I need a little help....but almost there!
I need to use .htaccess to password protect my site....that bits easy...this is the painful bit ( painful for me anyway )
I have this script that uses a form to process the username and password correctly:
if ( isset($_POST[user]) && isset($_POST[password1]))
if( $_POST[password1] == $_POST[password2] )
/*$pfad = $DOCUMENT_ROOT . dirname($PHP_SELF) . "/.htpasswd";
$safe= dirname ($PHPSELF);
$htaccess_text = "AuthType Basic\n".
$user = $_POST[user];
$password1 = $_POST[password1];
for ($i = 0; $i < count ($user); $i++)
$htpasswd_text .= "$user[$i]:".crypt($password1[$i],CRYPT_STD_DES)."";
echo "First make a file called .htaccess put this in it:<br><br>
AuthName \"Password Protected Directory\"<br>
Then make a file called .htpasswd. Below is the text you need to enter into your .htpasswd file, then upload both the file to the directory you want to protect!";
echo "<b>Passwords do not match</b>";
So.......I need to use this info in one of the two following ways:
1: store the usename and password in my mysql data base and use somthing like:
AuthName "Authorization Required"
to check the usename and password....I have the apache module (mod_auth_mysql) installed for this
2: write the username and password to a .htpasswd file on the server in the appropriate directory.
OK...I need some help with the option thats best so please advise on the best way to go!
These are my problems and things I have to concider
firstly....the site is a microsite...and one of many....Id like to manage all access from this form creating the username and password.....so...the thing to consider here is that each microsite has its own unique user_id in the database so if I was to go with option 1 then I'd need some way of selecting the correct table of usernames and password based on the user_id
so...question is...can that script above that conects to the database and gets the usernames and password select from a table based on a unique user_id?
if not then i'm off to option 2...
so...option 2....how do I use the form to get the username and password then write this to a .htpasswd file in a given directory
and...is this recomended...please tell me if I'm going the wrong way about this.
Lastly...I need to be able to have the .htaccess file enabled and disabled, depending on if I have need for it on that particular microsite...so...this would be in the form too, it would be a simple tick box to say "password protect - ON/OFF"
so....if OFF then the .htaccess file doesn't try and varify the visitor....then if ON tyen the .htaccess file trys the varify the user using the username and password in either the database od the .htpassword file (depending on the option I take with the passwords)
I'm a bit unsure how to go about this...
OK....hope this all makes sence and someone can help out.