user authentication

[ahdont]

i want to setup a user authentication for several pages. are there any recommand php. i did a search on hotsrcipts, and found a few simple ones. i have several questions though

i would like to know what is my base address outside of htmldoc_root? like the directory thats outside of html.

ahdont

[jason]

The easiest way to set up authentication is to use the password protected directories feature of CPanel. That will let you set up basic authentication through the webserver.

If you're looking for a PHP solution, check out patUser at http://www.php-tools.de. I've never used it, but I'm considering it for an upcoming project. I use the sister tool, patTemplate, quite extensively in my projects because it is easy to use and very powerful. patUser looks similar.

There was a couple recent articles at http://www.devshed.com on using patUser. I'd suggest you take a look at them for a clear understanding of what patUser can do.

--Jason

[kkbbzzaa]

The easiest way to set up authentication is to use the password protected directories feature of CPanel. That will let you set up basic authentication through the webserver.

Hi,
Is there any way to make a srcipt an manage this passwords not form the cpanel?

Just wondering..

Thanks

Mateo

[jason]

Yes, the format of the htpasswd file is:

username:encryptedpassword

The file can be anywhere in your account space, but it should be outside of your public_html directory for security purposes. You can name it anything you want.

To link it up to your site, add the following to your .htaccess file:

<Directory /home/YOURUSERNAME/public_html/NAME_OF_PROTECTED_DIRECTORY>
AuthType Basic
AuthName "Authorized Use Only"
AuthUserFile /home/YOURUSERNAME/.htpasswd
</Directory>

You should change the NAME_OF_PROTECTED_DIRECTORY to the name of the directory you want to protect, the "Authorized Use Only" to the message you want displayed on the login dialog box, and the path of the AuthUserFile to the correct path to the file you'll be using.

To add users, use the crypt() function (available in most languages on the server including PHP and Perl) to encrypt the password. I'd recommend using a CGI script as opposed to PHP because CGI scripts run under your user ID. That means that you won't have to give "nobody" write access to the password file. If you want to use PHP, it is possible to make PHP scripts run as CGI scripts. I can explain that for you if you'd like.

Also note that this isn't 100% secure. Your passwords will be sent in clear text and can easily be "sniffed out" on the network. If you need some added security, use HTTPS to access the secure area.

--Jason

[kkbbzzaa]

Wow, thanks for all that info.
I'm a newbie in programming so I don't know how to create the script to encrypt the passwords, I would really appreciate if you could help in this. Although I don't want to take you too much of your time.

The rest I think I can understand.

Thanks for all your help it is really appreciated.

Thanks again

Mateo

[kkbbzzaa]

mmm. another question, where is the .htaccess file? should i be able to see it form the file manager o i should use the "Edit .htaccess" button in the CP? (it has too many red letters saying "Do NOT modify anything if you do not understand what you are doing").

Is this too much for a newbie or do you think i can do it?

Thanks

Mateo

[jason]

You won't have a .htaccess file if you haven't (or cpanel hasn't) created one. You can either create your own in a text editor or use the feature in CPanel.

I'll try to find some time to write some basic sample code for you tomorrow. I'm too tired to do it now...

--Jason

[Darryl]

If you're a Perl programmer, look at the HTTPD::UserAdmin and HTTPD::GroupAdmin modules. Makes it pretty easy to manage Apache's password and group files. Don;t know if these are installed on the JagPC servers or not; if not, you can probably install them locally in your account.

[mattsiegman]

In Perl the crypt() function has been taken out because of gay US export laws...

[kkbbzzaa]

Thank you Jason, I really appreciate your help!