Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Re: [howto] Protect a section with HTTP authentication (.htaccess)
Hello Again,
I think, from what you have written out in some detail, that you have pretty much got it but just two minor points:
You said:
In that .htpasswd file will be the content (created by the dynamic password generator that you recommended and is mentioned above). It would look like this:
userone:DBug7D03zsUY7
usertwo:DBug7D03zsUY7
Just to be completely clear, one should have different passwords for each user.
As for the “.htpasswd” file, I read that it should not be left in the root (per above) but within another folder. Could it go in the cgi-bin folder? If so, then the new file location (per above) would be: AuthUserFile /html_docs/cgi-bin/.htpasswd.
This is OK provided that html_docs is not the web root. e.g. it doesn’t contain the TXP installation files and directories, they would be in a folder alongside cgi-bin called web or something similar. The path to quote should be the full server path to the .htpasswd file.
AuthUserFile /full/server/path/to/html_docs/cgi-bin/.htpasswd
I hope that helps.
If you find that you might want to try something else, have a look here. I am sure WET recommends this somewhere in the TXP online world. You could use something like:
<txp:if_section name="private-page"><txp:php> include("/full/path/to/cgi-bin/password_protect.php"); </txp:php></txp:if_section>_
at the beggining of the appropriate page template. Obviously, you wouldn’t need the conditional if the template served only your private-page section. Both these methods are good where one has a reasonably small static number of users authorized to have access to the protected section.
Offline
Re: [howto] Protect a section with HTTP authentication (.htaccess)
Hi again,
Not working yet. Well, the User Name and Password box pops up on the screen but the user and passwords are rejected.
At first I used the password creator, the one you recommended at: http://tools.dynamicdrive.com/password. However, the password itself becomes encrypted. I thought that might be the problem so I created the following instead for the .htpasswd file:
userone:simplepassword
(username is: userone and the password is: simplepassword)
To find my server path I looked into my config.php file and found this:
$txpcfg[‘txpath’] = ‘/home/customer555/public_html’;
So, thinking this must be the full server path, I used this path within the .htaccess file:
AuthUserFile /home/customer555/public_html/cgi-bin/.htpasswd
So, the script now looks like this:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^(.*) ../index.php
</IfModule>
AuthType Basic
AuthUserFile /home/customer555/public_html/cgi-bin/.htpasswd
AuthName “Only for registered users”
require valid-user
I then uploaded the .htaccess file into the new directory “private-page”.
I then uploaded the .htpasswd file into the cgi-bin directory.
Did I miss something?
As for the “web page password protect” option you pointed me to, I’ll try that if nothing else works.
Thanks again for your help on this!
and placed it on my page:
Living the Location-Independent Life: www.NuNomad.com
Offline
Re: [howto] Protect a section with HTTP authentication (.htaccess)
My guess is that you are almost there and that it is worth checking the server path to the .htpassword file.
Often a path that begins with /home/.. etc is not the full server path but the “document root”, which is not the same thing. Check out your TXP Admin/Diagnostics page where you should find most of the path against the entry for $path_to_site:. Obviously, you have to adjust the last part of that entry to get the path to the .htpassword file.
Offline
Re: [howto] Protect a section with HTTP authentication (.htaccess)
Joe, thanks again for the quick reply.
I checked like you advised, and the path is: $path_to_site: /home/customer555/public_html
I also tried taking the .htpasswd out of the cgi-bin directory and put it there along side of my other html files. Still no luck. And I’ve tested on a separate computer.
Living the Location-Independent Life: www.NuNomad.com
Offline
Re: [howto] Protect a section with HTTP authentication (.htaccess)
laptophobo said
At first I used the password creator, the one you recommended at: http://tools.dynamicdrive.com/password. However, the password itself becomes encrypted. I thought that might be the problem so I created the following instead for the .htpasswd file:
userone:simplepassword
The password is encrypted by the utility; it’s designed to do that.
Put your .htpasswd file back in cgi-bin and make sure the path in .htaccess points to it.
Try adding this line to the .htpasswd file:
laptophobo:cwEiTSO0XcyDM
and then log in with laptophobo and difficultpassword.
Offline
Re: [howto] Protect a section with HTTP authentication (.htaccess)
Joe,
The login window appears to be working now. But once logged in, I’m taken to a “404 – page not found” message. I think it’s because of the folder that the .htaccess script is in. Isn’t there competition with creating a directory with the same name as a section?
Living the Location-Independent Life: www.NuNomad.com
Offline
Re: [howto] Protect a section with HTTP authentication (.htaccess)
Hello Again,
I think it’s because of the folder that the .htaccess script is in. Isn’t there competition with creating a directory with the same name as a section?
Post #6 deals with this. It isn’t a problem.
If you are getting a 404 error, it’s some other cause and perhaps not related to the ,htaccess and .htpasswd process.
I have added these files to a site I am building and it works as intended. I will email you the detail for you to see and to restore the faith ;-). I can only reasonably leave the site like that until tomorrow morning.
Check your email in a few minutes.
Offline
Re: [howto] Protect a section with HTTP authentication (.htaccess)
Well, I’ve spent 4 days trying to include a password protection device to my Section and I know I’m close. I’ve looked at post #6 and tried the various solutions (which, frankly, was all Greek to me).
I’m sure someone out there has experienced this 404 issue and has a way of resolving it with me using the information I’ve already posted. I’m not a scripting expert and I’m a newbie to Textpattern.
You’ve been great Joe.
Living the Location-Independent Life: www.NuNomad.com
Offline
#21 2010-05-26 06:49:50
- els
- Moderator
- From: The Netherlands
- Registered: 2004-06-06
- Posts: 7,458
Re: [howto] Protect a section with HTTP authentication (.htaccess)
laptophobo, have you tried this solution?
Offline
Re: [howto] Protect a section with HTTP authentication (.htaccess)
Hi Els, glad you could help.
I’ve tried the fix your (and Joe’s) recommended and it doesn’t seem to work either. To be sure, this is what’s in my .htaccess file:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^(.*) ../index.php
</IfModule>
AuthType Basic
AuthUserFile /home/customer555/public_html/cgi-bin/.htpasswd
AuthName "Only for registered users"
require valid-user
ErrorDocument 401 /home/customer555/public_html/myerror.html
ErrorDocument 403 /home/customer555/public_html/myerror.html
I then created a static htm page: myerror.html and just put some words in it that the location could not be found.
Do you think it could be a server restriction of some sort? I’m using SiteGround for hosting.
Last edited by laptophobo (2010-05-26 14:56:48)
Living the Location-Independent Life: www.NuNomad.com
Offline
#23 2010-05-26 17:57:57
- els
- Moderator
- From: The Netherlands
- Registered: 2004-06-06
- Posts: 7,458
Re: [howto] Protect a section with HTTP authentication (.htaccess)
laptophobo wrote:
and it doesn’t seem to work either.
Do you mean you can login but are still getting the 404?
Offline
Re: [howto] Protect a section with HTTP authentication (.htaccess)
Hi Els,
Yes, that’s correct. I can login but the page returns 404. I then read the thread by Wet (at: http://forum.textpattern.com/viewtopic.php?pid=91244#p91244) #13, and what he recommends was what I’ve done. He did mention a “Caveat”, which I did not understand since the attribute did not follow with anything else I’d created in the .htaccess file so far.
Wet has sent me an email and is also looking at the problem. One this riddle gets answered, I’ll post final (for dummies like me) instructions.
Cheers,
Living the Location-Independent Life: www.NuNomad.com
Offline