Members only site

software development

#1

I want to create a website where a visitor has to enter a unique-to-them id & password in order to enter the members-only area.

  1. What features do I need in my hosting service? Do I need Code Warrior with its MySQL functionality? The id/password pairs will have to be kept somewhere and I expect a database is the answer.

  2. Do you know where I can find code samples that illustrate how to set up such a password scheme.

Any help would be appreciated.

Ernie Camacho


#2

If your needs are fairly basic, you can do this using .htaccess files. You can do this type of password protection from any account from the ‘goodies’ tag under ‘htaccess’. You can also do this from the command line (only on accounts that support shell access.

here’s one link:
https://kbase.newdream.net/index.cgi?area=801

or a link on how to do the same thing from the command line:
https://kbase.newdream.net/index.cgi?area=834

You should pick one or the other - trying to combine both approaches will probably cause you some headaches.

You can also most likely find a PHP or CGI script to do the same sort of thing, in a more automated manner. This will make things more complex to setup, though. If you need to bill people, you might look at a solution like ibill (www.ibill.com). We don’t provide installation of this system, but we have a number of customers who use it.


#3

Thanks for the feedback. I’m not sure if .htaccess will do the job. As I understand it, that gives you one id/password that you’d provide to all the folks that you want to get past the doorman. I need something more individualized:

A person signs up ahead of time for access to my restricted area. I put his email address and his chosen password into a database/list/something. Then when he comes to the site, he enters his own personal id/password and gets through the door to my restricted area.

It’s just the same as what you have to do to get into this part of this discussion group. You can’t post a msg until you join - provide a unique ID/password - that is used to authenticate you.

I’ll check the references you mention. If anyone has more info on this, please chime in.

Thanks,
Ernie


#4

Yet another example of how un-clear the information provided on this site can be…

I tried setting up the .htaccess, on the off-chance that it would allow me to create more than one id/password for access to the members-only subdir. It worked. It looks like this will indeed fit my needs, at least for the short term - until using webpanel to maintain the list of users becomes too much of a problem. I have a couple of questions, though:

  1. I see that when the id/password challenge window pops up, you’re given a pull-down list that has a single entry on it - your email address. Where does the script get that from? Did it have anything to do with Dreamhost knowing who I am 'cause of my admin access? I’ll have to test that out. I guess it’s assuming that the user’s email addr. will have been used for the ID originally. If that’s the case, then I’ll have to see just how it gets it dynamically at the time of challenge so that the pull-down list has some relevance.

  2. Is there a limit to the number of users I can define for password access to that subdir?

I sure wish that the Dreamhost folks would: 1. re-do their knowledgebase so that the examples show the current admin panel. It took a bit of poking around for me to find my way to the htaccess area.
  1. re-write most of the examples and screens so that they are more-clear than they are now. For example this htaccess thing made no mention of the ability to add more than one id/password, or if there was a max limit, etc.

At any rate, thanks for pointing me to that as a solution. I’d looked at it before and thought it allowed only a single id. But after your suggestion, I decided to test it out more thoroughly.

Ernie


#5

Bob, thanks for getting back to me. I appreciate your comments. Your header says you’re a “regular”. I assume that means that you’re not a DH employee. I will admit that I’ve been flaming a bit more than is my nature. I ususally don’t flame at all. But I was hoping to get the DH folk’s attention.

I HAVE been very frustrated, trying to figure out how DH is structured and how I can get a web site up and running. I was expecting it to be pretty easy, but the instructions have been very obfuscatory - misleading even! And I’ve worked with computing, programming, and all sorts of related stuff like this for decades. Part of my frustration was that DH seems to be trying to appeal to complete innocents, judging from the kind of topics and items in the KB. If I’m having a hard time, I can imagine how lost someone who doesn’t know beans about this stuff would be.

In my rants I’ve mentioned a few times that DH should get an outside tech writer to take a look at things with a view to making the site, and all its information, more accessable (understandable) to the average joe. I know all too well how easy it is for a person steeped in the technology to write something that seems perfectly plain to them, when in reality it’s all Greek to any but those who live and breath this stuff. An outside viewpoint would help tremendously.

For example, I do see now that if I was as diligent as I suppose I should have been, I would have keyed in on the sections of that statement that you high-lighted (which “indicate” that I can add more than one user). The reality of it was that I was (and still am) in a hurry to get this site up, with the features that will satisfy my client’s needs. I was scanning through every part of the KB and the Web Panel, trying to see what might work. If “Area 834” (wherever that is - I haven’t come across, or learned about, “areas” yet) had said right up front:

  1. You can have one ID/Password that is used by all “authorized” people to gain entry to your private directory.
  2. You can add as many user ID / Password pairs as you like so that each authorized person can have their own unique identifier.
  3. The ID/Password can be any length with … as valid characters.

and a few other details that I’m sure I’ll figure out eventually, I would have said “bingo”, and jumped right in. As it was, I surmised that htaccess wouldn’t work and kept on looking.
BTW, I don’t have shell access, AFAIK, so that may be why I skipped Area 834 - at least I think that’s what the snippet you mentioned refers to.

Bottom line. I’ll be nice and submit my questions one at a time. At the same time, if the DH folks really want to be helpful, they’ll update the references in the KB that refer to the Web Panel ASAP, and they’ll get a fresh pair of eyes to look at ALL their stuff to make it more accessable to the average joe.

Thanks,

Ernie Camacho


#6

Hi Bob -

I personally look into the boards every few days, but am not always able to respond. Suffice to say, though, every post IS read and considered. Especially those that contain suggestions, complaints, or observations … Or those that say, “Hey Jeff!”. :>

To be honest, though, I would very much like if these things were posted here as well as sent to tech support or sent in as a suggestion. When you get a single message from someone with a specific issue they want resolved, that’s useful but somewhat difficult to prioritize. On the other hand, if someone posts something here there is more chance that a few other people will chime in with their own opinions.

If we see a bunch of people with the same complaint, that gives us reason to bump it up the priority scale. If several replies come back disagreeing with the original complaint’s assertion, though, we may reserve judgment for a while or seek more input.

In this particular case, the original complaint does have merit; We do need to keep the kbase updated (it’s particularly tough now as we don’t have a dedicated tech writer any more, and the panel has since undergone some significant changes that haven’t migrated all of our numerous kbase articles).

I do disagree though with the statement that our marketing is geared heavily toward ‘newbies’. I think that, overall, we DO market toward those who want a somewhat friendly and personal relationship with their web host (in reality, I recognize that this ‘market’ just sort of developed on its own, and we ran with it). While obviously those new to the web benefit a lot from a friendly, down-to-earth web host, this also really applies to those who need to work bugs in their Perl code’s integration with our system or some other slightly more advanced topics. As a somewhat more advanced web designer/coder myself, I would personally have little patience for a host that treated me like a number and/or had no soul. But that’s just me. :>

  • Jeff @ DreamHost
  • DH Discussion Forum Admin