|
|
Below is an example of a .htpassword file :
=========================================
user1:uL5IFbV9KwzP.
user2:1MD.9OBbGcueU
user3:9MFuExMK/kANI
Here is an example of a standard .htaccess file :
===============================================
AuthUserFile /my/password/file/path/.htpasswd
AuthName "Please enter a password for my site:"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
The idea is to put a .htaccess file which points to a .htpassword file
in every directory you want to limit access to. The above .htaccess
file will let any valid user enter the directory. A valid user in anyone
from the .htpassword file which entered a user name and a matching password.
Here is another example of a standard .htaccess file :
====================================================
AuthUserFile /my/password/file/path/.htpasswd
AuthName "Please enter a password for my site:"
AuthType Basic
<Limit GET POST>
require user user1 user2
</Limit>
The idea here is to use one .password file but still, not let anyone
in the .password file in. Only users which are specified in the .htaccess
file which entered a valid username/password will be let in.
Using MySql as the .password file :
=================================
AuthName "Please enter a password to my site:"
AuthType Basic
Auth_MYSQLdatabase <DB NAME>
Auth_MYSQLpwd_table <USERNAME AND PASSWORD TABLE NAME>
Auth_MYSQLgrp_table <GROUP TABLE NAME>
Auth_MYSQL_nopasswd On
Auth_MYSQLpwd_field <PASSWORD FIELD NAME>
Auth_MYSQLuid_field <USERNAME FIELD NAME>
Auth_MYSQLgrp_field <GROUP FIELD NAME>
Auth_MYSQL_EncryptedPasswords on
order deny,allow
allow from all
require group Group1 Group2 Group3
IMHO, This is the best way to manage a security system. It's very easy
to maintain a user/password/group DataBase in mysql. With this kind of
a system you can easily decide who can go where and set up groups of
users which can/can not enter a spesific directory.
More about this can be found in the Apache/MySql documentation
|
|
| Caldera Openlinux 1.2 Standard Categories : Web Servers, MySQL, PHP, Apache, Databases | | | mod_auth_mysql - mod_auth_mysql was written in order to
allow users to use the blazing quick speed of MySQL in
order to store authentication information for their apache
web servers. Categories : Authentication, MySQL, Databases | | | PHP4 MYSQL Authentication Script with cookie. Short & Sweet
Categories : Authentication, Apache, Cookies, PHP, MySQL | | | Full membership authentication system. Categories : Authentication, MySQL, PHP, Databases | | | How to check that the encrypted password in the database is what the
user enters? Used to verify mod_auth_mysql encrypted passwords. Categories : MySQL, Databases, Authentication | | | Easy windows installation kit for win 9* PHP4 MySQL Apache phpMyAdmin Categories : Installation, PHP, MySQL, Apache, Web Servers | | | PHP4 AND MySQL Authentication Categories : PHP, MySQL, Authentication, Databases | | | Authorize Me! An authentication script. Categories : MySQL, Databases, Authentication, PHP | | | bookmarker - PHP, PHPLIB, MySQL WWW based bookmark manager Categories : MySQL, PHP, MySQL, Complete Programs, Databases | | | SQL / PHP based Integrated Authentication Categories : PHP, Authentication, Databases, MySQL | | | Implementing a Members ONLY area Categories : PHP, MySQL, Databases, Authentication | | | complete, simple, working example of a login screen/system using php functions, cookies, and a mysql database for begginers. Categories : Authentication, Complete Programs, PHP, MySQL, Databases | | | This program allows you to upload an ODBC ressource - i.e. an MS-Access database to a MySQL server. Categories : Databases, MySQL, Complete Programs, PHP, Databases | | | Installing Oracle support to PHP running in Apache Categories : PHP Configuration, Apache, Oracle, Databases, Web Servers | | | PostgreSQL and apache web authentication source.
Categories : Authentication, PostgreSQL, Apache, Web Servers | |
| |
| | | | | Linda Cole wrote : 101
entry 130
I`m not sure if I`m missing something here or it it`s just over my head. Is this supposed to go
into an .htaccess file? I tried it there, adding correct paths and db names, but I get
an internal server error.
[Sun Oct 31 14:31:23 1999] access to /usr/local/etc/httpd/htdocs/shpm/test/.htac
cess failed for 216.80.154.85, reason: Invalid command Auth_MYSQLdatabase
Should I be putting it in the httpd.conf file instead? Or maybe I`m missing an apache module?
Or maybe I`m doing it completely wrong. <sigh>
I`ve got a db named member, with a table named users that contains a field named "password"
and a field named "named". I`ve commented out the group lines as there are no groups
specified as yet.
AuthName"Please enter a password to my site:"
AuthType Basic
Auth_MYSQLdatabase <member>
Auth_MYSQLpwd_table <member users>
# Auth_MYSQLgrp_table <GROUP TABLE NAME>
Auth_MYSQL_nopasswd On
Auth_MYSQLpwd_field <password>
Auth_MYSQLuid_field <name>
# Auth_MYSQLgrp_field <GROUP FIELD NAME>
Auth_MYSQL_EncryptedPasswords on
order deny,allow
allow from all
# require group Group1 Group2 Group3
<LIMIT GET POST>
require valid-user
</LIMIT>
Any pointers would be greatly appreciated. ;)
Thanks!
| | | | Boaz Yahav wrote : 102
This works great, the only thing you may be missing is
that you have to have mod_auth_mysql compiled into
your apache.
See :
http://bourbon.netvision.net.il/mysql/mod_auth_mysql/
| | | | Will Luke wrote : 215
Should the <tags> have "<..>" around them? For
example; when entering the database name, do I enter
it as "<databasename>" or "databasename"?
Thanks,
Will
| | | | Ben wrote : 254
can someone tell me how i return to php after authing
via a .htaccess file the users name?
Ermm... i mean, how do i get the `username` using php?
Is it possible? It must be! right :/
Can you mail me a reply to this please, its kinda ASAP
kinda thing!
Thanks
Muad
| | | | Boaz Yahav wrote : 255
Look at :
http://www.weberdev.com/index.php3?
GoTo=get_example.php3?count=31
In general :
$updated_by=getenv("REMOTE_USER");
| | | | Fotis Paraskevopoulos wrote :555
This has finally answered some of my questions, thank you so much, a couple more questions though!!
So how do you add users to ur .htpassword dynamically,
are the passwords encrypted with crypt()? Can
we give different users different access?
Thank you,
Fotis
| |
|
|