Password Protected Directories Problem

Told you I'd be back

I am trying to password protect a dirctory on one of my ISPConfig sites.

When I try and access a page within that directory I should be prevented from accessing it until I put in a username and password. What actually happens is the the page just opens normally.

I followed the Perfect Setup - Fedora Core 4 and installed ISPConfig. Any errors that were encountered were fixed and everything seems to work perfectly.

I then installed osCOmmerce on one of my vhosts. Unfortunately this lovely piece of software won't run under php 5. So....

I uninstalled php 5 using

Code:

yum remove php

and installed php 4 using the rpms. This has fixed the problem with osCommerce which has installed and is running fine.

I then went into ISPConfig as the admin for that site, opened the site with the webFTP program, clicked on the relevant folder, clicked on the protect directory button and entered the username and password. No errors were encountered with this, but as I said at the start, when I try and access a page within that directory the page just opens normally.

Any suggestions as to were I start looking to fix this please?

Thanks a lot

 

Can you see an .htaccess file in that directory? (Use

Code:

ls -l[B][COLOR="Red"]a[/COLOR][/B]

to look at the contents of that directory on the command line.) What's in it?

 

Both .htaccess and .htpasswd are there along with the php files I want protected.

 

Just checked in .htaccess and this

Code:

# Fix certain PHP values
# (commented out by default to prevent errors occuring on certain
# servers)
#
#<IfModule mod_php4.c>
#  php_value session.use_trans_sid 0
#  php_value register_globals on
#</IfModule>

appears. I am using php4. Do I need to uncomment these lines?

.htpasswd (edited for security) contains

Code:

username:JKe47yT4pl9B0

 

I'm quite surprised where this comes from. Did you somehow replace the .htaccess file created by ISPConfig? Because it should rather look like this:

Code:

AuthType Basic
AuthName "Passwortgeschützter Bereich"
AuthUserFile [I]/path/to[/I]/.htpasswd
require user [I]username[/I]

 

All I have done is created the site within ISPConfig and installed osCommerce. Maybe that is where it came from.

In full, .htaccess is:

Code:

# $Id: .htaccess,v 1.1 2003/06/20 00:18:30 hpdl Exp $
#
# This is used with Apache WebServers
#
# For this to work, you must include the parameter 'Options' to
# the AllowOverride configuration
#
# Example:
#
# <Directory "/usr/local/apache/htdocs">
#   AllowOverride Options
# </Directory>
#
# 'All' with also work. (This configuration is in the
# apache/conf/httpd.conf file)

# The following makes adjustments to the SSL protocol for Internet
# Explorer browsers

<IfModule mod_setenvif.c>
  <IfDefine SSL>
    SetEnvIf User-Agent ".*MSIE.*" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0
  </IfDefine>
</IfModule>

# If Search Engine Friendly URLs do not work, try enabling the
# following Apache configuration parameter
#
# AcceptPathInfo On

# Fix certain PHP values
# (commented out by default to prevent errors occuring on certain
# servers)
#
#<IfModule mod_php4.c>
#  php_value session.use_trans_sid 0
#  php_value register_globals 1
#</IfModule>

After I set up osCommerce I then tried to activate the protected directory in ISPConfig and discovered the problem.

Assuming (and I don't know for sure) this is an important part of the osCommerce setup, how would I modify it to make it work as I want it to?

This is the first of at least 3 osCommerce sites I need to set up for myself so it would be great to get it sorted.

Incidentally, I notice a few people around the forums having problems with osCommerce. Once everything is sorted I'll try and put together a 'How-To' if you think it will help.

Thanks.

 

That's fixed it.

Many thanks for you help and patience guys