July 30th, 2003, 08:52 PM
Creating a Password Protected Area
I'm trying to figure out how to create a secure password protected area for some files in php. For example, you log in on a file called login.php and then if its sucessful, you get redirected to main.php and from there, you can go to other pages which you couldn't normally access unless u were logged in. Does any body know how to do this? Thanks
July 30th, 2003, 09:14 PM
Tons of ways to do this, but the easiest would be to use the standard htaccess authentication system available from Apache (assuming you're using apache for your web server). Simply create an htpasswd file by executing the htpasswd binary (check the man for usage) and add the users you want to give access to. Then create a directory you want to protect (ie, secure/). Inside this directory, place an .htaccess file that references the htpasswd file you created (syntax varies, check the web for creating an htaccess file). Once that is established, anything in the directory would require a username and password.
PHP can use the default htaccess authentication methods if you want the password box to be more customizable. Check out a book called PHP and MySQL Web Development by Welling and Thomson for a good explanation of this method, along with several others using PHP.
/* You are not expected to understand this. */
July 31st, 2003, 02:26 AM
thats an ok idea, but i'm not too familier with stuff like that. I was try to make a script that other people can use so i was looking towards something similar to http://www.tsr-corp.com/cgi-bin/coranto/coranto.cgi . Any ideas?
July 31st, 2003, 04:01 AM
BobDoleX > check out somewhere like Zend.com or PHPFreaks.com, both have lots of good resources to help you. To simplify things a bit, try this link
its a basic membership system, with quite nice documentation on how to setup and get everything working, if you need more features, the phpfreaks site also has two mord avanced membership systems also.
You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
July 31st, 2003, 04:08 AM
The Three Virtues of the Programmer are Laziness, Hubris, and Generosity. So sayeth Programming Perl.
Exercise your laziness, for it is more important then hubris. You could write a php thingee to make a password-protected site, but it would be more effort and less secure than using your web server's password protection system.
August 1st, 2003, 08:06 PM
ya, i'm thinking i should just go with the htaccess or possably use my CPanel to create a secure directory
ok, i think i figured out the .htacess thing, just one thing, where would i put the .httpassword (or whatever) file? i'm thinking i shouldn't put it in the /html directory, but where else can i put it? theres lots of folders in the higher directories and i dont want it to get messed up...
August 1st, 2003, 08:52 PM
You can put it anywhere you want. (I'm not sure if apache will serve it up or not, probably better to put it outside of the /html directory.) Use the AuthUserFile directive in your .htaccess file to tell the server where the .htpasswd file is located. See http://httpd.apache.org/docs-2.0/howto/htaccess.html for more info.
August 3rd, 2003, 10:35 PM
o awesome thanks. BTW, in my website account, i cant seem to upload anything outside the /html directory. Is that just me and other people can upload stuff outside the /html if u dont own the server?
August 5th, 2003, 05:15 AM
Where you can and cannot upload things is entirely up to the server administrator.