The Web Design Group

... Making the Web accessible to all.

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> how to protect html pages opening directly from url and redirect through login page
shankar from vizag
post Jun 13 2015, 08:10 AM
Post #1


Advanced Member
****

Group: Members
Posts: 202
Joined: 18-June 13
Member No.: 19,316



Good evening all

I had posted a topic with similar subject in the SERVER SIDE SCRIPTING section. Where I get answer is server configuration to overcome this problem. How would I do the server configuration.

I am using XAMPP and have some html and php pages.

I have a login page in html. But what I noticed is when the user directly gives the html path on the url it opens directly. I want to fix this issue.

I would expect a solution here. Please provide example to better understanding the answer.

thanks in advance.

User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Christian J
post Jun 13 2015, 09:41 AM
Post #2


.
********

Group: WDG Moderators
Posts: 9,630
Joined: 10-August 06
Member No.: 7



One way is to use Basic HTTP Authentication with a ".htaccess" directive. I don't know how that works with XAMPP, but here's how to do it on the Apache server:
http://www.javascriptkit.com/howto/htaccess.shtml
http://www.javascriptkit.com/howto/htaccess3.shtml
a more technical page: http://httpd.apache.org/docs/2.2/howto/aut...ml#introduction
Some web hosts may have tools helping you to set this up.

Note that the user must close the browser completely in order to log out, which might be confusing.
Also note that Basic Authentication sends the password in clear text between the browser and server, so it's not recommended for very important things like credit card numbers.





User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
shankar from vizag
post Jun 13 2015, 09:44 AM
Post #3


Advanced Member
****

Group: Members
Posts: 202
Joined: 18-June 13
Member No.: 19,316



QUOTE(Christian J @ Jun 13 2015, 08:11 PM) *

One way is to use Basic HTTP Authentication with a ".htaccess" directive. I don't know how that works with XAMPP, but here's how to do it on the Apache server:
http://www.javascriptkit.com/howto/htaccess.shtml
http://www.javascriptkit.com/howto/htaccess3.shtml
a more technical page: http://httpd.apache.org/docs/2.2/howto/aut...ml#introduction
Some web hosts may have tools helping you to set this up.

Note that the user must close the browser completely in order to log out, which might be confusing.
Also note that Basic Authentication sends the password in clear text between the browser and server, so it's not recommended for very important things like credit card numbers.


Thank you so much for your early reply. I will try with the provided sites and if any problem happens i will get back to you sir.

User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
shankar from vizag
post Jun 17 2015, 06:33 AM
Post #4


Advanced Member
****

Group: Members
Posts: 202
Joined: 18-June 13
Member No.: 19,316



Good evening

on my search on google on the subject I found the following :

The .htaccess Code
AuthType Basic
AuthName "restricted area"
AuthUserFile /home/davidwalsh/html/protect-me-dir/.htpasswd
require valid-user



The above code protects a directory called "protect-me-dir" at root level. The "AuthUserFile" value is always specific to your hosting configuration. If you don't know what the value should be, do a phpinfo() and find the DOCUMENT_ROOT value.



The .htpasswd Code
davidwalsh:daWHfZrDLB88.
rodstewart:roFulYxC2.8ws
cssexpert:csmnmq.M8T5ho

Is this helpful in protecting html / php files opening directly from browser.

Kindly explain the above content.

User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Christian J
post Jun 17 2015, 07:44 AM
Post #5


.
********

Group: WDG Moderators
Posts: 9,630
Joined: 10-August 06
Member No.: 7



I removed a duplicate post in another thread. Please keep questions on HTTP authentication in this thread .

QUOTE(shankar from vizag @ Jun 17 2015, 01:33 PM) *

Kindly explain the above content.

Which part of it are you having trouble with? Also, please link to the page you're quoting.
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
shankar from vizag
post Jun 18 2015, 12:34 AM
Post #6


Advanced Member
****

Group: Members
Posts: 202
Joined: 18-June 13
Member No.: 19,316



QUOTE(Christian J @ Jun 17 2015, 06:14 PM) *

I removed a duplicate post in another thread. Please keep questions on HTTP authentication in this thread .

QUOTE(shankar from vizag @ Jun 17 2015, 01:33 PM) *

Kindly explain the above content.

Which part of it are you having trouble with? Also, please link to the page you're quoting.


Sir

I have 50+ nos of html and php pages in a directory in C:/xampp/htdocs/dir-page (folder name).

I want to protect these pages. I need, users should have access only to index.html. Through which only, the user have to opt the links of other pages.

If any user knows the complete address of the page and tries to open through the url address bar, then it should return to the login.html page.

Is this possible sir.

kindly let me know.

Thank you
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Darin McGrew
post Jun 18 2015, 12:47 AM
Post #7


WDG Member
********

Group: Root Admin
Posts: 8,365
Joined: 4-August 06
From: Mountain View, CA
Member No.: 3



Do you want to password protect the pages? That can be done.

Or do you want to require that they be accessed only via links from the index.html page. That cannot be done reliably, because the Referer field is optional in HTTP.
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
shankar from vizag
post Jun 18 2015, 02:58 AM
Post #8


Advanced Member
****

Group: Members
Posts: 202
Joined: 18-June 13
Member No.: 19,316



QUOTE(Darin McGrew @ Jun 18 2015, 11:17 AM) *

Do you want to password protect the pages? That can be done.

Or do you want to require that they be accessed only via links from the index.html page. That cannot be done reliably, because the Referer field is optional in HTTP.


Sir,

then tell me the process to put password for all pages (html and php)
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Darin McGrew
post Jun 18 2015, 03:32 AM
Post #9


WDG Member
********

Group: Root Admin
Posts: 8,365
Joined: 4-August 06
From: Mountain View, CA
Member No.: 3



QUOTE
then tell me the process to put password for all pages (html and php)
What don't you understand about the htaccess documentation that you've already read?

Or perhaps you'd find the Apache Authentication and Authorization document easier to follow.
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
pandy
post Jun 18 2015, 06:17 AM
Post #10


🌟Computer says no🌟
********

Group: WDG Moderators
Posts: 20,716
Joined: 9-August 06
Member No.: 6



Often it isn't mentioned that the passwords need to be encrypted. To do that you need to either have shell access to the server or use a script or there is even Windows programs so you can do it on your own computer.

Here's a step by step tutorial with an encryption gizmo at the bottom . Hope it works, I haven't tried it, but it looks so from the comments. wink.gif

https://www.addedbytes.com/blog/code/passwo...-with-htaccess/
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
shankar from vizag
post Jun 18 2015, 06:44 AM
Post #11


Advanced Member
****

Group: Members
Posts: 202
Joined: 18-June 13
Member No.: 19,316



QUOTE(pandy @ Jun 18 2015, 04:47 PM) *

Often it isn't mentioned that the passwords need to be encrypted. To do that you need to either have shell access to the server or use a script or there is even Windows programs so you can do it on your own computer.

Here's a step by step tutorial with an encryption gizmo at the bottom . Hope it works, I haven't tried it, but it looks so from the comments. wink.gif

https://www.addedbytes.com/blog/code/passwo...-with-htaccess/


I have checked the quoted site. I have a doubt that, my directory is already having .htaccess file for allowing inline php code. Can I put code for other purposes in the same file ? Will it work ? It wont disturb other code na..

waiting for reply

Thank you.
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
pandy
post Jun 18 2015, 07:24 AM
Post #12


🌟Computer says no🌟
********

Group: WDG Moderators
Posts: 20,716
Joined: 9-August 06
Member No.: 6



Yes, you put everything in the same file. But I don't think you have a directive for PHP in each directory, that would rather be done globally.

Can you see .htaccess files when you FTP to the server? Dot files are normally hidden files on nix OS. But often hosts make them visible. Otherwise I can tell you how to do that yourself. It's a little scary to upload a file that just disappear, not to speak of how hard it is to downloaded it if all you have is a GUI FTP program. wink.gif

If you aren't sure if you can see dot files, create a new directory (so you don't mess anything up) and upload a blank file called .htaccess too it. If you can see it on the server all is well.
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
shankar from vizag
post Jun 18 2015, 07:33 AM
Post #13


Advanced Member
****

Group: Members
Posts: 202
Joined: 18-June 13
Member No.: 19,316



QUOTE(pandy @ Jun 18 2015, 05:54 PM) *

Yes, you put everything in the same file. But I don't think you have a directive for PHP in each directory, that would rather be done globally.

Can you see .htaccess files when you FTP to the server? Dot files are normally hidden files on nix OS. But often hosts make them visible. Otherwise I can tell you how to do that yourself. It's a little scary to upload a file that just disappear, not to speak of how hard it is to downloaded it if all you have is a GUI FTP program. wink.gif

If you aren't sure if you can see dot files, create a new directory (so you don't mess anything up) and upload a blank file called .htaccess too it. If you can see it on the server all is well.



Thank you very much sir. I will try and let you know
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
pandy
post Jun 18 2015, 09:46 AM
Post #14


🌟Computer says no🌟
********

Group: WDG Moderators
Posts: 20,716
Joined: 9-August 06
Member No.: 6



Back up any already existing .htaccess file before you make changes. One typo can make your site stop working and if that happens it's good to be able to quickly overwrite the faulty .htaccess with one you know is good.

If you want to make comments in the .htaccess you but a hash sign in front of the line

CODE
# This is a comment

#####################
## And this is too ##
#####################
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



- Lo-Fi Version Time is now: 28th March 2024 - 06:00 PM