Results 1 to 9 of 9

Thread: Creating a Password Protected Area

  1. #1
    Banned
    Join Date
    Apr 2003
    Posts
    51

    Creating a Password Protected Area

    I'm trying to figure out how to create a secure password protected area for some files in php. For example, you log in on a file called login.php and then if its sucessful, you get redirected to main.php and from there, you can go to other pages which you couldn't normally access unless u were logged in. Does any body know how to do this? Thanks

  2. #2
    Senior Member roswell1329's Avatar
    Join Date
    Jan 2002
    Posts
    670
    Tons of ways to do this, but the easiest would be to use the standard htaccess authentication system available from Apache (assuming you're using apache for your web server). Simply create an htpasswd file by executing the htpasswd binary (check the man for usage) and add the users you want to give access to. Then create a directory you want to protect (ie, secure/). Inside this directory, place an .htaccess file that references the htpasswd file you created (syntax varies, check the web for creating an htaccess file). Once that is established, anything in the directory would require a username and password.

    PHP can use the default htaccess authentication methods if you want the password box to be more customizable. Check out a book called PHP and MySQL Web Development by Welling and Thomson for a good explanation of this method, along with several others using PHP.
    /* You are not expected to understand this. */

  3. #3
    Banned
    Join Date
    Apr 2003
    Posts
    51
    thats an ok idea, but i'm not too familier with stuff like that. I was try to make a script that other people can use so i was looking towards something similar to http://www.tsr-corp.com/cgi-bin/coranto/coranto.cgi . Any ideas?

  4. #4
    Purveyor of Lather Syini666's Avatar
    Join Date
    Aug 2001
    Posts
    553
    BobDoleX > check out somewhere like Zend.com or PHPFreaks.com, both have lots of good resources to help you. To simplify things a bit, try this link

    http://www.phpfreaks.com/tutorials/40/0.php

    its a basic membership system, with quite nice documentation on how to setup and get everything working, if you need more features, the phpfreaks site also has two mord avanced membership systems also.
    You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

  5. #5
    Senior Member
    Join Date
    Jul 2003
    Posts
    114
    The Three Virtues of the Programmer are Laziness, Hubris, and Generosity. So sayeth Programming Perl.

    Exercise your laziness, for it is more important then hubris. You could write a php thingee to make a password-protected site, but it would be more effort and less secure than using your web server's password protection system.

    BTW, 2nd link off googling htaccess password: http://javascriptkit.com/howto/htaccess3.shtml. Perhaps your laziness is well-developed, just misplaced.

  6. #6
    Banned
    Join Date
    Apr 2003
    Posts
    51
    ya, i'm thinking i should just go with the htaccess or possably use my CPanel to create a secure directory

    ok, i think i figured out the .htacess thing, just one thing, where would i put the .httpassword (or whatever) file? i'm thinking i shouldn't put it in the /html directory, but where else can i put it? theres lots of folders in the higher directories and i dont want it to get messed up...

  7. #7
    Senior Member
    Join Date
    Jul 2003
    Posts
    114
    You can put it anywhere you want. (I'm not sure if apache will serve it up or not, probably better to put it outside of the /html directory.) Use the AuthUserFile directive in your .htaccess file to tell the server where the .htpasswd file is located. See http://httpd.apache.org/docs-2.0/howto/htaccess.html for more info.

  8. #8
    Banned
    Join Date
    Apr 2003
    Posts
    51
    o awesome thanks. BTW, in my website account, i cant seem to upload anything outside the /html directory. Is that just me and other people can upload stuff outside the /html if u dont own the server?

  9. #9
    Senior Member
    Join Date
    Jul 2003
    Posts
    114
    Where you can and cannot upload things is entirely up to the server administrator.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •