Link to home
Start Free TrialLog in
Avatar of Trevor013097
Trevor013097

asked on

Password Login Screen

I need a CGI script written in PERL that will provide me with the means to offer restricted access to a particular directory in a similar manner to the htpasswd method.

The htpasswd method is unsuitable as it requires each individual user:password to be setup one at a time and I need to set up over 300 different name:password combinations.

What I therefore need is a script which will parse a form contents (name and password fields) and then check the field values against a database file, one db for username and one db for password.  It will then allow access to the directory if the match is good and return a no entry page if the match is bad.  I will need a way of creating the db files from a list of usernames and passwords automatically.  I need to simply upload the list and not have to manually assign passwords.

The CGI must be relatively secure and standard commands must not be able to be parsed via the form.

Thanks in advance for your help.
Avatar of Philippe
Philippe


What's wrong with htpasswd?

It would be safer and simpler to wirte a script that creates the database using htadm and to use the standard htpasswd method.

Eg, for CERN httpd under UNIX such a script would only take two lines.

What server are you using and on what platform?

  Philippe

Avatar of Trevor013097

ASKER

You're right that would be a better way of doing things.

Okay,

the script must be executable from a browser and must be capable of reading the names/passwords from a fromat I can create on a win based machine, i.e. .txt format.

The server is NSCA httpd.  The passwords must be easily updated as they will need to be changed or removed monthly.


Any help would be greatly appreciated.
oops, platform=unix
Hi, Trevor,

of course, adding 300 user:password entries
seems to be a lot when typing in the stuff
by hand. But, on the other hand, since it is
just a list of kind "key"->"val", a simple
script or snip of C-code running over your
*.txt and building the user:passwd-file would
be more appropriate, IMHO.

Consider this:
1. define a format for your source file, e.g.
   username:password-in-readable-form<CR>
   username:password-in-readable-form<CR>
   ...

2. transfer the file to your favorite unix
   machine.

3. write a small program, maybe in C that
   does the following:
   - read a line
   - split it into "username" and "password"
   - generate a two-letter "secret", like
     1. ascii(third letter of username + 64) and
     2. ascii(length_of_username * 2 + 64)
     or the like (best would be random, of course)
   - use unix's crypt(3) to encrypt "password"
     with the secret
   - write the line
     username:password-crypted<cr>
     into the "real" password file

4. to validate a username, take your favorite CGI-
   language (PERL, of course :) and "grep" over the
   password file for "username". "($u,$p)=split /:/;"
   the returned line (if no line is returned, "username"
   is unknown).
   take the first two letters of $p and crypt(3) the
   entered password again with the first two letters
   of $p. The read password and the result of crypt
   should be equal. if not, keep out the lamer :)

For convenience, the program mentioned in 3. should
be able to keep an eye for these points:

- should it generate a new user:pass-file or append
  to an existing one? (perfect case for a switch,
  let's say "-a")
- should existing users be
  - ignored
  - updated automatically
  - updated after asking you

Sounds a bit complicated, but it isn't really,
and it's much more simple than to keep a data-
base up-to-date and running, since you would
have to deal with all the "insert", "remove",
"update" stuff via an SQL-gateway... moo!

If you don't like to write your own crypt-
thing, ask me, I have one that checks my unix
users for lame passwords.
Okay this password is for a technical support section on a website.  The technical support section can only be accessed by those who have a tech support contract and these expire after 12 months so the password must no longer be valid then abd this is why the list will need updating.  I want to be able to every month upload a list of valid users and passwords (which I have) and have the passwords setup using the httpd automatically.

Everthing must be in PERL as I cannot run anything else.  A script that can be run and pick up the names/passwords from a text file and create the httpd list using NSCA httpd method would be fine.  I know how to do it one by one but I need a script that can automate the process and do all the setup for me.


Trev,

I have a script which will do what you want. You can call it from a form where you specify the file with the usernames and pw's to upload, whether to add or remove the users and an admin pw.

Unfortunately it is in shell and awk it is quite simple and you should have no problem porting it to perl.

There is no special error handling. It will hang if you don't specify a file for the commands which need them or if the username/pw file does not have enough parameters per line. To add users you need three words per line, username, pw and real name. For removing you only need one, username.

The script works fine on my server (cern httpd), it should have no problem running on NCSA server.

here is the form:

<HTML>
<HEAD>
<TITLE>Password updater </TITLE>
</HEAD>



<H1>Chose from the following options</H1>

<FORM method=POST
      enctype="multipart/form-data"
      action="http://www.somewher.com/cgi-bin/nph-update.cgi">

 admin password:

<INPUT TYPE=password NAME=pw>

<P>

 command:
 add <INPUT TYPE=radio NAME=com VALUE="add"><p>
 remove <INPUT TYPE=radio NAME=com VALUE="remove"><p>
 create password file <INPUT TYPE=radio NAME=com VALUE="create"><p>
 <P>

 file with usernames and passwords separated by white space
<INPUT TYPE=file  name="PWFILE" >

<P>
<input type=submit>

</FORM>

</BODY>
</HTML>



and here is the script:

#! /bin/sh

PASSWORD="asdf"

echo "HTTP/1.0 200 ok"
echo "Content-type: text/plain"
echo

cat | awk '
  /Content-Disposition.*name="pw"/ {getline; getline;  
     pw = $1;
     if ( pw == "'$PASSWORD'\r" )
         pw_ok =1;
     else {
       print "<b> invalid password </b> '$PASSWORD'"
         exit;
         }
    }

  /Content-Disposition.*name="com"/ {getline; getline;
    com = $1;
    com_ok = 1;
    if (pw_ok && (com == "create\r")) {
      c = "htadm -create myfile";
      print c ; system(c);
      }
    }

  /Content-Disposition.*name="PWFILE"/ {getline; getline;
    file_ok = 1;
    }

  /----/ {if (file_ok) exit; }

  /[^ \r\t].*/ {if (pw_ok && com_ok && file_ok) {
         if (com == "add\r") {
         c = "htadm -adduser myfile " $1 " " $2 " " $3;
           print c  ; system(c);
       }
         if (com == "remove\r") {
         c = "htadm -deluser myfile " $1 ;
           print c  ; system(c);
         }
       }
    }
  /./ {next;}

'


hope this helps,

   Philippe



Looks great and sounds like just what I need, but how do I port it to PERL, I don't really fancy re-writing it myself as my PERL is not up to speed.



Trevor,

Sorry, I don't have access to perl on my machine. However there are two nice perl examples in the CGI.pl distribution. Look at file_upload.pl which uploads a file and diff_upload.pl which uploads two files and makes a diff of them. All you have to is edit one diff_upload so it runs htadmin for each line of the uploaded file.

You can find CGI.pm-2.36.tar.gz on your nearest ftp mirror site.


  cheers,

   Philippe

Philippe,

Thanks ever so much for all your help but I am not able to actually add any modules to the server as it is on an ISP and not my own.  I am not familiar with CGI.pm and do not know how to installit or look at it on a windows based machine.

I need a script in PERL which requires either no library modules or only those in the standard distribution of PERL 5 or 4 that will simply create the password list on the server using htaccess automatically for me, from a given list of name/passwords.  If it can have a front end form like your Shell one then absolutely brilliant!

Sorry I could not accept your answer as it sounds absolutely perfect, if only I was a lot better at PERL I could port it myself.

ASKER CERTIFIED SOLUTION
Avatar of Philippe
Philippe

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial

Trevor,

just a little update on the script. I have replaced the system call by print `$c` such that you get to see the output of the command. Here is the updated script. Feel free to ask if you anything is not clear.

 cheers,

   philippe

#!/opt/ucl/bin/perl


$password = "asdf";

print "HTTP/1.0 200 ok\n";
print "Content-type: text/plain\n\n";


while (<>) {
    if ( /Content-Disposition.*name="pw"/ ) {
      $_=<>;
      $_=<>;
      $pw = $_;
      $pw_ok = 1 if ($pw == $password);
      print "password correct\n" if ($pw_ok);
      print "<b> invalid password </b>\n" if (!$pw_ok);
    }

    if ( /Content-Disposition.*name="com"/ ) {
      $_=<>;
      $_=<>;
      $com_ok=1;
      $com = $_;
      chop($com);
      chop($com);
      if ($pw_ok && ($com eq "create")) {
          $c = "htadm -create myfile 2>&1";
          print $c; print `$c`; $com_ok=0;
      }
      
    }

    if ( /Content-Disposition.*name="PWFILE"/ ) {
      $_=<>;
      $_=<>;
      $file_ok = 1;
    }

    if ( /----/ ) {
      exit if ($file_ok);
    }

    if ( /([^ \t][^ \t]*)[ \t][ \t]*([^ \t]*)[ \t]*([^ \t\r\n]*).*/ ) {
      if ($pw_ok && $com_ok && $file_ok) {
          if ($com eq "add") {
            $c = "htadm -adduser myfile ".$1." ".$2." ".$3." 2>&1";
            print $c."\n"  ; print `$c`;
          }
          if ($com eq "remove") {
            $c = "htadm -deluser myfile " . $1 . " 2>&1";
            print $c."\n"  ; print `$c`;
         }
      }
   }
}

So does my password user list simply have to be a .txt file with user, space, password, realname on each line and the script will do the rest.



> So does my password user list simply have to be a .txt file with user, space,
>password, realname on each line and the script will do the rest.

yes,

here is the file I used to test the script:

me hello  myself
him byebye himself

You can separate the words by any number of spaces and tabs

Note that for removing users, you still need to have three words per line in the file although the last two will be ignored.

 Phil






Trev,

by changing the regexp in the last if block to

 /([^ \t\r\n][^ \t\r\n]*)[ \t]*([^ \t\r\n]*)[ \t]*([^\r\n]*).*/

- removing will work with one or more words per line, ther first
  word being used as username to be removed

- full name can have any spaces or tabs in it

that all for now,

  Ph

When I try and run the script I encounter a Server Error.  I ran a debug version (with prefix xx- for our server) and you can get the full output at

http://www.pcmaritime.co.uk/cgi-bin/pcmweb/xx-httpd.pl

in short the script returns the errors below

Output of script follows:
=====================================================
path:  '/cgi-bin/pcmweb/xx-httpd.pl'
argv[0]:  'xx-httpd.pl'
argv[1]:  '<NULL>'
syntax error at /cgi-bin/pcmweb/xx-httpd.pl line 12, near "$_"
syntax error at /cgi-bin/pcmweb/xx-httpd.pl line 55, near "}"
Execution of /cgi-bin/pcmweb/xx-httpd.pl aborted due to compilation errors.

Any ideas?

trevor,

Here is the output I get from your script:

=====================================================
path:  '/cgi-bin/pcmweb/xx-httpd.pl'
argv[0]:  'xx-httpd.pl'
argv[1]:  '<NULL>'
htadm: not found
htadm: not found
HTTP/1.0 200 ok
Content-type: text/plain

password correct
htadm -adduser myfile me hello toto von braun 2>&1
htadm -adduser myfile him byebye titi 2>&1

I guess you fixed the syntax error problem (dont forget to change the admin pw once everything works :-)

The error you have now is because htadm is not in the path of the script. Actually, since you are using NCSA httpd, the command for adding pw's to a pw file is not htadm but htpasswd. My server is CERN httpd and I have to use htadm. They syntax for htpasswd may be different.

Ask your webmaster about the syntax of htpasswd and replace the line that say

 $c = "htadm -adduser myfile ".$1." ".$2." ".$3." 2>&1";

by the corresponding command with htpasswd. $1 $2 $3 are the fields of your textfile (first word, second word if any, rest of line if any). You'll have to do the corresponding changes for the commands that remove a user or create the password file

  $c = "$htadm -deluser myfile " . $1 . " 2>&1";
  $c = "htadm -create myfile 2>&1";


This is as far as I can help you. I hope this will do.

 cheers,

   Philippe

what command line argument did you pass the script as I cannot  repeat your results.  I have managed to get the password.txt file accepted but not the password for admin.

I tried this:-

http://www.pcmaritime.co.uk/cgi-bin/pcmweb/xx-httpd.pl?password.txt

I cannot run the script from the command line it must be through the browser.



Trevor,

You are supposed to use the form I gave you in my firt answer. This form will call the perl script with all the parameters it needs. It uses POST method with form/multpart-data encoding.

 cheers,

    Ph

By the way if your server has the HTTPD module, you can add and remove users in a simpler way (as found on comp.lang.perl.misc):

Josh Keller (dragon_clan@usa.net) wrote:
: I would like to make a perl script that adds a username and password to
: my .htpasswd file by running htpasswd off the Linux server. Is this
: possible? If so how do I do this?

Add the HTTPD::UserAdmin package from CPAN. Then read the man page.

#!/perl

use HTTPD::UserAdmin

@Text = (DBType => 'Text',
         DB     => '.htpasswd',
         Server => 'ncsa');

$user = new HTTPD::UserAdmin @Text;

if($user->add('dougm', 'secret')) {
                 print "You have the power!\n";
             }





Okay Philippe,

I am accessing the script from the form and am still having no joy.

At the bottom is my current script.  I have replaced the htadmin commands witht he equivalent htpasswd stuff accept for deluser (I don't know what the equivalent is, but for testing I won't use that option) and cannot even create the password file.

Normally when creating the passwords manually I have to

1) upload a txt file intot he directory I wish to protect in the form:

AuthUserFile /docs/www.pcmaritime.co.uk/passwords/.tspasswd
AuthGroupFile /dev/null
AuthName Restricted Access
AuthType Basic

<Limit GET>
require user me him
</Limit>

rename it .htaccess

2) then this calls the password list .htpasswd and the user and password are validated.

3) where does your script create the list and how (can't see it, maybe I am blind ;-)

All I keep getting are server errors.

Here is my current script.

#!/bin/perl5

$password = "asdf";

print "HTTP/1.0 200 ok\n";
print "Content-type: text/plain\n\n";


while (<>) {
if ( /Content-Disposition.*name="pw"/ ) {
$_=<>;
$_=<>;
$pw = $_;
$pw_ok = 1 if ($pw == $password);
print "password correct\n" if ($pw_ok);
print "<b> invalid password </b>\n" if (!$pw_ok);
}

if ( /Content-Disposition.*name="com"/ ) {
$_=<>;
$_=<>;
$com_ok=1;
$com = $_;
chop($com);
chop($com);
if ($pw_ok && ($com eq "create")) {
$c = "htpasswd -c /docs/www.pcmaritime.co.uk/passwords/.tspasswd 2>&1";
print $c; print `$c`; $com_ok=0;
}

}

if ( /Content-Disposition.*name="PWFILE"/ ) {
$_=<>;
$_=<>;
$file_ok = 1;
}

if ( /----/ ) {
exit if ($file_ok);
}

if ( /([^ \t\r\n][^ \t\r\n]*)[ \t]*([^ \t\r\n]*)[ \t]*([^\r\n]*).*/  ) {
if ($pw_ok && $com_ok && $file_ok) {
if ($com eq "add") {
$c = "htpasswd /docs/www.pcmaritime.co.uk/passwords/.tspasswd ".$1." ".$2." ".$3." 2>&1";
print $c."\n" ; print `$c`;
}
if ($com eq "remove") {
$c = "htadm -deluser myfile " . $1 . " 2>&1";
print $c."\n" ; print `$c`;
}
}
}
}



Trevor,

> 3) where does your script create the list and how (can't see
     it, maybe I am blind ;-)

I don't think so, you have it almost right.

You may want to have a look at the authentication tutorial for ncsa httpd at

  http://hoohoo.ncsa.uiuc.edu/docs/tutorials/user.html

In your example the password file is called .tspasswd. In my original script it is called myfile. My script creates and updates the password file called myfile using the command htadm.

htadm -adduser <password file> <username> <password> <full name>
adds a user, htadm -deluser <username> removes one.

Ncsa httpd uses an admin utility called htpasswd. I have downloaded a copy of it to check its syntax. To add a user you have to do a

htpasswd <password file> <username>

the program will then prompt you for the password. There is a problem however. Htpasswd inisits for the password to be typed in from an interactive terminal (it uses getpass()). Thus I don't see how you could use it from any script.
 

There a couple of workarounds I can think of:

1. If the perl distribution on the server has the HTTPD module, add the user directly from the perl script, as in the example I gave you.

2. if the server will let you install your own copy of htpasswd, it would be very easy to patch htpasswd such that it also accepts passwords from the command line, similarly to htadm.

3. you could manage the password file locally and then use a file upload script to install the new versions of the password file (this does not depend on your server setup). You would have to install htpasswd on your machine. You can get it from http://hoohoo.ncsa.uiuc.edu/index.html. It runs on most unix systems (not on windows).

4. rewrite the htpasswd program in perl. All it does is to call the standard crypt() routine to encrypt passwords and to manage a file wich contains lines with username:<encrypted pw>.


As you see there is no simple solution. I would be willing to continue on any of the 4 options but in a separate question (i've put quite some effort in this one already). I suggest that you grade the answers I have given so far and put up a new question for the option you choose.

If you have any questions on the script as it is, I'll be happy to continue discussing it in this question.

  cheers,

   Philippe



Thanks ever so much for all your help Philippe but we seem to be getting nowhere slowly.

I have been on the phone today to our ISP and have been told that they do not provide any modules other than the stndard Perl distribution 4 and 5.  Customers can install their own modules in their CGI-BIN, which is great accept that HTTPD module requires installation in the server root to which I have no access.  The ISP will not install it so I think we might be changing ISP's soon as I am getting fed up with their seriously lacking service which caters great for simple web sites but anything heavier than a page with images and text and no go.

I think the best way to go is either option 3 or 4.  I am putting in request today for a UNIX box and then I can test and setup passwords off-line to my hearts content.

Thanks once again for your help and please accept a nice healthy A grade.



Trevor,

thanks much for the grade! Option 3 is a good choice. Uploading the file is easy, and you are very independent from your server/provider.

Don't hesitat to add a comment if you need some more help on this.

  cheers,

   Philippe



I almost graded your answer F after I got off the phone with my ISP as I was extremely pissed off.  But I took a deep breath and thought "hey, no Philippe was about the only one who was any help".

I might be back sooner than you think ;-)

Thanks once again

Trev,

I was very happy to have an A, I would rather have expected a b since we didn't get all the way to the solution, but....

I was just playing around with option 4 and it turns out to be much simpler than thought. Here comes the script for option 4.

You can use it with the same html form as before, but you wont need the 'create' option (feel free to remove it). The script does the following:

- whether you choose add or remove, it always removes all users specified in the file you upload.

- if you choose add, it then adds the users specified in the file. Thus if the user already existed it gets updated with the new pw.

- at the end it then displays the password file.

Your textfile needs to contain only one (username) or two (username pw) words per line separated by spaces or tabs.

If you just want to see the content of the pw file upload an empty file.

The name of the pwfile is specified at the begining of the script as well as the pw.

 happy hacking,

   Philippe

the script (dont forget to edit the first line it perl is not in the /bin directory on your server:

#!/bin/perl


$password = "asdf";
$pwfile = "myfile";


print "HTTP/1.0 200 ok\n";
print "Content-type: text/plain\n\n";


while (<>) {
    if ( /Content-Disposition.*name="pw"/ ) {
      $_=<>;
      $_=<>;
      $pw = $_;
      $pw_ok = 1 if ($pw == $password);
      print "password correct\n\n" if ($pw_ok);
      print "<b> invalid password </b>\n" if (!$pw_ok);
    }
   
    if ( /Content-Disposition.*name="com"/ ) {
      $_=<>;
      $_=<>;
      $com_ok=1;
      $com = $_;
      chop($com);
      chop($com);
    }
   
   
    if ( /Content-Disposition.*name="PWFILE"/ ) {
      $_=<>;
      $_=<>;
      $file_ok = 1;
    }
   
    if ( /----/ ) {
      if ($file_ok && $pw_ok) {
          print "\npassword file now contains\n\n"  ;
          print `cat $pwfile &2>1`;
      }
      exit if ($file_ok);
    }
   
    if ( /([^ \t\r\n][^ \t\r\n]*)[ \t]*([^ \t\r\n]*).*/ ) {
      if ($pw_ok && $com_ok && $file_ok) {
          open(PW,$pwfile);
          open(TMP,">.tmppwfile");
          while(<PW>) {
            print TMP $_ if (!/$1:/);
            print "removed ".$1."\n" if (/$1:/);
            }
          if ($com eq "add") {
            print "adding ".$1."\n";
            print TMP $1.":".crypt($2,"aa")."\n";
          }
          close(PW);close(TMP);
          system "mv .tmppwfile $pwfile";
      }
    }
}



------
and here is the form once again, without the create option. Edit the url in the FORM element
------
<HTML>
<HEAD>
<TITLE>Password updater </TITLE>
</HEAD>



<H1>Chose from the following options</H1>

<FORM method=POST
      enctype="multipart/form-data"
      action="http://www.youmachine.com/cgi-bin/yourscript.cgi">

 admin password:

<INPUT TYPE=password NAME=pw>

<P>

 command: <p>
 add <INPUT TYPE=radio NAME=com VALUE="add"><br>
 remove <INPUT TYPE=radio NAME=com VALUE="remove"><br>
 <P>

 file with usernames, passwords and full name separated by white space
<INPUT TYPE=file  name="PWFILE" >

<P>
<input type=submit>

</FORM>

</BODY>
</HTML>





Thanks for the help,

but why do I keep getting a server error?

You can see the form and test it at:

http://www.pcmaritime.co.uk/secret/login.htm

the password.txt is in the same directory and has the following in it:-

Trevor letmein
Richard openup

why does it not work?????????

ever get the feeling it is either a) my fault or b) my server.  Notice that the common factor is * me *.



Trev,

It used to work better, the last time you installed it, didn't it.

Just some sanity checks:

You didn't forget to make the script executable after you uploaded it on the server? If you did, type

chmod +x htpasswd.pl  

from the unix prompt.

And you did edit the first line of the script "#!/bin/perl" to show the directory in which perl is installed on your server?

And the line with the # is the very first line of the script, there are no blank lines before it?

To find out more about the error, you can login into the server and run the script from the unix prompt. It won't do anything intelligent, but if there is an error you will see the error message.

 hope this helps


 Ph

Hi Philippe,

I think we have nearly cracked it!!!

I was just looking through the CGI-BIN this morning and I noticed 2 new files......1 called 1 and another called myfile.  When I opened myfile it had 2 entries with corresponding passwords:-

me1:786bfgdfhfff  (roughly)
him1:234fuferuf34

I assume you created these users and then script has then generated the password list.  Now I also assume that to use this list I just copy it over the top of my usual password list.

But the server is still throwing up an error which is why I didn't notice it had created the file before.  Something to do with the returning text etc..  

Any Ideas???



> Any Ideas???

Can you log into the server and run the script from the unixprompt to get more info about the error? This would really help.

If not, can you post the script as it is on the server now?


 Phil

Hi Philippe,

My server does not allow me to execute PERL from the unixprompt but provides an alternative method which is to provide debugging via the web.  You simply rename the script with a prefix of xx- and then download the file.

so here is the debug:-

http://www.pcmaritime.co.uk/cgi-bin/pcmweb/xx-htpasswd.pl

Everything appears to be okay though.

and here is the current script I have.

#!/bin/perl5


$password = "asdf";
$pwfile = "myfile";


print "HTTP/1.0 200 ok\n";
print "Content-type: text/plain\n\n";


while (<>) {
if ( /Content-Disposition.*name="pw"/ ) {
$_=<>;
$_=<>;
$pw = $_;
$pw_ok = 1 if ($pw == $password);
print "password correct\n\n" if ($pw_ok);
print "<b> invalid password </b>\n" if (!$pw_ok);
}

if ( /Content-Disposition.*name="com"/ ) {
$_=<>;
$_=<>;
$com_ok=1;
$com = $_;
chop($com);
chop($com);
}


if ( /Content-Disposition.*name="PWFILE"/ ) {
$_=<>;
$_=<>;
$file_ok = 1;
}

if ( /----/ ) {
if ($file_ok && $pw_ok) {
print "\npassword file now contains\n\n" ;
print `cat $pwfile &2>1`;
}
exit if ($file_ok);
}

if ( /([^ \t\r\n][^ \t\r\n]*)[ \t]*([^ \t\r\n]*).*/ ) {
if ($pw_ok && $com_ok && $file_ok) {
open(PW,$pwfile);
open(TMP,">.tmppwfile");
while(<PW>) {
print TMP $_ if (!/$1:/);
print "removed ".$1."\n" if (/$1:/);
}
if ($com eq "add") {
print "adding ".$1."\n";
print TMP $1.":".crypt($2,"aa")."\n";
}
close(PW);close(TMP);
system "mv .tmppwfile $pwfile";
}
}
}

Thanks for any help



Trevor,

The script is ok, it works fine on my machine. Previous versions of the script used to work on your machine. There is just one thing which is not quite correct and could cause an error: remove the line that says:

print "HTTP/1.0 200 ok\n";

This line is only necessary if your server does not generate HTTP headers. I put that in for debugging and forgot to take it out again. Some servers could get confused by that.

If it is not that, then you'll have to ask your web admin what the reason for the error is.

 cheers,

   Philippe




I can't see any reason why this should not work.

Just one thing though
HOORAY!!!   HOORAY!!!   HOORAY!!!   HOORAY!!!  

It works in case you hadn't guessed ;-)

works fine now. returns the correct messages and everything is great.

Thanks for all your hard work Philippe.  If you ever have any problems with Javascript or HTML then I'll be glad to take your points at EE.

Once again thanks for all your help

Cheers,

Trev
Philippe,

I am afraid I have a problem (Oh Trev not again, I hear you cry).

When I copied the myfile to my password directory and renamed it .htpasswd and then tried to access the files in the protected directory I was presented with the username and password prompt but the correct username and password failed.

Why was this any ideas?

Do I need to chmod the myfile (I haven't at present)?



Trev,

in your example of .htaccess you had called the password file .tspasswd, now you are using .htpasswd. You didn't confuse anything, did you?

Note that you can edit the script such that the variable $pw points the the pwfile you are using (or change the .htaccess file to point to myfile instead of .tspasswd)

  Philippe


Trev,

By the way, in your .htaccess file you don't want to specify the users explicitly as you did in your example (require user me him ) but you want to accept all users which are registered in the pwfile. So change

require user me him

to

require valid-user

the rest of the .htaccess file is ok.


  Philippe


Okay,

I was and am referencing .htpasswd and have also changed the .htaccess to reflect the changes you mentioned and still no joy.  I would have thought that this would be the easiest part but no.

the two user names setup are Trevor and Richard with passwords letmein and openup repectively but neither allow me access.

I have also changed the script so that it now creates .htpasswd in the directory passwords.



How does your .htacces file look like?

Hi Philippe,

.htaccess looks like this:-

AuthUserFile /docs/www.pcmaritime.co.uk/passwords/.htpasswd
AuthGroupFile /dev/null
AuthName Restricted Access
AuthType Basic

<Limit GET>
require valid-user
</Limit>


and .htpasswd after creation with the script looks like this:-

Trevor:aaXXQ7yFlO4UY
Richard:aaVrLw7WPaxXI



Trev,

everything looks ok to me. Are you sure the .htaccess you showed me is in /docs/www.pcmaritime.co.uk/protected ? If it is and if the .htpasswd is in /docs/www.pcmaritime.co.uk/passwords the I really have no clue what is wrong.

It tried it on a local ncsa server and works fine for me.

It could be that authorization is setup in a non-default way on your server. Say, they could have chosen another name for the .htaccess file, although you would probably end up with an error message. Have you used authorization before? Did it work? If not, it would be worth asking your provider to give you a working example of protected files.

 cheers,

   Philippe

It is working now.  No really it is......no this time it really is working, no its okay Philippe it is working.....don't be so shocked......I am not as stupid as I sound....well okay I might be...

Have not got a clue what I did wrong or did not do but it now works great.

All I did was upload the .htaccess fiel again but this time I deleted the old one first. But hey it works.

You can test it if you want:-

http://www.pcmaritime.co.uk/protected/access2.html

and use the username Richard (note the first letter is uppercase)

and the password is openup

GREAT!!!!   HOORAY!!!!  YIPPEE!!!!  WICKED!!!!!  ACE!!!
GREAT!!!!   HOORAY!!!!  YIPPEE!!!!  WICKED!!!!!  ACE!!!
GREAT!!!!   HOORAY!!!!  YIPPEE!!!!  WICKED!!!!!  ACE!!!
GREAT!!!!   HOORAY!!!!  YIPPEE!!!!  WICKED!!!!!  ACE!!!
GREAT!!!!   HOORAY!!!!  YIPPEE!!!!  WICKED!!!!!  ACE!!!

great.

I guess you owe me a beer or two

 cheers,

  Philippe

 
I don't think that the web is quite up to the technology of online beer transmissions yet but how does an extra 400 quality points sound?

Question is there ready and waiting.