|
|
Line 76: |
Line 76: |
| '''''[[#top | Top]]''''' | | '''''[[#top | Top]]''''' |
|
| |
|
| == Private page ==
| |
| Apache's basic authentication is not very flexible however you can bend it a little using mod rewrite and create something usful without the need for any scripting such as PHP or Perl.
| |
|
| |
|
| You must use a secured server so name/password pair and personal data on a page are encrypted. That said you can test on a standard Uniform Server installation.
| |
|
| |
| This solution uses only a '''.htacces''' file with mode-rewrite performing the redirection this example demonstrates the concept.
| |
|
| |
| # I have created a folder named '''secure''' in the root folder '''www'''.
| |
| ## Folder secure contains '''John.html''', '''Dave.html''' and '''Mike.html''' these are the personal data pages.
| |
| ## This folder also contains an '''index.html''' page which states something like “'''you need to login'''” it a default should the login fail.
| |
| <ol start="2">
| |
| <li> My main index page in the root folder '''www''' contains the following link:<br>'''<nowiki><a href="secure/index.html">Secure login</a></nowiki>'''<br>When clicked takes me to the protected folder.
| |
|
| |
| <li> Open the file '''.htpasswd''' located in folder '''<nowiki>*</nowiki>\Uniform Server\udrive\htpasswd\www''' delete its content and add name/password pairs e.g
| |
| <pre>
| |
| John:21
| |
| Dave Smith:22
| |
| Mike:23
| |
| </pre>
| |
|
| |
| Use real passwords e.g '''Mst23Xfrs''' (21,22,23 makes it easier to test).
| |
|
| |
| '''''Note'':''' You can use spaces in the name.
| |
|
| |
| <li> Copy '''.htaccess''' from the root folder '''www''' to folder '''secure''' (this saves the pain of creating one) once copied open the file delete its contents and add the following:
| |
|
| |
| <pre>
| |
| AuthName "Please Login or whatever you would like displayed"
| |
| AuthType Basic
| |
| AuthUserFile /htpasswd/www/.htpasswd
| |
| Require valid-user
| |
|
| |
| Options +FollowSymLinks
| |
| RewriteEngine On
| |
| RewriteBase /secure
| |
|
| |
| RewriteCond %{REMOTE_user} ^John$
| |
| RewriteRule (.*) John.html [L]
| |
|
| |
| RewriteCond %{REMOTE_user} ^Dave\ Smith$
| |
| RewriteRule (.*) Dave.html [L]
| |
|
| |
| RewriteCond %{REMOTE_user} ^Mike$
| |
| RewriteRule (.*) Mike.html [L]
| |
| </pre>
| |
|
| |
| *Each page to be protected requires two lines the first checks user name (all names must be unique, limitation of using this method, a user will have been validated with password however this is not accessible by the rewrite engine hence redirection on name only.)
| |
|
| |
| *The second line redirects to the appropriate page note the (.*) means any page requested by that user will be mapped to the page that follows the (.*) [L] last rule.
| |
|
| |
| *If for whatever reason no match is found it drops out of this and picks up the index page.
| |
|
| |
| '''''Note 1'':''' The space between '''Dave Smith''' needs to be escaped using a backslash '''“\ “''' (without the quotes)
| |
|
| |
| '''''Note 2'':''' You will need to restart your browser to re-login.
| |
|
| |
| Again I stress the need for encryption because when using '''http''', name/password is sent in '''plain text'''.
| |
|
| |
|
| |
| '''''[[#top | Top]]'''''
| |
|
| |
|
| == Private folder == | | == Private folder == |