The HTPASS.CGI perl script was written because I didn't have telnet access to the webhost to run the htpasswd program included with the NCSA Httpd server. Normally, this program is required to make changes to the .htpasswd file that exists to control access to different parts of the website.

The script now does many different things. I've recently made some changes to the administration page and the script will now automatically:

All these functions can be accesses from a web-based form. The encryption is based on characteristics used in the source-code of the Apache httpd server htaccess, but ported to perl. It has the additional benefit of being the exact same encryption method used by the Un*x crypt() function, so it is completely compatible with a Un*x passwd file username:passwd combination.

It should be noted that the "add and remove group members" feature is a toggle. If you specify a user that IS a member of the specified group, the user will be removed from the group member list. If you specify a user that is NOT a member of the specified group, the user will be added to the group member list.

If you run the program with no arguments, it will return a form for entering a username and password. If you enter something in both fields and click "Get Password" you will be given a string (user:passwd) to include in your own .htpasswd file.

If you call the script with a web argument of "admin" you will get a different form. This one lists the current users, groups and memberships. It also has forms for adding and removing users, adding and removing groups, and changing group memberships. All the forms require a valid user account and password where the user is a member of the group "Admin" for the requested changes to be applied.

Setting up the script is fairly straightforward.

  1. Download the HTPASS perl script from here and rename the file to "htpass.cgi".
  2. Edit the file and change the six (6) program variables to match your site.
  3. Next change the HTML Variables. If you want to customize the look of the pages, the $presuff and $poststuff variables allow you to add standard HTML between the BODY tag and the CGI generated content, and after the CGI generated content before the /BODY tag. If you don't use cascading style sheets, place a "#" character at the beginning of the $stylesheet line.
  4. Now, transfer the CGI script to your server carefully following the four rules of CGI scripts.
  5. Your .htpasswd account will have to be in a group called Admin for this script to automatically update an .htpasswd file. Create the .htgroup file and add "Admin: user" if you haven't already done so. The script has to have the locations and names of these two files (.htpasswd and .htgroup) for the script to automatically update an .htpasswd file.

This form will allow you to generate the starting accounts for the application:


User Name:
Password: