How to create a restricted area in 5 minutes?

You surely might have had the chance to create a restricted area in your website. If you have no special needs at the management level and your need is limited to requiring authentication data for accessing a folder, it is obviously disproportionate to develop a system in PHP/Mysql/Sessions as it would be appropriate in other cases.

In this article we will learn how to implement a restricted area in just a couple of minutes by making use once again of Apache and the .htaccess files.

Creating a list of authorized users

First of all we have to create a list of authorized users with the respective passwords in this format (use a completely normal text editor):

user1:encryptedpassword
user2:encryptedpassword
user3:encryptedpassword

For encrypting the password it is possible to use the Apache tools from command-line, using the following syntax:

htpasswd –c /full_and_absolute_path/.htpasswd user1

Once given this command, you will be asked to insert the password twice. Later on the .htpasswd file is going to be modified by the adding of user1 with the respective password correctly encrypted.
Or (a lot easier) use one of the many online tools, this one for example:

http://www.4webhelp.net/us/password.php

If you are working with Apache on Windows platform you have to obviously use the Apache tool, otherwise it won’t function.

Now save your file as .htpasswd (no name – htpasswd extension) and position it in a folder secure and unreadable by the web server. In our case, it can very well be the same folder we intend to protect.

Verifying the absolute path of the public folder

Verify now the absolute path of the public folder of your web server. If you are in hosting the path might be a little strange since a single web server manages many websites through the virtual host system. For verifying this path, execute the following php script, saving it in the website root and press the page url which contains the script:

<?php
echo  $_SERVER["DOCUMENT_ROOT"];
?>

The result might be something like this:

/home/virtual/virtual-site95/var/www/html/

This is the position of your public folder. We need to know this path since we have to indicate with precision where the .htpasswd file is situated.

Configuring the .htaccess file

Create now the .htaccess file which will have this format:

AuthUserFile   /home/virtual/virtual-site95/var/www/html/folder_to_protect/.htpasswd
AuthName RestrictedArea
AuthType  Basic
require user user1
require user user2

If you already have a .htaccess file in the folder, you will simply add these directives as contained in the file.
As you can see, it is necessary to indicate with AuthUserFile the path of the .htpasswd file, which we have positioned in the folder we intend to protect, thus the same in which we will save the .htaccess file.
With AuthName we can establish a message which will appear in the login window:

AuthType defines the type of authentication. Besides “basic” we also have the “digest” type.

Finally in the last line we tell that in this area are admitted the users user1 and user2. Even if user3 provided the correct password, it wouldn’t be accepted. In this way we can use the same .htpasswd file for various restricted areas, and by means of the .htaccess file define for example that in the folder “x” everybody can enter, while in the folder “y” only user1 and user2. Naturally the folder “x” and the folder “y” will have inside a different .htaccess file.
In case we want to authorize all users present in the .htpasswd file, enough writing in the last line of the .htaccess file:

require valid-user

Conclusions

If you don’t have any particular needs, what we just saw is a simple and fast way to protect your folders.

Master per Web Designer Freelance
In tutti questi anni abbiamo ricevuto centinaia di richieste di approfondimento sulle numerose tematiche del web design vissuto da freelance. Le abbiamo affrontate volta per volta. Ma ci siamo resi conto che era necessario fare qualcosa di più. Ecco perché è nato One Year Together, un vero e proprio master per web designer freelance che apre finalmente le porte al mondo del lavoro.
Scopri One Year Together »
[pdf]Scarica articolo in PDF[/pdf]
Tags: ,

The Author

Maurizio is married to the triad PHP - MySql - Apache and, not enough, he has a lover called jQuery. He has a blog where he tries to describe in detail all of "his lovers". His real specialty is the realization of large business application, altough he never refuses the commitment of a website.

Author's web site | Other articles written by

Related Posts

You may be interested in the following articles:

6 comments

  1. Nicolas

Trackback e pingback

  1. Tweets that mention How to create a restricted area in 5 minutes? | Your Inspiration Web -- Topsy.com
    [...] This post was mentioned on Twitter by Vitor Tavares. Vitor Tavares said: How to create a restricted area in …
  2. uberVU - social comments
    Social comments and analytics for this post... This post was mentioned on Twitter by mktvitortavares: How to create a restricted area …

Leave a Reply

Current day month ye@r *