Newby question

[ErikJan]

I'm 'green' to web development and seek some simple advice to get me started. I can program (but don't want that now), understand HTML & FPT etc...

Here's the thing: I recently got my own domain. Got myself a test version of a Web Design program and all works fine (including FTP upload). What I would like as element on my (still fairly empty) home page is a button that allows the user to go to a subfolder. In there I want to drop some pictures. The users who get there need to be able to preview the pictures and then select one, more or all and be able to download them (full size).
I want to restrict access to this picture folder however (user/password)... to control who can get to my pictures there so I manually uploaded a ".htaccess" and a ".htpasswd" in that subfolder already.

Now... how do I set this up... you may assume my homepage is empty for all I care and I don't need anything fancy on the picture subfolder too.

I though this should be extremely simple but I've been unable to find anything even close (there are some fancy JAVA or Flash things but I don't need that -yet- --- I hope---)

Any tips or suggestions to get me started would be very much appreciated!

[agibsonsw]

Hello.

I don't know much (anything..) about this but thought this page might prove useful.

On a brief reading it seems this is not about JavaScript. It's a question of creating the two files (.htaccess and .htpasswd) as simple text-files. htaccess describes what/who has access to the current subfolder, and where the corresponding file - htpasswd - is stored that contains an encrypted version of the user(s) password(s). htpasswd needs to be stored above your root folder, so that no one can stumble upon it.

This would be very much a manual process. That is, you might give a few "special" friends their own username and password, or perhaps just a guest version that they might all use (probably not advisable..).

[ErikJan]

Sorry if I wasn't clear but what I meant to say was that I succeeded with the .htaccess and .htpasswd files... THAT is not my problem anymore...

[agibsonsw]

Sorry if I wasn't clear but what I meant to say was that I succeeded with the .htaccess and .htpasswd files... THAT is not my problem anymore...

Oh, I see.. You mean once they've got there..

Not sure then . I suppose, if you want to keep it simple, then you could store all the larger images as separate files in the same folder. If you provide a hyperlink that just points to the same 'subfolder/' then wouldn't it produce a directory listing of the files/images? Perhaps someone with more experience might clarify

[stuck]

All you need is a link on your home page that points to your protected folder. Then when the user clicks the link and thus tries to reach the protected folder, .htaccess pops up an 'Authentication Required' dialog.

If a bare link is too plain and simple you can tie the link to a button with:

Code: Select all

<FORM>
<INPUT TYPE="BUTTON" VALUE="type button label text here" ONCLICK="window.location.href='http://www.yourDoman.com/pathToYourprotectedFolder'">
</FORM>

Ken

[ErikJan]

OK, I can add that button and indeed when I click it, I get the Username/password dialog. However when I enter the right info there... I get a server error.
The target (protected), folder is empty (except for the .htaccess and .htpasswrd files) and one JPG test file...
I can -sort of- understand that a browser wouldn't know what to do with that... So I guess I'm still missing something in that folder to tell my browser there's JPG's in there and it should display them and allow downloading them... right?

[stuck]

OK, I can add that button and indeed when I click it, I get the Username/password dialog. However when I enter the right info there... I get a server error.
The target (protected), folder is empty (except for the .htaccess and .htpasswrd files) and one JPG test file...
I can -sort of- understand that a browser wouldn't know what to do with that... So I guess I'm still missing something in that folder to tell my browser there's JPG's in there and it should display them and allow downloading them... right?

I must confess to being a newbie in this area as well but I note you say "except for .htaccess and .htpasswrd files", are those your actual file names? If so that might be your problem because the latter file should be called .htpasswd, i.e. there should be no 'r' in it.

Once you do get into the folder as you expect, you should find your browser will display just a file listing, since there's no HTML to tell it what to do. However, if you click on the .jpg file name your browser will display it. if you want to cut out that point and click step and have the browser render the .jpg on landing in the folder you'd need to build an index.html page around it. The relevant line to point to an image in the same folder would be something like:
<IMG SRC="mypic.jpg">

Ken

[ErikJan]

I must confess to being a newbie in this area as well but I note you say "except for .htaccess and .htpasswrd files", are those your actual file names? If so that might be your problem because the latter file should be called .htpasswd, i.e. there should be no 'r' in it.

Sorry... typo... the filenames were and are correct

Once you do get into the folder as you expect, you should find your browser will display just a file listing, since there's no HTML to tell it what to do

Nope... 500 Internal Server Error...

Here's the only files in the subfolder:

Capture1.PNG

Here's the error message:

Capture2.PNG

[stuck]

What about the permissions on the files? All of them are the same. When I played with this the instructions said set .htaccess & .htpasswd to 744 (File Owner: read, write & execute, group & public read only).

Also, .htaccess holds an encrypted version of the password doesn't it? Perhaps the server doesn't understand the encryption you've used?

Ken

[ErikJan]

OK, changed the security to 744 (644 didn't have execure for the owner). That did not help. The .ht files were created by a tool provided by the host. And the password access works because I do get the dialog... it's AFTER that, when I get to Server Error (sorry if that was not clear before)...

[stuck]

You've reached the edge of my map. All I can suggest next is that you ask on your ISP's help forum.

Ken

[stuck]

Err... that bit about me being at the edge of my map? I've remembered something else ...

I've just Googled '.htaccess 500 internal server error' and found something that might help:
http://iamseanmurphy.com/2009/02/21/hta ... solutions/
That link talks about how .htaccess doesn't work in a cgi environment. That matches with the instructions I followed when I set up my .htaccess. My ISP offers two types of webspace, regular/simple static HTTP and a cgi platform (for PHP/MySQL apps). Their instructions about setting up .htacess explicitly state it ONLY works on their normal webspace, i.e. .htaccess will NOT on their cgi platform.

Perhaps the same applies to your web host? You'll have to ask them.

Ken

[stuck]

More Googling implies it can be done in cgi, but you may first have to run a PHP script to find out the actual path from the server to the folder. I found a link that says this PHP (chmod permissions set to 700) will give you that path:

Code: Select all

<?php
print getcwd();
?>

Once you've got this path, you need to include the path to the password file in .htaccess

Ken

[ErikJan]

No idea what I have to do... sorry (I'm sooo blue with this...)

[stuck]

I've discovered my cgi webspace is active and after a bit of fiddling I seem to have put .htaccess on a test folder. I have no idea how you translate the following to your environment but this is what I did:
1) using my FTP client I connected to my cgi space
2) I saw a folder called cgi-bin
3) In notepad created a file containing the code above:
<?php
print getcwd();
?>)
4) saved as servpath.php
5) uploaded:
a) a simple index.html file
b) uploaded servpath.php
c) set the permissions on both files to 640
6) in my browser went to my cgi space, the index page appeared
7) added /servpath.php into the location and hit enter
8) the browser displayed a path
9) copied that path and pasted it into a .htaccess file as the path to .htpasswd
10) uploaded both .htaccess and .htpassword, set permissions to 744 (but I think 740 will do)
11) reloaded the index page and I was asked for a userid and password

Back in the FTP client I created a separate folder /test and moved both .ht files AND the index.html file** to /test. Also extended the path in .htaccess, by adding on /test.

Now if I visit my cgi root folder I get a server error message, because there is no index.html file BUT if I navigate to the /test folder I'm asked for a username & password and once I enter those details the index file in there is rendered.

Success!

Ken
**it seems that in my cgi environment you get an error message if the folder you browse to is empty, you have to have an index.html file present

[ErikJan]

Called the helpdesk from the host and opened a ticket. Will let them check this out first. Will report back. Thanks so far!

[ErikJan]

We found the problem... I created the .htaccess and .htpasswd files using an online 'tool' on the host's website. For reasons I still do not understand there was an error in the .htaccess file generated. Very strange as now these files are generated OK and I never edited them. Also strange as the password prompt did work and the error ocurred after pw entry.

It's all in the first line of the .htaccess file. The file that gave me problems looked like this (I placed X's on my domain name and Y's on the subfolder I wanted to protect, I also placed zero's in the host name):

AuthUserFile /home/vhosting/i/vhost0000/domains/xxxxxx.com/htdocs/yyyyy/.htpasswd

the working file looks like this (note the 'www'):

AuthUserFile /home/vhosting/i/vhost0000/domains/xxxxxx.com/htdocs/www/yyyyy/.htpasswd

All is fine now but will probably remain a mystery...

Thanks to all who tried to help me; special super thanks to Ken for all his efforts This newsgroup is the best!

[stuck]

Glad to hear it's all sorted. From what you say it looks like the problem was related to what I discovered in my cgi environment, namely, you have to get the path from the server to the folder in question right. In your case the tool your host provided was buggy and failed to include the /www/ level of the server folder structure. Once you reported the bug they fixed it and now the tool generates working files.

That all sounds like I know what I'm talking about but I must confess I'm only a little bit less of a newby than you are with this stuff. It was fun learning more as I tried to help you so thank you too for posting the question in the first place.

Time for some I think

Ken

[D Willett]

Hi ErikJan
I'm about to start a similar project.
In our business we hold thousand of images and related pdf documents.
I am constantly being asked by our customers if they can gain access to certain information, ie image and docs relating to individual cases.
So I need to upload these files and create a new folder for each case on the web server. Ultimately giving a customer a unique login to 1 there own area, 2 individual folders containing their images and documents.

As I say I'm about to start this project so I have no information as how to accomplish this yet.
Any advise you can give would be appreciated, what tools to use, tips etc.

Regards

[stuck]

Hmm, not sure the simple .htaccess & .htpasswd ideas discussed in this thread would be the best way to achieve what you want. It probably would be OK for a few ad hoc uploads but as a way of providing secure access for your customers I suspect it would very quickly become unmanageable.

What you probably want is some sort of SQL db at the back talking to a HTTPS front end. Where I work we have an MS SQL Server behind a ColdFusion front end but those apps cost money. The open source packages of choice are likely to be MySQL & PHP.

Ken