LinkBack URL
About LinkBacksHi
Is there a way on our school website to have a staff only area that has pages only staff can see ?
It is hosted elsewhere. Not sure if its running IIS etc.
Doesn't have to link with AD, just a section that has a generic password on it.
Thanks
Hi
Is there a way on our school website to have a staff only area that has pages only staff can see ?
It is hosted elsewhere. Not sure if its running IIS etc.
Doesn't have to link with AD, just a section that has a generic password on it.
Thanks
If it's just a quick-simple-blargh sort of fix (Nothing special, with user logins etc etc)
Just create a htaccess file? (If it's NOT IIS)
Steve
and a .htpasswd fileOriginally Posted by Steve21
Details here:
Comprehensive guide to .htaccess- password protection
Ok, been trying with this.
Got a .htaccess file
I've put this in the ./html/staffAuthName "Staff Area"
AuthType Basic
AuthUserFile /.htpasswd
AuthGroupFile /dev/null
require user staff
This is the folder on the web server I want to protect
I've then create a .htpasswd file.
Does this need to be in ./ or in the staff folder that I want to protect. I've tried it above the web root and also in the staff folder.
It works but it always comes up incorrect password
staff:temp
The password in .htpasswd needs encrypting... try it as:
There's a link within SB's link to the tool to encrypt passwords etc (Dynamic Drive: .htaccess password generator)Code:staff:JWvtL4mNOk6vA
Both files need to be in the folder that you want protecting.
Last edited by Marci; 3rd June 2011 at 11:53 AM.
The .htaccess file in my protected directory looks like this:
AuthType Basic
AuthName "PFS Members"
AuthUserFile "/home/g24palm/.htpasswds/public_html/members/passwd"
require valid-user
I put my passwd file in the root of the website as referenced above.
i.e. It is in the root folder .htpasswords/public_html/members/passwd
and the file <passwd> looks like this:
member2011:$apr1$Da4A7a4q$FuB21CcaoZaIiMC1B/WUe.
where <member2011> is the login name and the rest the encrypted password.
Last edited by SneakyBeaky; 3rd June 2011 at 05:30 PM.
Still struggling with this. How does the server know how the password is encrypted. Its hosted elsewhere but they have given us permission to use htaccess.
No matter where I put the files, I get the password box but it says password is wrong everytime.
At the moment, that's telling the server to look on the root of it's hard-disk for the .htpasswd (so in windows land, it's checking the equivalent of c:\htpasswd when it wants to be checking the equivalent of c:\Documents & Settings\USERNAME\My Webs for instance). If it begins with a slash it presumes the path is absolute. You want the full path to the .htpasswd file. Ask your Server provider... they should be able to tell you it.AuthUserFile /.htpasswd
The encryption for passwords within .htpasswd is a standardised thing with Apache... therefore it doesn't need to know how it was encrypted - it'll try MD5, SHA-1 and Crypt algorithms automatically. If it's a windows server, then don't encrypt it - put the password in plaintext.
As @Marci has explained, the link to the encypted password file needs to be the absolute address of the file on the sever as in my example:
"/home/g24palm/.htpasswds/public_html/members/passwd"
where my .htpasswds file sits on the root of my server at
/home/g24palm
and the passwd file is in
public_html/members
As your host if their control panel has a built in system for password protecting a folder using .htaccess. Many do.
Last edited by SneakyBeaky; 6th June 2011 at 04:43 PM. Reason: additional information
Sorted it.
Forgot to put absolute path and .htpasswd in the path too. Works fine now.
There are several way's, the easiest way by far would be to simply modify the .htaccess file.
If you delve further, you can setup activedirectory integration via .htaccess using apache... Opens up a world of possibilities. ( ie: username is stored in a superglobal so can be called upon by any other script within your site as long as appropriate auth realm is specified.. Combine with adldap class and you can knock up full staff portal with sections restricted by ad group membership etc. Mix in SMBWebClient class and you can offer homedirectory access over the web. Grab an ssl cert, serve it out by https, et voila! Can shove an install of squirrelmail tied in too. All only requires the one initial sign-in for that session. Apache /.htaccess is VERY powerful and opens up a wealth of opportunities)
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
