The Web Design Group

... Making the Web accessible to all.

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> Trying to password protect webpages, Having trouble logging in
czwief
post Jun 2 2009, 10:16 AM
Post #1





Group: Members
Posts: 3
Joined: 2-June 09
Member No.: 8,770



Hi everyone,

I'm trying to password protect a couple of webpages on my server. I'm creating a sample website where I work to give advertisers an easy place to look at stuff we've done for them. Can someone help me figure out what I'm doing wrong here? The website is here: http://www.tc.umn.edu/~zwief005

Here are the codes for a couple of the pages...

Under the "qwest" directory, here's the .htaccess:
CODE
AuthType Basic
AuthName "restricted area"
AuthUserFile \protect\qwest\.htpasswd
require qwest


And the qwest .htpasswd:
CODE
qwest:qwest


Dodge's .htaccess:
CODE
AuthType Basic
AuthName "restricted area"
AuthUserFile \~zwief005\protect\dodge\.htpasswd
require valid-user


Dodge's .htpasswd:
CODE
dodge:dodge


If you need any more information, please let me know. Thanks in advance!
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
pandy
post Jun 2 2009, 10:43 AM
Post #2


Don't like donuts. Don't do MySpace.
********

Group: WDG Moderators
Posts: 17,767
Joined: 9-August 06
Member No.: 6



The Dodge's one looks correct, except you should use the absolute path to the pw file and the slashes are slanted in the wrong direction.
The absolute path on Linux could (but mustn't) look something like /home/sites/you/somedirectory/.htpasswd . It's the path from the root, same as C:\... on Windows.

Also, the passwords should be encrypted in the .htpasswd file.

This walkthrough looks as good as any. There's a link to an encryption tool to.
http://www.javascriptkit.com/howto/htaccess3.shtml
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
czwief
post Jun 2 2009, 11:25 AM
Post #3





Group: Members
Posts: 3
Joined: 2-June 09
Member No.: 8,770



QUOTE(pandy @ Jun 2 2009, 10:43 AM) *

The Dodge's one looks correct, except you should use the absolute path to the pw file and the slashes are slanted in the wrong direction.
The absolute path on Linux could (but mustn't) look something like /home/sites/you/somedirectory/.htpasswd . It's the path from the root, same as C:\... on Windows.

Also, the passwords should be encrypted in the .htpasswd file.

This walkthrough looks as good as any. There's a link to an encryption tool to.
http://www.javascriptkit.com/howto/htaccess3.shtml


Thanks, that was helpful. However, it still isn't working -- I think I found the absolute path to the file in Dreamweaver, but it's still not exactly working. Here's what I've edited it to (only doing Qwest's for convenience sake):

CODE
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/z/zwief005/web-docs/protect/qwest/.htpasswd
AuthGroupFile /dev/null
require valid-user

That's .htaccess. Here's .htpasswd:
CODE
west:rAmVmwS842YPE


Is it possible that's not the absolute path? I found that path in Dreamweaver when I expanded to show both the local and remote sites. Once you see "/protect/qwest/.htpasswd," that's the directory I created for it.

Once again, you can test this out here.
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
pandy
post Jun 2 2009, 12:50 PM
Post #4


Don't like donuts. Don't do MySpace.
********

Group: WDG Moderators
Posts: 17,767
Joined: 9-August 06
Member No.: 6



Looks like a likely path. To be sure, copy the below to a new document, name it something.shtml and upload it to the same folder where you have the .htpasswd. It's accessible from the web, right? Then call the new file up in your browser and you should see the server path on the last line. I included the the lines on top just so you can see what each SSI directive does. wink.gif

CODE

<html>

<head>
<title></title>
</head>


<body>

DOCUMENT_ROOT: <!--#echo var="DOCUMENT_ROOT" --><br>
DOCUMENT_URI: <!--#echo var="DOCUMENT_URI" -->
<br><br>
DOCUMENT_ROOT+DOCUMENT_URI:<br>
<!--#echo var="DOCUMENT_ROOT" --><!--#echo var="DOCUMENT_URI" -->

</body>
</html>
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
czwief
post Jun 2 2009, 02:06 PM
Post #5





Group: Members
Posts: 3
Joined: 2-June 09
Member No.: 8,770



QUOTE(pandy @ Jun 2 2009, 12:50 PM) *

Looks like a likely path. To be sure, copy the below to a new document, name it something.shtml and upload it to the same folder where you have the .htpasswd. It's accessible from the web, right? Then call the new file up in your browser and you should see the server path on the last line. I included the the lines on top just so you can see what each SSI directive does. wink.gif

CODE

<html>

<head>
<title></title>
</head>


<body>

DOCUMENT_ROOT: <!--#echo var="DOCUMENT_ROOT" --><br>
DOCUMENT_URI: <!--#echo var="DOCUMENT_URI" -->
<br><br>
DOCUMENT_ROOT+DOCUMENT_URI:<br>
<!--#echo var="DOCUMENT_ROOT" --><!--#echo var="DOCUMENT_URI" -->

</body>
</html>



I did that and found out the paths were different. However it still didn't work -- the username/password popup worked just fine but when I entered in either username/password combo it didn't work (dodge/dodge and qwest/qwest). Any ideas? Could it be the University's server I'm hosting it on?

Here's the code for .htaccess now:

CODE
AuthType Basic
AuthName "restricted area"
AuthUserFile /var/opt/apache/docs/~zwief005/protect/dodge/.htpasswd
require valid-user
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
pandy
post Jun 2 2009, 02:21 PM
Post #6


Don't like donuts. Don't do MySpace.
********

Group: WDG Moderators
Posts: 17,767
Joined: 9-August 06
Member No.: 6



Don't know, but I don't think so. If you weren't allowed to use it I don't think you would get the prompt.


BTW I move this to the Web Server Configuration forum.
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
imort
post Jun 18 2016, 07:45 AM
Post #7





Group: Members
Posts: 7
Joined: 18-June 16
Member No.: 24,338



QUOTE(czwief @ Jun 2 2009, 09:16 PM) *

Dodge's .htpasswd:
CODE
dodge:dodge

If you need any more information, please let me know. Thanks in advance!


Hey

You need to provide the user password hash in the .htpasswd file instead of plain text password.
Take a look here for the usable tool: http://www.htaccesstools.com/htpasswd-generator/

You also need to use the absolute path to the file and make sure that apache has read permissions to this file too.
Check which user the apache process is running by and check file permissions.
You can also change the file owner to that user to keep it simple.
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



- Lo-Fi Version Time is now: 21st November 2017 - 04:30 PM