Here is an example of a standard .htaccess file :
===============================================
AuthUserFile /my/password/file/path/.htpasswd
AuthName "Please enter a password for my site:"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
The idea is to put a .htaccess file which points to a .htpassword file
in every directory you want to limit access to. The above .htaccess
file will let any valid user enter the directory. A valid user in anyone
from the .htpassword file which entered a user name and a matching password.
Here is another example of a standard .htaccess file :
====================================================
AuthUserFile /my/password/file/path/.htpasswd
AuthName "Please enter a password for my site:"
AuthType Basic
<Limit GET POST>
require user user1 user2
</Limit>
The idea here is to use one .password file but still, not let anyone
in the .password file in. Only users which are specified in the .htaccess
file which entered a valid username/password will be let in.
Using MySql as the .password file :
=================================
AuthName "Please enter a password to my site:"
AuthType Basic
Auth_MYSQLdatabase <DB NAME>
Auth_MYSQLpwd_table <USERNAME AND PASSWORD TABLE NAME>
Auth_MYSQLgrp_table <GROUP TABLE NAME>
Auth_MYSQL_nopasswd On
Auth_MYSQLpwd_field <PASSWORD FIELD NAME>
Auth_MYSQLuid_field <USERNAME FIELD NAME>
Auth_MYSQLgrp_field <GROUP FIELD NAME>
Auth_MYSQL_EncryptedPasswords on
order deny,allow
allow from all
require group Group1 Group2 Group3
IMHO, This is the best way to manage a security system. It's very easy
to maintain a user/password/group DataBase in mysql. With this kind of
a system you can easily decide who can go where and set up groups of
users which can/can not enter a spesific directory.
More about this can be found in the Apache/MySql documentation
I`m not sure if I`m missing something here or it it`s just over my head. Is this supposed to go
into an .htaccess file? I tried it there, adding correct paths and db names, but I get
an internal server error.
[Sun Oct 31 14:31:23 1999] access to /usr/local/etc/httpd/htdocs/shpm/test/.htac
cess failed for 216.80.154.85, reason: Invalid command Auth_MYSQLdatabase
Should I be putting it in the httpd.conf file instead? Or maybe I`m missing an apache module?
Or maybe I`m doing it completely wrong. <sigh>
I`ve got a db named member, with a table named users that contains a field named "password"
and a field named "named". I`ve commented out the group lines as there are no groups
specified as yet.
AuthName"Please enter a password to my site:"
AuthType Basic
Auth_MYSQLdatabase <member>
Auth_MYSQLpwd_table <member users>
# Auth_MYSQLgrp_table <GROUP TABLE NAME>
Auth_MYSQL_nopasswd On
Auth_MYSQLpwd_field <password>
Auth_MYSQLuid_field <name>
# Auth_MYSQLgrp_field <GROUP FIELD NAME>
Auth_MYSQL_EncryptedPasswords on
order deny,allow
allow from all
# require group Group1 Group2 Group3
<LIMIT GET POST>
require valid-user
</LIMIT>
Any pointers would be greatly appreciated. ;)
Thanks!
Boaz Yahav wrote :102
This works great, the only thing you may be missing is
that you have to have mod_auth_mysql compiled into
your apache.
Will Luke wrote :215
Should the <tags> have "<..>" around them? For
example; when entering the database name, do I enter
it as "<databasename>" or "databasename"?
Thanks,
Will
Ben wrote :254
can someone tell me how i return to php after authing
via a .htaccess file the users name?
Ermm... i mean, how do i get the `username` using php?
Is it possible? It must be! right :/
Can you mail me a reply to this please, its kinda ASAP
kinda thing!
