Hi, all.
I’m relatively new to c-panel and its features but am fairly familiar with html coding and web stuff.
What I would like to do is to create a registration page in php and pull these values into an htaccess file so that users can view a specific directory on my site. My questions are:
- The directory is already protected through c-panel and so the htaccess file already exists. Can I just append the mysql calls to the file, or do I have to choose one or the other method for protecting the directory?
- If the passwords are encrypted in the db, how do I tell the htaccess file to unencrypt, and where do I put the key?
- is this the best practice for restricting access to a directory? I’d rather do this than add php code to every page in the directory!
Thanks for any advice!
Hey Andrew,
cPanel’s directory protection utilizes .htaccess alongside an Apache directory privacy method called htpasswd. Here’s a guide I found that should give you a head start on how you would generate the encrypted password using PHP Complete Beginner’s Guide to .htaccess Files - hostingcanada.org and then you’d use standard PHP calls to append the information to the htpasswd file. You’ll notice that the .htaccess file references the location of the passwd file and it’s that passwd file that stores the usernames and encrypted password (Apache does all the decrypting itself). Notably you can’t write any code within .htaccess as it’s not a script file that can be executed so I think you’ll need to have your PHP code be a part of the registration page code and just write the necessary user/pass information to the appropriate files. Let me know if that helps!
As far as best practices go it’s a bit more legwork to do it this way. PHP is a lot more robust and displaying information based on user input so if it were me I would simply store the user information in MySQL and for each page you want to protect you have some variable that denotes a login is required and display that login page. This has the added benefit where you can potentially build out a page for users to manage their credentials whereas with the htpasswd method they have no access to cPanel and so can’t change their information for the directory access without you going in there and modifying it.
Thanks Tim. I guess I was hoping to avoid adding the PHP code to all the pages in the directory to make sure they’re protected - I think there are between 50 and 100 pages there so it’s more than I thought practical. But it definitely could be done!
My plan was to do it in two steps - create a registration page that would fill in the MySQL db with usernames and passwords, and then have the .htaccess file in the directory I’m protecting pull those from the same db using the Auth_MYSQL line in the .htaccess file. I’ll keep working on it - thanks for the link!
Oh cool, I’ve never played with Auth_MYSQL but I think that’s probably a good way at it (certainly beats storing the user info in a flat file like regular auth does with htpasswd). I think you’re on the right track and that makes a lot of sense. Reach out if you run into any hurdles we might be able to help with!
Hi again Tim. Is it possible to add some PHP code to my HTML files? Will Reclaim’s servers be able to deal with that? I have read it’s a set up thing - and if it was, I would just prepend some PHP to all the pages I need to protect. Thanks again.
You can add the following to .htaccess which should allow PHP code to be processed within a file that ends in .html:
AddHandler application/x-httpd-php5 .html
Yep, worked great! Thanks!