Hi. I've just added the blog feature to my site and everything's working great. But I don't know how to secure my add-an-entry page so that other people can't add entries if they happen to find the page. I've looked through the archives, but I couldn't find anything, and I wasn't sure if the password protection code for the protected entries would transfer over as-is to this page. Any help would be most appreciated. ^^;;;
The most secure way that I know of is to use an .htaccess file to password protect the directory that your admin panel is in - I'm not sure how to do it exactly, but if you google it I'm sure you can find something. If you have cpanel with your domain, you can can click on "password protect directories" and it will make an .htaccess file for you.
Thanks, both of you. I tried the PHP login page script that you linked to Boyzie, but I only got a blank white page. I think it's because I copy+pasted my entire add-an-entry code into the space where it said "CONTENT HERE", and all the php messed it up or something. I thought it might also be because of my header and footer codes, but even after removing them it didn't change anything. =/
Then try Alexandra's suggestion. Put all your admin files, like your post entry file, edit comments file and update entries file in a folder and password protect that folder. If you don't have cPanel, this should help.
Thanks, Amelie. I don't think my server has cPanel, so I tried the link you suggested, and it worked! ....Maybe a little too well, though. It won't let me log in to the protected pages. @__@ My server already had a .htpasswd file installed in the directory above the main html folder, and the server path is always listed at the top of the page, so I'm sure that I didn't spell any of it wrong since I copy+pasted everything. I don't know why it's not working.
I've tried adding "../" in front of the server path in the .htaccess file, tried replacing the listed encrypted password with the actual password, tried using the encrypted password to log in, but the log in continues to be denied. -__-;;;
Maybe I should delete the pages, and upload them only when I want to update/edit something. x_x
I've tried adding "../" in front of the server path in the .htaccess file, tried replacing the listed encrypted password with the actual password, tried using the encrypted password to log in, but the log in continues to be denied. -__-;;;
Maybe I should delete the pages, and upload them only when I want to update/edit something. x_x
^ I wouldn't do that... If you need to update/delete something and you can't get to your own computer, you won't be able to.
What is the adbsolute path to .htpasswd? Are you ABSOLUTELY sure it is right in your .htaccess file? Paste .htaccess here, and the path to .htpasswd (though not .htpasswd itself).
What is the adbsolute path to .htpasswd? Are you ABSOLUTELY sure it is right in your .htaccess file? Paste .htaccess here, and the path to .htpasswd (though not .htpasswd itself).
Yeah, I'm pretty sure it's right.
the path to .htpasswd is: /var/www/
and my .htaccess file in /var/www/html reads:
ErrorDocument 404 http://www.musogato.com/404page.html
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /var/www/.htpasswd
AuthGroupFile /dev/null
<Files *******.php>
require valid-user
</Files>
Do you see something that I dont?
the path to .htpasswd is: /var/www/
and my .htaccess file in /var/www/html reads:
CODE
ErrorDocument 404 http://www.musogato.com/404page.html
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /var/www/.htpasswd
AuthGroupFile /dev/null
<Files *******.php>
require valid-user
</Files>
Do you see something that I dont?
The .htaccess must go inside the folder you want to protect, not your main site folder. Delete all that from your main .htaccess (except your 404 code), then place your admin files in a folder called, say, blogadmin. Then make a new .htaccess and paste the following code in it:
Also, you need to make sure the .htpasswd file contains the original username and encrypted password combination. The password should not be in plain text, otherwise you won't be able to log in.
...I just thought of something, actually. What version of Apache are you using (if indeed you are using Apache)? To find out, put the following code in a blank file and save it as anything with a .php extension. Upload it to your site and then visit the page:
Press CTRL+F (or Option F on Mac) and look for "Apache Version" (without quotes) on the page and tell us what it says. If it's anything other than 1.3.x then you may need to use a different password generator, as Apache 2 and above have different encryption settings.
CODE
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /var/www/.htpasswd
AuthGroupFile /dev/null
require valid-user
AuthType Basic
AuthUserFile /var/www/.htpasswd
AuthGroupFile /dev/null
require valid-user
Also, you need to make sure the .htpasswd file contains the original username and encrypted password combination. The password should not be in plain text, otherwise you won't be able to log in.
...I just thought of something, actually. What version of Apache are you using (if indeed you are using Apache)? To find out, put the following code in a blank file and save it as anything with a .php extension. Upload it to your site and then visit the page:
CODE
<?php phpinfo(); ?>
Press CTRL+F (or Option F on Mac) and look for "Apache Version" (without quotes) on the page and tell us what it says. If it's anything other than 1.3.x then you may need to use a different password generator, as Apache 2 and above have different encryption settings.
Yup, that's it! My server API uses Apache 2.0
Do you know where I can find password encryption stuff for Apache 2.0?
Do you know where I can find password encryption stuff for Apache 2.0?
I can't find any online solutions to this, so if you PM me the username and password you want, I will get my Apache to create the encrypted password for you (this has to be done via the command line, which most hosts don't offer).
=/ That's a bummer. Thank you for the offer though, but I wouldn't want to bug you every time I need to make a new username and password. I'm not sure if I have access to a command line for my site, but I found the Apache page in my site and I think I can create a group and user/pswd thing there.
edit: Yup, it works! I can log in and everything. I guess I should really check out the inner workings of my site before asking questions about it. ^^;;; Thank you for all of your help.
edit: Yup, it works! I can log in and everything. I guess I should really check out the inner workings of my site before asking questions about it. ^^;;; Thank you for all of your help.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.