问题
First post, be gentle :) ... I have been doing searches on this site as well as others and realize I may be in over my head.
Here is the situation:
1) I have a website running on BlueHost (linux OS, I think is running Apache) that is open for general access
2) I have a set of php scripts on the website that I would like to limit the access to only one user via some sort of login through a webbrowser.
3) I have put the scripts in a directory under /home/public_html. I did not know how to access the files with a web browser above that level (like in /home)
4) These scripts do not access any other part of the website nor does any other part of the website access the scripts.
Here is what I tried:
1) Using cpanel to change the permissions on the directory. Result was a 404 when I try to access the scripts with a browser.
2) .htaccess/.htpasswd for the folder in question (found some instructions here and on the web). Didn't seem to force asking for a password so I probably did something wrong
I know this is vague but I will ask it anyway... Given my situation, is there a preferred approach I can research? For example, having the php code ask the user for a password, somehow accessing the scripts from the server side, etc.
Thanks for your patience and help
回答1:
Do the following in the folder where the php scripts reside,
- Create a .htaccess file in your text editor. Add the following data and save the file as .htaccess. The leading dot is important.
AuthUserFile /path/to/.htpasswd
AuthType Basic
AuthName "My Secret Files"
Require valid-user
Edit the path/to/.htpasswd to match the folder where your php scripts reside. You can also make the AuthName anything you want. This is the name the user sees when the password prompt appears.
Copy that file to the folder where your php scripts reside.
Now create the actual password file. The format looks like this:
username:encryptedPasswordYou can create a username/encrypted pair by using the free tool here:
http://www.web2generators.com/apache/htpasswd_generator
Just enter the username and the unencrypted password you want to assign the user. You may also want to assign yourself one so you can also access the files from your browser.
There are other ways to create the username and password, but this will get you up and running. You can always Google how to do it from cpanel and the command line if you prefer.
Click the generate link and copy the resulting code.
Open a new file in your text editor and paste the results.
Save it as .htpasswd
Copy that file to the folder where your php scripts and the .htaccess file reside.
Access the php script from your browser. You should be prompted to enter a user name and password before the script will execute.
回答2:
I figured out how to make it work (although not why it didn't work).
Len_D's method was absolutely correct. For some reason I had to make a subdomain out of "parent" and then it all worked out.
回答3:
BTW, You can create a username/encrypted pair by using the free tool htpasswd generator
来源:https://stackoverflow.com/questions/26289200/how-to-restrict-access-to-directory-so-i-can-run-php-scripts-from-browser