.htpasswd for multiple users

#1 · 14-06-2002 1:27am #1

Right, what I want to do is create a .htpasswd file for multiple users. Sounds easy? well thats cos it is. What has me somewhat baffled is that when a user logs in (each given their own unique u/n and p/w) I want each user to be directed to a different address within the password protected directory.

For Example
lets assume my password protected directory is /members

Joe Soap logs in using username joe and password soap
Larry Smith logs in using username laddy and password smith

I want Joe Soap to see /members/joesoap
and in the same way I want Larry Smith to see /members/larrysmith

Now I could do this the easy way but thats not been my style of late. Another reason I cant do it the easy way (1 .htaccess file in each user directory) is because I dont want the users to know other users exist... if u get me...

So Joe Soap goes to www.domain.com and instead of clicking on a link to bring him to /members/joesoap where he must enter his password, the password script does it all automatically...

Maybe I'm missing something very basic in the script, but I owe whoever sorts this a pint of the black stuff

Thanks for the help

The Corinthian · 14-06-2002 2:51am

If you use PHP:
[PHP]
if(!isset($PHP_AUTH_USER)) {
Header("WWW-Authenticate: Basic realm=\"Members Area\"");
Header("HTTP/1.0 401 Unauthorized");
exit;
} else {
$str_MembersDir = "/members/".$PHP_AUTH_USER.$PHP_AUTH_PW."/index.html";
if (file_exists($str_MembersDir)) {
header ("Location: ".$str_MembersDir);
exit;
} else {
Header("HTTP/1.0 401 Unauthorized");
exit;
}
}
[/PHP]
Tweak as required. Usual disclaimers, &c. apply.

[edit]fleshed out the code a bit.[/edit]

hacktavist · 14-06-2002 4:08am

Well if you do it like that then all users have access to the other users pages.
Like if joesoap logs in he has access to all directorys in /members/
so he can see /members/johnnyjoe/ aswell as /members/joesoap/
Dunno do you get me, its early ill post again tomoro it might make more sense.

steve-hosting36 · 14-06-2002 9:22am

Why not put a 'group' htaccess on the members folder, and a seperate htaccess on the members actual folders, which only allows that member to log in? All the htaccess can ref the same htpasswd file,

Steve

The Corinthian · 14-06-2002 11:42am

Originally posted by hacktavist
Well if you do it like that then all users have access to the other users pages.

Sure, if they have the other users' passwords and usernames. Unless they can see the directory stucture (in which case .htpasswd is not going to save you 'cos you've been rooted) they'll still need both username and password. As there will be different htaccess files in each directory.

Originally posted by steve-hosting36
Why not put a 'group' htaccess on the members folder, and a seperate htaccess on the members actual folders, which only allows that member to log in? All the htaccess can ref the same htpasswd file,

rymus' requirements are that ppl log in at a single point, before being passed on. A htaccess file in the main folder would ne unnessessary as it's a duplication of those within the indiviual directories.

rymus · 16-06-2002 8:59pm

tried a few things and eventually decided to stick to the more conventional method of setting up a htaccess file per user and assigning each user a subdomain where they can login. Tried a few things with PHP but alas I dont have the time or patience

And hey Corinthian, thanks for that code. Its already come in handy for something else I'm working on

.htpasswd for multiple users

Comments