I have a programmer that has written a script for me but it's for php5 and normally, that'd be ok, but I have a client that uses a server with php4 on it - and he's told me that the scripts he runs on his sites would have to be rewritten to work with php5 so it's not a viable solution to get him to upgrade.

My programmer had a family emergency and won't be around for a few weeks - hence the "I'm screwed"..

My clients will put these 2 scripts on their webserver and basically what it does is write users to their htpasswd file. Can someone please point me in the right direction of which portions need to be changed to work on php4?

<? 
$password_file = '/.htpasswd'; //full unix path to your htpasswd password file. 
$keyphrase = ''; //make up a passphrase and enter it here

if($keyphrase != $_REQUEST[kp]) { exit('Invalid Keyphrase'); } 

require('post.php-shown_below');

if($_REQUEST[action] == 'test') {
	if(!file_exists($password_file)) {
		exit('Password File Not Found'); 
	}
	else {
		exit('OK');
	}
}

elseif($_REQUEST[action] == 'add') {
	$pwmanager = new htpasswd($password_file);
	$pwmanager->create($_REQUEST[username], $_REQUEST[password]);
	$pwmanager->save(); 	
	exit('OK');
}

elseif($_REQUEST[action] == 'delete') {
    $pwmanager = new htpasswd($password_file);
	$pwmanager->remove($_REQUEST[username]);
	$pwmanager->save(); 	
	exit('OK');
}

else {
	exit('Invalid Action.'); 
}
?>

<?
class htpasswd{
   public $users;
   public $error;
   private $_path;   

   function htpasswd($file=false){
      if(!$file){
         die('Please specify a file!');
      }else{   

         //configure
         $this->_path = $file;
         $this->users = '';
         //load database
         if(file_exists($file)){
            $data = array();
            $fcontents = file($file);
            while(list($line_num, $line) = each($fcontents)){
               $user = explode(':',$line);
               //$user = $arraydata[0];
               $data[$user[0]] = rtrim($user[1]);
            }
            $this->users = $data;
         }
      }
   }

   function create($user, $passwd, $update=false){
      $this->error = '';
      if(isset($this->users[$user]) && !$update){
         $this->error = 'User <strong>'.$user.'</strong> exists! To update the user set the update parameter to true.';
         return false;
      }
      $this->users[$user] = $this->rand_salt_crypt($passwd);
      return true;
   }

   function remove($user){
      $this->error = '';
      if(isset($this->users[$user])){
         unset($this->users[$user]);
         return true;
      }else{
         $this->error = 'User <strong>'.$user.'</strong> does not exist!';
         return false;
      }
   }

   function users(){
      $this->error = '';
      $rval = Array();
      if(is_array($this->users)){
         foreach(array_keys($this->users) as $uid){
            $rval[count($rval)] = $uid;
         }
      }
      return $rval;
   }

   function validate($user, $pass){
      $this->error = '';
      if(!isset($this->users[$user])) return False;
      $crypted = $this->users[$user];

  if(substr($crypted, 0, 6) == "{SSHA}"){
     $ohash = base64_decode(substr($crypted, 6));
     return substr($ohash, 0, 20) == pack("H*", sha1($pass . substr($ohash, 20)));
  }elseif(substr($crypted, 0, 5) == "{SHA}"){
     return ($this->non_salted_sha1($pass) == $crypted);
  }else{
     return ($pass == $crypted);
  }
   }

   function save($file=false){
      $fcontents = "";
      if($file == false) $file = $this->_path;
      foreach(array_keys($this->users) as $user){
         $fcontents .= $user.":".$this->users[$user]."\n";
      }
      if(file_put_contents($file, $fcontents)){
         $this->error = '';
         return true;
      }else{
         $this->error = 'Couldn\'t save the file!';
         return false;
      }
   }   

   //encryption functions
   function rand_salt_crypt($pass){
      $salt = "";
      mt_srand((double)microtime()*1000000);
      for ($i=0; $i<CRYPT_SALT_LENGTH; $i++)
         $salt .= substr("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./", mt_rand() & 63, 1);
      return "$apr1$".crypt($pass, $salt);
   }

   function rand_salt_sha1($pass){
      mt_srand((double)microtime()*1000000);
      $salt = pack("CCCC", mt_rand(), mt_rand(), mt_rand(), mt_rand());
      return "{SSHA}".base64_encode(pack("H*", sha1($pass . $salt)) . $salt);
   }

   function non_salted_sha1($pass){
      return "{SHA}".base64_encode(pack("H*", sha1($pass)));
   }
} 
?>

One solution: there are a number of hosts which support both PHP4 and PHP5 by having one of them run as an Apache module and the other in CGI mode. Typically you then have .php files processed as PHP4, and .php5 scripts as PHP5. (I know from recent experience that ipower.com Linux hosts support this, and I'm sure there are many others.)

Anyway, if that's not feasible, then you can try removing any instances of "private", "public", and "protected" from class variable and function delcarations, replacing them with "var" for the variable declarations. (Just delete them for the function declarations.) If you're really lucky, that may suffice.

Thanks for the response NogDog.

I wished they'd use a database instead of htpasswd or upgrade but I have a strong suspicion that I'll need a permanent solution to handle hosts that can't or won't upgrade and that solution has to come from our end.

It's not feasible to ask my clients to upgrade their servers and any scripts they have now just because I want to do business with them.

Uggh!

The only PHP 5 function I can see on a brief skim is file_put_contents. But apart from that and NogDog's point about "var", that would seem to be it. PHP4's convention on naming class constructors is used; there are no objects being passed between functions or methods to cause problems with PHP4's pass-by-value and PHP5's pass-by-reference; and there's even a PHP3-style while(list()=each()) loop in there.

JoeBlow wrote:

It's not feasible to ask my clients to upgrade their servers and any scripts they have now just because I want to do business with them.

They are your clients. They want to do business with you. You can offer them the service of upgrading their existing codebase (seeing as how PHP4 hasn't been worked on for several years, support has now ceased, and from next month will be officially dead and buried, if they want anything new, they're going to have to face upgrading eventually. Or do they all still use Windows 95 out there?)