how to protect html pages opening directly from url and redirect through login page |
how to protect html pages opening directly from url and redirect through login page |
shankar from vizag |
Jun 13 2015, 08:10 AM
Post
#1
|
Advanced Member Group: Members Posts: 202 Joined: 18-June 13 Member No.: 19,316 |
Good evening all
I had posted a topic with similar subject in the SERVER SIDE SCRIPTING section. Where I get answer is server configuration to overcome this problem. How would I do the server configuration. I am using XAMPP and have some html and php pages. I have a login page in html. But what I noticed is when the user directly gives the html path on the url it opens directly. I want to fix this issue. I would expect a solution here. Please provide example to better understanding the answer. thanks in advance. |
Christian J |
Jun 13 2015, 09:41 AM
Post
#2
|
. Group: WDG Moderators Posts: 9,661 Joined: 10-August 06 Member No.: 7 |
One way is to use Basic HTTP Authentication with a ".htaccess" directive. I don't know how that works with XAMPP, but here's how to do it on the Apache server:
http://www.javascriptkit.com/howto/htaccess.shtml http://www.javascriptkit.com/howto/htaccess3.shtml a more technical page: http://httpd.apache.org/docs/2.2/howto/aut...ml#introduction Some web hosts may have tools helping you to set this up. Note that the user must close the browser completely in order to log out, which might be confusing. Also note that Basic Authentication sends the password in clear text between the browser and server, so it's not recommended for very important things like credit card numbers. |
shankar from vizag |
Jun 13 2015, 09:44 AM
Post
#3
|
Advanced Member Group: Members Posts: 202 Joined: 18-June 13 Member No.: 19,316 |
One way is to use Basic HTTP Authentication with a ".htaccess" directive. I don't know how that works with XAMPP, but here's how to do it on the Apache server: http://www.javascriptkit.com/howto/htaccess.shtml http://www.javascriptkit.com/howto/htaccess3.shtml a more technical page: http://httpd.apache.org/docs/2.2/howto/aut...ml#introduction Some web hosts may have tools helping you to set this up. Note that the user must close the browser completely in order to log out, which might be confusing. Also note that Basic Authentication sends the password in clear text between the browser and server, so it's not recommended for very important things like credit card numbers. Thank you so much for your early reply. I will try with the provided sites and if any problem happens i will get back to you sir. |
shankar from vizag |
Jun 17 2015, 06:33 AM
Post
#4
|
Advanced Member Group: Members Posts: 202 Joined: 18-June 13 Member No.: 19,316 |
Good evening
on my search on google on the subject I found the following : The .htaccess Code AuthType Basic AuthName "restricted area" AuthUserFile /home/davidwalsh/html/protect-me-dir/.htpasswd require valid-user The above code protects a directory called "protect-me-dir" at root level. The "AuthUserFile" value is always specific to your hosting configuration. If you don't know what the value should be, do a phpinfo() and find the DOCUMENT_ROOT value. The .htpasswd Code davidwalsh:daWHfZrDLB88. rodstewart:roFulYxC2.8ws cssexpert:csmnmq.M8T5ho Is this helpful in protecting html / php files opening directly from browser. Kindly explain the above content. |
Christian J |
Jun 17 2015, 07:44 AM
Post
#5
|
. Group: WDG Moderators Posts: 9,661 Joined: 10-August 06 Member No.: 7 |
|
shankar from vizag |
Jun 18 2015, 12:34 AM
Post
#6
|
Advanced Member Group: Members Posts: 202 Joined: 18-June 13 Member No.: 19,316 |
I removed a duplicate post in another thread. Please keep questions on HTTP authentication in this thread . Kindly explain the above content. Which part of it are you having trouble with? Also, please link to the page you're quoting. Sir I have 50+ nos of html and php pages in a directory in C:/xampp/htdocs/dir-page (folder name). I want to protect these pages. I need, users should have access only to index.html. Through which only, the user have to opt the links of other pages. If any user knows the complete address of the page and tries to open through the url address bar, then it should return to the login.html page. Is this possible sir. kindly let me know. Thank you |
Darin McGrew |
Jun 18 2015, 12:47 AM
Post
#7
|
WDG Member Group: Root Admin Posts: 8,365 Joined: 4-August 06 From: Mountain View, CA Member No.: 3 |
Do you want to password protect the pages? That can be done.
Or do you want to require that they be accessed only via links from the index.html page. That cannot be done reliably, because the Referer field is optional in HTTP. |
shankar from vizag |
Jun 18 2015, 02:58 AM
Post
#8
|
Advanced Member Group: Members Posts: 202 Joined: 18-June 13 Member No.: 19,316 |
Do you want to password protect the pages? That can be done. Or do you want to require that they be accessed only via links from the index.html page. That cannot be done reliably, because the Referer field is optional in HTTP. Sir, then tell me the process to put password for all pages (html and php) |
Darin McGrew |
Jun 18 2015, 03:32 AM
Post
#9
|
WDG Member Group: Root Admin Posts: 8,365 Joined: 4-August 06 From: Mountain View, CA Member No.: 3 |
QUOTE then tell me the process to put password for all pages (html and php) What don't you understand about the htaccess documentation that you've already read?Or perhaps you'd find the Apache Authentication and Authorization document easier to follow. |
pandy |
Jun 18 2015, 06:17 AM
Post
#10
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,733 Joined: 9-August 06 Member No.: 6 |
Often it isn't mentioned that the passwords need to be encrypted. To do that you need to either have shell access to the server or use a script or there is even Windows programs so you can do it on your own computer.
Here's a step by step tutorial with an encryption gizmo at the bottom . Hope it works, I haven't tried it, but it looks so from the comments. https://www.addedbytes.com/blog/code/passwo...-with-htaccess/ |
shankar from vizag |
Jun 18 2015, 06:44 AM
Post
#11
|
Advanced Member Group: Members Posts: 202 Joined: 18-June 13 Member No.: 19,316 |
Often it isn't mentioned that the passwords need to be encrypted. To do that you need to either have shell access to the server or use a script or there is even Windows programs so you can do it on your own computer. Here's a step by step tutorial with an encryption gizmo at the bottom . Hope it works, I haven't tried it, but it looks so from the comments. https://www.addedbytes.com/blog/code/passwo...-with-htaccess/ I have checked the quoted site. I have a doubt that, my directory is already having .htaccess file for allowing inline php code. Can I put code for other purposes in the same file ? Will it work ? It wont disturb other code na.. waiting for reply Thank you. |
pandy |
Jun 18 2015, 07:24 AM
Post
#12
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,733 Joined: 9-August 06 Member No.: 6 |
Yes, you put everything in the same file. But I don't think you have a directive for PHP in each directory, that would rather be done globally.
Can you see .htaccess files when you FTP to the server? Dot files are normally hidden files on nix OS. But often hosts make them visible. Otherwise I can tell you how to do that yourself. It's a little scary to upload a file that just disappear, not to speak of how hard it is to downloaded it if all you have is a GUI FTP program. If you aren't sure if you can see dot files, create a new directory (so you don't mess anything up) and upload a blank file called .htaccess too it. If you can see it on the server all is well. |
shankar from vizag |
Jun 18 2015, 07:33 AM
Post
#13
|
Advanced Member Group: Members Posts: 202 Joined: 18-June 13 Member No.: 19,316 |
Yes, you put everything in the same file. But I don't think you have a directive for PHP in each directory, that would rather be done globally. Can you see .htaccess files when you FTP to the server? Dot files are normally hidden files on nix OS. But often hosts make them visible. Otherwise I can tell you how to do that yourself. It's a little scary to upload a file that just disappear, not to speak of how hard it is to downloaded it if all you have is a GUI FTP program. If you aren't sure if you can see dot files, create a new directory (so you don't mess anything up) and upload a blank file called .htaccess too it. If you can see it on the server all is well. Thank you very much sir. I will try and let you know |
pandy |
Jun 18 2015, 09:46 AM
Post
#14
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,733 Joined: 9-August 06 Member No.: 6 |
Back up any already existing .htaccess file before you make changes. One typo can make your site stop working and if that happens it's good to be able to quickly overwrite the faulty .htaccess with one you know is good.
If you want to make comments in the .htaccess you but a hash sign in front of the line CODE # This is a comment ##################### ## And this is too ## ##################### |
Lo-Fi Version | Time is now: 28th April 2024 - 07:10 AM |