Htaccess authentication

apps

#1

Situation: I need to password protect a directory. Each user requires their own userid and password (legal reasons). For sanity sake, I do not want to be in the business of changing the user passwords unless it’s required - but I want the user management process to be as automated as possible.

Using .htaccess to manage the directory would be ideal. Save that the only Dreamhost provided method does not allow the users to change their own passwords, nor provide methods to age their password.

It’s not trivial but it’s possible to write my own solution. I also see a horde of ‘stuff’ available on the net to handle this. Does anyone use a 3rd party tool to handle their remote user logins for .htaccess? Anything they would reccomend?

I’m open to solutions that are not based on .htaccess btw.

Brian Dunbar

Liftport - The Space Elevator Company


#2

In that case, why don’t you simply build a PHP/MySQL-based login system? Store name/password combinations in a database, and require authentication whenever files from the specific directory are accessed.

I’ve just been to the Liftport website. No kidding? I first encountered the idea when I read an Arthur C. Clarke short story on the subject. I saw from your website that you say Yuri Artsutanov came up with the idea, but I could swear it came from Tsiolkovsky - and over 60 years earlier.


Simon Jessey
Keystone Websites | si-blog


#3

Going off on a tangent here, I think the LiftPort Group is totally intriguing! Both Clarke’s and Sheffield’s renditions of this concept are excellent eye-openers.

I’d love to actually participate in this. Brian, I saw the job openings, but there’s no good match. Any suggestions?

TorbenGB
Try out DreamHost with a free WebIDPrices, options


#4

Simon, you seem to really know what yer doing when it comes to scripting. So here’s a question for you, because I only know enough to make me dangerous. Is the only way to password protect individual graphics in a directory via htaccess? I’ve wanted to write a php login script for some things, but haven’t because it involves graphics. Someone could download a graphic, bypassing the php page, no matter what, right?

~Chell


#5

You could put the graphics in a NON web accessable directory.

Then wirte a PHP script that takes a filename as a paramater. If the user is logged in, pass them the Graphics file, if they aren’t present them with a PHP generated login script (or a Not found graphic), then the graphics file.

I’ve written similar code to retrieve images stored in a MySQL database.

-Jason

I40.com - Home Page
MP3Mystic - Personal Streaming Music server.
(Neither of these sites are still hosted at dreamhost)


#6

Bwaahaaahaaaa! I’m glad I’ve managed to fool someone LOL.

Jason’s solution seems to be the way to go.


Simon Jessey
Keystone Websites | si-blog


#7

Sounds like the perfect solution. Thank you! DH doesn’t frown on this (don’t laugh- I’m using the “need coffee” defense for silly questions)? And would a log file be generated for this folder, or no?

A note to Simon- Look like posts from a pretty sharp mind to me.

~Chell


#8

There isn’t anything for them to frown on, it’s standard PHP scripting. Your PHP script could produce any sort of logs you wanted.

As for automatic logging I don’t have a clue. I havent spent much time with dreamhosts logs at all.

On the upside, I did just find a use for my 777 account. I can ftp backups from my new host to it. Hurray!

-Jason

I40.com - Home Page
MP3Mystic - Personal Streaming Music server.
(Neither of these sites are still hosted at dreamhost)


#9

May as well- no sense wasting an account. :slight_smile:

The original poster of this thread got me wondering if there truly wasn’t a solution to the bypassing-the-script problem, and there one is. Thank you- I’ll be in php land today.

~Chell


#10

Good luck.The only sticky point I hit when I was implementing something like this (4 years ago) was making sure that when you generate the Graphics file you set the mime type using the php (header command most likely) to one appropriate for the Image file.

-Jason

I40.com - Home Page
MP3Mystic - Personal Streaming Music server.
(Neither of these sites are still hosted at dreamhost)


#11

Simon In that case, why don’t you simply build a PHP/MySQL-based login system?

That’s an option as well. But. I’m trying to avoid duplicating someone else’s clever idea because 1) while I’m not dumb I’m always aware that there is at least one person better at X than I am and 2) I’m lazy.

I’m not opposed to getting out a shovel and digging around, but if someone else dug a well next door, I can lay some pipe (as it were) and get back to dozing on the couch.

I’ve just been to the Liftport website. No kidding?

No kidding around.

I saw from your website that you say Yuri Artsutanov came up with the idea, but I could swear it came from Tsiolkovsky - and over 60 years earlier.

This could quickly devolve into a ‘who built the first airplane’ kind of deal. Tsiolkovsky did come up with the idea as you noted - but his version was a riff on the Eiffel Tower, which would fail due to compression loading. Artsutanov came up with the correct idea - possibly without reference to Tsiolkovsky’s idea.

TorbenGB
I’d love to actually participate in this. Brian, I saw the job openings, but there’s no good match. Any suggestions?

Dunno, what can you do? We’re not really in a position to hire anyone at the moment; we’re a startup and, frankly, the benefits would stink if there were any. Since we are a small (but growing, slowly) company finding people who can fit in is difficult.

Still. I’m convinced the project has a chance. When things start to break our way, we will need the right people. Technical folks (of course) as well as suits, lawyers, accountants etc.

Do this.

  1. Send an email to info@liftport.com. This will filter to my attention as well as the other mgt folks at Liftport. Even if we can’t use you or your services now we’ll file the resume for later use.

  2. Subscribe to our Monthly newsletter to track what we’re doing - we’ll be sure to announce any good news (as well as bad) there.

Brian Dunbar

Liftport - The Space Elevator Company


#12

I’ve just been to the Liftport website. No kidding? I first encountered the idea when I read an Arthur C. Clarke short story on the subject.

Another good book (books, technically) exploring space elevator technology are Kim Stanley Robinson’s Mars trilogy. Those were the first I read on the subject, closely followed by Clarke’s The Fountains of Paradise.

I’m also a big fan of space elevators. Good luck, I really hope to see one go up in my lifetime.


If you want useful replies, ask smart questions.


#13

Sounds like you are something of a hard science fiction fan. dude.


Simon Jessey
Keystone Websites | si-blog


#14

OMG! Jason, you’re a genius. :slight_smile: It works. Graphics all show right, just have to get it to link properly to zip files without offering to download the php script. Thank you!! This whole problem has been a thorn in my side for some time- not any more. ::: doing the Snoopy dance :::

~Chell


#15

Your welcome. Glad I could help.

-Jason

I40.com - Home Page
MP3Mystic - Personal Streaming Music server.
(Neither of these sites are still hosted at dreamhost)


#16

Sounds like you are something of a hard science fiction fan. dude.

I’ve been known to dabble a bit. After Dune (the original books, not that god-awful fan fiction Herbert’s son is writing), KSR’s Mars books are probably my favorite SF.

My reading tastes are all over the place, so it’s hard to say what my preferred genre is.


If you want useful replies, ask smart questions.


#17

[quote]I’ve been known to dabble a bit. After Dune (the original books, not that
god-awful fan fiction Herbert’s son is writing), KSR’s Mars books are
probably my favorite SF.

[/quote]

The KSR books are probably among my favorites as well. I also have a bit of an affinity for Greg Bear’s stuff.

If this thread continues, we might have to move along to Offtopic Discussion, though. :>

  • Jeff @ DreamHost
  • DH Discussion Forum Admin

#18

Quite right. My bad. :frowning:


Simon Jessey
Keystone Websites | si-blog


#19

[quote]Quite right. My bad.

[/quote]

No worries. I’m not so much concerned about long stretches of on-topic-ness interrupted by a little off-topic-ness. Long stretches of off-topic-ness interrupted by on-topic-ness, though, isn’t so good.

…except in the offtopic forum… In which case, I suppose, it’d be on-topic. I think my head is about to explode. :>

  • Jeff @ DreamHost
  • DH Discussion Forum Admin

#20

There are a number of packages you can obtain to do this. Some are fairly spendy and some are free.

http://locked-area.com

I just installed this package. I had a minor problem getting it to run because it wants to open the http error log and can’t because dreamhost doesn’t give access to it.

The solution for me was to change the sequence where it calls use CGI::Carp … with

BEGIN {
use CGI::Carp qw(carpout);
open(LOG, “>>/home/myhomedir/mycgi-log”) or
die(“Unable to open mycgi-log: $!\n”);
carpout(LOG);
}