Password protecting a website

Discussion in 'PHP and MySQL' started by Jodah, Jul 14, 2005.

  1. Jodah New Member

    Is PHP used for this? If not, what code is used to password protect a website? (Besides the basic java script codes).

    Also, do you have any links for snippets of this code?
    Jodah, Jul 14, 2005
    #1

  2. Mimoun Administrator

    The best and most secure way would be to use .htpasswd and .htaccess files.
    You can protect your entire site or just 1 folder.
    Here is how you have to create .htpasswd and .htaccess files:
    First make a file and name it .htaccess and put the file in the folder you want to protect. Here is the code you have to put in the .htaccess file, first line defines the location of the .htpasswd where your passwords are encrypted.
    It's important that you don’t place your     .htpasswd file www or public_html folder.
    Place it in the root or a folder in the root.
    Code for the     .htaccess file
    Code:
    AuthUserFile /home/youraccountname/.htpasswd

Add this in the .htaccess too file
 AuthGroupFile /dev/null
 AuthName "Private Area"
 AuthType Basic
 <Limit GET POST>
 require valid-user
 </Limit>
    Create a .htpasswd file here you will put your username and an encrypted password
    Code:
    myname:cGyUX9QugYMgE
    Here is a great site to create your .htaccess and .htpasswd files online
    Mimoun, Jul 14, 2005
    #2

  3. onekoolman New Member

    You can use dirpass.cgi, lookup dirpass, it makes it simple, but only works if you have a cgi, cgi-bin directory to put it in, if you need help post here.
    onekoolman, Jul 14, 2005
    #3

  4. Dragosse New Member

    Can you, Mimoun please explain for me way is PHP and MY SQL not secure to password protect website?

    Dragosse
    Dragosse, Jul 14, 2005
    #4

  5. Mimoun Administrator

    I didn't say php and mysql is not secure you can build a secure script, but you will have to watch out while coding to not have SQL leaks in your source code. You will have to check every input a user makes.
    That's why I think using .htaccess is more secure.
    Mimoun, Jul 14, 2005
    #5

  6. Jodah New Member

    Thanks for the help, muchly appreciated.
    Jodah, Jul 14, 2005
    #6

  7. Dragosse New Member

    Thanks, for the information.
    I will tray to use my sql. I like to have control of al code and I thinking if I put it in the sql then everything is on one place.

    Dragosse
    Dragosse, Jul 15, 2005
    #7

  8. daibt New Member

    Thank you !
    daibt, Sep 16, 2005
    #8

  9. Dark Lord New Member

    If you go to zymic.com they have a real simple one, I had to use this when i had my site on a free host because it did not allow .htaccess files.
    Dark Lord, Oct 4, 2005
    #9

  10. fairdoes New Member

    dirpass.cgi from lockedarea.com - highly recommended :)
    fairdoes, Dec 2, 2005
    #10

  11. fairdoes New Member

    fairdoes, Jan 9, 2006
    #11

  12. fairdoes New Member

    Many web hosts (e.g 1and1.com) now include password protection, for free, as part of their hosting package
    fairdoes, Jun 4, 2007
    #12

  13. Graciella New Member

    Any hosting company that use Cpanel or Hsphere have option to protected your files or directory.
    If your hosting company use something else and does not have then is htaccess + htpasswd easy and safest option.
    Graciella, Jun 15, 2007
    #13