This simple program will allow
you to manually mange users using unix .htaccess files. The
technology is dated primarily because of the limitations. The
htaccess method works very well for small numbers of users.
It is still the most popular
method for password protecting a directory. By placing a smple .htaccess
file in a web directory pointing to a password list you can limit
all accesses to that directory.
The primary limit of the
technology is due to the process of reading the password list on
every request. That inclues every text file and every image. If
there are 100 images on a page the password file will be read 100
times for the single user.
With password files exceeding
10,000 users the process can severely slow down server
performance. So most companies working with large numbers of
users have developed encrypted cookie based password systems.
UNIX is also case sensitive.
So the passwords are case sensitive making it very difficult for
users that do not understand programing. This is one of the big
reasons for using other password systems so that it is easier for
the end user.
However the technology is
still superior for small numbers of users. And it is easy to use
and manage as well as being highly configurable.
DEMO Password Protection
I have written a simple
program to add users to a password file.
There are only 2 files you
need. The adduser.cgi and the .htaccess file.
The .htaccess file needs to
point to the password file and be placed in the directory you
want to protect.
The .htaccess file is a plain
text file with the following text:
Modify the actual path to your .htpassword
file and place the file in any directory. Now the only way you
can access any files in that directory or any sub directory is by
authenticating the username and password.
To create the actual password file.
Modify the path to the password file in the
Upload the adduser.cgi and chmod 0755.
Then just access the adduser.cgi via your
web browser and add all the usernames and passwords you need. The
first thing you will want to protect is the adduser.cgi. Or
remove the program after you create the passfile.
You can create multiple passfiles and
protect different directories with different passwords. This
allows you to create an administrative directory to manage users
while providing access to a members or subscription area to those
You can remove users, by editing the
password files and just removing the line for that user.
This is a simple solution that is well
written so you can expand on it easily. Work the sub routines
into a membership program or forum signup. We are more concerned
with showing you how to set up the program rather than providing
a fully developed password system. This program will provide you
with the basic tool to begin developing password protection.
The demo program on this website also uses
the image verification to prevent bots from tripping the form.
You wont need that option in your script since you wont be
letting anyone make their own passwords. The demo is a dressed up
version of the free script you can download.
Because of high demand for this tool, we
have added a more complete script for managing passwords with the
ability to manage multiple directories, add, remove and access
Get the advanced password manager for perl