Creating password protected pages on a website?

Hi all,

I've been asked to set up a website for someone, I'm not too in the know as for as this goes but if it goes well then it'll look good on me so I can sure use some help.

Basically, they want to set up a site that is accessable to everyone but certain pages only being accessible through passwords. How could I set this up? Is there an easy way in DreamWeaver or a type of code e.t.c. If you could talk to me like an idiot it'd be appreciated.

Also! They asked me about web hosting. It's not going to be a very big site, but there's so much web hosting out there I didn't know what to recommend to them. Any suggestions would be much appreciated once again.

Thank you!

In a way it depends on which webserver you use and how secure it should be. In my opinion, one of the easiest and relatively safest ways is to use .htaccess files with Apache as httpd. If you're on Apache, check it out: a tutorial with a nice intro. Basically you'd create a .htaccess file saying

AuthName "My Protected File/Directory/Blog/.."
AuthType Basic
AuthUserFile /path/to/.htpasswd
Require valid-user

.. and subsequently create a htpasswd file (if you don't have the right binaries, just use this site or any other htpasswd generator).
The AuthUserFile declaration in .htaccess should be pointing towards the .htpasswd file.
Take note: if you protect a directory, all subdirectories are protected as well.

That's all you need for the most basic protection. You could use PHP as well, in that case the safest way is a hardcoded password - I wrote a small sample but ATS doesn't like it, it seems. Basically you would store the md5sum of your password (a string of 32 characters) in the php file and compare it to the md5sum of the password input of a HTML form, if you're interested I'll paste it on pastebin.

Have fun!



edit to add: official Apache htaccess documentation!



[edit on 24-6-2009 by scraze]

Thank you so much for getting back to me scraze. Without wanting to sound moronic, what is apache?

I'm currently getting to grips with dreamweaver, and will soon be wanting to add this code, I'm just not sure if apache is another website making program or an isp?

If it's the former can you recommend a good website host?

Thank you once again.

You're welcome and that doesn't sound moronic at all - you mentioned having no experience and I just forgot to explain the necessary stuff

So here's a quick run-through: the computer that runs the website (stores the files & serves them) is the server/host, although a virtual computer (running within a program like VMWare) can be called a server as well. The program running on the server that actually serves the files when we ask for it is called the HTTP daemon; daemon being the default term for any such service. Apache is a HTTP daemon; it's not only open source/completely free, it also runs on most platforms (Windows & Linux are fully supported, for example) and is fully functional (PHP/perl/MySQL/etc.). You can download Apache from www.apache.org... (or in Linux through synaptics/apt/etc.). There are others out there, like IIS (from Microsoft); Apache seems to be the most common, however. I guess that's what you meant with isp?

I'm not sure whether I'm the best person to suggest a hosting provider - sometimes it's nice to have it local & small so you can easily contact your providers in case anything is screwed up, budgetwise it may be better to join a huge hosting provider selling accounts for a few dollars. What I can tell you is that the above works on hosts with Apache

For a suiting provider, check some hosting review sites like hosting-review.com, tophosts.com or
hostcompare.com. I'm not sure how objective those are, but at least they'll be able to give you a more comprehensive list then I can.

Finally if you can't wait to play around with stuff, just give Apache a try - shouldn't take long to download & install. It would give you the opportunity to check how the htaccess and htpasswd files work - if it works on your computer, it works on any other server with Apache (.. as long as it hasn't disabled the use of those files, of course). If you can configure your router to forward to your computer (or use direct dial-up ;P) you could even make your own computer host the files.. but unless you never shut down your computer, it's only good for fun ;D

Please don't refrain from asking 'simple' questions as I'm somewhat struggling with what is common knowledge and what isn't !

reply to post by John Nada


You can always create a password protected website using PHP and MySQL.

w3schools.com...

Hi, With the help of Mysql you can create password protected website.