LHCb/CBPF web page >> Tutorials >> How to create a restricted area in 5 minutes  

How to create a restricted area in 5 minutes

Copied from YOUR INSPIRATION WEB

You surely might have had the chance to create a restricted area in your website. If you have no special needs at the management level and your need is limited to requiring authentication data for accessing a folder, it is obviously disproportionate to develop a system in PHP/Mysql/Sessions as it would be appropriate in other cases. In this article we will learn how to implement a restricted area in just a couple of minutes by making use once again of Apache and the .htaccess files.

Creating a list of authorized users

First of all we have to create a list of authorized users with the respective passwords in this format (use a completely normal text editor): 
user1:encryptedpassword
user2:encryptedpassword
user3:encryptedpassword
For encrypting the password it is possible to use the Apache tools from command-line, using the following syntax: 
htpasswd –c /full_and_absolute_path/.htpasswd user1
Once given this command, you will be asked to insert the password twice. Later on the .htpasswd file is going to be modified by the adding of user1 with the respective password correctly encrypted. Or (a lot easier) use one of the many online tools, this one for example:

http://www.4webhelp.net/us/password.php

If you are working with Apache on Windows platform you have to obviously use the Apache tool, otherwise it won’t function. Now save your file as .htpasswd (no name – htpasswd extension) and position it in a folder secure and unreadable by the web server. In our case, it can very well be the same folder we intend to protect.

Verifying the absolute path of the public folder

Verify now the absolute path of the public folder of your web server. If you are in hosting the path might be a little strange since a single web server manages many websites through the virtual host system. For verifying this path, execute the following php script, saving it in the website root and press the page url which contains the script: 
<?php
echo  $_SERVER["DOCUMENT_ROOT"];
?>
The result might be something like this: /home/virtual/virtual-site95/var/www/html/ This is the position of your public folder. We need to know this path since we have to indicate with precision where the .htpasswd file is situated.

Configuring the .htaccess file

Create now the .htaccess file which will have this format: 
AuthUserFile   /home/virtual/virtual-site95/var/www/html/folder_to_protect/.htpasswd
AuthName RestrictedArea
AuthType  Basic
require user user1
require user user2
If you already have a .htaccess file in the folder, you will simply add these directives as contained in the file. As you can see, it is necessary to indicate with AuthUserFile the path of the .htpasswd file, which we have positioned in the folder we intend to protect, thus the same in which we will save the .htaccess file. With AuthName we can establish a message which will appear in the login window. Finally in the last line we tell that in this area are admitted the users user1 and user2. Even if user3 provided the correct password, it wouldn’t be accepted. In this way we can use the same .htpasswd file for various restricted areas, and by means of the .htaccess file define for example that in the folder “x” everybody can enter, while in the folder “y” only user1 and user2. Naturally the folder “x” and the folder “y” will have inside a different .htaccess file. In case we want to authorize all users present in the .htpasswd file, enough writing in the last line of the .htaccess file: 
require valid-user