htaccess

Account · September 18, 2008, 2:27pm

I need to pw protect a directory and the client’s control panel is
not yet set-up to do this so I’m using a htaccess tutorial. I get the
log-in form with the username pre-filled but it won’t accept my
password.

The protected dir. already has an .htaccess file that contains info
for a MAR db to which I added the above code. Could this be the problem?

Todd

http://pastie.org/274959

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

waltd · September 18, 2008, 3:00pm

You can only have one htaccess in the folder. The one you posted on pastie looks fine for the access part, try just putting everything that’s in it in the MAR htaccess file, at the top.

Walter

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Account · September 18, 2008, 3:25pm

Here’s the htaccess with MAR and access. Still no go.

<http://pastie.org/275006>

Todd

On Sep 18, 2008, at 10:00 AM, waltd wrote:

You can only have one htaccess in the folder. The one you posted on pastie looks fine for the access part, try just putting everything that’s in it in the MAR htaccess file, at the top.

waltd · September 18, 2008, 3:28pm

Put the auth stuff on the top. I realize my description might have been a little vague. The auth stuff has to happen before the rewrite, or else it never gets called. After the rewrite happens, the htaccess file exits the stage.

Also, be very sure that the htpasswd file is where you think it is.

Walter

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Account · September 18, 2008, 3:40pm

Originally that’s how I had it, with the auth first then the rewrite but it still doesn’t work.

Just for the purpose of testing the htpasswd is in the same dir. as the htaccess. For example:

/html/my_directory/.htaccess
/html/my_directory/.htpasswd

I believe the path needs to a full path so it would be:

/users/myusername/html/my_directory/.htpasswd

Is that correct?

Todd

On Sep 18, 2008, at 10:28 AM, waltd wrote:

Put the auth stuff on the top. I realize my description might have been a little vague. The auth stuff has to happen before the rewrite, or else it never gets called. After the rewrite happens, the htaccess file exits the stage.

Also, be very sure that the htpasswd file is where you think it is.

waltd · September 18, 2008, 3:43pm

Yes, that’s correct as far as the path goes. What happens when you enter the folder? Do you get a server error, or does it let you in?

Walter

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Account · September 18, 2008, 3:56pm

When I visit the folder I get the login form/prompt as expected. I enter the username and password and submit the form. The page reloads with the form again (username is pre-filled). I don’t get in.

Todd

On Sep 18, 2008, at 10:43 AM, waltd wrote:

Yes, that’s correct as far as the path goes. What happens when you enter the folder? Do you get a server error, or does it let you in?

waltd · September 18, 2008, 5:49pm

Hmmm. I’ve never actually tried doing this all in one file, but clearly it’s not going to play nice. Maybe try setting the password one directory higher, then having the redirect magic happen in the current directory.

Make a new htaccess in the directory above the current one, then move the access stuff there. OF course that is going to lock out everything in the folder above this one, too.

Another way would be to use authentication at the PHP level.

Try this: http://pastie.org/275115

Walter

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Account · September 18, 2008, 6:07pm

The next level up is the public dir. so that’s not an option.

As for the php, what do I name the file? And are the first 2 lines below the server UN and PW or the auth for the directory?

$my_username=$_SERVER[‘PHP_AUTH_USER’];
$my_password=$_SERVER[‘PHP_AUTH_PW’];
if(($my_username ==“”) || ($my_password == “”) || $my_password != $passwords[$my_username]) restrictedArea();

Todd

On Sep 18, 2008, at 12:49 PM, waltd wrote:

Hmmm. I’ve never actually tried doing this all in one file, but clearly it’s not going to play nice. Maybe try setting the password one directory higher, then having the redirect magic happen in the current directory.

Make a new htaccess in the directory above the current one, then move the access stuff there. OF course that is going to lock out everything in the folder above this one, too.

Another way would be to use authentication at the PHP level.

Account · September 18, 2008, 6:09pm

Btw, I tried adding the htaccess/htpasswd to a different empty folder
(no MAR…nothing) and it still fails in the same way so I doubt that
the MAR rewrite stuff is the problem.

Todd

On Sep 18, 2008, at 12:49 PM, waltd wrote:

Hmmm. I’ve never actually tried doing this all in one file, but
clearly it’s not going to play nice. Maybe try setting the password
one directory higher, then having the redirect magic happen in the
current directory.

Make a new htaccess in the directory above the current one, then
move the access stuff there. OF course that is going to lock out
everything in the folder above this one, too.

Another way would be to use authentication at the PHP level.

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

waltd · September 18, 2008, 6:27pm

If you drop all of this into a file called secure.php, then include that as the first line in your routing.php, you should be able to keep anyone out.

<?php
//routing.php
require_once('secure.php');
...

The PHP_AUTH_USER and such are global environment variables that get set by the script and return from the server when you come to the page.

Walter

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Account · September 18, 2008, 6:42pm

I put the secure.php file in the admin folder (which is what I want to protect) and added the below line to routing.php <http://pastie.org/275158>. My question is, is this the only line I need to edit to set the user and pass for access?

passwords=array(‘username1’=>‘password1’,‘username2’=>‘password2’)

On Sep 18, 2008, at 1:27 PM, waltd wrote:

If you drop all of this into a file called secure.php, then include that as the first line in your routing.php, you should be able to keep anyone out.
<?php //routing.php require_once('secure.php'); ... The PHP_AUTH_USER and such are global environment variables that get set by the script and return from the server when you come to the page.

waltd · September 18, 2008, 7:28pm

Yes. Where I have username1 etc, that’s what you would edit.

Walter

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Finlay_Dobbie · October 5, 2008, 7:39am

On Thu, Sep 18, 2008 at 7:09 PM, Todd email@hidden wrote:

Btw, I tried adding the htaccess/htpasswd to a different empty folder
(no MAR…nothing) and it still fails in the same way so I doubt that
the MAR rewrite stuff is the problem.

Are you sure that the full path to your htpasswd file is correct?

– Finlay

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Account · October 6, 2008, 3:26pm

You’re correct, the path was wrong but even after fixing it there was still a larger issue that conflicted with the MAR routing.php file. In the end I ended up using php to secure it and it worked perfectly.

Todd

On Oct 5, 2008, at 2:39 AM, Finlay Dobbie wrote:

On Thu, Sep 18, 2008 at 7:09 PM, Todd <email@hidden> wrote:

Btw, I tried adding the htaccess/htpasswd to a different empty folder

(no MAR…nothing) and it still fails in the same way so I doubt that

the MAR rewrite stuff is the problem.

Are you sure that the full path to your htpasswd file is correct?

– Finlay