Check Out  Live Advisor  User Login
Home   |   Software   |   Support   |   Knowledge Base   |   Affiliates   |   Contact   |   Take The Tour

SITE TOUR Take The Tour QUICK FIND Choose Software - Professional - Live Advisor Pro Live Advisor Ent Account Manager Account Sentry Auction Weaver Bandwidth Protector Commission Cart Digital Download PC Configurator Subscribe Me Pro Subscribe Me Ent - Shareware - Account Finder Account Manager Account Sentry Auction Weaver News Update PicLink Advertiser Subscribe Me Join Our Mailing List Subscribe Remove Powered by Subscribe Me SUPPORT AREAS Registered Users User Login Lost Password? General Help CGI Beginners CGI Tutorials Program Installation General FAQ AFFILIATE STATS Affiliates: 1312 Referrals: 113,732 Sales: $123,863.25 Paid: $18,579.51 Become an Affiliate! Stats by Commission Cart

CGI Tutorials Home : Knowledge Base : CGI Tutorials : Files User Authentication (.htaccess & .htpasswd) HTTP Servers support access authentication, and the information presented here will help you understand how it works. Most, if not all, current browsers should support HTTP Basic Authentication. Access control for a given directory is controlled by a specific file in the directory with a filename as specified by the AccessFileName directive. The default filename is .htaccess Basic ByPassword Authentication: Step By Step This should help you set up protection on a directory via the Basic HTTP Authentication method. This method also uses a standard plain text password file. So let's suppose you want to restrict files in a directory called turkey to username "pumpkin" and password "pie". Here's what to do: Create a file called .htaccess in directory turkey that looks like this: (We have already created this file for you. Get it here) AuthUserFile /otherdir/.htpasswd AuthGroupFile /dev/null AuthName ByPassword AuthType Basic <Limit GET> require user pumpkin </Limit> Note that the password file will be in another directory (/otherdir). AuthUserFile must be the full Unix pathname of the password file. Also note that in this case there is no group file, so we specify /dev/null (the standard Unix way to say "this file doesn't exist"). AuthName can be anything you want. The AuthName field gives the Realm name for which the protection is provided. This name is usually given when a browser prompts for a password, and is also usually used by a browser in correlation with the URL to save the password information you enter so that it can authenticate automatically on the next challenge. Note: You should set this to something, otherwise it will default to ByPassword, which is both non-descriptive and too common. In this example, only the method GET is restricted using the LIMIT directive. To limit other methods (particularly in CGI directories), you can specify them separated by spaces in the LIMIT directive. For example: <LIMIT GET POST PUT> require user pumpkin </LIMIT> If you only use GET protection for a CGI script, you may be finding that the REMOTE_USER environment variable is not getting set when using METHOD="POST", obviously because the directory isn't protected against POST. Create the password file /otherdir/.htpasswd The easiest way to do this is to use the htpasswd program distributed with NCSA HTTPd. Do this: htpasswd -c /otherdir/.htpasswd pumpkin Type the password -- pie -- twice as instructed. Check the resulting file to get a warm feeling of self-satisfaction; it should look like this: (We have already created this file for you. Get it here) pumpkin:y1ia3tjWkhCK2M That's all. Now try to access a file in directory turkey -- your browser should demand a username and password, and not give you access to the file if you don't enter pumpkin and pie. If you are using a browser that doesn't handle authentication, you will not be able to access the document at all. Multiple Usernames/Passwords If you want to give access to a directory to more than one username/password pair, follow the same steps as for a single username/password with the following additions: Use the htpasswd command without the -c flag to add additional users; e.g.: htpasswd /otherdir/.htpasswd peanuts htpasswd /otherdir/.htpasswd almonds htpasswd /otherdir/.htpasswd walnuts Create a group file. Call it /otherdir/.htgroup and have it look something like this: (We have already created this file for you. Get it here) my-users: pumpkin peanuts almonds walnuts ... where pumpkin, peanuts, almonds, and walnuts are the usernames. Then modify the .htaccess file in the directory to look like this: AuthUserFile /otherdir/.htpasswd AuthGroupFile /otherdir/.htgroup AuthName ByPassword AuthType Basic <Limit GET> require group my-users </Limit> Note that AuthGroupFile now points to your group file and that group my-users (rather than individual user pumpkin) is now required for access. That's it. Now any user in group my-users can use his/her individual username and password to gain access to directory turkey.

OUR CLIENTS SAY "...your tech support is outstanding. (the program is great to)" Lawrence Fisher Social Security.com Post Quote | View Quotes

Home   |   Software   |   Support   |   Knowledge Base   |   Affiliates   |   Contact   |   Take The Tour
[  Privacy Policy  |  Terms of Use  |  Program Installation  |  FAQ  |  Jobs  |  Lost Password?  ] Copyright ©1994-2009 SiteInteractive.com   All Rights Reserved.