HTTP Authentication Using PHP CGI and Apache

Raven · Posted: Thu Jul 28, 2005 9:17 am

In order for NS to write to .htaccess it has to be 666 or 777. If you don't plan on adding or changing adminid's and/or passwords, then you can change .staccess to 644. I never tried 444 - it MIGHT work, but I'm not sure. 644 is safe though.

bluestraveller · New Member Joined: Jul 29, 2005 Posts: 2

Hi Raven,

you are providing a lot of support here an I really appreciate that. But so far, after reading this entire thread, I was not able to find an answer to my problem.

I have installed Sentinel NukeSentinel vs. 2.1.3 UNI on a PHPNuke 7.0 system. The entire installation went very smoth. But now I have the problem that nobody is able to access the index.php. When ever somebody tries that, they will receive "You can't access this file directly..." I did not switch on any authentication like .htaccess. So all the fields in the SQL database are empty or set to 0. I will add this additional authentication later when I got more experience with your software. So what did I do wrong? Why is nobody able to access the public places of my site as an anonymous user?

Greets from Germany,

Blues

PS: UPDATE
I uninstalled Sentinel now from the system but still getting the message: "You can't access this file directly..." I realy need some help here.

BobMarion · Posted: Sat Jul 30, 2005 10:15 am

Did you add the Auth code to the .htaccess file? If you did by chance did you alter it in anyway before you inserted it? Sounds like one us may need to login via ftp and see if there was/is an install problem. If you would like me to login via ftp to look at it email me at webmaster(at)nukescripts(dot)net with the info

bluestraveller · New Member Joined: Jul 29, 2005 Posts: 2

Sorry but I did not put any code into the htaccess file so far. But as I wrote before, even after I uninstalled Sentinel I got the same message again. I think I got rid of the problem now after installing chatserv patch level 3.1. After diging through the code, it looks to me as if the "new user verification" module I use with the page, is causing the problems after I installed Sentinel.

When I have finished patching the site I might give it a try with NukeSentinel_71-78_232. I hope it will work.

Thanks for your support anyway.

sraabon · New Member Joined: Aug 30, 2005 Posts: 3

I am pretty new in nukesentinel world, however, after few days of hard works , I made my site running well with sentinel. But, I still havent enable my .htaccess yet . And the process was written above is way beyond my understanding.

Can someone come up with step-by-step process in order to make my .htaccess file to run ?????

Any help would be appriciated ......

Peace out .....

wakey · Posted: Sun Dec 18, 2005 10:49 am

the bloody thing wont let me log in and i used the distro from your site with sentimel allready inserted!! AGHHHHH this thing is giveing me a headache nevermind the browser. i set it up according to your instructions in the distro but i cant use the http access thing cos it only says cgi what do i need to do? EXACTLY as i do not know a blody thing about php
thanx Blonde Moment

wakey · Posted: Sun Dec 18, 2005 11:36 am

ok i have just found some very interesting information if you are on an apace server and can not find out your path downloadd the error log and open it in either notepad or wordpad!

my root is /home/virtual/site240/fst/var/www/html/portal which is not mentiond on the admin cp of my server the idiots!!

raven i might not need help if this works
im gona try now!
back in a mo ppl

wakey · Posted: Sun Dec 18, 2005 11:39 am

RAVEN IS THE BEST MAN THIS SITE has saved my ass thanks m8 my .staccess dir was mighty long but my site now works with the advanced login

Wave

Raven · Posted: Sun Dec 18, 2005 2:48 pm

Great! I have been out and am just catching up. Sorry I wasn't around earlier but it seems it turned out for the better Wink

wakey · Posted: Sun Dec 18, 2005 6:56 pm

yea i actualy inserted the dir incorectly u see i use uk cheapest for my host and on their admin panel it just gives you "var/www/html/" not the full script

NOTE TO OTHER USERS*******
for those that do not know their full Dir on a apahe system use the error log and that will tell you!!!! RTM

:

djrino · Regular Joined: Mar 11, 2005 Posts: 52

Hi Raven..
i have read and read but nothing..
I'm testing on my localhost ( phpnue 7.5 pacth 3.1 and appser running)

I'm not a programer só i have more confused go hehe

Step 1) on my .htacces i put this code

Quote:

<Files .mysecretfile>
deny from all
</Files>

<Files admin.php>
<Limit GET POST PUT>
require valid-user
</Limit>
AuthName "Restricted"
AuthType Basic
AuthUserFile .mysecretfile
</Files>

Step 2) with your crypt.php code i coding my password

Step 3) with macromedia dw i create a file named .mysecretfile, (my username and password are test) now on it i have:

Quote:

test:109qlJe/bF3vE

Not work..
is correct or i make any mod on step 1 becouse my .mysecretfile on my case is on C:\AppServ\www\Omeunukesite..

And sentinel on phpnuke need a modification?

Many tnx for your time

justjayse · New Member Joined: Dec 31, 2005 Posts: 22

hi there,
i tried to run your crypt script, and it doesnt work for me. When i enter my stuff in and hit submit nothing happens, it just clear the form. Also should i be able to see this under the submit button?

".$_POST['pw']." translated is ".crypt($_POST['pw'],$_POST['salt']).""; } ?>

Raven · Posted: Fri Jan 06, 2006 7:38 am

It sounds like your copy/paste didn't work correctly. Try it again. The script does work.

justjayse · New Member Joined: Dec 31, 2005 Posts: 22

<form method='post'>
Enter password to be encrypted using crypt(): <input name='pw'><br /><br />
Enter the 'salt' value for the encryption (2 long): <input name='salt' maxlength='2'><br /><br />
<input type='submit' name='submit' value='Encrypt'><br /><br />
<?
if (isset($_POST['submit'])&&isset($_POST['pw'])&&!empty($_POST['pw'])) {
echo "Password <b>".$_POST['pw']."</b> translated is <b>".crypt($_POST['pw'],$_POST['salt'])."</b>";
}
?>

is what i have in my file. Now will this run locally or does it need to be on my server? Sorry, been looooong week lol.

Raven · Posted: Fri Jan 06, 2006 7:46 am

Runs perfectly for me.

justjayse · New Member Joined: Dec 31, 2005 Posts: 22

ok yeah, i uploaded it to the server and it ran, i was trying to do it locally, didn't know that was a no no Razz

Btw any update on 2.0?

justjayse · New Member Joined: Dec 31, 2005 Posts: 22

hmmm quick side note, i tried running your realpath script and i just get
rp = and nothing there. and i uploaded it the base nuke directory

Raven · Posted: Fri Jan 06, 2006 7:59 am

Locally works fine for me. That's how I tested it from your post Smile

v2.0.0 should be today baring no unforseen issues Smile

justjayse · New Member Joined: Dec 31, 2005 Posts: 22

Sweet i'm looking forward to it and i'm waiting for my cash to hit my account so i can donate to ya, defintily a huge help mate.

justjayse · New Member Joined: Dec 31, 2005 Posts: 22

Ok, i uploaded everything, and i'm not getting a pop-up at all, any ideas?

Raven · Posted: Fri Jan 06, 2006 8:11 am

That normally means there is an error in your .htaccess or .staccess path. Check your server error log.

justjayse · New Member Joined: Dec 31, 2005 Posts: 22

Alrighty, i'll check and post if i find anything.

Lord_Icon · New Member Joined: Jan 07, 2006 Posts: 3

Ok here goes. I have followed though all information above. i have coded my password in .staccess so its username:password. I have put the file path in .htaccess both set to 644

I added the paths on the sentenal admin page and uploaded both the files then when trying to go to any page after that i get
"The page cannot be displayed"

have i missed a step somewhere?

Thanks

southern · Client Joined: Jan 29, 2004 Posts: 579 Location: Texas

Great stuff. I've learned more here than on the entire Internet. This httpauth in .htaccess and a secret password file works perfect for some files I don't want laying around. Raven rules!

Raven · Posted: Wed Jan 11, 2006 11:43 pm

southern wrote:

Great stuff. I've learned more here than on the entire Internet. This httpauth in .htaccess and a secret password file works perfect for some files I don't want laying around. Raven rules!

Thank you, sincerely! Hope 2006 is a banner year for you and your endeavors!