Page 1 of 1

[SOLVED] htaccess trouble.

Posted: Wed Dec 10, 2003 3:23 am
by lazersam
Hi all
I am trying to protect a directory using the .htaccess and .passwd files.

I have used PHP to add usernames and passwords to the .passwd file. For testing purposes I have put both files in a directory called membersarea. The trouble I’m having is that it fails to work for no apparent reason.

The pop-up box works ok to request the username and password, and i know those two things are in the .passwd file but it doesn't recognise them and wont let me in.

This is the code for my .htaccess:

Code: Select all

AuthUserFile ******* /PHP/htaccess_scripts/membersarea/.passwd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic 
require valid-user
That looks ok to me!

I have a PHP that puts passwords and usernames into the file as follows;

Code: Select all

<?phpecho "Username: $username <br> Password: $password <br>";
	
	#encryt password
	$password = crypt($password,CRYPT_STD_DES);
	
	
	#echo "Username: $username <br> Password: $password <br>";
	$text = "$username:$password" ."\n";
	
	/* URL to the htpasswd file */ 
    $url = $DOCUMENT_ROOT . dirname($PHP_SELF) . "/membersarea/.passwd";
	echo "$url <br>";
	
	
	/* Make sure the username does not already exist */ 
    $U_CHECK_ARRAY = file($url); 
	if (in_array($text, $U_CHECK_ARRAY)) { 
    #die('Username and Password are not unique please choose another'); 
	echo "Copy found";
	exit();
	}
	
		
	#Write to .htpassword file
	$fd = fopen($url, "a+") or die("Did not open file: " . $url); 
	$fw = fwrite($fd, "$text" ); 
	fclose($fd); 



?>
It just fails to allow access! I have tried numerous chmod permissions for both .htaccess and .passwd and tried encrypted and unencrypted passwords but nothing works - I am at a complete loss after 2 days of trying! Any ideas?

Regards

Lawrence.

Posted: Wed Dec 10, 2003 4:05 am
by Weirdan
check permissions on membersarea dir too. apache must be able to read (actually it must have "execute" permission) the dir to access .passwd file.

Posted: Wed Dec 10, 2003 10:37 am
by lazersam
Weirdan wrote:check permissions on membersarea dir too. apache must be able to read (actually it must have "execute" permission) the dir to access .passwd file.
Thanks Weirdan

In fact I have solved the problem embarrasingly :oops:
I asked someone to create a membersarea on my server. They did and it work with .htaccess. After examining his .htaccess file I realised that I had not started my AuthUserFile line address with a "/"

After inserting that slash the script worked fine :oops: :oops: :oops:

Oh well... live and learn :)

Regards

Lawrence