Sometimes it becomes necessary to password protect access to all pages of the site or only to a certain area of it. The mechanism for allowing visitors to access pages by logins and passwords is called "authorization". How to organize authorization without knowledge of any programming language?
Instructions
Step 1
The easiest way to block access to a site with a password is to use the built-in tools of the web server that hosts the site. Apache server settings are such that if there is a file named ".htaccess" in any server folder, then when requesting any document from this folder (for example, a web page), Apache will follow the rules contained in the.htaccess file. This file can also contain directives to restrict access to all or only some of the documents in this folder. We will use this mechanism. Step 1: Create an.htaccess file The easiest way to create an empty file named.htaccess is in a regular text editor - Notepad. So that when saving a file, notepad does not automatically add the txt extension, in the "file type" drop-down list of the save dialog, select "All files". The directives that need to be written in.htaccess may look like this: AuthType Basic
AuthName "Restricted Zone!"
AuthUserFile /usr/host/mysite/.htpasswd
require valid-user The first line (AuthType Basic) tells the server that the authorization of visitors is required. The second (AuthName "Forbidden zone!") specifies the text to be displayed on the login and password input form. The third (AuthUserFile /usr/host/mysite/.htpasswd) shows the path to the file that stores the allowed logins and passwords. The "absolute path" must be indicated here, that is, from the server root directory itself, indicating the entire directory tree. This is the same full path that we see in the address bar of Windows Explorer when we open a folder. On site hosting servers, it usually looks like /pub/home/account_name/…/file_name. The path from the server root to your site can be found in the site administration panel or by asking the technical support of your hosting. You can find out on your own, but this will require the use of some programming language - for example, in PHP it can be obtained from the results of the phpinfo () command. The fourth line (require valid-user) means that nothing but entering the correct username and password for access to documents in this directory is not required. Actually, you can divide visitors into groups, and give different groups different access rights to different folders.
Step 2
Step 2: Create a.htpasswd File Now you need to create a password file, the path to which we specified in htaccess. By default it is given the name ".htpasswd", although this is not required - you can specify another name. This file stores login-password pairs, and the password is contained in an encrypted feed. To encrypt the password, you will have to use a special program - htpasswd.exe. If you do not have Apache server installed on your computer, then you can take it, for example, here - https://www.intrex.net/techsupp/htpasswd.exe. You need to run it from the command line. In Windows XP, I do it like this: put htpasswd.exe in a separate folder, right-click the folder and select "Run command line here" from the menu. At the command line, type: htpasswd -cm.htpasswd admin Here
htpasswd is the name of the program to run;
-cm is a modifier that indicates that a new password file should be created;
.htpasswd is the name for this new file;
admin is the login of the first user to be added to the file. After pressing Enter, you will be prompted to enter and repeat the password for this user. When the password is entered and confirmed, the.htpasswd file we need will be created in the folder with one username - password pair. To add more users, you need to run htpasswd.exe again, but instead of the -cm modifier, specify only -m. You can also see the help on the command line. by htpasswd.exe - for this you need to type: htpasswd.exe /?
Step 3
Step 3: upload files to the server. All that remains is to place both created files (.htaccess and.htpasswd) on the server. This can be done with any ftp client or through the file manager in the administration panel of your site. Htaccess file is placed in the folder where the pages that you need to password protect are stored. Not only the files of this folder will be protected, but all folders nested in it. And place the.htpasswd file in the folder, the path to which was specified in htaccess. Usually, the password file is stored in a folder one level above the root directory of the site so that there is no direct access to it from the Internet.
