Password protect a directory with password only?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
xtk
Forum Newbie
Posts: 10
Joined: Sat Aug 01, 2009 4:28 pm

Password protect a directory with password only?

Post by xtk »

for example, .htaccess uses a username:password prompt

i would like a method of input (over a https connection) that asks for a password only, or in other words no username

possible? with .htaccess or another .example format?

or could i somehow use php to achieve this, or another programming language if there is not a .example type of way???

regards
User avatar
swhistlesoft
Forum Newbie
Posts: 9
Joined: Fri Aug 14, 2009 10:53 pm
Location: Ontario

Re: Password protect a directory with password only?

Post by swhistlesoft »

Basic Auth or Digest Auth is server side authentication (as you probably already know). You cannot configure it to only prompt for a password.

The solution you would need would have to be custom scripting. You can do this with PHP rather simply.

Simply solution is to store the passwords in a database or file as MD5 hash values. Then when a user enters in a password, you can do a compare on the values stored in the database. If one matches, you set a session variable indicating the user is logged in. If not you redirect them to an error page, or whatever you want.

There are a ton of ways to handle log ins with PHP. It all depends on the type of security you want.
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Password protect a directory with password only?

Post by kaisellgren »

Why would you want to have a password-only log-in?
swhistlesoft wrote:Simply solution is to store the passwords in a database or file as MD5 hash values.
Someone is actually still suggesting to use MD5? Just use SHA-2 or Whirlpool. It won't be complicating and gives you a greater level of security.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: Password protect a directory with password only?

Post by Mordred »

You can do it with a simple piece of .js redirection:
http://www.example.com/content/ shows a js prompt for "password", and then redirects onwards to http://www.example.com/content/password
Changing the password is as simple as renaming the folder.
tictac3
Forum Newbie
Posts: 2
Joined: Sat Aug 22, 2009 3:35 pm

Re: Password protect a directory with password only?

Post by tictac3 »

Great. Thanks for sharing.
comparatif simulation credit taux comparer auto - Taux crédit auto. Comparatif des offres! Les meilleurs taux crédit auto sont sur le net !comparatif simulation credit taux comparer auto
Post Reply