I need to create a password protected area of a web site, but only have experience setting this with Ultradev, ASP, and SQL. My situation now necessitates that I set this site up running on top of Linux Cobalt Raq Server. I believe that this will require client side authentication(Javascript) but I'm not really sure on how to proceed. Can anyone point me in the right direction??

The most secure way to password protect a section of your site would be to use an htaccess file, if it is only a single page then visit www.dwfaq.com and look under the PHP snippets and you will see a bit of code I have written which will force a 401 header and check the username and password against a MySQL database, I am also sure Tim has written an extesnion for this.

George

Everybody has got to be somewhere

I have George, but it's part of a suite that will be released sometime in the future.

However, I do believe that the RAQ Administration interface allows you to password protect specific directories etc.

Tim Green

Extension & PHP TalkZone Manager
<font size=1>-------------------------------------------
<i>Please read the Forum FAQ before posting
a question to this TalkZone.</i>
-------------------------------------------
www.UDzone.com : A dynamic Dreamweaver,
Ultradev and Fireworks site for developers
by developers.
-------------------------------------------</font id=size1>

<BLOCKQUOTE id=quote><font size=1 face="Verdana, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>

The most secure way to password protect a section of your site would be to use an htaccess file
<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Verdana, Arial, Helvetica" size=2 id=quote>

In order to be able to use Authentication from within a .htaccess file, don't forget that Apache must be able to override the Auth option.

If Apache has a AllowOverride None tag in it's config file, it won't even look at the .htaccess file (Cf : httpd.apache.org/docs/mod/core.html#allowoverride)

In short, you must have at least "AllowOverride AuthConfig" in your Directory tag. Though, if you have access to the httpd.conf file, then I would suggest that you setup the authentication scheme directly within this file, by specifying a .htpasswd file wich will contain the user/password. (Don't forget to use the MD5 encryption <img src=../images/dmxzone/forum/icon_smile_wink.gif border=0 align=middle>

I say this, because very often one have an AllowOverride None in the httpd.conf, and then the .htaccess is completely unuseful.

--- Better to die trying, than never try at all ---