PDA

View Full Version : Help with .htaccess and mod_auth_mysql to password-protect files


Aaow AnD wHiTe
01-21-2003, 03:30 PM
Hello everyone :)

We are having some problems with something we want to implement in our website.

We want to protect some of our folders so when anyone tries to access the files inside them, they get a prompt for user and password (you have to enter the ones you choose when you register in our forum).

The problem is that right now you get the prompt, but even if you enter the correct u/p, the prompt shows again and you still get no access :(

Here's the code we're using

AuthType Basic
AuthUserfile /dev/null
AuthName "HideOuters Only"
AuthType Basic
AuthGroupFile /dev/null
AuthMySQLHost localhost
AuthMySQLCryptedPasswords Off
AuthMySQLUser root
AuthMySQLPassword *******
AuthMySQLDB vbulletin
AuthMySQLUserTable user
AuthMySQLNameField username
AuthMySQLPasswordField password
AuthMySQLGroupField usergroupid
<Limit GET POST>
require group 2 5 8 7 6
</limit>

We've also tried this one:

AuthType Basic
AuthUserfile /dev/null
AuthName "HideOuters Only"
AuthType Basic
AuthGroupFile /dev/null
AuthMySQLHost localhost
AuthMySQLCryptedPasswords Off
AuthMySQLUser root
AuthMySQLPassword ******
AuthMySQLDB vbulletin
AuthMySQLUserTable user
AuthMySQLNameField username
AuthMySQLPasswordField password
AuthMySQLGroupField usergroupid
require group 2 5 8 7 6

--

What could be wrong? Maybe I have to tweak something in my apache configuration?

Any help will be really appreciated :D

zone
01-25-2003, 02:12 PM
You can't use the boards password, cause the board encrypt it using md5, while Apache encrypt using the crypt() function with a salt.

Say you use pass as the password. In the boards database it will look like this:

d41d8cd98f00b204e9800998ecf8427e

while when apache encrypt the password typed into the login box, it looks something like this:

pauONM/HSu9pM

So because they use different encryption methods, it won't work.

Aaow AnD wHiTe
01-29-2003, 01:33 AM
Oh... I see. Thank you very much for your reply. Can you think of any alternative way to achieve this? Thanx in advance!