Page 1 of 3

Password Protect Directories

Posted: Mon Apr 27, 2009 8:17 pm
by ICT Tech
Hi Guys,

I know that to password protect a web directory you need to have a .htaccess file, and inside here part of the code points towards a .htpasswd file.
The .htpasswd file can hold 1 username and 1 password, or a range of usernames and passwords.

I have placed the 2 files in the directory, when I have 1 username and password everything is fine, however, when I have more then 1 username and password you have to alter the code in the .htaccess file to read the other logins, the login works, but it doesn't access the directory, instead it brings up a huge page talking about in internal server error, but yet the 1st username and password will lead to the directory.

Has anyone got any ideas as to what I need to do?

Thanks :P

Re: Password Protect Directories

Posted: Mon Apr 27, 2009 8:22 pm
by muto
I think you need to use the .htgroup file, have a look at this links http://www.cts.wustl.edu/cts/help/web/auth/htgroup.html

You're often better off doing it in php/asp if you can.

Re: Password Protect Directories

Posted: Mon Apr 27, 2009 8:33 pm
by ICT Tech
muto wrote:I think you need to use the .htgroup file, have a look at this links http://www.cts.wustl.edu/cts/help/web/auth/htgroup.html

You're often better off doing it in php/asp if you can.
I'm confused - do I now need all 3 files, and are the groups the users :?: :?: :?: :?

Re: Password Protect Directories

Posted: Mon Apr 27, 2009 8:43 pm
by muto
I think you need all 3, htpasswd has username:hash info; htgroup declares which users are in the group; and htaccess says what to do with the info.


htaccess contains all your users.

htgroup has something like

Code: Select all

users: username1,username2,username3
htaccess is

Code: Select all

AuthUserFile /not-www/.htpasswd
AuthGroupFile /not-www/.htgroup
AuthName ByPassword
AuthType Basic

<Limit GET>
require group users
</Limit>

Re: Password Protect Directories

Posted: Mon Apr 27, 2009 8:50 pm
by ICT Tech
Yeah, it was something like that.

Although it didn't like it, i'll post the code in 2 secs - although in the meantime go to the url in your PM :P

Re: Password Protect Directories

Posted: Mon Apr 27, 2009 8:52 pm
by ICT Tech
htaccess

Code: Select all

AuthUserFile {/public_html/staff/.htpasswd}
AuthGroupFile {/public_html/staff/.htgroup}
AuthName {Staff Intranet}
AuthType Basic

<Limit GET>
require group {Staff}
</Limit>
htgroup

Code: Select all

{Staff}:{test}
htpasswd

Code: Select all

test:d7NabT9tYqQ1c
It just won't accept it :(

Re: Password Protect Directories

Posted: Mon Apr 27, 2009 8:54 pm
by muto
Are those curly braces {} there in the real documents? Because I don't think there should be any of them... :s

Also, it's good practice to have your htpasswd files outside of public_html..

Re: Password Protect Directories

Posted: Mon Apr 27, 2009 8:57 pm
by ICT Tech
muto wrote:Are those curly braces {} there in the real documents? Because I don't think there should be any of them... :s

Also, it's good practice to have your htpasswd files outside of public_html..
The curly braces {} are in mine, whether or not they are supposed to be curly braces I don't know, also, I tried putting the files outside public_html, but it went a little haywire!

Any suggestions?

Re: Password Protect Directories

Posted: Mon Apr 27, 2009 9:00 pm
by muto
Get rid of all of them, I don't remember using any in the past for my sites. If that still doesn't work, you might want to check if you can do password protection from your hosting cPanel. Failing that, either contact your host, or do it in php[+mySQL?]; it's a lot easier to maintain that way.

I'll be back in an hour or so..

Re: Password Protect Directories

Posted: Mon Apr 27, 2009 9:06 pm
by ICT Tech
muto wrote:Get rid of all of them, I don't remember using any in the past for my sites. If that still doesn't work, you might want to check if you can do password protection from your hosting cPanel. Failing that, either contact your host, or do it in php[+mySQL?]; it's a lot easier to maintain that way.

I'll be back in an hour or so..
That way i'd have to do most of the website in php - which I don't want to do!
I'M CONFUSED - tell me what to do :cry: :(

Ahh! :P