Join 3,377 readers in helping fund MetaFilter (Hide)


Password-Protection
January 26, 2005 7:36 AM   Subscribe

Is there a script (perl or php, no MySQL because I don't understand it and don't want to learn it) that password-protects a webpage so that it can be viewed only by someone who logs in with a username and a password, and also logs that user, so that you can have a record (very important) of who's viewed the page? If so, where can I get me one?
posted by iconomy to Computers & Internet (11 answers total)
 
Apache (the web server) can do it, no scripting or database needed, by utilizing the Auth* directives in a .htaccess file. Of course, your administrator will need to have Apache configured to allow you to do that, but it's a rather common setup. Also, read Apache's authentication tutorial.
posted by Plutor at 7:40 AM on January 26, 2005


Seriously, .htaccess is a very simple thing to set up. Though it's been long enough that I can't type out the steps from memory. It was much easier than scripting anything.
posted by agropyron at 7:47 AM on January 26, 2005


If you care about security, make sure you're running .htaccess's usual Basic authentication within a SSL-protected server profile. This kind of authentication traffic is sent along the web traffic in what is equivalent to cleartext. Here are OS X-specific instructions, but the commands described in this article apply equally to any generic LAMP setup.
posted by AlexReynolds at 8:00 AM on January 26, 2005


Apache access logs include the authenticated username, too, so .htaccess and a log parser is all you'd need.
posted by cmonkey at 8:02 AM on January 26, 2005


To add to the pile-on: If you were to do this in something like PHP, then your entire site needs to be in PHP. If you have complex security roles, then something like that might be called for, but for simple user:password security, .htaccess is simple and can sit on top of anything else.
posted by mkultra at 8:14 AM on January 26, 2005


man htpasswd, baby
posted by orange clock at 8:19 AM on January 26, 2005


Now this is the kind of pile-on that I like! Thanks, guys. You know that I have no idea what any of you are talking about, right? I have no idea what directives are, or what a LAMP setup is. I'll look into everyone's answers and give it a go, though - thanks so much.
posted by iconomy at 8:35 AM on January 26, 2005


LAMP.
posted by purephase at 8:37 AM on January 26, 2005


There is a really good tool online for generating these. Unfortunately I can't find it, but I did find this one. You can add more users by running it again and adding the .htpasswd it creates to the one you already had, each user on their own line.

Also, take a look at this .htaccess generator.
posted by revgeorge at 8:58 AM on January 26, 2005


Isn't "a record of who's viewed the page" kind of a primary requirement that's being ignored in this pile-on? Saying "a log parser is all you need" seems a little obscure.

If it is truly a single page, that you need to protect/record, look at opening a file and recording the $_SERVER['PHP_AUTH_USER'] value and a timestamp during each visit.
posted by danOstuporStar at 10:09 AM on January 26, 2005


Isn't "a record of who's viewed the page" kind of a primary requirement that's being ignored in this pile-on? Saying "a log parser is all you need" seems a little obscure.

A log parser isn't necessary. The default Apache access_log format includes both %t (current time) and %u (authenticated username). Just looking through the text file would be an adequate "record", akin to what your php logging would do. In both cases, though, some automated parsing and whatnot would help make sense of the data, though.

(The Apache logs also include remote IP address, file accessed, and other useful stuff)
posted by Plutor at 10:34 AM on January 26, 2005


« Older Remote Desktop for XP: When I ...   |  Is there a Windows equivalent ... Newer »
This thread is closed to new comments.