View Full Version : Password protected directory

09-13-2011, 03:52 PM
Hi guys,

Having trouble working this out. Currently revamping a website and have noticed that the password protected part of their website isn't password protected at all. All that happens is when the form is correctly filed out the user is taken to a part of the site that isn't linked via the navigation. IF people were to know the url this could be accessed avoiding the login - hence not very secure!!

What I have done so far is... put a form in the footer of each page with customer login username and password fields. I have a folder full of the files that should when this is filled out be accessible but ONLY to those who have logged in.

I only really know HTML, CSS and some Java/Jquery but am assuming that possibly this needs to be done in PHP. Unfortunately I haven't ever really worked with PHP so this is all foreign to me.

Does anyone know a way that does not use PHP or is there a simple(ish) PHP way of doing this that I can implement?

I'm not asking for someone to do this for me, just some advice and pointers in the right direction! I would really love to work this thing out for myself without seeking outside help, a good learning curve I thinků

Thanks for any pointers...

09-13-2011, 04:02 PM
You can use .htaccess and .htpasswd on the directory and that will be a rough workaround for it.

The basic instructions for this can be found here:

09-13-2011, 05:09 PM
Thanks for pointing me in the direction of this...

I've got so far and now come to a halt...

I have created .htaccess and .htpasswd files and uploaded these in the directory to be protected.

When visiting the web address a pop up box appears asking for username and password.

Once filling this out with the information I have set, I get a page that says this...

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@xxxx.co.uk and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Any idea on what this could be?

09-13-2011, 08:17 PM
Well the 404 part just means that no error document was defined in the htaccess file and no 404.html or 404.php (or whatever) document exists in the directory. That's easy enough to fix.

The bigger problem is the server error, which means you most likely have an error in your .htaccess file. Can you "anonymize" and post your .htaccess file? Are you sure your path to the .htpasswd file named in the .htaccess file is correct?

09-14-2011, 11:12 AM
ok so my .htaccess file I have placed in the folder I want protected is this...

AuthUserFile /.htpasswds/.htpasswrdph
AuthType Basic
AuthName "Customer Login"
Require valid-user

at the moment we are testing this out on our company's domain so the main site is something like this... www.ourcompanysite.com/customurlforclient/index.html

The protected directory is www.ourcompanysite.com/customurlforclient/customerlogin

I have renamed the .htpasswd file as I didn't want to risk messing anything up on our company site and have called this .htpasswdph . I have placed this in the root directory (I think thats what you call it) - a folder called "htpasswds"


This is the .htpasswdph file...