Printable Version of Topic

Posted by: shankar from vizag Jun 13 2015, 08:10 AM

Good evening all

I had posted a topic with similar subject in the SERVER SIDE SCRIPTING section. Where I get answer is server configuration to overcome this problem. How would I do the server configuration.

I am using XAMPP and have some html and php pages.

I have a login page in html. But what I noticed is when the user directly gives the html path on the url it opens directly. I want to fix this issue.

I would expect a solution here. Please provide example to better understanding the answer.

thanks in advance.

Posted by: Christian J Jun 13 2015, 09:41 AM

One way is to use Basic HTTP Authentication with a ".htaccess" directive. I don't know how that works with XAMPP, but here's how to do it on the Apache server:
http://www.javascriptkit.com/howto/htaccess.shtml
http://www.javascriptkit.com/howto/htaccess3.shtml
a more technical page: http://httpd.apache.org/docs/2.2/howto/auth.html#introduction
Some web hosts may have tools helping you to set this up.

Note that the user must close the browser completely in order to log out, which might be confusing.
Also note that Basic Authentication sends the password in clear text between the browser and server, so it's not recommended for very important things like credit card numbers.

Posted by: shankar from vizag Jun 13 2015, 09:44 AM

QUOTE(Christian J @ Jun 13 2015, 08:11 PM)

Posted by: shankar from vizag Jun 17 2015, 06:33 AM

Good evening

on my search on google on the subject I found the following :

The .htaccess Code
AuthType Basic
AuthName "restricted area"
AuthUserFile /home/davidwalsh/html/protect-me-dir/.htpasswd
require valid-user



The above code protects a directory called "protect-me-dir" at root level. The "AuthUserFile" value is always specific to your hosting configuration. If you don't know what the value should be, do a phpinfo() and find the DOCUMENT_ROOT value.



The .htpasswd Code
davidwalsh:daWHfZrDLB88.
rodstewart:roFulYxC2.8ws
cssexpert:csmnmq.M8T5ho

Is this helpful in protecting html / php files opening directly from browser.

Kindly explain the above content.

Posted by: Christian J Jun 17 2015, 07:44 AM

I removed a duplicate post in another thread. Please keep questions on HTTP authentication in this thread .

QUOTE(shankar from vizag @ Jun 17 2015, 01:33 PM)

Posted by: shankar from vizag Jun 18 2015, 12:34 AM

QUOTE(Christian J @ Jun 17 2015, 06:14 PM)

I removed a duplicate post in another thread. Please keep questions on HTTP authentication in this thread .

QUOTE(shankar from vizag @ Jun 17 2015, 01:33 PM)

Kindly explain the above content.

Which part of it are you having trouble with? Also, please link to the page you're quoting.

Posted by: Darin McGrew Jun 18 2015, 12:47 AM

Do you want to password protect the pages? That can be done.

Or do you want to require that they be accessed only via links from the index.html page. That cannot be done reliably, because the Referer field is optional in HTTP.

Posted by: shankar from vizag Jun 18 2015, 02:58 AM

QUOTE(Darin McGrew @ Jun 18 2015, 11:17 AM)

Posted by: Darin McGrew Jun 18 2015, 03:32 AM

Posted by: pandy Jun 18 2015, 06:17 AM

Often it isn't mentioned that the passwords need to be encrypted. To do that you need to either have shell access to the server or use a script or there is even Windows programs so you can do it on your own computer.

Here's a step by step tutorial with an encryption gizmo at the bottom . Hope it works, I haven't tried it, but it looks so from the comments.

https://www.addedbytes.com/blog/code/password-protect-a-directory-with-htaccess/

Posted by: shankar from vizag Jun 18 2015, 06:44 AM

QUOTE(pandy @ Jun 18 2015, 04:47 PM)

Often it isn't mentioned that the passwords need to be encrypted. To do that you need to either have shell access to the server or use a script or there is even Windows programs so you can do it on your own computer.

Here's a step by step tutorial with an encryption gizmo at the bottom . Hope it works, I haven't tried it, but it looks so from the comments.

https://www.addedbytes.com/blog/code/password-protect-a-directory-with-htaccess/

Posted by: pandy Jun 18 2015, 07:24 AM

Yes, you put everything in the same file. But I don't think you have a directive for PHP in each directory, that would rather be done globally.

Can you see .htaccess files when you FTP to the server? Dot files are normally hidden files on nix OS. But often hosts make them visible. Otherwise I can tell you how to do that yourself. It's a little scary to upload a file that just disappear, not to speak of how hard it is to downloaded it if all you have is a GUI FTP program.

If you aren't sure if you can see dot files, create a new directory (so you don't mess anything up) and upload a blank file called .htaccess too it. If you can see it on the server all is well.

Posted by: shankar from vizag Jun 18 2015, 07:33 AM

QUOTE(pandy @ Jun 18 2015, 05:54 PM)

Yes, you put everything in the same file. But I don't think you have a directive for PHP in each directory, that would rather be done globally.

Can you see .htaccess files when you FTP to the server? Dot files are normally hidden files on nix OS. But often hosts make them visible. Otherwise I can tell you how to do that yourself. It's a little scary to upload a file that just disappear, not to speak of how hard it is to downloaded it if all you have is a GUI FTP program.

If you aren't sure if you can see dot files, create a new directory (so you don't mess anything up) and upload a blank file called .htaccess too it. If you can see it on the server all is well.

Posted by: pandy Jun 18 2015, 09:46 AM

Back up any already existing .htaccess file before you make changes. One typo can make your site stop working and if that happens it's good to be able to quickly overwrite the faulty .htaccess with one you know is good.

If you want to make comments in the .htaccess you but a hash sign in front of the line