Some possibilities, from easiest to most difficult:
If you have cPanel
Log into your cPanel, and under "Security" choose "Password Protect Directories"
It may pop up a dialog to choose which domain root, if you have just one domain mapped out, click OK
You will see a a treeview of your site, click on the directory name you want to protect. (in your case, "admin")
Mark the check box for "Password protect this directory", and below that give it some name (it will show up in the browsers password prompt).
Click SAVE. (then on confirmation page, click "Go Back")
In the bottom half, create a user and password. (there is even a secure password generator) Click Add/Modify User
You will get a confirmation page with the username and password, if you need to add more, click "Go Back"
Now on the editor page, you also have a list of users at the bottom, you can delete the user. As it says, if you want to change the password, just re-add it like you did the first time.
That simple! it takes care of the files for you!
No cPanel, and you don't have access to SSH (or you don't wanna mess with it)
Use the tools at Dynamic Drive:
http://tools.dynamicdrive.com/password/
They have decent enough instructions there, so I'm not going to repeat them here.
You have SSH access and want to get your "hands dirty"
Change to the directory you want to protect.
Add an
.htaccess file (or add to one that is there already):
Code: Select all
AuthType Basic
AuthName "Administration Area"
AuthUserFile "/path/to/public_html/admin/.htpasswd"
require valid-user
"AuthName" can be what you want, it will show up in the login prompt for the browser
Make sure you use your actual path in front of .htpasswd.
While in that directory, issue the following command which will create the password file called
.htpasswd and add the user
myuser:
After you hit enter, you will be prompted to enter the password twice.
From then on out, now that the file .htpassword was created, you leave off the
-c portion of the line (else it will create a new file wiping out any names already in it).
To change the password, just do steps like you are adding a new user. It will overwrite the old one with the new.
To delete a user, you have to delete the line from the file. Use something line
nano to edit the file:
here is what it looks like on one of my dev domains:
Code: Select all
greg:$apr1$cJ84SvPC$ovs4ahB5fqFIXzni8KKJq.
kentpd:$apr1$yKnDRwcg$Mz3urO4eOCegdU4te33DH/
In nano, just put the cursor somewhere on the line that has the user to remove, and press CTRL-K (if you accidently did the wrong one, immediately do CTRL-U to paste the deleted line).
When done, do CTRL-X to quit and save it. You will get prompted "Save Modified Buffer", hit Y to save it, N if you want to just exit.
When you hit Y, it will prompt you for the name of the file to save as, defaulting to the one you opened, so just press ENTER to save back as same file
Note, if you need to, you are safe to change the username in this file (everything UP to colon), I would suggest keep it simple lowercase names.
Anyhow that is it. Your directory should be protected now.
So, now that you have the directory protected, what if you want to give your "master" user special priveleges? Some think that this is where you need to use a programmed login and store sessions... But, PHP has access to the Username
AND password that you entered, from a var_dump of $_SERVER:
Code: Select all
["PHP_AUTH_PW"]=>
string(11) "tempPass12#"
["PHP_AUTH_USER"]=>
string(4) "greg"
If you are uncomfortable with making a secure login system, you could then use these to validate the user against a database with permissions.
Hope this helps.
-Greg
PS, if you are looking for a random password generator, here is one I use (i like it has the option to not use similar characters, (ex i l 1 o 0 ) and can tell it to make a bunch at once if you are setting up multiple people at once
http://www.pctools.com/guides/password/