Thursday, March 28, 2024

So You Want A Password Protected Page, Huh?


First things first…


  1. If you have Active Server Pages Ability, then see here for a great ASP Password system.

  2. After you read what is below, if you’d like to take a shot at it yourself, Christoph Huetten has
    been nice enough to sent the entire set of instructions to setting up the password directory yourself. Click here to jump right to it.


  3. Those of you with Lotus Notes, Click here for another way to do password protected pages.


  4. There are also Java Script versions that protect one page at a time. See the Script Tips for the scripts.





     Ever since I put up that I was
working on this tutorial, I have been bombarded with requests to
Hurry the #%@$ up!. Well, here it is and you may not be
happy with the answers I give you.

     The answer is — you can’t do this with HTML commands alone. Password protection is done at the server level. You see, I was not waiting all this time in order
to write a large tutorial, but rather for my webmaster to arrange a protected directory in my account.

Here’s What Happens


     First, tell your webmaster, server
person, or the guy who takes your checks each month that you
want to do password protected pages. He will immediately ask
what you have that is so darn important that you require these
pages. You say, “none of your business” and ask again.


     After a short time, a protected
directory will be created for you. Not a page by page
protection, but a directory. Basically the tech will set
aside a whole section of the server hard drive as protected.
Every page that you put into that directory will require a log-in
and a password.


     Some new files will be added to
that directory. These are the three most common files:


  1. .htpassword This is a password file (duh).
    It will
    contain one password for each login you denote to the server. It should be created initially with a
    password for you. Usually its “owner.” If you start playing
    around with this file, never delete the initial password or you
    can’t get in again to make changes.
  2. .htgroup This contains the logins you denote.
    How
    you change or add logins or passwords will depend on how the
    tech sets up your server. I have to telnet into the server
    directly, enter some cryptic UNIX commands and answer a couple of
    questions to prove I am whom I am. Then I can enter logins and
    passwords to my heart’s content.
  3. .auth This is a possible third file. Some servers
    allow you to enter passwords and logins right to an html
    document. This would be that document. It’s very easy this
    way. A nice form page comes up and you just enter it all
    straight away. I didn’t get this. You may not either.


     When you enter a login and
password, it works for everything you placed in that protected
directory. What that means is that the server won’t continue to
ask again and again for passwords when a new page is entered.

Do All Servers Work This Way?


     My server tech informs me that any
system can be configured a hundred ways, but no matter what the
files are named, what I have described above will be what
happens. At least two files, one passwords and one logins, will
be added to your accounts and you will configure them to allow
only certain people in.

     Well, that’s about it. You need to
call your webmaster and ask for the protected directory to get
things started. And I’ll ask before he or she does…What
exactly do you have that is so important that must be protected?
I know. None of my business…





 

     Thanks to
Christoph Huetten for this info.
     Use it at your own risk. I take no responsibility
for any of this. Here’s Chris’ letter and instructions:

Dear Joe,

     Today I wanted to create password protected pages for the very first time. So I did what I always do when I want to do something new with my web pages (being an absolute amateur) – I checked your pages for a nice tutorial on it. First I was happy to find one but then I was a bit disappointed because I had to read that I cannot do it on my own. I just could not believe it. So I checked a few more pages, worked a bit on it and finally got through and made it.

Here is how I made it (do please excuse my English – it is just not my mother tongue)

I only did it for pages with only one username and password but to extend it to more should not be the problem.

So here is the way to password protect your pages without the assistance of the administrator. You even have not to work in this strange UNIX-Environment.


The only thing you need is:


– a text editor

– an ftp-program to move the created files to your WWW-Server and to do some other stuff (I used CuteFTP – a very nice shareware program that is even understandable for an amateur like me. Therefore the following description will assume the use of this program. Get it
here.)

– a browser because we have to link to a certain page for some help

– a pen and a piece of paper.

Furthermore you have to have the permission to create directories and change the properties of self-created files and directories on your Web-Server.
If you have all that it is quite easy:

Step 1:

     Think of a nice username and password that later on have to be typed in from everyone who wants to see your protected pages. Take the pen and the piece of paper and write these down. And don’t forget: Wherever you use capital letters those who want to access your pages will have to use capital letters as well!!!


Step 2:

     Use your ftp-Program to access your Web-Server. There you create a directory where you want to place the password protected files using the ‘make new dir’ command from the Commands menu (you can name it whatever you want). Then you create a second directory where you will later place the file with the password information (again use the ‘make new dir’ command). Now take the pen and the paper and write down the complete and exact path of the directory you created for the password information file(the ftp-program should display this if you open the directory).


Step 3:

Open your text editor and write the following lines:

AuthUserFile xxx/.htpasswd

     AuthGroupFile /dev/null

     AuthName yyy

     AuthType Basic

     <Limit GET>

          require user zzz

</Limit>

     After you have done this you replace the xxx with the path you have written down on your piece of paper.
Furthermore you replace the yyy with one ore more nice words. These words are only there to make the procedure of accessing your protected pages a little bit nicer. Because if someone wants to access these pages he will first see a nice box that asks him for the username and password. The first sentence in the box will be: Enter username for yyy.
Then you replace the zzz with the username you have written down on your piece of paper.
Finally you save this file somewhere on you computer under the name htaccess.txt


Step 4:

     Open your browser and go to the page http://www.euronet.nl/~arnow/htpasswd/
There you fill in the form with the data from your piece of paper and push the calculate button. A new page will appear on which you will find a line in large letters that starts off with the username you have written on your piece of paper and some strange letters afterwards. Take again your pen and write the whole (!!!) line down.


Step 5:

     Open your editor again and type the line you have just written down on your piece of paper. Push Return to create an empty line below. Now save this file under the name htpasswd.txt.


Step 6:

     Now open your ftp-program again and access your WWW-Server. First go to the directory where you want to place your protected pages and copy the file htaccess.txt from your computer to this directory. The name of the file should appear on the Remote side of the ftp-program. Mark this file and execute the ‘Rename’command from the Commands menu to rename the file to .htaccess (don’t forget the dot!!!) Now execute the ‘change file attributes’-command from the Commands menu. A box appears where you type in 644 where it says ‘manual’.
Now you change to the directory where you want to place the password information. To there you copy the file htpasswd.txt. You then rename it to .htpasswd (again don’t forget the dot!!!). Then you do what you already did to the htaccess file, i.e. you mark the file, execute the ‘change file attributes’-command from the Commands menu and type in 644 where it says ‘manual’. Now we are nearly done. The last thing you have to do is to close the directory where you are in, mark it and once again execute the ‘change file attributes’-command from the Commands menu. But now you type in 711 where it says manual.


     That should be it. Whatever pages you place in the directory you created for protected pages can only be watched in the browser if the username and password are typed in.


     I hope it works as well for you as it did for me.


     Regards


     Christoph

 


A Different Way


(Posted 12/12/96)

This is new to the page, if you have the correct software, please give this method a try and let me know what happens – Joe

Much thanks to David Sierra, Webmaster–Papa Johns International, Inc. Here is a copy of his email to me along with instructions…

Joe,

     I enjoyed reading your tutorials – they were very informative! I was reading your article [password pages] and wanted you give you some additional info.

     There is a way of having Password Protected pages without going through your webmaster. But, this would only apply to Internet users that use Lotus Notes. Lotus provides a product called “Domino Web Server” that allows you to take any Lotus Notes database and publish it over the Internet. The originator of the database, not the webmaster, using assigned access levels gives the pages/database, password protection. What that means is, that you the originator of documents (HTML-coded, etc.), stored in a database, can give an anonymous web user “No Access” to that page(s)/database.

     You give the users of your pages/database access by assigning the access level through the database, not the server. You assign the “Login (UserID)” and “Password” to an individual user or group and assign them access above “No Access” level.

     In summary, the database originator can assign his own “Password Protection” without having to go to his webmaster, service tech, etc.

     I hope this helps. Thanks again for the “goodies”!

     –David

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends & analysis

Popular Articles

Featured