Ok, this has been driving me mad for a while so as a last resort I’m asking for help here as I’m going round in circles…
I have a members area that works fine, when the user registers, the script generates a random 7 digit password, emails it out and then saves it into the database as md5 encryption.
My script creates a folder from a user form and copies folders and files from a source into the newly made folder.
In that folder there is a Admin folder that will contain a CMS for content to be written to the user made folder.
Now i want only the registered user to access that admin dir so i need something more that just the membership verification as that will let anybody in to any bodys folder who has registered.
I have chosen to go down the .htaccess route, so in the user registration process, php writes a .htpasswd$username file and saves it outside the public_html, when the user creates his Dir, php also writes the .htaccess
Php makes the files ok although when i open the admin/index in my browser i get a error 500…
Here be some class’s
make password and store in md5
function makeRandomPassword() {
$salt = "abchefghjkmnpqrstuvwxyz0123456789";
srand((double)microtime()*1000000);
$i = 0;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($salt, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
$random_password = makeRandomPassword();
$db_password = md5($random_password);
and store in db.
send activation email to user,
on activation from url make .htpasswd
// Create variables from URL.
$userid = $_REQUEST['id'];
$code = $_REQUEST['code'];
$username = $_REQUEST['username'];
$sql = mysql_query("UPDATE users SET activated='1' WHERE userid='$userid' AND password='$code'");
$sql_doublecheck = mysql_query("SELECT * FROM users WHERE userid='$userid' AND password='$code' AND activated='1'");
$doublecheck = mysql_num_rows($sql_doublecheck);
//make .ht
$query = "SELECT username, password FROM users";
$result = mysql_query($query);
while($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
$username =$row['username'];
$password =$row['password'];
}
$filename = ".htpasswd".$username."";
$fp = fopen("/home/monsmegm/sec/".$filename."", "w");
fputs($fp,"$username:$password");
fclose($fp);
//
when the user makes his directory it include the following file
AuthDigestFile /home/public_html/website/members/newdir/admin/.htpasswd
AuthType Digest
AuthName "Member Page"
AuthDigestDomain /admin/ http://www.website/members/newdir/
AuthDigestNonceLifetime 300
require user userguy
Using the AuthType Basic method works fine when i use a online htaccess generator thing so i dont think its anything to do with the .httpd file that i cant edit anyway as im working on a shared server.
I have a feeling i’m on some goose chase… any help will be greatly appreciated