Solved

Understanding htaccess (htpasswd)

Posted on 2010-09-07
7
507 Views
Last Modified: 2012-05-10
I've inherited a website template from another programmer. The task was simple enough, copy the entire website, change the content (including database links). He is using the .htaccess file, a file I am not familiar with.

I'm currently working on the admin section of this site.
There a note in the code, on the line for the username and password for the admin section, that says "// change this value when password changes for admin along with htpasswd file". I've done a site search and can't find a file named htpasswd.
If I change the password in the admin file, the website can never authenticate the password and I can't login.

There is the .htaccess file. The code for that is below. If I change "oldsite" to "newsite" the page, after login, will display a 500 Internal Server Error.

I've never used the .htaccess file before, and I'm not really sure where to start.
Everything else on the site is ready to go, except for changing the password to the current site. If I use the old password, everything works just fine.


AuthName "Restricted Area" 
AuthUserFile "/home/oldsite/etc/passwd"
AuthType Basic
require valid-user

Open in new window

0
Comment
Question by:kentcommunications
  • 3
  • 2
  • 2
7 Comments
 
LVL 15

Expert Comment

by:Insoftservice
ID: 33619903
HI,
may i get the complete  htaccess rule
0
 

Author Comment

by:kentcommunications
ID: 33620645
The code I attached is the entire contents of the .htaccess file.
0
 
LVL 15

Expert Comment

by:Insoftservice
ID: 33624192
hi,

chk the path of the htpasswd file

AddType text/x-component .htc
RewriteEngine on
AuthType Basic
AuthName "Restricted Area"
AuthUserFile "/home/oldsite/etc/passwd"
require valid-user
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 4

Accepted Solution

by:
chrisbloom7 earned 500 total points
ID: 33626465
AuthUserFile "/home/oldsite/etc/passwd"

That line contains the path to the password file. You can either grab it from the old server, or create a new one and update the path to the new file. If you have to create a new one, note the next line in the htaccess file:

require valid-user

That line probably describes a group of users rather than a single user. You can find out more about the process of creating passwords and groups at http://httpd.apache.org/docs/2.2/howto/auth.html
0
 
LVL 4

Expert Comment

by:chrisbloom7
ID: 33626513
Sorry - I need to correct that last part. valid-user is actually a keyword, not a user nor a group. If it were a group there would be an extra AuthGroupFile directive and the group name would be preceded with the word "group", as in

require group valid-user

Instead the keyword valid-user means allow anyone in that is using a valid username and password, as defined in the password file. Again, refer to the documentation I linked to.
0
 
LVL 4

Expert Comment

by:chrisbloom7
ID: 33626533
Also, I feel compelled to say that Basic Authentication is not the best way to protect an administration area as it requires external functionality to protect the pages. In other words, if Apache isn't configured properly the pages are unprotected but still accessible. Better to use the scripting language itself (PHP) to restrict access to the files. You will have much more control and flexibility and no external requirements.
0
 

Author Comment

by:kentcommunications
ID: 33627437
I copied the passwd file from the original site to the new one. It only contains one line, an encrypted password.

As you said, this isn't the best way to do user authentication (I've never worked with this method) so I'm just going to set it up through PHP, I'm thinking its less of a hassle at this point.

Thanks!
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
parse url to form? 7 25
Help with PHP 13 27
Displaying text in text field when clicking on ajax search result 10 39
Web Easy Professional 10 Embedded Facebook 1 18
An enjoyable and seamless user experience can go a long way on an eCommerce site. While a cohesive layout and engaging copy play roles in creating a positive user experience, some sites neglect aspects that seem marginal but in actuality prove very …
Because your company can’t afford for you to make SEO mistakes, you’ll want to ensure you’re taking the right steps each and every time you post a new piece of content. This list of optimization do’s and don’ts can help you become an SEO wizard.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question