I've password protected two nested folders on my site. The 'root' folder (security tier I) has a generic logon/password and the sub-folder (security tier II) has individualized logon/passwords that I'll maintain.

My question: during my testing, I enter a correct logon/password for the root folder, and then enter the sub-folder with its correct logon/password, why does my browser remember these logons when I exit the browser session?

I’ll close the browser and open a new instance, but I can still gain access to these 'protected' folders. When the browser is closed, shouldn’t that force the user to logon again? I don't believe I've set any cookies on the site. What is going on? :confused:

I'm using Mozilla/5.0 (Windows NT 5.1; en-US; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9 and specifically telling Firefox NOT to remember the password.

Thanks very much.

Bump, bump, bump

Does it exhibit the same behavior with IE?

Using IE7.0.5730.11 prompts for a password at the root directory. I entered a correct logon/password. Next I clicked on the sub-folder and I am prompted again for the sub-folder logon/password (just like it is supposed to work).

However, if I close that session of IE, and open a new session, I am again prompted for a logon/password at the root directory, but then I have full access to the sub-folder WITHOUT entering its logon/password combination.

Very strange.

BTW, tech support at Bluehost told me to switch to FireFox because it works better with cPanel and I've been using it ever since. I don't plan on going back to IE since Microsoft "upgraded" to version 7...crashes everytime I exit the browser-nice :(

Well, there must have been some little 'nasty' residing on my harddrive as it now seems to be working after totally purging my Temporary Internet Files folder.

Not sure how it got there.

Thanks

:confused: Since you were able to password protect folders and subfolders, will you please share with me how you did that? thanks a bunch!

Um, go to the Control Panel and click on "Password Protect Directories."

ok, so i can do a password for a directory and then the sub-directory. how do I set up a "user" who can access it? Will they be able to access any more than the sub-directory?

Select the folder, you will be taken to a new page.
you can create a user by entering their details in the bottom two boxes (username and password) then click Add/Modify authorized user

This is where you CREATE the user, it is not asking you for an existing user or password
hope this helps

yes,I did that, guess what I meant was - how does the "user" access that folder? Do they have to be logged in under my domain name with my password or can they access the one folder by their user name and password? If latter, where do they go to do that?:confused:

When the user tries to access that folder, a popup window will demand a username and password.

I'm glad my OP is helping out others. I thought I was the only one with problems :D

Here's a twist, is there a way to allow users to automatically create a logon/password combination that THEY control? My guess is NOT with static html files.

It would be great if my site would automatically create a "temporary" logon/password (through a request access page-asp or php) and the user would then be directed to create a "unique" logon/password that I wouldn't see (i.e. read: ***), but that I could still delete their access to the site when needed.

Thanks in advance

There's a commercial solution (or two or three) available to password protect static html files in a specific directory, and will allow you to sell or give away memberships. The scripts is pretty configurable and as I remember you get decent support, for a script cost of about $150 if I'm not mistaken.

Check out aMember (http://www.amember.com/) and see if it offers what you need.

P.S. I'm not selling anything and I don't work for them. I have used their script in the past, working with a client of mine, and I was favorably impressed with the functionality and configuration options, that's all.

:)

I don't mean that they control the login and password, but only that they can get on that one page to make some changes. They need to get on that page and not get on my index or other pages. i don't want them to mess with any other pages,:confused: but they want to be able to make some simple updates on their page. isn't that possible?:confused:

Restricting access to directories just means you control who is able to view your pages. To allow people to edit pages, you would probably need to look at a content management system. There are loads of them out there.

You're wanting to give each person a page that they can edit? Like a news or blog site? I'm not sure what your "big picture" looks like or what you want your users to be able to do.

But, I can point you to a site that lets you try bunches of different CMS and groupware scripts, if that helps. All of the scripts demo'd on this site are free, and take only time to learn to use them:

http://www.opensourcecms.com/

On the left column, click the plus sign next to the folder that says Portals (CMS) and see if you can find anything that'll enable you to do what you want with your site.

:)

Yes, a CMS will do this. I have done similar things with Drupal.

If you are looking for a script that allows somebody to access a password protected directory by signing up, I have a script for that. But it won't allow them to edit the web pages.

If you are looking for a script that allows somebody to access a password protected directory by signing up, I have a script for that. But it won't allow them to edit the web pages.

Hi Bobdog...the script you describe is the exact thing I'm looking for. I have my wordpress blog installed on here for new baby on the way...and I'd like to have people sign up to get access (I have public_html directory password protected through cpanel) as opposed to passing around one valid password for everyone we'd like (hoping it didn't propagate too much), or having to do it one by one manually through cpanel.

Much thanks in advance!

Are you using php $SESSION or .htaccess? There is a timeout clause for the php and a session logout like...

function procLogout(){
global $session;
$retval = $session->logout();
header("Location: ../");
}

I like to put login and out all into one simple file called process, it just makes things easier. I am not to sure about how to logout of the .htaccess.

Huggies,

You know you could do this with Drupal. Have the person log in before seeing articles...

however if you want my script, PM me

bean48009, don't know if you're asking that question to me or previous person. I'm using .htaccess on my public_html folder.

Bobdog, have checked a bit of drupal and I'm not sure if it's overkill for what i'm trying to do, or if it works very easy with a directory password protected (my wordpress blog). In any case, I've sent you PM...much thanks!

Huggies,

Check your private messages. I sent you the script.

You will need to make a msql database. Just use control panel, create database, then phpmyadmin to add table.

This snippet will come in handy in phpmyadmin

CREATE TABLE `clients` (
`Salutation` varchar(100) NOT NULL default '',
`Name` varchar(100) NOT NULL default '',
`Email` varchar(100) NOT NULL default '',
`Address` varchar(255) NOT NULL default '',
`City` varchar(50) NOT NULL default '',
`State` varchar(50) NOT NULL default '',
`Country` char(2) NOT NULL default '',
`Zip` varchar(6) NOT NULL default '',
`Username` varchar(50) NOT NULL default '',
`Password` varchar(50) NOT NULL default '',
UNIQUE KEY `Username` (`Username`),
UNIQUE KEY `Email` (`Email`)
)

Have FUN!