Solved

Password protection - password created by users

Posted on 1998-11-05
5
163 Views
Last Modified: 2013-12-25
I need a password protection program, run on a server that lets users create their own User Name and Password once they arrive on the page.  

After the password is created, then I need a way for the usual UserName/Password box to pop up.  The person enters their user name and password -- and then is given access to the restricted directories of the web site.

In addition, I need a way for the Administrator to easily go into the password lists and add/delete users.  It would be also be great if the Administration area would let the Administrator select the length of time the users' passwords would be valid -- i.e. 1-2-3 months, etc.  

I don't want java to play a part in this solution.  Strictly CGI-BIN scripting.  I don't know anything about CGI -- but would it be possible for the script to work on both UNIX and NT servers?

Thanks

Rowby

0
Comment
Question by:Rowby Goren
  • 4
5 Comments
 
LVL 9

Author Comment

by:Rowby Goren
ID: 1829452
Edited text of question
0
 
LVL 9

Author Comment

by:Rowby Goren
ID: 1829453
Adjusted points to 300
0
 
LVL 9

Author Comment

by:Rowby Goren
ID: 1829454
Edited text of question
0
 

Accepted Solution

by:
Eck earned 300 total points
ID: 1829455
Hi rowby :]

Heres a solution for Unix/Apache, AFAIK it cant be done easily on NT/IIS from a script (unless a microsoft scripting 'language' like VBScript has special routines for it). but I suppose this would work with NT and win32 Apache *shrug*.

first you need to create a boilerplate access file called '.htaccess' in the directory you want to protect, this is the file that tells the server, that there is special authorisation needed to read that directory.. this should look something like this:

--.htaccess Snip--
AuthType Basic
AuthName ProtectedPages                             #Cosmetic Resource Text.
AuthUserFile /path.to.protected.dir/passfile       #the filename of the password file.
require user Admin Admin2                              #Users allowed to log on.

--Snip--

The you would create a boilerplate password file whos filename would be the one you specified on the AuthUserFile line in .htaccess file. i.e:

--passfile Snip--

Admin:5TmextAi8m4u2                    # Username:Encrypted password
Admin2:5TmextAi8m4u2                  # "                                          "

--Snip--

This password file gives 2 users (Admin,Admin2) access with the password 'Password'.


Thats it... All your script has to do is manipulate the 'require user' line of the .htaccess
and write/remove usernames:encrypted passwords from the password file.

That only skims the surface of web authorisation possabiltys with apache, it cant do a lot of funky things.. all is brilliantly explained on www.apache.org.

Hope that helps.
0
 
LVL 9

Author Comment

by:Rowby Goren
ID: 1829456
Hi, Eck --

Thanks for your response.  Would this system allow a user create their own password once they arrive on the page?  This is a key requirement.  Or I suppose it could automatically give the user a password from a list.

Could you clarify????


Thanks

Rowby
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Introduction This tutorial will give you a fast look what you can do with WhizBase. I expect you already know how to work with HTML at least, and that you understand the basics of the internet and how the internet works. WhizBase is a server-s…
Recently I have been answering a lot of questions like this in IT forums that I frequent. The question posed is usually something along the lines of "We have software X installed and need to uninstall it for reason Y" or some other variant of the sa…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now