0

Dear folks, Inside folder images I would like to password protect a single php file render.php I already have in that folder my .htaccess as well as my .htpasswd files however they dont work

.htaccess in folder /images

// does not work ??
<Files render.php>
  AuthName "Login"
  AuthType Basic
  AuthUserFile /var/www/vhosts/site.com/httpdocs/images/.htpasswd
  require valid-user
</FilesMatch>

.htpasswd

admin:818jp2uNLY6ZW     
# generated with http://www.4webhelp.net/us/password.php

As soon as I set the rules in htaccess of that folder, all stuff in that folder seems get weirdly processed, css files insite that folder get corrupted etc. Why does this not work ?

PS I am also perfectly fine (in fact would prefer, if possible at all) to use a password setting within php file itself, that way I will be sure nothing else gets affected than only that php file no matter its name or location ( probably more elegant and timess ) though I saw everyone using htaccess so there must be an advantage there, right?

Thanks very much for your suggestions!

Sam
  • 15,254
  • 25
  • 90
  • 145
  • 1
    You're opening with `` but closing with ``. I'm surprised this isn't throwing 500 errors – Phil Apr 11 '11 at 03:43
  • 1
    @Phil Brown I'm guessing that's what is happening, and by corrupted he means not loading in the page... – Jacob Apr 11 '11 at 03:45
  • 1
    Have you enabled the appropriate overrides to allow auth directives in .htaccess files? You'd need at least `AllowOverride AuthConfig` – Marc B Apr 11 '11 at 04:50
  • @Phil @Jacob @Marc thanks all +1 to all your comments! all three are true. Should I use `Files` or `FilesMatch`? in top & bottom tags for matching the single php file of my choice? Thanks. I also reacted on the only "answer" below becaouse I like that one too (though also that solution does not work yet) My luckiest coding day in the month! – Sam Apr 11 '11 at 07:32
  • I'd just use Files, though I'm not entirely sure the Auth module directives are valid there. – Phil Apr 11 '11 at 10:01

1 Answers1

5

You can perform this auth in PHP as shown in the manual:

<?php
if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER'] != 'admin' || $_SERVER['PHP_AUTH_PW'] != 'foobar') {
    header('WWW-Authenticate: Basic realm="My Realm"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Unauthorized';
    exit;
}
Long Ears
  • 4,886
  • 1
  • 21
  • 16
  • +1 thanks @Long Ears, I think that is what I need indeed! When i put this code on the top of my php file it does ask for password nicely with the popup screen. BUT, when i type `admin` and `foobar` as login credentials the same login screen comes back with emptied fields and asks me again to type login/password. After three orso tries it says UNAUTHORISED.... any guesses ?? Thanks: much appreciated – Sam Apr 11 '11 at 07:25
  • @Sam if you have PHP running through CGI rather than as an Apache module then this won't work alone, here's a fix, http://www.besthostratings.com/articles/http-auth-php-cgi.html – Long Ears Apr 11 '11 at 07:36