|
Overview
For those of you having problems with the .htaccess and .htpasswd files, this neat little script
will enable you to add or modify them using an online form. This allows you to have secure
areas on the CGI-BIN server to store sensitive scripts (such as admin files).
This script was originally written by Floyd Morrissette, who kindly gave his permission for this
adaptation. His site is at www.newwebsite.com if you want
to check out his other services.
Before you start
Make sure that you understand the concept of how .htaccess and .htpasswd works. You do not
want to lock yourself out of your own site for instance!
Do not leave this script in an unprotected directory, as a malicious user could very well do
that to you and your visitors. If you do not know how to use and have access to an FTP
program, you will not be able to delete problem files.
Please note that this script produces a separate .htaccess and .htpasswd file for each directory
you specify. It will also overwrite any existing ones.
Path change
If you signed up for your CGI-BIN account after the end of July 2000, but before the middle of
February 2002 you will need to change all references to home in the paths to
home2 or the script will not work.
If you received your CGI-BIN account after the middle of February 2002 you will need to change
all references to home in the paths to home3 to avoid errors.
access3w.cgi
This is the only file to the script, and I have made it available in plain text form as access3w.txt - either save this file from where it is, or copy and paste it to
an editor such as Notepad.
Please rename it to access3w.cgi and change the following lines, changing
username to your own username and access to the directory you will place it in:-
$action = "http://cgi-bin.spaceports.com/~username/access";
$base = "/home/username/public_html";
As long as you use the filename access3w.cgi that is all the editing it needs. Do
not put a trailing / on either of those paths.
Uploading
Create any necessary directories and CHMOD them to 755
Upload the file in ASCII mode to the correct directory (access inside
public_html is default)
CHMOD it to 755
The result
If all went according to plan, the script should be ready to run. Just enter the username,
password and directory into the form it displays.
If you want to see an example of a protected directory, I have one here. Try getting into it a
few times, then use this info:-
Username: topsecret
Password: plans
And before you think it, the rest of my protected directories have completely different
information needed to get into them!
Errors
Some of you have been getting an error message saying something like "Error opening .htaccess"
when trying to use the script.
This is caused when the script does not have read or write permissions for the directory you
told it to create the .htaccess and .htpasswd files for.
The solution to this is to CHMOD the directory you wish to protect to 777 before running the
script. Remember to CHMOD it back to 755 (or whatever) afterwards.
Note that the exception to this is when you are trying to protect the directory the script is
actually in. The directory permissions do not affect the scripts ability to read or write to files
in the same directory, as it does not need to cross a directory "boundary".
In this instance, to set it to anything other than 755 will stop the script executing in the
first place.
One last thing
Some of the people using this, or similar scripts, for the first time were a little confused
when they weren't asked for a username and password every time they tried to access a protected
directory.
The reason is that the server will remember that you have already given that information, and
will not ask again in that session. If you close your browser down and then try to
access the protected directory, you will be prompted for the information once more.
If you share your computer with anyone else, exit your browser completely when you have
finished working in your secure areas!
|
