Forum Moderators: phranque
It should be a quite simple (and usual) question!
I need to protect a directory with login/password!
But files from that directory (/<root>/jeu/gestion/) are included from PHP scripts from a different directory (/<root>/jeu/)
How can I do that with a .htaccess file?
I tried:
1- to create a .htaccess file in gestion/:
AuthName "Acces Restreint"
AuthType Basic
AuthUserFile "/usr/home2/bestiaire/conf/htpassword"
Require valid-user
but it still allows access!
Then I tried:
2- to create a .htaccess file in jeu/:
<Directory /usr/home2/bestiaire/jeu/gestion>
AuthName "Acces Restreint"
AuthType Basic
AuthUserFile "/usr/home2/bestiaire/conf/htpassword"
Require valid-user
</Directory>
but it returns (in apache error log):
"<Directory not allowed here"
I have no access to http.conf file.
Can you please help me!
I assume that you want to deny direct access to gestion/*? Because if you want to disable include('gestion/anyfile.php') in php script that method won't work. -> try open_basedir or disable_functions in php.ini
- The password file exists and is available.
- What I would like is when a file in /gestion is included it requires login/password
Welcome to WebmasterWorld [webmasterworld.com]!
If you mean you want to require a password when a file in that directory is *included* by a script, I'm afraid you can't do that. HTTP authentication only applies to direct HTTP requests for a file, and not to script includes, which are seen as "internal requests" by the server.
You will need to re-think the architecture, and password-protect individual scripts that access the included files.
Jim
