htaccess

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

htaccess

Post by alex.barylski »

I have a script which creates an .htaccess file inside a specified directory...

Can someone show me what exactly needs to reside in this .htaccess file in order to password protect it?

Hopefully it some simple XML or something???

Cheers :)
User avatar
trukfixer
Forum Contributor
Posts: 174
Joined: Fri May 21, 2004 3:14 pm
Location: Miami, Florida, USA

Post by trukfixer »

alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

Yea I know how to google too :)

What I was looking for was more of an exact answer...

like example code to password protect an folder with the user/pass = ding/dong maybe... :)

I'm in a crunch right now and don't really have time to read through that whole document, chapters even....s*it...even pages man!!! 8)

And I'm just lazy today :)

Thanks anyways though...looks like I have no choice but to read through this damn book :)
User avatar
William
Forum Contributor
Posts: 332
Joined: Sat Oct 25, 2003 4:03 am
Location: New York City

Post by William »

Well there are different ways of doing this. You can either do it in .htaccess or in PHP. I like doing it in PHP because then it is easier to use with MySQL databases. Below is a PHP script:

Code: Select all

<?

if($_SERVER['PHP_AUTH_USER'] == "William" && $_SERVER['PHP_AUTH_PW'] == "mypass") {
		echo "You are now loggedin!";
} else {
	header("WWW-Authenticate: Basic realm=\"".$login_text."\"");
	header("HTTP/1.0 401 Unauthorized");
	echo "Authorization Required.";
	exit;
}

?>
To put it simple $_SERVER['PHP_AUTH_USER'] is the variable of the username field and $_SERVER['PHP_AUTH_PW'] is the variable for the password field of the login popup. Now we need to make it popup the login! So we added the header("WWW-Authenticate: Basic realm=\"Simple Login Script\""); function which sends a header telling it to basically make that popup. Now where it says Simple Login Script you put what you want the popup box to say. Now the header("HTTP/1.0 401 Unauthorized"); says that if it was unauthorized to display a 404 error. and whatever is under that is what will show when the user clicks cancel. I have it set to check to see if the user is William and the pass is MyPass and if not then obviously they either typed the wrong information or its not set... Then it makes the popup. If you have anymore questions please let me know!

Now for the .htaccess way you can do this:
AuthName "Simple Login Script"
AuthType Basic
AuthUserFile /full/path/to/.htpasswd
Require valid-user
Now you put that in your .htaccess file and you can change Simple Login Script to whatever you want in the popup box. Now you set the AuthUserFile to the path of a .htpasswd file... for instance... /home/hockey/public_html/.htpasswd now inside that file you put a list of usernames and passwords in the following format:
username:password
you can keep adding to the list for more accounts. Also one thing you need to know is that the password must be encrypted! For a easy way to get the encryption you can go to: http://www.kxs.net/support/htaccess_pw.html Just type your username & password and it will give you the user:pass line for you! Well I hope that helps you out the .htaccess thing I never use so I hope it works correctly. Good luck!
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

William wrote:Well there are different ways of doing this. You can either do it in .htaccess or in PHP. I like doing it in PHP because then it is easier to use with MySQL databases. Below is a PHP script:

Code: Select all

<?

if($_SERVER['PHP_AUTH_USER'] == "William" && $_SERVER['PHP_AUTH_PW'] == "mypass") {
		echo "You are now loggedin!";
} else {
	header("WWW-Authenticate: Basic realm="".$login_text.""");
	header("HTTP/1.0 401 Unauthorized");
	echo "Authorization Required.";
	exit;
}

?>
To put it simple $_SERVER['PHP_AUTH_USER'] is the variable of the username field and $_SERVER['PHP_AUTH_PW'] is the variable for the password field of the login popup. Now we need to make it popup the login! So we added the header("WWW-Authenticate: Basic realm="Simple Login Script""); function which sends a header telling it to basically make that popup. Now where it says Simple Login Script you put what you want the popup box to say. Now the header("HTTP/1.0 401 Unauthorized"); says that if it was unauthorized to display a 404 error. and whatever is under that is what will show when the user clicks cancel. I have it set to check to see if the user is William and the pass is MyPass and if not then obviously they either typed the wrong information or its not set... Then it makes the popup. If you have anymore questions please let me know!

Now for the .htaccess way you can do this:
AuthName "Simple Login Script"
AuthType Basic
AuthUserFile /full/path/to/.htpasswd
Require valid-user
Now you put that in your .htaccess file and you can change Simple Login Script to whatever you want in the popup box. Now you set the AuthUserFile to the path of a .htpasswd file... for instance... /home/hockey/public_html/.htpasswd now inside that file you put a list of usernames and passwords in the following format:
username:password
you can keep adding to the list for more accounts. Also one thing you need to know is that the password must be encrypted! For a easy way to get the encryption you can go to: http://www.kxs.net/support/htaccess_pw.html Just type your username & password and it will give you the user:pass line for you! Well I hope that helps you out the .htaccess thing I never use so I hope it works correctly. Good luck!
Oh nice...didn't even think of tackling it that way...

I have a book that explains how to do that...crappy book...but it does have example code like you've shown...

One question though...

Does the PHP file have to be index.php? How does the script get executed whenever some accesses a directory which is password protected???

I don't need password protection on a per file basis...I need it for an entire directory???

Cheers :)
User avatar
trukfixer
Forum Contributor
Posts: 174
Joined: Fri May 21, 2004 3:14 pm
Location: Miami, Florida, USA

Post by trukfixer »

Just make it a function check_login(); or something and pop it in the top of every php file you want protected, thats easy enough - it's also possible to use mod_auth_mysql , and you can also generate passwords in the correct format and write to a .htpasswd file and simplu use apache's own auth system.. lots of options..

I generally wont write code that I dont have to, so when using HTTP_AUTH, I just let apache handle it (via .htaccess), otherwise, I'll use my own login system..

If you use .htaccess and let apache handle authentication, you wont need to worry about putting a login check on every file- apache will password protect the *entire* directory.
Post Reply