Password Protection - Tilted Forum Project Discussion Community

sadatx · 07-21-2005, 12:30 AM

I want to password protect an area of a site and was wondering if there was a way of doing it without paying for an encryption program. I see that there are short little javascripts you can write, but these are supposedly easy to get around. Any suggestions?

d*d · 07-21-2005, 03:40 AM

I use php, it depends on the level of security your going after

you could try the following code, it's pretty standard. put it in a seperate file called authentication.php and put

include('../authentication.php');

at the top of all pages you want pasword protected.

put the following in php tags
// This page handles the authentication for the admin pages.

$authorized = FALSE; // Initialize a variable.

// Check for authentication submission.
if ( (isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) AND isset($HTTP_SERVER_VARS['PHP_AUTH_PW'])) ) {

if ( ($HTTP_SERVER_VARS['PHP_AUTH_USER'] == 'name') AND ($HTTP_SERVER_VARS['PHP_AUTH_PW'] == 'password') ) { // If the correct values were entered...
$authorized = TRUE;
} else {
$authorized = FALSE;
}
} else {
$authorized = FALSE;
}

// If they haven't been authorized, create the pop-up window.
if ($authorized == FALSE) {
header('WWW-Authenticate: Basic realm="Administration"');
exit(); // For cancellations.
}

ratbastid · 07-21-2005, 03:45 AM

Neat hack, d*d. Of course, that PHP code is just simulating the web server's built-in authentication mechanism.

What server and platform are you using, sadatx? If it's Apache, then you can likely put a .htaccess file in the appropriate directory and configure password protection there.

Do you have shell access to the server?

sadatx · 07-21-2005, 10:58 AM

I'm using Stargate, I took over the site from a friend.

I'm not sure what having shell access means. Sorry if that sounds stupid, but I'm a newbie when it comes to web design.

vanblah · 07-22-2005, 06:50 AM

You probably don't need shell to use .htaccess (although it's a heck of a lot easier). You'll need to find out what platform Stargate is hosting your site on. If it's linux you can just create a .htaccess file and FTP it. They probably have some mechanism for you to work with permissions after you get it there or you can change permissions in some FTP clients. Be careful, if you don't know what you're doing you can mess things up pretty bad.

Read as much as you can about .htaccess.

Your best bet is to contact Stargate or at least do a search for "permissions" or ".htaccess" on their site. They may not allow it. GoDaddy.com does allow it (if you're inclined to change hosts).

You still need to figure out which platform you're on first.

ratbastid · 07-22-2005, 09:49 AM

If you do find you're using Apache, go google "apache authentication .htaccess". Then try some of the things you find out there, and come back here if you have more trouble.

sadatx · 07-23-2005, 03:26 PM

Thanks for all your help everyone,

I think the platform is Helm if that makes sense.

I don't see anything as far as setting up password protection, but I'll try and look up ".htaccess".

07-21-2005, 12:30 AM	#1 (permalink)
sadatx Psycho	Password Protection I want to password protect an area of a site and was wondering if there was a way of doing it without paying for an encryption program. I see that there are short little javascripts you can write, but these are supposedly easy to get around. Any suggestions?

07-21-2005, 03:40 AM	#2 (permalink)
d*d Addict	I use php, it depends on the level of security your going after you could try the following code, it's pretty standard. put it in a seperate file called authentication.php and put include('../authentication.php'); at the top of all pages you want pasword protected. put the following in php tags // This page handles the authentication for the admin pages. $authorized = FALSE; // Initialize a variable. // Check for authentication submission. if ( (isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) AND isset($HTTP_SERVER_VARS['PHP_AUTH_PW'])) ) { if ( ($HTTP_SERVER_VARS['PHP_AUTH_USER'] == 'name') AND ($HTTP_SERVER_VARS['PHP_AUTH_PW'] == 'password') ) { // If the correct values were entered... $authorized = TRUE; } else { $authorized = FALSE; } } else { $authorized = FALSE; } // If they haven't been authorized, create the pop-up window. if ($authorized == FALSE) { header('WWW-Authenticate: Basic realm="Administration"'); exit(); // For cancellations. }

07-21-2005, 03:45 AM	#3 (permalink)
ratbastid Darth Papa Location: Yonder	Neat hack, d*d. Of course, that PHP code is just simulating the web server's built-in authentication mechanism. What server and platform are you using, sadatx? If it's Apache, then you can likely put a .htaccess file in the appropriate directory and configure password protection there. Do you have shell access to the server?

07-21-2005, 10:58 AM	#4 (permalink)
sadatx Psycho	I'm using Stargate, I took over the site from a friend. I'm not sure what having shell access means. Sorry if that sounds stupid, but I'm a newbie when it comes to web design.

07-22-2005, 06:50 AM	#5 (permalink)
vanblah Junkie	You probably don't need shell to use .htaccess (although it's a heck of a lot easier). You'll need to find out what platform Stargate is hosting your site on. If it's linux you can just create a .htaccess file and FTP it. They probably have some mechanism for you to work with permissions after you get it there or you can change permissions in some FTP clients. Be careful, if you don't know what you're doing you can mess things up pretty bad. Read as much as you can about .htaccess. Your best bet is to contact Stargate or at least do a search for "permissions" or ".htaccess" on their site. They may not allow it. GoDaddy.com does allow it (if you're inclined to change hosts). You still need to figure out which platform you're on first.

07-22-2005, 09:49 AM	#6 (permalink)
ratbastid Darth Papa Location: Yonder	If you do find you're using Apache, go google "apache authentication .htaccess". Then try some of the things you find out there, and come back here if you have more trouble.

07-23-2005, 03:26 PM	#7 (permalink)
sadatx Psycho	Thanks for all your help everyone, I think the platform is Helm if that makes sense. I don't see anything as far as setting up password protection, but I'll try and look up ".htaccess".