I am currently building a website which will have several subsections.

Each one of these subsections is going to need to be password protected.

I can figure out how to do this?

I'm using HTML, CSS and PHP

If anyone can help, I'd really appreciate it.

Thanks

Just use a .htaccess file

? a what????

How do I doo that?

Google for htaccess or password protect webpage or something..

http://httpd.apache.org/docs/1.3/howto/htaccess.html

Yes just google .htaccess and there are some websites which you can type in the username and password then they provide you with all the relevant code for the .htaccess file.

Obviously the file is called .htaccess ;) Place it in the upper level of the folder you want to password protect

The only thing to bear in mind here is that not all hosting companies will support the use of your own .htaccess files.

If that's the case with yours then you can password protect individual pages, etc. but it requires a fair amount of coding to create a secure system.

Joe

Originally posted by Skatiechik
Yes just google .htaccess and there are some websites which you can type in the username and password then they provide you with all the relevant code for the .htaccess file.

Obviously the file is called .htaccess ;) Place it in the upper level of the folder you want to password protect
the .htaccess file doesn't contain passwords or userids.

You need 2 files, written in notepad or a simple text editor.

The first one you need to place in a directory you wish to protect. (assuming you are using Apache or an apache-alike web server)
it needs to look like this:
File:/home/user/httpdocs/securedirectory/.htaccess

Options -Indexes
AuthUserFile /home/user/.htpasswd
AuthGroupFile /dev/null
AuthName "My Secured Area"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>


You then need to save another file - and place it outside your httpdocs folder (or whatever your web root folder is called). You need to make sure that the path to the .htpasswd file is specified correctly in the .htpasswd file (see red above)

your htpasswd file should look something like this:
File:/home/user/.htpasswd


userWithAccess:cwrFJv7vEUMQQ


You can use this program (ftp://ftp.bnsi.net/pub/apache) to make user:password pairs in a dos window

Or you can use this Online Resource to do it (http://www.4webhelp.net/us/password.php)

Once you start using this method to secure areas you may find it beneficial to actually use php/mysql for the authentication rather than apache, but .htaccess is sufficient for most purposes.

After all, if you put stuff on the web, it's never going to be completelysecure. You can only get relative security, and for most purposes .htaccess is secure enough

Originally posted by Phanerothyme
the .htaccess file doesn't contain passwords or userids.

I never said it did, I said type your username and password into a website online and it will be able to provide you with the code for the .htacess file. However I missed off "and the instructions"

Yours is a better explanation though, I couldn't be bother to type it all out tonight :D

Originally posted by Skatiechik
I never said it did, I said type your username and password into a website online and it will be able to provide you with the code for the .htacess file. However I missed off "and the instructions"

Yours is a better explanation though, I couldn't be bother to type it all out tonight :D

My mistake. apols :)

Joe's point is well taken though, if .htaccess is not permitted then a php/javascript or php/ssl would be a route.

hashing the passwords in javascript and POSTing the hash to the server instead of a plaintext password, would be an improvement.

Or you could jump to ssl and login there, and plant the session cookie.

Not to say that PHP sessions are secure either tho.

ahh but what if he's using IIS?

Originally posted by Pete1024
ahh but what if he's using IIS?

Then use this (http://www.troxo.com/products/iispassword) . I do, it's pretty good - and free.

Originally posted by Pete1024
ahh but what if he's using IIS?

Tell them not to be so silly and change host ;)