How to create a restricted area in 5 minutes?
You surely might have had the chance to create a restricted area in your website. If you have no special needs at the management level and your need is limited to requiring authentication data for accessing a folder, it is obviously disproportionate to develop a system in PHP/Mysql/Sessions as it would be appropriate in other cases.
In this article we will learn how to implement a restricted area in just a couple of minutes by making use once again of Apache and the .htaccess files.
Creating a list of authorized users
First of all we have to create a list of authorized users with the respective passwords in this format (use a completely normal text editor):
user1:encryptedpassword user2:encryptedpassword user3:encryptedpassword
For encrypting the password it is possible to use the Apache tools from command-line, using the following syntax:
htpasswd –c /full_and_absolute_path/.htpasswd user1
Once given this command, you will be asked to insert the password twice. Later on the .htpasswd file is going to be modified by the adding of user1 with the respective password correctly encrypted.
Or (a lot easier) use one of the many online tools, this one for example:
If you are working with Apache on Windows platform you have to obviously use the Apache tool, otherwise it won’t function.
Now save your file as .htpasswd (no name – htpasswd extension) and position it in a folder secure and unreadable by the web server. In our case, it can very well be the same folder we intend to protect.
Verifying the absolute path of the public folder
Verify now the absolute path of the public folder of your web server. If you are in hosting the path might be a little strange since a single web server manages many websites through the virtual host system. For verifying this path, execute the following php script, saving it in the website root and press the page url which contains the script:
<?php echo $_SERVER["DOCUMENT_ROOT"]; ?>
The result might be something like this:
This is the position of your public folder. We need to know this path since we have to indicate with precision where the .htpasswd file is situated.
Configuring the .htaccess file
Create now the .htaccess file which will have this format:
AuthUserFile /home/virtual/virtual-site95/var/www/html/folder_to_protect/.htpasswd AuthName RestrictedArea AuthType Basic require user user1 require user user2
If you already have a .htaccess file in the folder, you will simply add these directives as contained in the file.
As you can see, it is necessary to indicate with AuthUserFile the path of the .htpasswd file, which we have positioned in the folder we intend to protect, thus the same in which we will save the .htaccess file.
With AuthName we can establish a message which will appear in the login window:
AuthType defines the type of authentication. Besides “basic” we also have the “digest” type.
Finally in the last line we tell that in this area are admitted the users user1 and user2. Even if user3 provided the correct password, it wouldn’t be accepted. In this way we can use the same .htpasswd file for various restricted areas, and by means of the .htaccess file define for example that in the folder “x” everybody can enter, while in the folder “y” only user1 and user2. Naturally the folder “x” and the folder “y” will have inside a different .htaccess file.
In case we want to authorize all users present in the .htpasswd file, enough writing in the last line of the .htaccess file:
If you don’t have any particular needs, what we just saw is a simple and fast way to protect your folders.
In tutti questi anni abbiamo ricevuto centinaia di richieste di approfondimento sulle numerose tematiche del web design vissuto da freelance. Le abbiamo affrontate volta per volta. Ma ci siamo resi conto che era necessario fare qualcosa di più. Ecco perché è nato One Year Together, un vero e proprio master per web designer freelance che apre finalmente le porte al mondo del lavoro.
Scopri One Year Together »