kentcommunications
asked on
Understanding htaccess (htpasswd)
I've inherited a website template from another programmer. The task was simple enough, copy the entire website, change the content (including database links). He is using the .htaccess file, a file I am not familiar with.
I'm currently working on the admin section of this site.
There a note in the code, on the line for the username and password for the admin section, that says "// change this value when password changes for admin along with htpasswd file". I've done a site search and can't find a file named htpasswd.
If I change the password in the admin file, the website can never authenticate the password and I can't login.
There is the .htaccess file. The code for that is below. If I change "oldsite" to "newsite" the page, after login, will display a 500 Internal Server Error.
I've never used the .htaccess file before, and I'm not really sure where to start.
Everything else on the site is ready to go, except for changing the password to the current site. If I use the old password, everything works just fine.
I'm currently working on the admin section of this site.
There a note in the code, on the line for the username and password for the admin section, that says "// change this value when password changes for admin along with htpasswd file". I've done a site search and can't find a file named htpasswd.
If I change the password in the admin file, the website can never authenticate the password and I can't login.
There is the .htaccess file. The code for that is below. If I change "oldsite" to "newsite" the page, after login, will display a 500 Internal Server Error.
I've never used the .htaccess file before, and I'm not really sure where to start.
Everything else on the site is ready to go, except for changing the password to the current site. If I use the old password, everything works just fine.
AuthName "Restricted Area"
AuthUserFile "/home/oldsite/etc/passwd"
AuthType Basic
require valid-user
ASKER
The code I attached is the entire contents of the .htaccess file.
hi,
chk the path of the htpasswd file
AddType text/x-component .htc
RewriteEngine on
AuthType Basic
AuthName "Restricted Area"
AuthUserFile "/home/oldsite/etc/passwd"
require valid-user
chk the path of the htpasswd file
AddType text/x-component .htc
RewriteEngine on
AuthType Basic
AuthName "Restricted Area"
AuthUserFile "/home/oldsite/etc/passwd"
require valid-user
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sorry - I need to correct that last part. valid-user is actually a keyword, not a user nor a group. If it were a group there would be an extra AuthGroupFile directive and the group name would be preceded with the word "group", as in
require group valid-user
Instead the keyword valid-user means allow anyone in that is using a valid username and password, as defined in the password file. Again, refer to the documentation I linked to.
require group valid-user
Instead the keyword valid-user means allow anyone in that is using a valid username and password, as defined in the password file. Again, refer to the documentation I linked to.
Also, I feel compelled to say that Basic Authentication is not the best way to protect an administration area as it requires external functionality to protect the pages. In other words, if Apache isn't configured properly the pages are unprotected but still accessible. Better to use the scripting language itself (PHP) to restrict access to the files. You will have much more control and flexibility and no external requirements.
ASKER
I copied the passwd file from the original site to the new one. It only contains one line, an encrypted password.
As you said, this isn't the best way to do user authentication (I've never worked with this method) so I'm just going to set it up through PHP, I'm thinking its less of a hassle at this point.
Thanks!
As you said, this isn't the best way to do user authentication (I've never worked with this method) so I'm just going to set it up through PHP, I'm thinking its less of a hassle at this point.
Thanks!
may i get the complete htaccess rule