Hi all, I’m a novice when it comes to Apache, so I need some more advanced help!
I posted here last week (looked for original thread but can’t find it) asking for help because after designing a content management system and uploading it to the server, I was notified by my hosting company that PHP files can’t be protected inside a directory that’s .htaccess password-protected. The directory itself is protected, but not the files inside it! Obviously this is a problem if I want people to be unable to get into the control panel without a password. Someone here suggested I use:
[CODE]php_value auto_prepend_file “path/to/file/password.php”
in .htacess and then set up a password.php file setting a cookie and including the lines
[CODE]
header(‘WWW-Authenticate: Basic realm=”Password”‘);// ask for password
header(‘HTTP/1.0 401 Unauthorized’); // reject access unless password provided
if( $_SERVER[‘PHP_AUTH_PW’] != ThePassword ) {// bad password
//…then the rest of the script
I should be able to set up the cookie and password encryption, etc, but I’ve got a bigger problem to solve before getting down to ironing out the password.php script: Every time I add a .htaccess file to the directory, then try to access any pages inside it, I get a ‘page not found’ error. Not a 500 error, the pages just can’t be found, period. Even AFTER I delete the .htaccess file, the pages still can’t be found! They’re all there on the server, but can’t be found anymore.
This problem doesn’t seem to be necessarily related to THIS .htaccess file, but to ANY I add. This is the original problem that first sent me to my website technical support department looking for answers, because I was trying to get a basic authentication .htaccess file to work and it was doing the same thing. My host showed me where to go in my hosting admin panel to add the password protection on the directory, and it worked (by adding .htaccess, incidentally), so I figured it must just be some glitch in my script (although I’ve used them many times before on other sites). But now it’s doing the same thing when I upload THIS .htaccess file. I’m uploading it in ASCII mode, and I’ve double-checked with the web host to verify that they DO allow .htaccess files and PHP.ini modification on the fly, so it shouldn’t be blocking it.
I’ve tried Googling this problem but most of the responses are a bit out of my depth. I did notice some talk about “PHP run as a module rather than as CGI”…could this be relevant to my problem? When I check the phpinfo, it shows I’m running PHP version 4.3.11 and then Server API: CGI/FastCGI
Sorry for being clueless, but can anyone help decypher why an .htaccess file would make my pages no longer accessible, and what I can do about it?
EDIT: In case this helps give some clues with what is going on…
Following advice in another thread here, I tried simply password-protecting a single page using this script:
[CODE]
<?php
$myusername = “foo”;
$mypassword = “bar”; // use better one’s than this!
$mytext= ” some text here “;
if ($_SERVER[“PHP_AUTH_USER”] == “” || $_SERVER[“PHP_AUTH_PW”] == “” || $_SERVER[“PHP_AUTH_USER”] != $myusername || $_SERVER[“PHP_AUTH_PW”] != $mypassword) {
header(“HTTP/1.0 401 Unauthorized”);
header(“WWW-Authenticate: Basic realm=”$mytext””);
echo “<h1>Username and password required.</h1>”;
die();
}
?>
//rest of my page to display here
When I try to access the page, the prompt does come up, but even when I enter the correct information it just keeps giving the prompt over and over and doesn’t recognize it and show the rest of the page. Is it the “$_SERVER[“PHP_AUTH_PW” and “$