Okay, I looked around and couldn't find an answer to this, so hopefully somebody can help me out. I'm the webmaster for my sorority's chapter website. I'm hoping that there is a way to add a "member's-only" section, but I am not really sure how to do this. The website is hosted on the university's server, so ideally, I want users to be able to log in using their school ID and password rather than having to create a new one for our site. Is this possible? I think it is, because another sorority on our campus has a section like this which appears to allow members to log in using their school ID's, but I didn't get any responses back when I asked them. The server has both a private and public folder... also, if this is possible, I need to be able to set permissions so that only members of my sorority can log in to the site. Can I do this myself, or do I need to contact my school's webmaster? Thanks, any help you could give me would be fantastic!!

You may be able to activate Basic Authentication for the area referencing an LDAP server if the school is using one for student/faculty directory information.

Thanks! Can you tell me how I can find out how to do that, though? Or point me towards some kind of tutorial or something? I don't know a lot about that LDAP server kind of stuff... thanks!

you might explore password protected directories.

which is my current project. the current delmia is how to automatically, or dynamically add some one to those allowed to access the directory. And can one have more then one such directory with different users allowed access to each directory.

hope you find out.

What you need to do first is talk to your network folks and see how they're doing their directory services. If they've got it under control then they should be able to help you configure the authentication.

but they offer no real help. They use something called cpanel. it shows how to use cpanel to 'setup' the protected directory. and provides a way to add one user at a time (interactively) to the list. the 'allowed' users list looks to be a basic 'ascii' file but with the password encripted some how.

my research shows a command that adds a name/password to the list.. the rub is to find a way to call the command/program programatically. ie: issue a batch command with replace ment varables. I still think there must be a function in php or jscript to do that.

i have what must be the slumlords of the internet. that is every thing basically works, and he don't care what i do with my account as long as he get;s his rent. on the other hand if some thing must be fixed i either have to do it my self or wait until hell freezes over.

then again, the rent is cheap. and most everything works. :o

They use something called cpanel. it shows how to use cpanel to 'setup' the protected directory. and provides a way to add one user at a time (interactively) to the list. the 'allowed' users list looks to be a basic 'ascii' file but with the password encripted some how.That's standard Basic Authentication against a password file. The command you found is probably the htpasswd command bundled with Apache. You can call that from a little Perl/CGI handler that will manipulate the password file. I haven't done that in several years but it's very easy.

in .net it would be fairly easy to using a vbs or c# instruction to either shell to the operating system and involke htaccess or figure the excription method of the allowed user file and do a simple append.

i guess i was fishing for some one to offer how to shell in apache/linux/etc. I essencially know what to do just not exactly how to do it. I plan to pour over the php manual when it comes and figure it out. there must be a reason php is used in the linux world.

the thing is figuatively... once i learned to fill the pool with a hose i forgot one could still do it with a bucket.

thanks for the encouragement.

That's what CGI does. Perl is a common scripting language for CGI but any program can be invoked.

PHP is used for the same reasons that ASP and CFM are used; a mechanism to provide server parsed HTML plus an imbedded procedural language.

not to be overly controversial, but php is used so widely because it is free and works on unix/linux systems. There is nothing wrong in that. I participated in the free internet movement myself. And generally support it. incidently, i did find a way to 'dynamically' update the .htaccess file using php.. so it can be done. I will post that in a separate msg so we can, i hope help others and move beyond politics of the internet.
/meow/

this file - addname.php
<body>
insert a name into the access file
<hr>
<?php
{
$pwfile="allowed";
$uname=htmlspecialchars($_POST['username']);
$upass=htmlspecialchars($_POST['password']);
$cmd = "htpasswd -b ".$pwfile." ".$uname." ".$upass;

}
?>
[<?php echo $pwfile; ?>]<br />
[<?php echo $uname ; ?>]<br />
[<?php echo $upass ; ?>]<br />
[<?php echo $cmd ; ?>]<br />
bang .. <hr />
<?php
{
echo exec($cmd);
echo exec("type ".$pwfile);
}

this called from a simple form's page (contrived of course but it sort of works)

i called this getname.html but it could be anything..
<html>
<body>
<center>
hello there please tell me what your:<hr>
<form action="addname.php" method="post">
<p> desired username: <input type="text" name="username"/></p>
<p> desired password: <input type="text" name="password"/></p>
<input type="submit" name="submit" value="signup" />
</form>
</center>
</body>
</html>

this works , ofcourse needs security checks and such. it presumes that htpasswd is in the public directory and such. suggestions are always welcome.

php is used so widely because it is free and works on unix/linux systems.So is C, Perl, Python, TCL and many others but their intent is not to do server parsed HTML; i.e. they aren't web-specific.
$cmd = "htpasswd -b ".$pwfile." ".$uname." ".$upass;And that's the core of the whole thing. Anything that can shell that command can be used as long as htpasswd is available. I assume there are PHP modules that can get the job done without using htpasswd, too, as I know there are several Perl modules that will. Personally I like doing it the way your example does it, though, because it will work correctly on Apache regardless of the OS.

to people using my code, live... you will need to find your path to htpasswd,
and the password file should (on a unix system) start with a '.' (dot) to make it invisable to hackers.. and should idealy be outside the 'public_html' path.
the final part is to create (in the drectory you want to protect) a file titled '.htaccess' which at it's simply should read


AuthType Basic
AuthName "Restricted Area"
AuthUserFile "y:\allowed"
require valid-user


here 'y:' is my -server home drive- and would be a qualified name/path to where you put the allowed user.. again ideally a writeable directory outside the public html path.

{if this helps anyone i would appreciate hearing about it or any enhansements you might make kitty@mrzkitten.nospam.org}