Forum Moderators: open
I have three questions:
1. Is it possible to password protect my cgi-bin without prompting users for a username and password when a script is run in that folder? I don't want them to be able to access the folder by typing [mysite.com...] But I also dont want them to get prompted after submitting information from the form.
2. The script creates a page from a template. The template is in a password protected folder. Can the script create the page without the visitor typing in a username and password for the folder the template is in?
3. The script puts the created page in the 'pending' folder and sends the visitor to it so they can see their newly created page. I then decide wether or not to authorize the page. But I don't want people to be able to type in [mysite.com...] to see all the pages that are pending.
The same answer might be applicable to all three questions. Basically I want my scripts, template, and pending pages password protected when accessed from the address bar, but I want users to be able to create their page without being asked for my username and password when creating their page. Is this possible?
Thanks.
:-\ What I know is that a username/password can be incorporated in a URL:
http://username:password@www.example.com/protected/file.cgiOK, just my 2p...
Hope it helps,
M.
You could call a php or asp script from the form and this script would then call the protected script.
<added>I tried that. I get a 500 Internal Server Error</added>
<added>I tried that. I get a 500 Internal Server Error</added>
I do something pretty similar to what you want to do on my site. About 3/4 of my code and all the templates are in protected directories to prevent direct access by outsiders. Then my script includes the protected files as they are needed. Works fine.
Can you provide an example of how you set your site up? Here's what I did to generate the 500 error:
I put my real scripts in 'newfolder' and renamed them to 'scriptname_script'. I removed the password from 'cgi-bin' and applied it to 'newfolder'. Then I replaced each script in the cgi-bin with a new script with this include statement:
<? include "../newfolder/scriptname_script.php";?>Thanks again.
<added>I also tried putting 'newfolder' in 'cgi-bin' and changing the include statement to
<? include "newfolder/scriptname_script.php";?>
<?php include "newfolder/scriptname_script.php";?>
If that doesn't work, unprotect the directory and try the include again. It kinda sounds like the path is off but might as well rule out the protection being in the way. I've never run PHP as a CGI only as a module which works fine with protected directories. So, I don't see why the CGI wouldn't work too. In fact, I include some protected files located in the CGI-BIN.
[edited by: BlueSky at 7:26 pm (utc) on Sep. 21, 2003]
My paths are fine - cgi-bin contains 'newfolder'. 'newfolder' contains the actual scripts and the scripts in 'cgi-bin' call them with this path "newfolder/scriptname_script.php".
form-->scriptinclude-->realscript
root-->cgi-bin-->newfolder
What I have is a few directories in the cgi-bin so I protected the whole bin. Then outside I call the protected files with includes or requires.
Sounds like you need to rework your script a little to handle includes.
By the time I posted, you had added that you tried it going downwards.
Sounds like you need to rework your script a little to handle includes.
My fake script:
<?php include "scripts/realscript.php";?>
My real script:
<?php
echo $email;
?>
Output:
500 Internal Server Error :(
