+ Post New Thread
Results 1 to 12 of 12
Web Development Thread, Password Protect Website in Coding and Web Development; Hi Is there a way on our school website to have a staff only area that has pages only staff ...
  1. #1

    Join Date
    Apr 2007
    Location
    York
    Posts
    574
    Thank Post
    11
    Thanked 5 Times in 5 Posts
    Rep Power
    20

    Password Protect Website

    Hi

    Is there a way on our school website to have a staff only area that has pages only staff can see ?

    It is hosted elsewhere. Not sure if its running IIS etc.

    Doesn't have to link with AD, just a section that has a generic password on it.

    Thanks

  2. #2

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,762
    Thank Post
    354
    Thanked 533 Times in 498 Posts
    Rep Power
    182
    If it's just a quick-simple-blargh sort of fix (Nothing special, with user logins etc etc)

    Just create a htaccess file? (If it's NOT IIS)

    Steve

  3. #3
    SneakyBeaky's Avatar
    Join Date
    May 2010
    Location
    Gosport
    Posts
    141
    Thank Post
    7
    Thanked 22 Times in 19 Posts
    Rep Power
    16
    Quote Originally Posted by Steve21 View Post
    Just create a htaccess file?

    Steve
    and a .htpasswd file
    Details here:
    Comprehensive guide to .htaccess- password protection

  4. #4

    Join Date
    Apr 2007
    Location
    York
    Posts
    574
    Thank Post
    11
    Thanked 5 Times in 5 Posts
    Rep Power
    20
    Ok, been trying with this.
    Got a .htaccess file

    AuthName "Staff Area"
    AuthType Basic
    AuthUserFile /.htpasswd
    AuthGroupFile /dev/null

    require user staff
    I've put this in the ./html/staff

    This is the folder on the web server I want to protect

    I've then create a .htpasswd file.

    Does this need to be in ./ or in the staff folder that I want to protect. I've tried it above the web root and also in the staff folder.

    It works but it always comes up incorrect password

    staff:temp

  5. #5
    Marci's Avatar
    Join Date
    Jun 2008
    Location
    Wakefield, West Yorkshire
    Posts
    896
    Thank Post
    84
    Thanked 235 Times in 194 Posts
    Rep Power
    83
    The password in .htpasswd needs encrypting... try it as:
    Code:
    staff:JWvtL4mNOk6vA
    There's a link within SB's link to the tool to encrypt passwords etc (Dynamic Drive: .htaccess password generator)

    Both files need to be in the folder that you want protecting.
    Last edited by Marci; 3rd June 2011 at 12:53 PM.

  6. #6
    SneakyBeaky's Avatar
    Join Date
    May 2010
    Location
    Gosport
    Posts
    141
    Thank Post
    7
    Thanked 22 Times in 19 Posts
    Rep Power
    16
    The .htaccess file in my protected directory looks like this:
    AuthType Basic
    AuthName "PFS Members"
    AuthUserFile "/home/g24palm/.htpasswds/public_html/members/passwd"
    require valid-user
    I put my passwd file in the root of the website as referenced above.
    i.e. It is in the root folder .htpasswords/public_html/members/passwd

    and the file <passwd> looks like this:
    member2011:$apr1$Da4A7a4q$FuB21CcaoZaIiMC1B/WUe.
    where <member2011> is the login name and the rest the encrypted password.
    Last edited by SneakyBeaky; 3rd June 2011 at 06:30 PM.

  7. #7

    Join Date
    Apr 2007
    Location
    York
    Posts
    574
    Thank Post
    11
    Thanked 5 Times in 5 Posts
    Rep Power
    20
    Still struggling with this. How does the server know how the password is encrypted. Its hosted elsewhere but they have given us permission to use htaccess.

    No matter where I put the files, I get the password box but it says password is wrong everytime.

  8. #8
    Marci's Avatar
    Join Date
    Jun 2008
    Location
    Wakefield, West Yorkshire
    Posts
    896
    Thank Post
    84
    Thanked 235 Times in 194 Posts
    Rep Power
    83
    AuthUserFile /.htpasswd
    At the moment, that's telling the server to look on the root of it's hard-disk for the .htpasswd (so in windows land, it's checking the equivalent of c:\htpasswd when it wants to be checking the equivalent of c:\Documents & Settings\USERNAME\My Webs for instance). If it begins with a slash it presumes the path is absolute. You want the full path to the .htpasswd file. Ask your Server provider... they should be able to tell you it.

    The encryption for passwords within .htpasswd is a standardised thing with Apache... therefore it doesn't need to know how it was encrypted - it'll try MD5, SHA-1 and Crypt algorithms automatically. If it's a windows server, then don't encrypt it - put the password in plaintext.

  9. #9
    SneakyBeaky's Avatar
    Join Date
    May 2010
    Location
    Gosport
    Posts
    141
    Thank Post
    7
    Thanked 22 Times in 19 Posts
    Rep Power
    16
    Quote Originally Posted by karldenton View Post

    No matter where I put the files, I get the password box but it says password is wrong everytime.
    As @Marci has explained, the link to the encypted password file needs to be the absolute address of the file on the sever as in my example:
    "/home/g24palm/.htpasswds/public_html/members/passwd"
    where my .htpasswds file sits on the root of my server at
    /home/g24palm
    and the passwd file is in
    public_html/members

    As your host if their control panel has a built in system for password protecting a folder using .htaccess. Many do.
    Last edited by SneakyBeaky; 6th June 2011 at 05:43 PM. Reason: additional information

  10. #10

    Join Date
    Apr 2007
    Location
    York
    Posts
    574
    Thank Post
    11
    Thanked 5 Times in 5 Posts
    Rep Power
    20
    Sorted it.

    Forgot to put absolute path and .htpasswd in the path too. Works fine now.

  11. #11

    Join Date
    Jun 2011
    Location
    mountwashington
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    There are several way's, the easiest way by far would be to simply modify the .htaccess file.

  12. #12
    Marci's Avatar
    Join Date
    Jun 2008
    Location
    Wakefield, West Yorkshire
    Posts
    896
    Thank Post
    84
    Thanked 235 Times in 194 Posts
    Rep Power
    83
    If you delve further, you can setup activedirectory integration via .htaccess using apache... Opens up a world of possibilities. ( ie: username is stored in a superglobal so can be called upon by any other script within your site as long as appropriate auth realm is specified.. Combine with adldap class and you can knock up full staff portal with sections restricted by ad group membership etc. Mix in SMBWebClient class and you can offer homedirectory access over the web. Grab an ssl cert, serve it out by https, et voila! Can shove an install of squirrelmail tied in too. All only requires the one initial sign-in for that session. Apache /.htaccess is VERY powerful and opens up a wealth of opportunities)



SHARE:
+ Post New Thread

Similar Threads

  1. Password protect a folder
    By bertster in forum Windows Server 2000/2003
    Replies: 28
    Last Post: 7th December 2010, 05:22 PM
  2. Password Protect Files
    By karldenton in forum Windows
    Replies: 2
    Last Post: 8th July 2010, 10:22 AM
  3. Password Protect a folder in XP
    By Trapper in forum Windows
    Replies: 9
    Last Post: 25th June 2010, 11:06 AM
  4. Password Protect Folders
    By brahma in forum Windows
    Replies: 5
    Last Post: 31st March 2009, 03:00 PM
  5. Password Protect Intranet
    By dave.81 in forum Internet Related/Filtering/Firewall
    Replies: 3
    Last Post: 26th March 2009, 03:46 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •