inherit
51128
0
Aug 16, 2005 19:35:13 GMT -8
zeke700
28
July 2005
zeke700
|
Post by zeke700 on Jul 16, 2005 18:02:52 GMT -8
what do u mean just putting a passwd file will not protect it, if thats all you place correct, but if you place the actual .htacces document then your protected + you need to make sure a new cannt over write another users account then its secure
|
|
inherit
Banned
29372
0
Sept 7, 2005 14:30:48 GMT -8
It's me again
3,197
August 2004
prohibited
|
Post by It's me again on Jul 16, 2005 18:03:06 GMT -8
No, I mean, creating the directory, then making it also create a .htpasswd and .htaccess file in each directory.... Oh, wait, I made a mistake.. Make sure it also creates a folder within the /Prohibited/ folder like /login/ or what ever you want to do. So the url would be like www.yoursite.com/Prohibited/login/ (which contains admin functions maybe?) lol
|
|
inherit
5116
0
Jun 1, 2012 11:13:33 GMT -8
Ben Woodruff
23,954
August 2002
bwoodruff
|
Post by Ben Woodruff on Jul 16, 2005 18:10:44 GMT -8
No, you're thinking too hard. This is easier than all that.
Make a PHP script that does the following:
Check the user's name and password that they enter against a file (that is protected by your .htaccess file, or is outside of the web directory), and if the auth info is correct, include $username.inc
So your directory structure would look like this:
/ /www /www/login.php /www/protected /www/protected/johnny.inc /www/protected/betty.inc (assuming you have some "odd boyscouts") /www/protected/billy.inc /www/protected/.htaccess
The .htaccess file in protected denies all access to all files in that directory. The login.php file does simple auth and includes.
I'll write the files for you and post them here so you can see what I'm talking about.
|
|
inherit
Banned
29372
0
Sept 7, 2005 14:30:48 GMT -8
It's me again
3,197
August 2004
prohibited
|
Post by It's me again on Jul 16, 2005 18:20:33 GMT -8
Ah, I see now. haha, yeah. That would be much easier.
|
|
inherit
51128
0
Aug 16, 2005 19:35:13 GMT -8
zeke700
28
July 2005
zeke700
|
Post by zeke700 on Jul 16, 2005 18:26:49 GMT -8
alrighty then, now do ne of you know an aplication under linux that would allow me to code php or perl
|
|
inherit
5116
0
Jun 1, 2012 11:13:33 GMT -8
Ben Woodruff
23,954
August 2002
bwoodruff
|
Post by Ben Woodruff on Jul 16, 2005 18:42:44 GMT -8
alrighty then, now do ne of you know an aplication under linux that would allow me to code php or perl pico?
|
|
inherit
5116
0
Jun 1, 2012 11:13:33 GMT -8
Ben Woodruff
23,954
August 2002
bwoodruff
|
Post by Ben Woodruff on Jul 16, 2005 18:56:51 GMT -8
login.php:
<?php $auth = false; $user = blah; $pass = blah;
if($_POST['submit']) {
$username = $_POST['username']; $password = $_POST['password'];
$file = file(".htpasswd"); foreach($file as $line) { $array = explode(':',$line); $user = $array[0]; $pass = chop($array[1]); if($user == $username && $pass == $password) { $auth = true; }
}
} ?>
<?php if($auth == false) { ?> <form action="login.php" method="POST"> User: <input name="username"><br> Pass: <input name="password" type="password"><br> <input type="submit" value="Login" name="submit"><br> </form> <?php } if($auth == false && $_POST['submit']) { print "Wrong user/pass<br>\n"; } else { include "protected/$username.inc"; } ?>
.htpasswd:
ben:ben
That will allow you to login with the username ben and the password ben. If you enter the right password, currently you will get a blank screen. If you don't enter it correctly, it will ask you to login again, and tell you you were wrong.
Sorry for the sloppy code, I want to do this quick.
Working on the rest.
EDIT: actually you don't really need any other files.
just for each user you put in your htpasswd file, make a "user.inc" file in the protected directory, then make a .htaccess file denying all access to the protected directory. if you are on a 1/2 decent server, people already can't access your .htpasswd and .htaccess files.
|
|
inherit
Banned
39031
0
May 31, 2007 9:56:53 GMT -8
ryndell
1,808
March 2005
ryndell
|
Post by ryndell on Jul 16, 2005 19:38:02 GMT -8
You best bet would be if you have a larger server .Though people whom wish to have web space.Just allow them to create and build their own sites,if this is what you are doing.Then you take webpages, and link all of the sites to one page .They would all have separate passwords and accounts, but all the said sites can be found in one place.Safer that way too.Like a few pages as a directory to the sites.Its that simple i would think thats what i have done before.
|
|
inherit
RIP- Proboards Legend
39218
Conquester777 Conquester777
0
Oct 11, 2005 6:36:29 GMT -8
Conquester777
CirclesAreFun
4,008
March 2005
cq777
|
Post by Conquester777 on Jul 16, 2005 21:11:00 GMT -8
what you're asking is a little confusing
can you be more specific?
login as in ftp login?...
|
|
inherit
Banned
29372
0
Sept 7, 2005 14:30:48 GMT -8
It's me again
3,197
August 2004
prohibited
|
Post by It's me again on Jul 17, 2005 1:29:06 GMT -8
The question was already answered.
|
|