do that yet, let's assign a password manually to this user.

Now that we have a user, we need to activate .htaccess protection, which we do by clicking on the red 'Unprotected' link.

The directory is now protected. If your webserver is properly configured, a browser authentication dialog will have popped up before you got to that last page, because we are managing the directory that contains the htpasstool installation!

Say we now want to remove the .htaccess password protection again. Because we are working on the directory with the htpasstool installation, we get an extra warning.

So let's keep the protection. Now let's try to remove our user.

That's not allowed. If the last user would be removed, we'd lock ourselves out of the web interface!

Of course you can also use htpasstool on a different directory (that's the whole point, right!).

Let's change the working directory.

As you can see, we are now working on the directory 'test', under the base directory /var/www/htpasstool.

I mentioned above that you can assign and a random password and e-mail it to the user, all from the web interface. This is what that looks like:

Clicking on 'Assign and send' will generate an e-mail to the user, with the subject and body as displayed. The 'Sender e-mail address' field is empty in this screenshot because the $admin_email variable has not been configured in the index.php file. See the INSTALL file in the tgz archive for more information about that.

Any feedback is welcome, as always...

(c) 2006-2023 Ward Vandewege. This software is GPL'd.