This is the fastest way I know to get .htaccess up and running with FTP. There are a lot of fancy configurations for .htaccess. If you want to explore them you can find more info in the hoohoo docs, but please make sure a Basic Authentication scheme as used here will work for you before you try to get fancy!
Just need the username:password strings? Try HERE
This program should be enough to get your first password protected directory with multiple users happening. I'm not an NCSA expert but I've been in the trenches for a while and I've done a lot of these for clients. So, if you follow all the directions here and enter the correct info you should have no problems, providing:
A)You follow the instructions to the letter. B)You have site space at Railfan.net. C)You have a test directory set up to play in. D)It doesn't rain
Ok, in a nutshell here's how .htaccess works: A password box is created by the server because it is configured to spring into action when it encounters an .htaccess file in a web directory. Essentially, the .htaccess file tells the server where to find a file with name and passwords pairs. Then it compares what the person who is visiting your website types in the little password box to this file. If it can't find a match - it won't let the person in. The passwords are encrypted so if someone views the file they can't tell what the passwords are. Here's a sample file with no encryption.
gg1:warrior conrail:sellout
Here's the same file with encryption.
gg1:XXwMzWJGn5Hw. conrail:XXDHN46LpUQ9k
The passwords have to be encrytped or the server goes - huh? But, more about this later. If your still confused - it's actually accomplished through magic. Or, it's God's will - whatever, it still works just fine if used correctly.
The .htaccess file The .htaccess file contains the data the server needs to correctly run the program. You will need to create a file called ".htaccess" in the directory you want to password protect. The easiest way to do this is to use a simple text editor to make the file, and it will look something like the text below. However, you will have one written for you automatically in a few minutes.
AuthUserFile /big/rail/foo/passwords AuthGroupFile /dev/null AuthName Authorization Area Password Check AuthType Basic <limit GET> require valid-user </limit> The main things you need to know about are: The "AuthUserFile" This is the file that will contain your name/password pairs. In this example the file is called passwords and it lives in: "/big/rail/foo/" On our system this should clue you into the fact that this directory belongs to the user "foo" at Railfan.net, or foo@railfan.net. It's probably best right now to put the "passwords" file in a the main directory and the .htaccess file in a test directory until it works. Well, it's easier for us right now, but somebody is sure to let me know how wrong I am. To make sure the .htaccess file is correctly written please put your login name at Railfan.net in the box below, make sure it is EXACTLY as entered when you login using FTP, it IS Case Sensitive.
My Login Name is:
The "AuthName" This tells the server/browser what to print in the little password box when somebody tries to access the directory. Put what you would like your password box to say in the box below. Remember you can say anything you want such as: "My Access Controller" or "Calvin's Tree Fort - No gurlz" But, keep it short and simple.
I want the AuthName to be sent as:
<limit GET> require valid-user </limit> This stuff refers to the method the server should use to check for access. Of all the mumbo-jumbo associated with htaccess I like this setup best. One file controls/allows multiple users and protects a single directory. There is little confusion as to what the file is protecting. You can find other methods in the hoohoo docs.
Tales from the Crypt The NCSA .htaccess scenario utilizes the UNIX "crypt" function to scramble up your passwords. It's like throwing a cheese burger in a blender on "mulch" and whaddya know, if you didn't know it was a cheeseburger you'd probably think it was BBQ beef sandwich - Well, by using crypt the server ALWAYS knows thats the remains of a cheeseburger. Your password is associated with your username in your password file. So, suppose you want to give a friend named "Sam" access with the password "Donaldson". Well here's some suggestions: It's ok to use Sam as a username, but for clarity use "sam" all lowercase. Also if other people know you know Sam use another word Sam can easily remember like "toupee" and not his last name. Ok we have a user named "sam" with a password "toupee" Heres what that pair would look like in the AuthUserFile (passwords)
sam:XXSw2U8jG4stE
I've heard that really smart people can probably descramble the password- but they are most likely breaking into something much more important elsewhere. Like a bank. At this point you may have some questions, so... Q. So how do you encrypt the passwords? A. Simple, put the names and passwords you want to use in boxes below and I'll encrypt them for you. Q. But wait! You'll know my passwords! A. This is free and I've (derk at sonic) proved I'm a nice guy by wasting my time doing this. Note from Henry: I have personally reviewed and rewritten this CGI for use on Railfan.net. This CGI doesn't send information to anyone except you and this CGI doesn't store any information anywhere. The CGI just displays your new password protection information on your browser only for your use in creating the needed files. Don't forget that I created your account here so I have already had (and forgotten!) your main login password! ;-) OK fine, here's an EXACT copy of the script - if you don't know why it's safe, ask Henry!
So have we settled that issue? Good.
Now enter up to four name/password pairs below, you don't have to use all four.
Name A Password A Name B Password B Name C Password C Name D Password D
Next, you'll need to get the following applications fired up on your desktop:
1)Web Browser - Duh... :-P 2)An ASCII Text Editor - Like "Notepad" for people who make Bill Gates richer :-)
Ready? Lets do this thing!