Forum Moderators: mack
I'm very new to web development, but have worked out how to set up htaccess password files. However, as far as I can see, you have to put up with a pop-up login box. Free scripts I've come across which promise to bypass this don't seem to work: something about an Explorer update.
What I want is very basic. There aren't many users, and I can add their user names and passwords by hand, and then email it to them. I don't need anything complicated. The members section is simply one directory full of PDF files - that's it. However, I really don't want the pop up login. If people click on a link to a PDF and aren't members, I'd like for them to be taken to a 'sign up' page. It would be great if it could 'remember' users through a cookie.
So far on my website, I've worked out how to do everything else, but this one has stumped me. Basic htaccess passwords were simple to set up, but I'm not sure it's what I need. However, anything else looks like a nightmare. Do I have to learn Apache or PHP? Is there a free script which I can download? Basically, I'm looking for the route which doesn't have too steep a learning curve, and won't lead to further hairloss...
I need to work this out soon, because too many people are downloading my PDF files, and at this rate, I'm going to exceed my bandwith allowance. What started as a hobby to see if I could set up a website turned out to be more successful than I could have imagined. I'd appreciate any advice in which direction I should go! Simple is the key!
I assume you are currently using the BASIC security auth? If this is the case you can simply change to the FORM i.e.
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/signin/logon.jsp</form-login-page>
<form-error-page>/signin/error.jsp</form-error-page>
</form-login-config>
</login-config>
This configuration is for the Tomcat application server, it should be similar for the Apache server set-up.
This will using the security j_security_check and take your users to the login page whenever they try to access your secure directory. All else works the same where you use the users.xml etc.
HTH,
-George
Actually, I know so little about this, it's embarassing. All I've done is follow a tutorial somewhere on the net, which told me how to create a .htaccess and .htpasswd, and where to put them on my website. That's the extent of my knowledge.
I'm not really sure what BASIC security auth means. Can I make a standard form in HTML which will red the .htaccess / password files? I'm not even sure what language the coding you put as your example is, let alone users.xml or j_security_check.
Ifyou could point me in the direction of where I could look... It needs to be for a total beginner to these things.
Thanks.
These tutorials are aimed at the tomcat server.
ht*p://java.sun.com/webservices/docs/1.2/tutorial/doc/Security5.html
ht*p://java.sun.com/webservices/docs/1.2/tutorial/doc/Security8.html#wp156943
ht*p://www.javascriptkit.com/howto/htaccess11.shtml
ht*p://www.iona.com/support/docs/e2a/asp/5.1/j2ee/security/app-security10.html
What application or web server are you trying to deploy the security on? Again most of these tutorials are aimed at having root access to the server rather than a virtual server, do you have root or are you running on a third party virtual server?
-George
You asked what application I'm running this on. I'm not sure what that means. Third party virtual server? Don't know that either, unfortunately.
I just want to avoid the pop-up box for htaccess passwords.
I looked at my host's help files for what kind of server I have. It's a very basic hosting package. This is what it said:
Server software includes:
Operating system
RedHat linux 7.3
Web server
Apache 1.3.27
Scripting language
PHP 4.1.2
Scripting language
SunONE ASP 3.6.2
CGI Scripting language
Perl 5.6.1
Database server
MySQL 3.23.56
Mail server
Exim 3.36
This all seems quite complex for something I thought would actually be very easy. Maybe I need a degree in Computer Science. Unfortunately, I chose Medieval History...
Do you have any ideas on how I should set up a members' section?
If you want to use basic authentification, try this well-written guide from the Apache web server documentation:
[httpd.apache.org...]
It should get you on your way.
The other way to go is use a scripting language and a database to ask for authentification and store passwords. From your list, you have the choice of three scripting languages:
PHP 4.1.2
SunONE ASP 3.6.2
Perl 5.6.1
You also have a database program:
MySQL 3.23.56
For the scripting languages, you should select PHP or Perl rather than SunOneASP. The easiest way would be to find a pre-written script - try hotscripts.com .
Hope this helps...
They would be in the best position to:
a) do the work for you
b) do the work without breaking anything else
c) do the work quickly
That said, it would be best if you have the sign-up page made and uploaded when you e-mail them so they have everything they need to make the modification to the server.
