Google

NukeCoder

RSS
  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

How to password protect a directory
 View next topic
View previous topic
Post new topic   Reply to topic  Nukecoder Forum Index » pHp-Nuke Tips
Author Message
gotcha
Site Admin
Site Admin



Joined: Oct 25, 2004
Posts: 692
PostPosted: Wed Mar 02, 2005 2:27 pm Reply with quote
Protecting directories is a simple and effective way too keep prying eyes out of your files.

To do this you will need to create 2 files, .htaccess and .htpasswd. You may not be able to make these files in windows without putting something in front of the period. If this is the case for you, name the files 1.htaccess and 1.htpasswd for now.

Lets start with the .htaccess file.

Code:

AuthUserFile /server/path/to/yoursite/protectme/.htpasswd
AuthGroupFile /dev/null
AuthName directory
AuthType Basic
require user name


I'll break this down line by line:


This line needs to be changed to reflect root path of your server leading to the folder containing the .htpasswd file. Hosting companies usually provide this information, but if not, read on for how to find out.
Code:
AuthUserFile /server/path/to/yoursite/html/.htpasswd


This line should not need to be changed.
Code:
AuthGroupFile /dev/null


This line does not need to be changed, however, this will show up in the username/password promt. Change to your own preference.
Code:
AuthName directory


This line should not need to be changed.
Code:
AuthType Basic


The final line in this file will need to be changed. You must leave require user and only change "name" to what you want to enter for authorization.
Code:
require user name


end of .htaccess file.
----------------------

Now the .htpasswd file.

Not too much to do with this file, it has 2 parts - name and password. The name should match the "name" you used in the .htaccess file. The password needs to be encrypted using apache's crypt function. I have provided a tool to do this for you HERE.
Just replace "encryptedpassword" with the string that is generated from the tool.
Code:
name:encryptedpassword


enc of .htpasswd file.
----------------------

How to find your server's root path.

Create a blank php file and name it path.php
Copy the following into this file:
Code:

<?php

echo $_SERVER['DOCUMENT_ROOT'];

?>


Now upload that file to your site root and call it with your browser like so.... http://yoursite.com/path.php.
You will now have the path to your site's root folder. Just add the name of your directory to the end of that using the above code as a guide.

Now that you have both .htaccess and .htpasswd completed, upload them to your directory (rename if needed)and try to retrieve a file. You should be prompted for a username and password.

Thats it. Feel free to ask questions and leave comments.

gotcha.
View user's profile Send private message
Dameon
Newbie
Newbie



Joined: Mar 14, 2005
Posts: 10
Location: Ohio
PostPosted: Thu Mar 17, 2005 7:56 am Reply with quote
Thank you gotcha for this information. I have been looking everywhere for this. Especially about the password file.

Dameon
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number
Display posts from previous:       
Post new topic   Reply to topic  Nukecoder Forum Index » pHp-Nuke Tips


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT + 10 Hours
Forums ©