Password protecting entire site???

SiDiuS

Weaksauce
Joined
Mar 6, 2003
Messages
120
How would I password protect an entire site without using htaccess/htpasswd? I'm doing a website for a friend of mine that has a wholesale business and he wants a page that has directions on how to get a username and password for the site(prompts for the users name, address, phone number, and business license # and to contact him for it. ), and a login pass box on the page somewhere. He doesnt want his competition seeing his product.
 

HorsePunchKid

[H]ard|Gawd
Joined
Nov 6, 2003
Messages
1,414
It would probably help us give suggestions if you told us why using Apache's Basic authentication is impossible. It's certainly the most obvious solution. If you're not using Apache, I imagine your web server still has Basic auth capabilities. What kind of server environment is it, anyway? Can you use PHP or something similar? Do you have access to a database (MySQL or the like) in which you can make new tables?
 

lomn75

Purple Ace
Joined
Jun 26, 2000
Messages
6,613
PHP or other server-side scripting is what you'll want if not basic auth.

Here's code in a nutshell:
Code:
<?php 
if(!isset($_SESSION["user"])) // not logged in
{ ?>
Put your login / request access code here.
Once login is confirmed, set $_SESSION["user"]
<?php }
else
{ ?>
Logged in, put your info here.
<?php } ?>

Login itself is a basic user/password cross-reference with some form of database (even a text file that doesn't allow external access is fine). I recommend, at a minimum, using a nonce + MD5 hashing in Javascript to secure the login, though SSL is preferable if available.
 

btownfreak

n00b
Joined
Jan 12, 2005
Messages
12
yeah, with the php, you can just have your code on one file .. lets say .. "keepout.php", and on every website, you just need a one liner

<?PHP require_once("keepout.php") ?>

and it will include that code on your page.

catch is you might need a server that process .html as php files also.
 

lomn75

Purple Ace
Joined
Jun 26, 2000
Messages
6,613
btownfreak said:
catch is you might need a server that process .html as php files also.
That can always be added by .htaccess if necessary.
 
Top