Some hosting companies will allow you to create a "members area" from your control panel. If yours doesn't, you will either need to move hosting company or pick up a script to do the job for you.

Try searching Google for "membership site script" or similar. You should find something to satisfy your needs.

Hi - do you have any more info on what Microsoft have done . We've suddenly (about 4 weeks ago) started having problems - some corrently authenticated users are not able to access content in an htaccess protected directoy. This seems to
be affecting mostly users using XP/IE6 and Service Pack 1. The urls these users use to access content in the htaccess directory is in this fomat
ie user:pass@mysite.com. Our hosting service
reckons they've not made any changes at all.
Teri

[msdn.microsoft.com...]

Hi Teri, there is a link in this .htaccess [webmasterworld.com] thread that may provide insight.

thanks for finding the direct link, choster

Hi there,

Thanks for this - really useful but also a bit depressing. Looks like we're going to need a work-around in our security sytstem.
As I understand it, It's now impossible to avoid the pop-up login screen if you're using htpasswd protection.
From my (very limited) knowledge of htaccess, I gather there is another method mod_rewrite with
php_include that may be a better way of going about this. Would prefer not to have to start coding this from scratch. Does anyone know a good source of php scripts for this.
Our requirements aren't very comples. We're trying to provide access to a collection of pdf-s for a database of ca 10,000 subscribers.
Again - thanks for any guidance on this.

Teri

Hi again,
just to add to my previous post. Does anyone know if other browser manufacturers (eg netscape) have done the same thing. We haven't yet had a chance to check this yet.
Again thanks. Teri

AFAIK, no other browser manufacturers have made this change-- after all, it is still a legal protocol, stymied only by the mass market browser's need to serve the lowest common denominator in network security.

It was never secure to pass a username and password combination in cleartext over the public Internet. I certainly would not have used it for subscriber authentication, especially since end users often use the same userids and passwords across multiple sites. The same would be true if you fed them in as www.example.com/userid/password or www.example.com/login?userid=jsmith&pwd=webmwld92 .

If you already have a database of subscribers, why not set up application-based authentication? You could set cookies to manage user sessions. The login would be embedded in a web page, eliminating the popup window.

If you were encouraging the inline form as a shorthand, well, every modern browser has a password keeper built in, so a subscribed could simply save the password on his/her local machine.