Stubborn .htaccess

software development

#1

Hello all :slight_smile:

Hope someone will be able to see the solution …

Here, I’m working with a photo gallery for 2 years now. One of its function is too allow download with a password, protected by htaccess.
2 years ago, it worked perfectly ( I was not a dreamhost though )
2 years later, htaccess is stubborn and keep asking for password, even when it’s the good one.

Why ? Is it something to do with protection on server and/or permissions ?


#2

There is supposed to be a file with the usernames and their passwords in it. Perhaps Apache isn’t able to read the file, or the .htaccess file has the wrong path.

:cool: openvein.org -//-


#3

The password and login are in the .htpasswd, the password is encrypted.

Why would apache wouldn’t be able to read it ?

Here what it looks like :

AuthType Basic
AuthName "Secure"
AuthUserFile /mnt/local/home/myftplogin/mydomain/photos/2/4564334/.htpasswd
require valid-user


#4

[quote]/mnt/local/home/myftplogin/mydomain/photos/2/4564334/.htpasswd
require valid-user[/quote]
For shared hosting on DreamHost, the path would be /home/username/mydomain/photos/2/4564334/.htpasswd

Sounds like your old host used different paths.

:cool: openvein.org -//-


#5

I changed the path but it didn’t change anything.

I don’t see why it doesn’t want to work !


#6

What are the permissions on the .htpasswd file? Try changing it to 644 if it isn’t already.

:cool: openvein.org -//-


#7

already in 644 :frowning:

I made some test : I put the .htaccess and .htpasswd in the root and it worked like a charm.
So, I left the htpasswd in the root, change the path in the htaccess and put the htaccess in the folder I want to protect.
Nothing : it keeps asking over and over again

Edit : I tried the htaccess in the root with path to photo folder with htpasswd in it.
It works. Of course it ask for login/password when you load index, which isn’t what I want. I was just testing.

It something to do with the folder containing originals. It worked everywhere else, except in that folder !!


#8

Done every test and different way to write a htaccess file. It won’t work.

I moved to Dreamhost because Bluehost is messing with file permission : you can’t put 777 or 666. It blow up old script.
Now I can’t manage to work a single htaccess. How can that be ??


#9

[quote]I moved to Dreamhost because Bluehost is messing with file permission : you can’t put 777 or 666. It blow up old script.
Now I can’t manage to work a single htaccess. How can that be ??[/quote]
That might be the problem. Its insecure to use 777 or 666 for permissions on a shared hosting server. You shouldn’t need to use 777 if your Gallery script is running PHP as CGI instead of a mod_php anyways. Try setting the directories to 755 and files to 644.

Though I haven’t been able to duplicate your problem myself. Uh, if you don’t want people downloading files from the directory at all, try using this instead:

# Deny connections from anyone deny from all
That way you’d have to use FTP/SFTP/shell to get at the files.

However I suggest backing up the password file, and fixing the permissions (again 775 for directories and 644 for files) and then go to the DreamHost Web Panel. Once there, choose Goodies -> Htaccess/WebDAV and select the domain. Type in the directory path, check off “Password-protect this dir?”, and specify usernames and passwords. Ignore the other options. Then submit the form.

:cool: openvein.org -//-


#10

Most are already in 755 and 644 : the folder supposed to be protected is already in 755


#11

Rename the folder temporarily and see if it works.

Maximum Cash Discount on any plan with MAXCASH

How To Install PHP.INI / ionCube on DreamHost


#12

Ok, I renamed the folder but the script didn’t like.
Renamed the folder in the admin script and got this :

Warning: rename(/mnt/local/home/pmksensei/maybegreen.tech-hippie.com/photos/1/73700367,/mnt/local/home/pmksensei/maybegreen.tech-hippie.com/photos/1/007) [function.rename]: No such file or directory in /mnt/local/home/pmksensei/maybegreen.tech-hippie.com/includes/admin.inc.php on line 93
Could not rename folder for original files. Please make sure it exists!

So, I changed the folder number in the admin and it changed in the ftp but still no luch with htaccess. Keep saying I don’t have the good login/pass


#13

Browse directly to the folder itself in order to test the .htpasswd functionality.

Maximum Cash Discount on any plan with MAXCASH

How To Install PHP.INI / ionCube on DreamHost


#14

Of course, I wouldn’t say it doesn’t work otherwise :stuck_out_tongue:

Keep asking for login/pass

htpasswd is in root and htaccess give path to htpasswd.


#15

I think you’re going to have to review your paths.

Maximum Cash Discount on any plan with MAXCASH

How To Install PHP.INI / ionCube on DreamHost


#16

That’s the htaccess :

AuthType Basic
AuthName "Private"
AuthUserFile /home/pmksensei/maybegreen.tech-hippie.com/.htpasswd
require valid-user

htaccess is in : /maybegreen.tech-hippie.com/photos/1[category number]/[a-big-number-random-each-time-a-new-category-is-create]/.htaccess

when I want to download a photo, it calls that path.