This is what I have done thus far. I am still ending up empty. Without my login protection. I am trying to protect a configuration tool. It is located in my modify folder

I created two files.

htaccess.txt
AuthName "Webmaster Login"
AuthType Basic
AuthUserFile /var/www/dopey/cart/items/modify/.htpasswd
require valid-user

htpasswd.txt
dopeydadwarf:jbdxOuS0bcmRA
( no i didn't use my password in this example )

after upload I changed them to .htaccess/.htpasswd respectivly.

I placed .htaccess into the modify dir.
I placed .htpasswd into the cart dir. I guessed on this one...where exactly should it go? Should it go deeper into the dir's

I found root via <?php echo $DOCUMENT_ROOT ?>
then the dir's are up from there.

password via http://tools.blueyonder.co.uk/

Any help would be greatly appreciated. Any help on common pitfalls is also appreciated.

P.S. I am learning php and administrating a site hosted on a *nix based server.

You said you placed .htpasswd in the cart directory. Look at your .htaccess again


AuthName "Webmaster Login"
AuthType Basic
AuthUserFile /var/www/dopey/cart/items/modify/.htpasswd
require valid-user


You are telling .htaccess too look in the modify directory for .htpasswd. This is part of your problem. I have limited knowledge of .htaccess/.htpasswd, I use it quite seldom, however give that a try.. because it's definately part of your problem.. the AuthUserFile must line up with where .htpassword actually is.

HTRegz

Your point is well noted....Thanks for the correction...however it did no good. Perhaps there is just something I am missing on my side....

Got any other ideas? Perhaps suggestions on other dir passwd protection?

Thanks all..

Wait, you say you created two files "htaccess.txt" and "htpasswd.txt". Aren't those supposed to be .htaccess and .htpasswd. I have a different setup, but I use a .htaccess file in the directory I don't want people to visit. I have it point to a file called passwords with no .txt or anything. I set it up using apache documentation on .htaccess. I used a combo of these two links for the setup
http://httpd.apache.org/docs/howto/htaccess.html
http://httpd.apache.org/docs/howto/auth.html
If I remember correctly you also have to edit some of your allow and deny thingies in the httpd.conf file. I have it to where if you access one of the user specific home pages e.g. /~user then you have to have a password. I just used this in the httpd.conf file.

#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>

All of that was originally commented out. You will have to do something similar most likely, unless for the main directory the .htaccess works by default. Hope this helps. Good luck.

Here, this guy makes it all nice and simple. Got me working
You can password protect content in both the main and sub-directories of your DocumentRoot fairly easily. I know of cases where persons will allow normal access to their regular web pages, but require passwords for directories / pages that show MRTG or Webalizer data. In this example we'll show how to password protect the /var/www/html directory.

· Apache has a password utility called "htpasswd" which can create "username password" combinations independent of your system login password for web page access. You have to specify the location of the password file, and if it doesn't yet exist, you'll have to include a "-c" or "create" switch on the command line. I recommend placing the file in your /etc/httpd/conf directory, away from the DocumentRoot tree where web users could possibly view it. Here is an example for a first user named "peter" and a second named "paul":



[root@bigboy tmp]# htpasswd -c /etc/httpd/conf/.htpasswd peter
New password:
Re-type new password:
Adding password for user peter
[root@bigboy tmp]#



[root@bigboy tmp]# htpasswd /etc/httpd/conf/.htpasswd paul
New password:
Re-type new password:
Adding password for user paul
[root@bigboy tmp]#



· Make the .htpasswd file readable by all users.



[root@bigboy tmp]# chmod 644 /etc/httpd/conf/.htpasswd



· Create a .htaccess file in the directory to which you want password control with the following entries. Remember this will password protect this directory and all its sub directories.



AuthUserFile /etc/httpd/conf/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic
require user peter


· The AuthUserFile tells Apache to use the “.htpasswd” file

· The "require user" tells Apache that only user "peter" in the “.htpasswd” file should have access. If you wanted all “.htpasswd” users to have access then you'd replace this line with require valid-user

· "AuthType Basic" instructs Apache to accept basic unencrypted passwords from the remote users web browser.



· Set the correct file protections on your new .htaccess file in the directory /var/www/html.



[root@bigboy tmp]# chmod 644 /var/www/html/.htaccess



· Make sure your /etc/httpd/conf/http.conf file has an AllowOverride statement in a <Directory> directive for any directory in the tree above /var/www/html. In the example below, we want all directories below /var/www/ to require password authorization.



<Directory /var/www/html/*>
AllowOverride AuthConfig
</Directory>



· You must also ensure that you have a <VirtualHost> directive that defines access to /var/www/html or another directory higher up in the tree.

<VirtualHost *>
ServerName 97.158.253.26
DocumentRoot /var/www/html
</VirtualHost>


· Restart Apache. Try accessing the web site and you'll be prompted for a password.


taken from http://www.siliconvalleyccie.com/linux-hn/apachebasic.htm