LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-07-2004, 08:51 PM   #1
mark001
LQ Newbie
 
Registered: Sep 2004
Posts: 27

Rep: Reputation: 15
Unhappy How Can I password protect a sub-directory of a hosted website from client PC


I have a website hosted with an ISP and I wanted to password protect one of its
sub-directories e.g. http://www.xxxxx.com/somefolder will present an enter username and password dialogue box in order to login.

I have read about .htaccess and .htpasswd howto but it seems that I have to be running
apache in order to do that.

I have created .htaccess file under /home/user/web/somefolder/.htaccess

And I tried to create .htpasswd /home/user/web/somefolder/.htpasswd
and results in bash: command not found.

I tried cd /.../.../somefolder and typed as root
htpasswd -c .htpassed username and got the same result bash: command not found.

I am running redhat 8.0 on a client PC.
I have not installed apache server.

Can anyone tell me how to go about password protect website sub-dirctories from
a client PC.

Thanks in advance.


mark001
 
Old 11-07-2004, 09:26 PM   #2
masand
LQ Guru
 
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522

Rep: Reputation: 69
hi there

u need to edit ur httpd.conf (apche web server conig file)

have a look at

http://httpd.apache.org/docs-2.0/howto/auth.html

regards
 
Old 11-07-2004, 10:19 PM   #3
gaviidae
Member
 
Registered: Jun 2004
Location: West Michigan
Distribution: limping along with MD10, Knoppix3.6 : )
Posts: 62

Rep: Reputation: 15
Maybe if it says bash: command not found,
maybe you have to edit the bash profile, and tell it to look wherever this command is kept.
By default bash_profile assumes commands you use are in your home directory.
 
Old 11-08-2004, 06:55 AM   #4
mark001
LQ Newbie
 
Registered: Sep 2004
Posts: 27

Original Poster
Rep: Reputation: 15
HI, masand

Thank you for your reply!

since I have not installed apache, so, I guess I didn't have the http.conf file with my instllation!

From the previous threads I searched and read, they all pointed to creating and editing two files .htaccess and .htpasswd. I have created the file .htaccess, but somehow could not create file .htpasswd as mentioned in this thread. I think may be it is because I have not installed the distribution to run as a server and could this be explained for the result bash: command
not found. Just a thought.

thanks


mark001
 
Old 11-08-2004, 07:11 AM   #5
mark001
LQ Newbie
 
Registered: Sep 2004
Posts: 27

Original Poster
Rep: Reputation: 15
Hi, gaviidae

Thanks for replying.

I tried the bash command man htpasswd but got the result No Manual Entry for htpasswd.

I am not very familiar with the bash commands, will try and see if I could find out more.

regards.


mark001
 
Old 11-08-2004, 07:19 AM   #6
masand
LQ Guru
 
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522

Rep: Reputation: 69
hi there

[root@gaurav root]# rpm -qf /usr/bin/htpasswd
httpd-2.0.49-4
[root@gaurav root]#

so u see u need httpd (apache) package for ur htpasswd

regards
 
Old 11-08-2004, 07:38 AM   #7
mark001
LQ Newbie
 
Registered: Sep 2004
Posts: 27

Original Poster
Rep: Reputation: 15
Hi, masand

So, in this case, I have to contact my ISP and ask them to configure their server to password protect my website sub-directories, am I right?

regards.

mark001
 
Old 11-08-2004, 07:46 AM   #8
masand
LQ Guru
 
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522

Rep: Reputation: 69
hi

yes this is to be configured at the place where it is hosted

regards
 
Old 11-08-2004, 10:36 AM   #9
sutley
Member
 
Registered: Jul 2004
Posts: 42

Rep: Reputation: 15
HTTP_POST

I use .htpasswd and .htaccess, but since you don't have Apache, you could try password protecting each page in that folder with a login page.

I'm not EXACTLY sure how to do this but something like this might work. I'm sure some else out there might know better.

loginpage.php:
<form name="login" action="yourpage.php" method="POST">
User: <input type="text" name="user" size="70"><br />
Pass: <input type="text" name="pass" size="70"> <br />
<input type="submit" name="Submit" value="Login">
</form>

user_pass.php (put in a directory outside of htdocs/html/public directory so its not web accessible)
<$php
$me = [username];
$mypassword = [password];
?>

yourpage.php:
<?php
require_once('/non_web_accessible_directory/user_pass.php');

$user = $HTTP_POST_VARS['user'];
$pass = $HTTP_POST_VARS['pass'];

if ($user == $me && $pass == $mypassword){
echo 'This is my protected page content.';
}else{
echo '<a href=\"loginpage.php\">Please Login First</a>';
}
?>
 
Old 11-08-2004, 07:04 PM   #10
mark001
LQ Newbie
 
Registered: Sep 2004
Posts: 27

Original Poster
Rep: Reputation: 15
Sutley,

thanks for the posted script.

This is almost exactly what I had wanted to do - password protect sub-directories and/or a particular webpage, so the viewer has to login inorder to see its content.

I will try to use the posted script, but I have to dig into some php reading first. although know php is a scripting language but didn't know much on php.

regards.

mark001
 
Old 11-08-2004, 11:27 PM   #11
masand
LQ Guru
 
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522

Rep: Reputation: 69
hi there

i agree that the script is fine but what if i bypass the login page and go directly to the directory if i know the location??
for this u need the configuartion as of discussed earlier because the webserver will not stop me browsing that directory unless specified....

regards
 
Old 11-09-2004, 09:21 AM   #12
mark001
LQ Newbie
 
Registered: Sep 2004
Posts: 27

Original Poster
Rep: Reputation: 15
Hi, masand

I think if we can password protect every webpage within a certain directory ,then, that particular directory is also password protected via the protected webpages. This may be true if the directory consists of only webpages and no other files.

I hope I am making some sense. . . . out of this.

regards.


mark001
 
Old 11-09-2004, 09:34 AM   #13
masand
LQ Guru
 
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522

Rep: Reputation: 69
hi there

what i am saying is that u need to restrict a user to a certain directory
that will be more safe
or u need to put the code in all ur pages
and what if u want to remove this restriction then remocve the code from all thepages???

while a single entry if possible at the webserver wil serve ur purpose

regards
 
Old 11-09-2004, 10:10 AM   #14
sutley
Member
 
Registered: Jul 2004
Posts: 42

Rep: Reputation: 15
Yes. Using Apache's ability to use .htpasswd and .htaccess would be ideal and easy. How about proposing other solutions? Surely there is another way to protect directories. Mark001, can you tell us more about your server? I only have experience with Apache, but surely what ever you're using has the ability to prompt for a user / pass in order to access a directory. Maybe there's someway to chown the directory to a user and use that to your advantage. Otherwise if using the login script, I wouldn't manually place it in every webpage. I would save it in a sepearte file and use php to "include" it. That way if you ever want to change it, you only have to change it in one place.

sam

Last edited by sutley; 11-09-2004 at 10:11 AM.
 
Old 11-09-2004, 10:14 AM   #15
mark001
LQ Newbie
 
Registered: Sep 2004
Posts: 27

Original Poster
Rep: Reputation: 15
Hi, masand

I agree absolutely to your point that having the configuration done at the server config files seems to be the best option because less work is involved.

I called my ISP yesterday to enquire about this issue and they agreed to help out at no extra cost.

Regards.

mark001
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Password protect a directory aquatux SUSE / openSUSE 6 08-01-2005 11:56 PM
Password protect a website J_K9 Programming 5 07-07-2005 08:12 AM
how do I poassword protect a directory on a website, Apache bentman78 Linux - Software 8 06-17-2004 11:12 AM
How to password protect a web directory abdulber Linux - Software 1 01-27-2004 11:34 PM
Password protect a directory Stephanie Linux - General 6 03-26-2002 02:58 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:25 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration