www.webdeveloper.com
Results 1 to 4 of 4

Thread: create htaccess & htpasswd useing PHP and MySQL

  1. #1
    Join Date
    Jun 2004
    Location
    London UK
    Posts
    541

    create htaccess & htpasswd useing PHP and MySQL

    Hi all....

    I need a little help....but almost there!

    I need to use .htaccess to password protect my site....that bits easy...this is the painful bit ( painful for me anyway )

    I have this script that uses a form to process the username and password correctly:

    PHP Code:
    if ( isset($_POST[user]) && isset($_POST[password1])) 

     if( 
    $_POST[password1] == $_POST[password2] ) 
      { 

        
    /*$pfad = $DOCUMENT_ROOT . dirname($PHP_SELF) . "/.htpasswd"; 
        $safe= dirname ($PHPSELF); 

        $htaccess_text = "AuthType Basic\n". 
        "AuthName \"\"\n". 
        "AuthUserFile $pfad\n". 
        "require valid-user\n";*/ 
         
        
    $user $_POST[user]; 
        
    $password1 $_POST[password1]; 

        for (
    $i 0$i count ($user); $i++) 
        { 
         
    $htpasswd_text .= "$user[$i]:".crypt($password1[$i],CRYPT_STD_DES).""
        } 

           echo 
    "First make a file called .htaccess put this in it:<br><br> 

           AuthName \"Password Protected Directory\"<br> 
           AuthType Basic<br> 
           AuthUserFile /your/server/path/.htpasswd<br> 
           require valid-user<br><br> 

           Then make a file called .htpasswd. Below is the text you need to enter into your .htpasswd file, then upload both the file to the directory you want to protect!"

           echo 
    "<p><hr></p>"
           echo 
    nl2br($htpasswd_text); 
           echo 
    "<p><hr></p>"
      } 
      else 
      { 

          echo 
    "<p><hr></p>"
          echo 
    "<b>Passwords do not match</b>"
          echo 
    "<p><hr></p>"

      } 

    So.......I need to use this info in one of the two following ways:

    1: store the usename and password in my mysql data base and use somthing like:

    PHP Code:
        AuthName            "Authorization Required"
        
    AuthType            Basic
        AuthGroupFile            
    /dev/null
        AuthMySQLCryptedPasswords    Off
        AuthMySQLHost            localhost
        AuthMySQLDB            
        AuthMySQLUserTable        user_auth
        AuthMySQLUser            
        AuthMySQLPassword        
        AuthMySQLNameField        user_name
        AuthMySQLPasswordField        user_passwd
        AuthMySQLAuthoritative        On
        
    require valid-user 
    to check the usename and password....I have the apache module (mod_auth_mysql) installed for this

    or...

    2: write the username and password to a .htpasswd file on the server in the appropriate directory.

    OK...I need some help with the option thats best so please advise on the best way to go!

    These are my problems and things I have to concider

    firstly....the site is a microsite...and one of many....Id like to manage all access from this form creating the username and password.....so...the thing to consider here is that each microsite has its own unique user_id in the database so if I was to go with option 1 then I'd need some way of selecting the correct table of usernames and password based on the user_id

    so...question is...can that script above that conects to the database and gets the usernames and password select from a table based on a unique user_id?

    if not then i'm off to option 2...

    so...option 2....how do I use the form to get the username and password then write this to a .htpasswd file in a given directory

    and...is this recomended...please tell me if I'm going the wrong way about this.

    Lastly...I need to be able to have the .htaccess file enabled and disabled, depending on if I have need for it on that particular microsite...so...this would be in the form too, it would be a simple tick box to say "password protect - ON/OFF"

    so....if OFF then the .htaccess file doesn't try and varify the visitor....then if ON tyen the .htaccess file trys the varify the user using the username and password in either the database od the .htpassword file (depending on the option I take with the passwords)

    I'm a bit unsure how to go about this...

    OK....hope this all makes sence and someone can help out.

    Cheers

  2. #2
    Join Date
    Jun 2006
    Posts
    472
    For me, coming from a database background I'd use the DB all the way, I don't bother with .htaccess. I would use the user_id as session variable and if every user has a different directory then include that in a field in the DB table then when successfully logged in they are redirected to that directory.

  3. #3
    Join Date
    Jun 2004
    Location
    London UK
    Posts
    541
    thanks Aussie Girl

    I may go that way with the microsite but the problem I have is a sub directy that contains mp3s that are linked to from an RSS feed that I need to protect....if I subscribe in iTunes for example...the only way (I know) is to use htaccess to protect the directiry (and Mp3 files contain) with a password......can this be done a different way?

    Cheers
    Cybercampbell

  4. #4
    Join Date
    Jun 2006
    Posts
    472
    Again I would create a database table with links to the MP3 files, then when people have successfully logged in they would get access to the .php file that lists all the MP3 available using a SELECT statement and on the top of that page would be the session or cookie info whatever you decide to use, if ok, show files, if not redirect them back to login page. I can't offer much advice on the RSS feed though..

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles