Jump to content

Secure Member Area

dlafko1

By dlafko1
in Application Design

 Share

Recommended Posts

dlafko1 Newbie

dlafko1

Posted
Posted

I am a beginner with very little experience.  I am trying to learn how to create a secure website page.  Were I get a list of names from a client with passwords I put them into the system and then there is a page/pages that these members can see by imputing there information.

 

 

 

How do I do this..

 

 

 

example site would be  www.schuylkillgop.org

  and then on the home page go to committee man log in.. This site was built by someone else and I am trying to do this for a site I am working on..

 

 

 

Any help would be appreciated.. Again I am a newbie so detailed explanation or the codes to do it would be great.

 

 

 

 

Link to comment
Share on other sites
SoccerGloves Newbie

SoccerGloves

Posted
Posted

Hi!

 

There are a couple ways to do this. 

 

Method 1: make it yourself.

 

One way is to actually build the security using PHP (or some other scripting language).  What I mean is that you would write the computer code that would handle these tasks:  (A) getting the users log in information, (B) checking that it is valid, © if valid, giving access to the protected area of the site, and © possibly also building a tool to register new users.  This is the harder of the three options, but it is also more flexible and lets you do more cool things.  For example, PHPFreaks uses something like this that was coded in PHP.

 

Method 2: Use the server's security system.

 

The second way is easier, simpler, but less powerful (I DON'T mean less secure - I mean it gives you less flexibility).  It looks like the site that you gave as an example uses this kind of system.  Server software (usually the open source Apache software) is what makes your website work - when someone types in your website address, Apache gets the request and responds by sending the requested page.  Apache has a built-in system for creating website security, and it is pretty easy to use.  However, whether it works or not may depend on your version of Apache (if you have that, which I'm pretty confident you do).  I think it is a pretty standard system.

 

Basically, you just need to create a special file on your server with the list of acceptable usernames and passwords, and Apache takes care of the rest.  Actually, I think you need two files - one will end with ".htaccess" and the other with ".htpasswd".  Even better, instead of creating these files, you can edit the Apache settings, but sometimes internet hosting services do not allow you to do this, so the ".htaccess" and ".htpasswd" file may be your best bet.

 

This looked like a pretty good tutorial for how to do this:

 

http://www.addedbytes.com/articles/password-protect-a-directory-with-htaccess/

 

And this is the official Apache website's article about security:  (But I like the first tutorial better =)

 

http://httpd.apache.org/docs/2.2/howto/htaccess.html#auth

 

Method 3: Use somebody else's tool.

 

There are a lot of cool, free tools like Wordpress, Drupal, Joomla!, and so on that handle users and passwords for you, and also help you to build your site, but they may or may not be what you are looking for.  They are called "content management systems" (Or atleast I think that is what they are called! =)

 

Hope this helps! 

-Ryan S

Link to comment
Share on other sites
dlafko1 Newbie

dlafko1

Posted
  • Author
Posted

Thanks for the info.. For APache how do I get it if the server I am using does not have it or how do I access it.. I use godaddy.

 

The php is one one I think i would rather use as it would be easier to edit users..

 

For PHP is that somenthing you can teach me thru Private E-mail?

Link to comment
Share on other sites
SoccerGloves Newbie

SoccerGloves

Posted
Posted

I looked on Godaddy, and it looks like they only use Apache, so you should be set in that regard (http://community.godaddy.com/help/article/124). 

 

I like the Apache method best for simplicity;  you said "The php is the one I think I would rather use as it would be easier to edit users.. ", but I think the Apache method is easier for editing users, unless you want an automated registration process, or unless you want to attach more info to your users (like phone number or mailing address).  If you just want a really simple security system with a small pool of users (maybe it would start getting tedious with 100 or more users)  and as long as you don't mind the way it looks (the simple little pop-up window) then I think this would be my favorite way.

 

Good to hear back from you by the way!  I thought it was neat that you replied so quickly =)

 

For the Apache tool, I don't think you need to download a file, you should just need to open up notepad and paste in the text shown in the tutorial, and then tweak it a little for your purposes (change the folder you want to password protect, and type in your users / passwords). 

 

Let me know if it works!

Link to comment
Share on other sites
dlafko1 Newbie

dlafko1

Posted
  • Author
Posted

Ok I appreciate the addvise, Now remember I said really new to this so can you give me a step by step... I use dreamweaver to set up sites can I do it in there...

 

The other site is using a htaccess file but when i try and open it from dreamweaver it says the file is unsupported.. NOw that is on a diffrent site so maybe they have it blocked so I can not access it..

 

Do I need a note pad file or can I use a file in Dreamweaver?  I will try and let you know.

 

Thanks for the help this is just above me..

Link to comment
Share on other sites
SoccerGloves Newbie

SoccerGloves

Posted
Posted

OK!  So, actually, Godaddy has a neat, easy-security tool built into it.    (I have a godaddy account, too - I didn't break into yours or anything =)

 

[*]Log on to godaddy.com

[*]if not yet selected, click the "my account" tab at the top right

[*]on the green strip that appears at the top of the page, click "my products".

[*]Scroll down until you see a black bar with the heading "products".  Bellow that and on the left is "web hosting" - click that.

[*]the screen will change slightly and you will see your hosting plans listed - click the green "launch" arrow for the one that you want to work with. (you might only have one account, like me)

[*]You should get a completely new screen after clicking the launch button.  Click the large silver button near the top left that says "your files - manage site content".

[*]This should give you a cool file-system tool on-screen.

[*]Pick the folder that you want to protect.  If you want a certain area of your website to be only available to members, then make a folder called "secure" or something.

[*]After you have decided on the folder that you want to secure, check the check box beside the folder (don't enter the folder).

[*]Look near the top of the tool, where you can see a lot of folder buttons, and click the one labeled "permissions"

[*]On the panel that appears, There should be 3 tabs.  Pick the tab for "password protect".

[*]Check the check box labeled "Password protect directory".  Now you have switched on security for this folder!

[*]Use the gold "add user" button to add new users.  Click the blue "remove user" link to remove users.  Click the gold "OK" button when you are done.  For me, it took about a minute for these changes to take effect on the actual site.

 

I tried this out on a simple little site for my friends (we have sword-fights with padded sticks =) 

 

http://www.oftheword.com/sword/   

 

And you can see that the site now requires a password.

 

Hope this helps!

Link to comment
Share on other sites
dlafko1 Newbie

dlafko1

Posted
  • Author
Posted

That was great.. Thanks alot  1 more question

 

ONce logged in it allows you in untill you close the web page.  Godaddy said you need a java or php script for them to log out or force it out after so long..

 

They do not do that.. Any ideas?

Link to comment
Share on other sites
SoccerGloves Newbie

SoccerGloves

Posted
Posted

Hi!  Sorry I've been slow.  It doesn't look like there are any easy log-out solutions other than quitting the browser.  If you really want to have that feature, we'll need to look at some PHP, which is fine too!  I think the tool jhbalaji gave us along the right track, and I could help you with setting something like that up.  It gets harder because you need to make changes to your web-pages themselves, instead of just clicking a switch on the godaddy admin panel, but it does have advantages (like you get to choose what the log-in box looks like, and it is actually on your page somewhere, and you get to have a log-out button =).

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.