Hello forums
How can i password protect certain files for a certain user.
I password protected a whole directory (admin) using this:
AuthName “Restricted Area”
AuthType Basic
AuthUserFile /home/mySite/.htpasswds/.htpasswd
AuthGroupFile /dev/null
require valid-user
I have an admin account that can access everything on that folder. However my client want another account that can also access all of the files in the folder except for 3 files.
please enlighten me on how to do this
Thanks
stonedeft,
Create an environmental variable in Apache for those authorized to access the three files and deny access unless that variable exists.
Regards,
DK
Hello DK thanks and congratulations for winning.
Anyway can you please be kind enough to show me how to create an environmental variable in apache and how to use it.
thanks.
stonedeft,
Thank you!
I was almost afraid to mention the environmental variable because, while I know about it, I’ve never had the need to use it. Because I’m headed out the door in a minute, let me suggest a thorough read of http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html, thorough because you need to read ALL the page (past the Environmental Variable section) to see that you can set and modify your own variables. You should consider HOW to do that dependent upon the access (which I don’t have my head around just now).
Alternatively, the way that I would approach it is to use $_SESSION variables to identify the full access and limited access and check upon entry to every sensitive page (I do that, typically, for website backends so my client can have multiple people accessing it but not getting access to everything, i.e., prevent unauthorized changes).
I’m sure that there’s a “cutsie” way to use Apache to do that for you but, as far as I’m concerned, there’s nothing like a hammer to drive a nail and PHP’s sessions are excellent like that.
Regards,
DK
Thanks again DK I’ll read that link and post what i can come up with it.
Wow environmental variables is too complicated for me I was thinking of a solution using groups:
something like :
AuthName “Restricted Area”
AuthType Basic
AuthUserFile /home/mySite/.htpasswds/.htpasswd
AuthGroupFile /dev/null
require valid-user
<Files “*”>
Require valid-user
</Files>
<Files “file1.html,file2.html,file3.html”>
what to put here ??
</Files>
Anyone has any suggestions? thanks
sd,
Dunno. If you don’t like the idea of using $_SESSION variables, what about burying those files another directory level deeper?
Regards,
DK
Yes putting them a directory deeper is also a good one. Here’s what I have:
AuthName “Restricted Area”
AuthType Basic
AuthUserFile /home/bugoy/.htpasswds/.htpasswd
AuthGroupFile /dev/null
<Files “*”>
Require valid-user
</Files>
<Files “shout.php”>
require user admin stonedeft
</Files>
apache will prompt for another log in if the logged-in user accessing shout.php isn’t stonedeft or admin.
Not an elegant solution but simple and it works 
Cheers and Thanks again