Trackpads Community - View Single Post

12-23-2004, 19:00

On Thu, 23 Dec 2004 12

21 GMT, "Davis" <nospam@worldnet.att.net>
posted something that included:

>Hi,
>
>Can you recommend a good software program that I can use to password protect
>select pages on my web site. I am about to add a wholesale distribution
>section that I do not want regular customers to access.
>
>The software must allow me to manage my wholesalers login password.
>
>Davis
>http://www.segiftware.com
>NotePad

It's a lot more reliable to use htpasswd than anything else, very
versatile, very easy - and you can either protect individual files, or
you can protect entire directories.

To protect an individual file called secretfile.html, you add this to
the .htaccess file for that directory. (If you are protecting the
entire directory, eliminate the <files> and </files> lines)

<files secretfile.html>
AuthUserFile /home/davis/passwd
AuthGroupFile /dev/null
AuthName EnterYourPassword
AuthType Basic
require valid-user
</files>

You create a password file at /home/david/passwd

If you have shell access, type
htpasswd -bc /home/davis/passwd user19 anthrax
to create a new password file with user19 as a user whose password is
anthrax. To add a second user to the password file, you use
htpasswd -b /home/davis/passwd user20 pneumonia
(Using the -c flag would overwrite the original file. Oops!)

If you don't have shell access, you need to edit that file by hand.
Each line starts out with the username followed by a colon and the
encrypted password. There's a utility at
http://paulding.net/bin/crypt.cgi that will generate the encrypted
passwords for you. If you enter pneumonia as the password, you get
back something like "pneumonia:pNV0ZhfRnQwJw" You don't need the
password in both plaintext and encrypted form in the passwd file,
though. Change that to user20:pNV0ZhfRnQwJw and add that line to the
end of the password file.

To remove someone's access, simply delete their line in the password
file.

This is *really* basic authentication; if you'd like to explore some
of the more advanced things you can do, check out these two pages.
http://httpd.apache.org/docs-2.1/howto/auth.html
http://httpd.apache.org/docs/programs/htpasswd.html

--
If we're losing 40-130 species a day,
How come nobody can itemize them?
And why can't fruitflies be one of them?

12-23-2004, 19:00	#2 (permalink)
Paul Ding Civilians	Re: Password Protect Wholesaler Web Pages On Thu, 23 Dec 2004 1221 GMT, "Davis" <nospam@worldnet.att.net> posted something that included: >Hi, > >Can you recommend a good software program that I can use to password protect >select pages on my web site. I am about to add a wholesale distribution >section that I do not want regular customers to access. > >The software must allow me to manage my wholesalers login password. > >Davis >http://www.segiftware.com >NotePad It's a lot more reliable to use htpasswd than anything else, very versatile, very easy - and you can either protect individual files, or you can protect entire directories. To protect an individual file called secretfile.html, you add this to the .htaccess file for that directory. (If you are protecting the entire directory, eliminate the <files> and </files> lines) <files secretfile.html> AuthUserFile /home/davis/passwd AuthGroupFile /dev/null AuthName EnterYourPassword AuthType Basic require valid-user </files> You create a password file at /home/david/passwd If you have shell access, type htpasswd -bc /home/davis/passwd user19 anthrax to create a new password file with user19 as a user whose password is anthrax. To add a second user to the password file, you use htpasswd -b /home/davis/passwd user20 pneumonia (Using the -c flag would overwrite the original file. Oops!) If you don't have shell access, you need to edit that file by hand. Each line starts out with the username followed by a colon and the encrypted password. There's a utility at http://paulding.net/bin/crypt.cgi that will generate the encrypted passwords for you. If you enter pneumonia as the password, you get back something like "pneumonia:pNV0ZhfRnQwJw" You don't need the password in both plaintext and encrypted form in the passwd file, though. Change that to user20:pNV0ZhfRnQwJw and add that line to the end of the password file. To remove someone's access, simply delete their line in the password file. This is really basic authentication; if you'd like to explore some of the more advanced things you can do, check out these two pages. http://httpd.apache.org/docs-2.1/howto/auth.html http://httpd.apache.org/docs/programs/htpasswd.html -- If we're losing 40-130 species a day, How come nobody can itemize them? And why can't fruitflies be one of them?