I need to pw protect a directory and the client’s control panel is
not yet set-up to do this so I’m using a htaccess tutorial. I get the
log-in form with the username pre-filled but it won’t accept my
password.
The protected dir. already has an .htaccess file that contains info
for a MAR db to which I added the above code. Could this be the problem?
You can only have one htaccess in the folder. The one you posted on pastie looks fine for the access part, try just putting everything that’s in it in the MAR htaccess file, at the top.
You can only have one htaccess in the folder. The one you posted on pastie looks fine for the access part, try just putting everything that’s in it in the MAR htaccess file, at the top.
Put the auth stuff on the top. I realize my description might have been a little vague. The auth stuff has to happen before the rewrite, or else it never gets called. After the rewrite happens, the htaccess file exits the stage.
Also, be very sure that the htpasswd file is where you think it is.
I believe the path needs to a full path so it would be:
/users/myusername/html/my_directory/.htpasswd
Is that correct?
Todd
On Sep 18, 2008, at 10:28 AM, waltd wrote:
Put the auth stuff on the top. I realize my description might have been a little vague. The auth stuff has to happen before the rewrite, or else it never gets called. After the rewrite happens, the htaccess file exits the stage.
Also, be very sure that the htpasswd file is where you think it is.
When I visit the folder I get the login form/prompt as expected. I enter the username and password and submit the form. The page reloads with the form again (username is pre-filled). I don’t get in.
Todd
On Sep 18, 2008, at 10:43 AM, waltd wrote:
Yes, that’s correct as far as the path goes. What happens when you enter the folder? Do you get a server error, or does it let you in?
Hmmm. I’ve never actually tried doing this all in one file, but clearly it’s not going to play nice. Maybe try setting the password one directory higher, then having the redirect magic happen in the current directory.
Make a new htaccess in the directory above the current one, then move the access stuff there. OF course that is going to lock out everything in the folder above this one, too.
Another way would be to use authentication at the PHP level.
Hmmm. I’ve never actually tried doing this all in one file, but clearly it’s not going to play nice. Maybe try setting the password one directory higher, then having the redirect magic happen in the current directory.
Make a new htaccess in the directory above the current one, then move the access stuff there. OF course that is going to lock out everything in the folder above this one, too.
Another way would be to use authentication at the PHP level.
Btw, I tried adding the htaccess/htpasswd to a different empty folder
(no MAR…nothing) and it still fails in the same way so I doubt that
the MAR rewrite stuff is the problem.
Todd
On Sep 18, 2008, at 12:49 PM, waltd wrote:
Hmmm. I’ve never actually tried doing this all in one file, but
clearly it’s not going to play nice. Maybe try setting the password
one directory higher, then having the redirect magic happen in the
current directory.
Make a new htaccess in the directory above the current one, then
move the access stuff there. OF course that is going to lock out
everything in the folder above this one, too.
Another way would be to use authentication at the PHP level.
I put the secure.php file in the admin folder (which is what I want to protect) and added the below line to routing.php <http://pastie.org/275158>. My question is, is this the only line I need to edit to set the user and pass for access?
If you drop all of this into a file called secure.php, then include that as the first line in your routing.php, you should be able to keep anyone out.
<?php
//routing.php
require_once('secure.php');
...
The PHP_AUTH_USER and such are global environment variables that get set by the script and return from the server when you come to the page.
On Thu, Sep 18, 2008 at 7:09 PM, Todd email@hidden wrote:
Btw, I tried adding the htaccess/htpasswd to a different empty folder
(no MAR…nothing) and it still fails in the same way so I doubt that
the MAR rewrite stuff is the problem.
Are you sure that the full path to your htpasswd file is correct?
You’re correct, the path was wrong but even after fixing it there was still a larger issue that conflicted with the MAR routing.php file. In the end I ended up using php to secure it and it worked perfectly.
Todd
On Oct 5, 2008, at 2:39 AM, Finlay Dobbie wrote:
On Thu, Sep 18, 2008 at 7:09 PM, Todd <email@hidden> wrote:
Btw, I tried adding the htaccess/htpasswd to a different empty folder
(no MAR…nothing) and it still fails in the same way so I doubt that
the MAR rewrite stuff is the problem.
Are you sure that the full path to your htpasswd file is correct?