New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
Web Design and Hosting Creating sites, scripting, and hosting discussions.

.htaccess headaches


Post Reply New Thread Subscribe

 
Thread Tools
bexxy

 
Member Since: Sep 04, 2009
Location: London
Posts: 11
bexxy is on a distinguished road
Mac Specs: iMac, iPhone, iPod

bexxy is offline
I posted a few days ago about password protecting directories within a site for clients to view work progress etc..... was recommended by a few people (here and elsewhere) to use .htaccess and .htpasswd files.

I've had endless trouble and after 4 solid days of banging my head into a brick wall, I'm wondering whether anyone here might be able to tell me what on earth I am doing wrong.

I have upgraded my hosting package to one that I am assured supports CGI scripting, and everyone at the helpdesk tells me there is no reason why this is not working.

When I try to open up the page a drop down box appears for username and password. So far, so good. I enter the details........ click ok, and I get diverted to a 500 internal server error message screen.

I am guessing that the problem could well be, that the .htaccess file possibly has the incorrect route to the .htpasswd file. Does that sound like the case? The server is obviously picking up the htaccess file but then loses it from the point where it needs to communicate with the password file?

I've been given three different options as to what the file path is by the host, but without truly knowing my stuff, it's very tough for me to tell them to double check things when I think they are giving me the wrong info. A couple of months ago, they upgraded their servers so all the info they were giving out was wrong. It took me 2 days to discover that!

Just for your info..... my .htaccess file reads:

AuthUserFile file/path/to/.htpasswd
AuthName "Secure Client Area"
AuthType Basic
require user MarkWallis

And the .htpasswd is simply

MarkWallis:encryptedpassword

I encrypted it on a recommended website...... any chance it's not encrypting it properly and that is what's causing the trouble?

Also, I have heard that there is a small piece of PHP scripting that I can create a file with, upload onto the server to find out what the true path is - anyone know how that works, because if I'm getting loads of different info, it might be down to me to find out for myself!

Thank you so much in advance.

All the best
Bex
QUOTE Thanks
Raz0rEdge

 
Raz0rEdge's Avatar
 
Member Since: Jul 17, 2009
Location: MA
Posts: 7,501
Raz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant future
Mac Specs: 27" i7 iMac, 24" iMac, 13" Macbook Air, iPhone 5 & 5S, iPod Nano 7th Gen, iPad 2 16GB WiFi, iPad 3

Raz0rEdge is offline
Your .htaccess looks good except for the require line. I've traditionally used "require valid-user" there and the .htpasswd file has the list of user:password combination that's acceptable.

You are probably on the right track thinking whether the path to .htpasswd is correct. If you have SSH access to your host, you can login and then go to the directory where you put .htaccess and type 'pwd' to grab the directory.

If that isn't possible, and you have access to PHP ony our webhost, you can create a simple file with the code "<? phpinfo(); ?>" and load that in your browser, you will get a bunch of information about PHP and also importantly the full directory where the PHP file is executing from. Compare this directory with where you think your .htpasswd is and confirm they match..

Regards
QUOTE Thanks
bexxy

 
Member Since: Sep 04, 2009
Location: London
Posts: 11
bexxy is on a distinguished road
Mac Specs: iMac, iPhone, iPod

bexxy is offline
You're a hero! Whatever you've done seems to have changed something even if it's not still quite working yet. All that is now happening is that the username/ password box is coming up, I enter the info, and it comes strait back up again saying that the combo was incorrect and prompting me to re-enter. So it seems now to be communicating with .htpasswd but for some reason not liking what I enter???

I've tried a new username/ password combo to test I hadn't duffed that up, but it was the same again. I am wondering again if I was possibly using an unsuitable encryption site? Is that possible?

I am uploading the .htpasswd file in ASCII mode as I was recommended previously, and as prompted by my host I have changed the permissions of the CGI files and the directories they are contained within as their server doesn't execute the script for security reasons apparently. I am guessing I have done that correctly but again it's tricky to be sure as the help page was written before they changed their servers......

Thanks for the advice about the require line...... the only reason I had the specified user down is that there are some pages for some clients and others for others if you get my meaning.

In this scenario would the best option be to create a new .htpasswd file for each new section as well as an .htaccess file, maybe naming it slightly different each time like .htsecure? Of course that's once I've figured out how to get it working that is....!



Many thanks again!
QUOTE Thanks
bexxy

 
Member Since: Sep 04, 2009
Location: London
Posts: 11
bexxy is on a distinguished road
Mac Specs: iMac, iPhone, iPod

bexxy is offline
Also..... now I'm thinking about it..... I have trouble uploading the .htaccess files onto the server as my MAC doesn't let me save the file with the "." at the beginning... not without making it invisible anyway!!!

Could that be what's causing the problem. I save the file as htaccess.txt and then rename it to .htaccess once it's up...
QUOTE Thanks
bexxy

 
Member Since: Sep 04, 2009
Location: London
Posts: 11
bexxy is on a distinguished road
Mac Specs: iMac, iPhone, iPod

bexxy is offline
Right - I am officially an idiot!

Thanks for the info Raz0rEdge - I've been tinkering about, and suddenly dawned on me what the problem was. I hadn't stopped to think that because I had copied and pasted in the encrypted password strait off the website that I got it from the text file automatically saved as an .rtf as opposed to at .txt.

Even though I was changing the name once it was uploaded, it seems it messed it up. As soon as I changed the file to a .txt and re did it - hey presto! Awesomely happy - so awesome in fact that I did two victory laps of the flat!

Thanks so much for your help, once again!

Now that I've done the first section, no doubt I'll need to upload all the other client's stuff in separate directories...... so with the require line being valid-user, I'm guessing I'll need to create different password files for each individual section???

All the best

QUOTE Thanks
Raz0rEdge

 
Raz0rEdge's Avatar
 
Member Since: Jul 17, 2009
Location: MA
Posts: 7,501
Raz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant future
Mac Specs: 27" i7 iMac, 24" iMac, 13" Macbook Air, iPhone 5 & 5S, iPod Nano 7th Gen, iPad 2 16GB WiFi, iPad 3

Raz0rEdge is offline
Now that you have the system working with 'require valid-user', you could probably switch back to requiring a specific user and see if it continues to work.

I would imagine that you want to segregate different client data in separate directories, each with their own combination of .htaccess/.htpasswd with the appropriate client names..

This is just RIPE for some package to do all of this..

Regards
QUOTE Thanks
bexxy

 
Member Since: Sep 04, 2009
Location: London
Posts: 11
bexxy is on a distinguished road
Mac Specs: iMac, iPhone, iPod

bexxy is offline
Quote:
Originally Posted by Raz0rEdge View Post

This is just RIPE for some package to do all of this..

Regards
Yeah - couldn't agree more! There are loads of PC software gizmo's out there that do it all for you "with a few clicks" but sadly nothing mac as yet. Would make like so much easier.

Ironically now I've got it sorted I am asking what all the trouble was about, but I think if you have a site with loads of different password protected areas it would be a very efficient way of managing them.....

Wonder how long it will be till someone comes up with that?

Thanks again.

Bexxy
QUOTE Thanks

Post Reply New Thread Subscribe


« Secure log in in iWeb | DREAMWEAVER CS4 - question about AP Div layers versus Div Tag »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
Macs and headaches the8thark Schweb's Lounge 7 09-21-2008 05:03 PM
Working with .htaccess files vickers Web Design and Hosting 11 12-03-2006 11:08 AM
View .htaccess files Johnson OS X - Operating System 4 09-29-2006 06:55 PM
Viewing .htaccess files on the Mac? PromoPunch Web Design and Hosting 4 05-08-2006 11:30 AM
how secure is .htaccess adamherb Web Design and Hosting 1 10-02-2005 01:10 AM

All times are GMT -4. The time now is 08:19 AM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?