PDA

View Full Version : .htaccess password protection



alisonpurcell
02-05-2003, 12:39 PM
Hi,
I'm having problems with the password protection on a directory using .htaccess.
I've created a password file .htpasswd and put in a line of the form:

username:encryptedpassword

then in my .htaccess file I've added the following lines:

AuthType Basic
AuthName "Locked Area"
AuthUserFile /<absolute_path_to_my_password_file>/.htpasswd
require valid-user

However, when I try and access the directory using the correct username/password it is rejected as invalid. (I've tried several different password encryption programs).
Any ideas?

Thanks a lot,
Alison

Spookster
02-05-2003, 04:16 PM
Try following this guide:

http://javascriptkit.com/howto/htaccess3.shtml

alisonpurcell
02-05-2003, 04:24 PM
Thanks , but I've already looked at that code guide and others. I think I have done it correctly (at least according to those guides I have), but there is something else that is causing it not to work, e.g. file permissions, or something in Apache that needs to be set. The files are all owned by the same user and all users have read permissions. I just wondered if there was something else that I should've set that isn't mentioned in the guides.

g00fy
03-05-2003, 09:46 AM
there's a couple of syntactical errors in your post, maybe also in you file if you didnt copy and paste.

it should looks like this :
(a *working* example)


Authname "Secure Area"
Authtype Basic
AuthUserFile /abs path to file/.htpasswd
AuthGroupFile /dev/null /* this can be ommitted

<Limit GET POST>
require valid-user
</Limit>


look at the case of Authtype and you also dont have method for authentication

also both .htaccess & .htpasswd need to be in the directory you are protecting unless path specifies otherwise and CHMOD 644 both of them.

htaccess is a '*nix thing' not an 'apache thing' and if you are getting login errors its in your file that is the prob.

the above code is an exact copy of my file
(with some ommissions for groups and custom access and the like)

BTW i have a perl script that will generate both these files for you from the directory you wish to protect if that will help :D

hope this helps


g00fy

alisonpurcell
03-05-2003, 10:02 AM
Thanks Goofy,

I think the problem was that the correct permissions were not set up in the apache conf files. Anyway, I ended up putting this entry into access.conf


<Directory /home/sites/<mysite>/web/admin>
DirectoryIndex index.php
AuthType Basic
AuthName "Secure Area"
#Path to file containing username/password for user validation
AuthUserFile /home/sites/<mysite>/users/<username>/private/.htpasswd
#This will allow access to any valid username/password combination found in the
password file
require valid-user
</Directory>

And this worked ok. It's also apparently faster to do it this way as all the .htaccess files are not searched every time the directory is accessed.

Alison

g00fy
03-05-2003, 10:07 AM
:thumbsup: :thumbsup: