Wednesday, 21 July 2010

Password Protecting A Website

I'm writing this more as a reminder to myself than for anybody elses benefit. Recently I had a request to add a password protected area to a web site I administer, www.aikido-gb.com. For some reason I had always thought this was quite difficult and needed experience in building on-line databases. It doesn't.

Adding password protection to an area of a website is actually pretty easy. Basically all you need to do is create a subdirectory and to it add two files, .htaccess and .htpasswd.

Setting Up .htaccess
The .htaccess file defines access privileges and the location of the password file, .htpasswd. It should look something like the following example;
AuthType Basic
AuthName "restricted area"
AuthUserFile /the-full-path-name-of-your-webspace/membersonly/.htpasswd
AuthGroupFile /dev/null
AuthName secure
AuthType Basic
require valid-user
order allow,deny
allow from all
An important point to note. The variable AuthUserFile must be the full path name of your web space. This will likely not be your domain name. So you may need to contact your ISP to get that information. Alternatively search the ISPs FAQ.

Setting Up .passwd
The .passwd file contains users names and passwords. Nothing else. The passwords must be encrypted. Fortunately there is an abundance of free tools around the web for this task.
userName:passWord