Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New Coder
    Join Date
    Dec 2010
    Location
    UK
    Posts
    67
    Thanks
    15
    Thanked 0 Times in 0 Posts

    Exclamation Password protected directory

    Hi guys,

    Having trouble working this out. Currently revamping a website and have noticed that the password protected part of their website isn't password protected at all. All that happens is when the form is correctly filed out the user is taken to a part of the site that isn't linked via the navigation. IF people were to know the url this could be accessed avoiding the login - hence not very secure!!

    What I have done so far is... put a form in the footer of each page with customer login username and password fields. I have a folder full of the files that should when this is filled out be accessible but ONLY to those who have logged in.

    I only really know HTML, CSS and some Java/Jquery but am assuming that possibly this needs to be done in PHP. Unfortunately I haven't ever really worked with PHP so this is all foreign to me.

    Does anyone know a way that does not use PHP or is there a simple(ish) PHP way of doing this that I can implement?

    I'm not asking for someone to do this for me, just some advice and pointers in the right direction! I would really love to work this thing out for myself without seeking outside help, a good learning curve I think…

    Thanks for any pointers...

  • #2
    Senior Coder Rowsdower!'s Avatar
    Join Date
    Oct 2008
    Location
    Some say it's everything.
    Posts
    2,027
    Thanks
    5
    Thanked 397 Times in 390 Posts
    You can use .htaccess and .htpasswd on the directory and that will be a rough workaround for it.

    The basic instructions for this can be found here:
    http://www.javascriptkit.com/howto/htaccess3.shtml
    The object of opening the mind, as of opening the mouth, is to shut it again on something solid. –G.K. Chesterton
    See Mediocrity in its Infancy
    It's usually a good idea to start out with this at the VERY TOP of your CSS: * {border:0;margin:0;padding:0;}
    Seek and you shall find... basically:
    validate your markup | view your page cross-browser/cross-platform | free web tutorials | free hosting

  • #3
    New Coder
    Join Date
    Dec 2010
    Location
    UK
    Posts
    67
    Thanks
    15
    Thanked 0 Times in 0 Posts
    Thanks for pointing me in the direction of this...

    I've got so far and now come to a halt...

    I have created .htaccess and .htpasswd files and uploaded these in the directory to be protected.

    When visiting the web address a pop up box appears asking for username and password.

    Once filling this out with the information I have set, I get a page that says this...

    Internal Server Error

    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Please contact the server administrator, webmaster@xxxx.co.uk and inform them of the time the error occurred, and anything you might have done that may have caused the error.

    More information about this error may be available in the server error log.

    Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
    Any idea on what this could be?

  • #4
    Senior Coder Rowsdower!'s Avatar
    Join Date
    Oct 2008
    Location
    Some say it's everything.
    Posts
    2,027
    Thanks
    5
    Thanked 397 Times in 390 Posts
    Well the 404 part just means that no error document was defined in the htaccess file and no 404.html or 404.php (or whatever) document exists in the directory. That's easy enough to fix.

    The bigger problem is the server error, which means you most likely have an error in your .htaccess file. Can you "anonymize" and post your .htaccess file? Are you sure your path to the .htpasswd file named in the .htaccess file is correct?
    The object of opening the mind, as of opening the mouth, is to shut it again on something solid. –G.K. Chesterton
    See Mediocrity in its Infancy
    It's usually a good idea to start out with this at the VERY TOP of your CSS: * {border:0;margin:0;padding:0;}
    Seek and you shall find... basically:
    validate your markup | view your page cross-browser/cross-platform | free web tutorials | free hosting

  • #5
    New Coder
    Join Date
    Dec 2010
    Location
    UK
    Posts
    67
    Thanks
    15
    Thanked 0 Times in 0 Posts
    ok so my .htaccess file I have placed in the folder I want protected is this...

    AuthUserFile /.htpasswds/.htpasswrdph
    AuthType Basic
    AuthName "Customer Login"
    Require valid-user
    at the moment we are testing this out on our company's domain so the main site is something like this... http://www.ourcompanysite.com/custom...ent/index.html

    The protected directory is http://www.ourcompanysite.com/custom.../customerlogin

    I have renamed the .htpasswd file as I didn't want to risk messing anything up on our company site and have called this .htpasswdph . I have placed this in the root directory (I think thats what you call it) - a folder called "htpasswds"

    This is the .htpasswdph file...

    adminassword


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •