simple login

[chuco61]

or maybe not so simple

I have a folder on my server which contains a member only website however i want a login page to access this section of my site.

I cant seem to find an easy way to do this. i have used a javascript landing page however this doesnt block the folder from being accessed because there is still a URL that you can use to locate the folder.

any suggestions? Im confussed on how a login page can block a folder otherwise from being accessed.

I tried htaccess but it sometimes messes up for some reason and lets no one login.

[BLiZZaRD]

.htaccess is your best bet. It is the most secure and reliable. Are you sure you set it up correctly?

[chuco61]

.htaccess is your best bet. It is the most secure and reliable. Are you sure you set it up correctly?

when i login in its saying that i dont have access to the files. as if the permissions on the folder arent correct. What are the proper permissions 644, 755?

also, is there a way to have the htaccess login fields appear on screen and coded into a webpage rather than a drop down from the browser?

thanks

[BLiZZaRD]

A drop down? .htaccess is it's own thing. You will need two files. one named .htaccess placed in the directory you want to protect, and one named .htpasswrd. placed outside the root directory (you don't want it accessable by the browser.) However, most servers don't allow viewing of the .ht* files anyway.

in the .htaccess you would put:

Code:

# Begin password protection #
AuthName "Please enter username and password"
Require valid-user
AuthUserFile /relative/path/to/.htpasswd
AuthType basic
# End password protection #

change /relative/path/to/.htpasswd to where the .htpasswd file is located something like: /usr/home/public_html/directory/.htpasswd

Then encrypt your username and password by going here and pasting the results in the .htpasswd file. (note only ONE username/password per line in this file)

Code:

bob:M5ceuILulDE52
stan:BYaSIgsrjpdAw
george:jYgIiGQuamV72

Upload the .passwd file to where it is called in the other and upload the .htaccess file to the directory you want protected.

When that directory is browsed to a pop up will appear prompting for the username and password. If they match the visitor will see the index page of the directory, if they don't match they will be prompted again (average 3 times before redirect, some servers give 5 tried before blocking the IP from the server).

[chuco61]

right im able to apply the htaccess to the folder using my hosting control panel. However i cant even see them. So no matter what the htaccess is going to have a pop up it cant be integrated into the html at all?

this is the error i get
Cannot read /mnt/w0911/d05/s24/b02d8d90/www/clients/mmgrates/oss/.htaccess

[BLiZZaRD]

No, you don't go to the .htaccess file.

Let's say you want to password protect the /members/ directory. The first page people will go to (and will be linked to) will be www.yoursite.com/members/index.html

You place the .htaccess inside the /members/ folder and when you go to www.yoursite.com/members/index.html the password prompt will automatically appear. You don't want to go to www.yoursite.com/members/.htaccess

Make sense?

[BLiZZaRD]

If you want a php version I have one that uses sessions and redirects. It not as secure as .htaccess but should suit your needs...

this is the page you want to protect, lets say it's index.php

PHP Code:

<?php
session_start();
if ($_SESSION['ID22'] != "yes") { include 'pass.php'; }
else{
?>
<html>
<head>
<title>Members Only!</title>
<LINK REL="stylesheet" TYPE="text/css" HREF="/css.css" />
</head>


<body>
<p> Members only content viewable here!</p>
</body>
</html>
<?php } ?>

When they go to this page, if the session doesn't match they will be shown "pass.php" which is in the same folder....

PHP Code:

<?php
 session_start();

if (isset($_POST['submit'])) {
  if((strtolower($_POST['user']) == "Bob") && (strtolower($_POST['pass']) == "tree")){
    $_SESSION['ID22'] = 'yes';
header('Location: '.$_SERVER['HTTP_REFERER']);
  }
  else {
    $_SESSION['CWoT22'] = 'no';
    header('Location: http://yoursite.com/401.shtml');
  }
}

 else {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Password Required To Continue!</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" type="text/css" href="/css.css">
</head>

<body>
<div id="pass">
<p>Please Enter Username and Password</p>
<form action="<?=$PHP_SELF?>" method="post">
<p>Username: <input type="text" name="user"></p>
<p>Password: <input type="password" name="pass"></p>
<p><input type= "submit" name= "submit" value= "Continue!"></p>
</form>
</div>
</body>
</html>
<?php } ?>

Editing the username (bob) and password (tree) to what you need, and the http://yoursite.com/401.shtml to point to your 401 page.