Forum Moderators: mack
I am trying to set up a login area for one section of my site. The information in this section won't be highly confidential but my client doesn't want just anyone snooping around. Instead of having users register with their own usernames and passwords, I'm just going to have one username and password given to all approved users.
Do I need a database in which to store the username and password?
Thanks for the help, in advance!
Do a Google search for .htaccess. This most likely will be the route to go (but it depends on your host).
- Nick
To set up htaccess to protect your directory you need to have 2 files one called .htaccess (dot before) and .htpasswd
The file .htaccess is what actualy causes the password protection to take effect. The file will read a username and encrypted password from the second file .htpasswd in order to access the directory it will ask you for a username and password. If the pass you provide is the same as the password it has on the .htpasswd then it will allow access.
By default apache will not allow a user to view the content of htaccess or htpasswd but from a security point of view it makes sence to have htpasswd outside of the web area of the server.
The following is an example .htaccess file for password protection.
AuthUserFile /your/server/path/to/.htpasswd
AuthType Basic
AuthName "provide your log-in details<LIMIT GET POST>
require valid-user
</LIMIT>
This is what an example .htpasswd would look like
username:encryptedpassword
The passowrd file can contain several usernames and passwords to enable different users to have different usernames and passwords.
Hope this helps get you started.
Mack.
