Analog Point Solutions
  Create password protection for directoriesQuestions? Write sales@analogpoint.com 
Services
Web Programming
Website Creation
Website Promotion
Website Consultation
Products
News Publisher
Free Tools
Domain IP Lookup
IP to Hostname Lookup
Your IP Address
DNS records
Domain Availability
HTML & CSS Sandbox
Response headers
.htaccess authentication
WordPress Plugins
Random Post

Please email us if you have a question, want a free quote or would like to discuss a project.

Valid HTML 4.01 Transitional Valid CSS!
Proudly creating standards- compliant websites (including our own)
 

.htaccess password protection

Password protect a directory with basic HTTP authentication. NOTE: This only works on Apache servers. Also note that these usernames and passwords and the resultant digest/hash are all sent as plain text over a non-secure connection. Use them at your own risk! Maybe in the future I'll add digest authentication in addition to basic authentication.


1 Enter the path to the directory that you want to protect.

Something like: home/usr/websites. If you have no idea what this is, you can save this php code <?php echo dirname (__FILE__); ?> to a file with the extention .php and upload it to the directory that you want to protect. Go to the file in your browser and you should see the path to that directory. Copy and paste it here.


2 Enter a display message to the user.


3 Enter usernames and passwords that can access the directory.

Type the username and password, separated by a space, on one line. Enter one username/password combination per line. Enter at least one username/password combination.


4



Notes about how this works etc

I did everything you say, and it doesn't work! - First of all, your host has to allow you to use per-directory authentication. The command in the httpd.conf file is AllowOverride AuthConfig. If it's not allowed, none of this will work.


I put in the same username and password twice but the password hash is different. - The passwords are encrypted using a salt value. Each time the salt value changes, the hash for the same password changes.


How is the hash created? - Basic HTTP authentication simply uses the crypt function with a 2-character salt. It works something like this: $hash = crypt ($password, 'xU');. 'xU' is the salt. For this script, two alpha-numeric chars are chosen randomly as the salt. See more examples.


I want you to help me with ___. - I'm avaliable for consultation or hire. :) Contact me and I'll be happy to get you a quote.



   Return to the Analog Point Solutions Homepage 
Copyright © 2003-2008 Analog Point Solutions