Password-Protection
January 26, 2005 7:36 AM
Is there a script (perl or php, no MySQL because I don't understand it and don't want to learn it) that password-protects a webpage so that it can be viewed only by someone who logs in with a username and a password, and also logs that user, so that you can have a record (very important) of who's viewed the page? If so, where can I get me one?
Seriously, .htaccess is a very simple thing to set up. Though it's been long enough that I can't type out the steps from memory. It was much easier than scripting anything.
posted by agropyron at 7:47 AM on January 26, 2005
posted by agropyron at 7:47 AM on January 26, 2005
If you care about security, make sure you're running .htaccess's usual Basic authentication within a SSL-protected server profile. This kind of authentication traffic is sent along the web traffic in what is equivalent to cleartext. Here are OS X-specific instructions, but the commands described in this article apply equally to any generic LAMP setup.
posted by AlexReynolds at 8:00 AM on January 26, 2005
posted by AlexReynolds at 8:00 AM on January 26, 2005
Apache access logs include the authenticated username, too, so .htaccess and a log parser is all you'd need.
posted by cmonkey at 8:02 AM on January 26, 2005
posted by cmonkey at 8:02 AM on January 26, 2005
To add to the pile-on: If you were to do this in something like PHP, then your entire site needs to be in PHP. If you have complex security roles, then something like that might be called for, but for simple user:password security, .htaccess is simple and can sit on top of anything else.
posted by mkultra at 8:14 AM on January 26, 2005
posted by mkultra at 8:14 AM on January 26, 2005
man htpasswd, baby
posted by orange clock at 8:19 AM on January 26, 2005
posted by orange clock at 8:19 AM on January 26, 2005
Now this is the kind of pile-on that I like! Thanks, guys. You know that I have no idea what any of you are talking about, right? I have no idea what directives are, or what a LAMP setup is. I'll look into everyone's answers and give it a go, though - thanks so much.
posted by iconomy at 8:35 AM on January 26, 2005
posted by iconomy at 8:35 AM on January 26, 2005
There is a really good tool online for generating these. Unfortunately I can't find it, but I did find this one. You can add more users by running it again and adding the .htpasswd it creates to the one you already had, each user on their own line.
Also, take a look at this .htaccess generator.
posted by revgeorge at 8:58 AM on January 26, 2005
Also, take a look at this .htaccess generator.
posted by revgeorge at 8:58 AM on January 26, 2005
Isn't "a record of who's viewed the page" kind of a primary requirement that's being ignored in this pile-on? Saying "a log parser is all you need" seems a little obscure.
If it is truly a single page, that you need to protect/record, look at opening a file and recording the $_SERVER['PHP_AUTH_USER'] value and a timestamp during each visit.
posted by danOstuporStar at 10:09 AM on January 26, 2005
If it is truly a single page, that you need to protect/record, look at opening a file and recording the $_SERVER['PHP_AUTH_USER'] value and a timestamp during each visit.
posted by danOstuporStar at 10:09 AM on January 26, 2005
Isn't "a record of who's viewed the page" kind of a primary requirement that's being ignored in this pile-on? Saying "a log parser is all you need" seems a little obscure.
A log parser isn't necessary. The default Apache access_log format includes both %t (current time) and %u (authenticated username). Just looking through the text file would be an adequate "record", akin to what your php logging would do. In both cases, though, some automated parsing and whatnot would help make sense of the data, though.
(The Apache logs also include remote IP address, file accessed, and other useful stuff)
posted by Plutor at 10:34 AM on January 26, 2005
A log parser isn't necessary. The default Apache access_log format includes both %t (current time) and %u (authenticated username). Just looking through the text file would be an adequate "record", akin to what your php logging would do. In both cases, though, some automated parsing and whatnot would help make sense of the data, though.
(The Apache logs also include remote IP address, file accessed, and other useful stuff)
posted by Plutor at 10:34 AM on January 26, 2005
« Older How to Set Up XP Remote Destop to Log Previous... | Is there a Windows equivalent to Mac's OSX contact... Newer »
This thread is closed to new comments.
posted by Plutor at 7:40 AM on January 26, 2005