At the moment, my website is open to everyone to visit every page. However, the site is for a club in which I am a member and we'd like to have a "members only" area where we can display things that only members of the club can see due to privacy concerns, such as member lists and home phone numbers. Therefore, I'd like to password-protect those pages, which haven't been written yet. I found a reasonable looking script at http://www.zubrag.com/scripts/password-protect.php which looks like it might do the job, however it appears to be aimed at pages that are generated dynamically via PHP. (Correct me if I'm wrong!) All of the existing pages on my site are written in HTML (with CSS to control the layout) using <!DOCTYPE html> and using a file extension of .shtml. Is it possible for me to build the new members-only pages the same way and just imbed a few lines of code to invoke the password-checking or will I need to generate password-protected pages dynamically with PHP instead? Or are there far better ways to password-protect pages than the zubrag script? My PHP knowledge is pretty basic, although I am far more fluent at various other languages, like Java and COBOL, so I'd appreciate the guidance of those of you with more experience in PHP.
You're wrong. In order to use this script, all you have to do is change the current file extensions (.shtml) to .php, put the line of code from the above site into the files you aim to protect, and you're good to go. Well yes, yes there are far better solutions. But better also means more difficult to use. This one doesn't have the worst security, but it's still very average and I wouldn't use it to protect highly sensitive data.
Hi HenryCan, 2 questions: 1. Do you plan to have the same(one) username+password for all the club members or you would like each member to have own unique username and password? 2. Did you consider building your site using one of the popular CMS?
here is the simple idea get software > HTML Password lock lock any page you want html/php/java etc Note:- before locking any file/page take backup of that file so you can restore it
Create a .htaccess file within the directory you wish to password protect a specific file of. AuthUserFile /path/to/htpasswd/file/.htpasswd AuthName "Name of Page" AuthType Basic <Files "mypage.html"> require valid-user </Files> Code (markup): In line 1, change the path of .htpasswd to the location on your server. Generate your htpasswd file with a tool like this: http://www.htaccesstools.com/htpasswd-generator/
Thanks, Nico, your comments are helpful and appreciated, especially the reminder that I need to also change the file extension to .php. I think I learned that the last time I worked with php but it's been a while so this time, I tried adding that first line to the top of an .shtml file but found that it didn't work. Now I see that it's because I didn't change the extension. The data in question is not terribly critical, just phone numbers and email addresses for the members of a small club so that we can easily contact one another. I expect this zubrag script is good enough for this purpose. I wouldn't try to protect the Pentagon's most sensitive data with it;-)
1. Truthfully, I think I'd rather have each person have their own username and password (as long as there was some largely automatic way for them to register their IDs and change their passwords without having to involve me) but I'm not sure I can justify the extra effort. A single ID and password is probably all we'll really need. 2. I've never worked with a CMS (unless you count a bit of diddling with WordPress) but I have a general idea what they are. Given that the rest of the site is already built without one and works quite nicely, I don't see re-engineering the whole site in a CMS just to get a small password-protected area. Then again, I have been toying with trying a CMS just to see if it makes the site maintainable/expandable by people that aren't that technical. At the moment, if I get hit by the proverbial bus, the club is in deep trouble because I'm the only one who can maintain the website. But I'm bringing two of the members up to speed on the main things they'll need to know so that will work out in due course as long as that bus doesn't come along too soon. ;-)
Thank you. I had dabbled a tiny bit with that technique not too long ago so I was aware of it. It may still be a good solution. I'll have to experiment with it and see how user-friendly it is for the less-technical members of the club. Maybe it's better than the zubrag script.
The benefit of the htaccess/htpassword is that it involves minimal effort, and presents the user's with an extremely simple (albeit different than normal) interface. A potential pitfall is that this technique only works on an Apache server, which may or may not be a concern.
yes an htaccess file is the best option for your case... its just 1 line of code, as long as you decide to put all protected files under the same folder. additionally, if this is a physical club, located only in one place, you could add extra security (making it at least 95% more secure), by adding few simple htaccess rules, to deny all traffic (at least for this protected folder), based on IP range, so you would accept traffic only from a country (cuts off most east world hackers/crackers and malicious users) or even at a state/city IP range.
here is a free htaccess generator to block specific countries: http://www.ip2location.com/free/visitor-blocker this way, a simple htaccess password protected folder, will give you more piece of mind, as you are exposed to much less millions of users, instead of 3+ Billions worldwide