OK, many of you have noticed my "leave of absence" and I thank you for your thoughts.

It is due to my efforts to help a very dear friend get her website running properly.

Right now I am losing hair trying to secure a Members Only area of the site.

The htaccess file should work, but it winds up requiring a sign in every time you try to navigate pages within the members only folder.

Interestingly, the problem only happens with Internet Explorer. I wrote and tested it all using Firefox and have no trouble navigating, but IE requires a sign in for every page!!

The site is hosted on a Linux server. I heard that htaccess is geared for Apache servers only.

So I have two questions, the answers to which which will hasten my return to RPGMaking:

First:

Is the htaccess and htpassword combination usable on Linux Servers and if so where can I find a Complete-ish tutorial to help me understand what is going wrong? Even knowing what book to buy would help.

I am completely self taught and have HUGE gaping holes in my knowledge of the New Basics (when I learned to program I was punching cards!!)


Second:

Is php / mysql a better way to approach this on a Linux server?

I can find plenty of books on that, but it is even newer to me than html!

I think Someone here may be able to help here, maybe someone who recently Graduated with a Degree in this stuff... but anyone with extensive knowledge or just ideas on where to find Complete info on htaccess stuff, please respond!

I found Many, many examples of htaccess scripts but they had no explanations of what the commands are doing or where they come from! Not even an identification of what scripting language they seem to use!

I am completely lost.

And it is keeping me from RPGM2! (I made a promise...) (I always keep my promises).

So... In brief:

HAAAAALLP!!

The Mag uses a server with Linux as its OS. But it does have Apache (Unix) installed on it. And yes, htaccess needs Apache to work.

Do you have only one htaccess file, or did you put on in each directory?



Yes, but it needs to have Apache on it.

The thing about using a htaccess/htpassword combo is that you have to go through telnet to make one from scratch. And to do that, you need a dedicated server. Otherwise, you'll have to use scripts, which are quite good.

Seen these already?

Javascript:
http://javascript.internet.com/passwords/
http://www.dynamicdrive.com/dynamicindex9/password.htm

CGI (if you can use this, then use something like this):
http://technotrade.com/password/
http://www.hotscripts.com/CGI_and_Perl/ ... index.html




It's possible, but CGI would probably be the easiest way to go.



It's annoying how you need to use telnet to make it completely from scratch. However, I'd suggest switching around scripts until you find one that works with Internet Explorer.

Thanks Very Muchly!

A couple of those links were new to me!

I have a ton of study to make this work!!

Part of the problem is that the site is already up and running (with an insecure members area!), so I need to play around with a "Mirror Site" on the same server to experiment. I already caused problems where existing members had to sign in on every page for about 8 to 12 hours before I was made aware of the situation!

I was called in to help fix things after it was started.

And I thought I knew what I was doing!

I need more information on the actual server, "flavor" (my new word for the day!). and version of linux, apache availability, and more...

She's Lucky I Love Her!!

I'm Lucky I Love Her!!!!

Sine I am by far the luckier of the two in this deal, I guess I have more Work to do!

Thanks again for the head start. I'll ask more if I need to.

You've been a big help!

Peace.

Oops...

Sorry to double post, but;

Forgot to answer an important question!



I have tried it several ways...

The first was to have many html files all in one members only folder (when I came on the site log in directed people to the only html file in this folder).

All the member pages were in the root directory!

Easily accessed, bookmarked or whatever!

So I just used logic to say that the htaccess file was in there protecting that directory.

That wanted a login for every page.

So I then thought of making a sub directory, in the members folder, called pages.

It inherited the htaccess properties of the directory above it (as I later learned it is supposed to!).

So I made an htaccess file in that directory allowing all access.

That eliminated the problem completely and I thought I was done...

The I tried bookmarking pages in the Pages folder...

They went right throught the htaccess of the members only folder and allowed access without log in again!!

I am right back where I started...

I'm thinking about talking Her into buying a program that does this from that last link you posted.

They have money back guarantees!

At least one does...

But it may be better than me just poking around.

I finally got on to Apache's site and found this:

http://httpd.apache.org/docs/1.3/howto/htaccess.html

Looks promising, but absolutely nobody offers help configuring these files. I hope my old school logic can work on this new-fangled stuff!

Problem Solved.

Sort of.

OK, Problem solved.. but it was not the htaccess file!

Every page on this site has embedded video files.

They are in rm format (Real Media Player).

For some reason I can not explain if you embed rm files, Internet Explorer will require a log in every time you navigate to such a page.

I switched to wmv files and it works Perfectly!!

AAAAAAAAAAAAAAAAAAA!!!

Rassa-Frassa-Brassa-Crassa-Sassa-Lassa-Passa-Gassa-Smoka-Grassa!

Anyone have any clue WHY THE FLUFF That should be the case?

Bloody Microsoft!

It's because .wmv (windows media video) are propriatory to Windows, and subsequently, Internet Explorer. IE might just do that for those types of media.

I've never tried to embed any rm files into IE, though. That's my best guess.

All this coding is completely Greek to me and Babelfish won't help this matter, however I have found some interesting stuff that may help your studies too. Apparently Apache is a type of Linux server and needs to be set up for your .htaccess file. Please see remaining text.

Hope this helps.
Step 1. Configure Apache to Allow Access Authorization
You need to find the httpd.conf file on your Linux server.

This file is the Apache web server configuration file that includes lots of very useful Apache web server controls.

For now, simply open it using a text editor. For Fedora users this is done by simply going to /etc/httpd and opening httpd.conf. For others using various flavors, try using this command to identify the location of the httpd.conf file and edit it: locate httpd.conf

Once you open this file using a text editor, please scroll down until you see not the first but the second occurance of this text: AllowOverride None

Change the line that says:
AllowOverride None
to instead say:
AllowOverride AuthConfig

Be sure to NOT CHANGE THE first occurance of this in the apache file which is the default. Change the second occurance which is actually the overide. This is VERY IMPORTANT! If you run into trouble make a backup of your httpd.conf file (type: cp httpd.conf httpd.conf.back) and then try using this example. Be sure to reboot the server after you copy our example file.

Step 2. Identify the Folder/Directory to Protect
You should now identify which folders (aka Directories) under your web server you would like to protect. For instance if I want to only allow a certain list of users to access my html files under the Private folder it would look something like the following.

On the Linux server the actual directory path would be:
/var/www/html/Private
On the web browser the path would be:
http://office.server.com/Private

Obviously, I'm giving an example to help you see the difference between the folder/directory name on the Linux server and how it looks to web browsers. You MUST change to the appropriate directory/folder when using the steps below. So in my case I type this command first before beginning on my Fedora server:
cd /var/www/html/Private

Step 3. Add Access Files to the Folder
Once you identify the folder you wish to safeguard, then you need to create two files in this folder. The files are: .htaccess and .htpasswd. The .htaccess file displays the access login information needed for users and also includes the list of specific users who can login. The .htpasswd file includes the individual users and their passwords.

Create .htaccess file in your Folder by using a text editor to create .htaccess. Notice that you must include the . (dot) before the file name!

The file should atleast include these lines:
AuthName "Login to the Private Area"
AuthType Basic
AuthUserFile /var/www/html/Private/.htpasswd
Require user andrea

Note that the AuthName requires quotes and whatever is in quotes will display on the login window when a user tries to access your private folder with a web browser. It is vital that you properly set the path for the AuthUserFile and obviously replace the word Private with whatever folder you are trying to password protect.

Also be sure to include the user login names of the people you plan to allow to this folder next to the Require user line. In my case, I simply added myself to this folder as a user (andrea).

Now, create the .htpasswd file in the same Folder but NOT by using a text editor. Instead use this command from the command line on your Linux server.

Type this command at the prompt:
htpasswd -cmb .htpasswd andrea ann2cute

Note that you must use your own name and password (replace andrea and ann2cute) and that the option cmb does the following: First it forces Creating of a new .htpasswd file. Since this is your first time adding a user it is necessary. Next the m option forces encryption and b allows you to include the user name and password immediately. In my case I created a new .htpasswd file, then added the user andrea and her password ann2cute.

Step 4. Add Additional Users
To add users you simply need to edit both files again. First, add a user to the .htaccess file by opening it in a text editor and including the new person (my example is bradley).

The .htaccess file should include these lines:
AuthName Login to the Private Area
AuthType Basic
AuthUserFile /var/www/html/Private/.htpasswd
Require user andrea bradley

Remember to save the file when youre done adding the new user!
Now add the user (my example being bradley) to the .htpasswd file using this command:
htpasswd mb .htpasswd bradley brad4chad

In my example, I used the htpasswd command to add using encryption the user bradley to the .htpasswd file that already exists and include his password as brad4chad. That's it!

Step 5. Test the Password Function
Now test that the Apache server is accepting this new protected folder by going to it in a web browser. In my case I test the url http://office.server.com/Private and up comes a pop-up window that requires User Name and Password. I type in my user name and password and instantly I see the index.html page I put in my folder! People who don't have a login won't get access to your web pages within this folder.

What if it didnt work? Almost always this is a result of the httpd process not being restarted. You can easily restart this process to pick up the changes in your updated httpd.conf file by either rebooting or restarting the process. A reboot works fine, so long as you can tolerate a web server outage for a minute or two. Or, on most flavors you can type this command as root user: ./httpd start

Step 6. What About Removing Users
There may come a time when you need to delete users from the access. You can do this easily enough by again editing the .htaccess file and running a command to delete the user from the .htpasswd file.

First, edit the .htaccess file and remove the user you do not wish to allow access to and save the file.

Second, delete the user from the .htpasswd file by typing this command at the prompt: htpasswd D bradley
The option D is for delete. It should prompt you that user bradley was deleted.

WOW!

That was a lot of work.

Thank You for the effort.

I have htaccess files down at this point. Sadly, given all your work, I pointed out a couple posts ago that it has nothing to do with the htaccess files!

It is the (legal) Spyware built in to the Real Players! Real networks practically invented Spyware!

The attempted communication between the player and real.com appears to be triggering the security program and requiring a new log-in.

I have no idea why this only happens with Internet Explorer.

Bill Gates should have his face sawed off.

Did you get the files to work right yet? Or are we transferring all the video and audio away from REAL PLAYER? I mean you haven't tried to solve the RM issue, just worked around it? I've taken the liberty of reading up on Real Player and have heard a LOT of complaints on it regarding it's lack of compatibility, it's obsessive need to take over computers whether you checked off default player or not... Anyway how's it going with the site?