Main stuff
Home
Announcements
Bookmarks
Contact me
GTA
Warcraft 2
WebRings
School stuff
Prom 2001
Randomness
Amazon WishList
Chainmail
Jokes
Tech Support
The end
Virus Warnings
Life stuff
Life Instructions
Meangingful Quotes
Friends?
Emotions?
Meanging of life
Site stuff
The MailBag
Links
Add Link
Disclaimer
Tech stuff
HTML tutorial
Installing Apache
Installing MySQL
Installing PHP
Website password protection |
|
|
So, how do you password protect parts of your website?
Well, there are a number of ways of doing it. The number of ways that are correct however, is fewer ;-)
It's all to do with out Apache friend .htaccess and what you define in that. Essentially, the bare bones of user autherization, you need to add 4 lines into your .htaccess file
AuthUserFile /path/to/site/members/.htpasswd
AuthName "Please Log On"
AuthType Basic
require valid-user
So, what does it mean? No, come on, come back. Don't be scared, it is easy, really
AuthUserFile /path/to/site/members/.htpasswd this line is just to tell Apache where to look for the username:password combo. In this case, apache would look in /path/to/site/members/ for the file .htpasswd
.htpasswd is one of the 'default' files that any respectible admin will disallow web viewing of. Just judging from the name, you can have a reasonable guess that it contains passwords. Also, it's a recognised file by Apache, and later versions (As default in httpd.conf) also disallow web viewing of it. That's all great, no?
AuthName "Please Log On" This is the text peopole will be graced with when they come to the password protexted part of your site. Feel free to change everything in the quotes. E.G. AuthName "If you're not a member, get the hell out"
So, how do you know what to make /path/to/site/members/.htpasswd read? It's simple. You either know your absolute path to your website, or you don't. If you don't, creat the members-only directory structure
E.G.
http://www.benquick.com/members/
/news
/competitions
/images
In the root of the protected directories (In this case, it would be http://www.benquick.com/members/) create a SSI file, with the simple content of
<!--#echo var="DOCUMENT_ROOT"-->
Then, visit the page. The output of that will be the path you want to put in .htaccess. For instance, the output of that, on this site, is /share/benquick/htdocs/apache/password.shtml, so in knowing this I can figure out how to protect directories
If I want to protect http://www.benquick.com/members/ I now know that the absolute path of that directory is /share/benquick/htdocs/members/
Whith this knowledge, I can create my .htaccess, which reads
AuthUserFile /share/benquick/htdocs/members/.htpasswd
AuthName "Please Log On"
AuthType Basic
require valid-user
Believe it or not, you're sorted. The directory in question is now protected. One slight problem, though. There are no users that can access it. Why? You've not told Apache who can access the directorie(s). This is done in .htpasswd The contents of this file is just a list of usernames and passwords, in the form username:password
But, the password isn't plain text, ever. Well, it can be. But, if you have half a brain cell, you'll know it's best to encode the passwords
So, how on earth do you go about encoding the passwords? Well, you could guess. But that's a bad thing, so we won't be doing that. You currently have 2 simple options. Option 1 or, of course, Option 2
Which ever option you decide upon, then end result is the same - You're asked what to encrypt, then shown what you've encrypted. the password I have for /members is simply guest. When I went to option 1 to encode it, I was show thie result as zh2F7i6sAgwBk which I have copied into my .htpasswd
My .htpasswd simply reads
guest:zh2F7i6sAgwBk
All your .htpasswd should read is your usernames and passwords. One after another, on seperate lines, though
username:password
user2:password
user3:passowrd
I have a members-only section that I've mocked up. It was made whilst writing this tutorial, so the tutorial does work!
Username - guest
Password - guest
|
|