Password Protected Directory question

6 posts / 0 new
Last post
#1 Thu, 08/30/2007 - 20:28
RickHaga

Password Protected Directory question

I recently added wordpress through virtualmin pro install script process. It is going to be used for a school teacher who is planning on posting notes, etc onto it. In doing so, she wanted to password it so that only her students could see the files and change the password every so often.

Getting the directory protected wasn't a problem, but now in order to get into her area, the username and password prompt comes up twice. Is it due to the wordpress program using mysql and it needing to access that directory as well? If, so how can I code it so that the prompt only comes up once? If it can't be done, then I'll just tell them that they have to enter it twice. :)

Thanks everyone for any help.

Rick

Fri, 08/31/2007 - 00:48
Joe
Joe's picture

Hey Rick,

It can't be done. The password formats are different between htpasswd and the WordPress login...so even if you detect her login, you wouldn't have a password to pass on to WordPress (I don't think). Session-based authentication can be tweaked to work across multiple apps (we do it here at Virtualmin.com, for the documentation and the bug tracker, example), but session and http authentication aren't really shareable.

You can, however, probably allow unpassword protected access to the admin and login pages:

/wp-admin/
/wp-login.php

Which will allow editing of posts without a separate web server login.

I bet there's a plugin for WordPress though, that would allow you to lock down access using WordPress users and sessions. I don't know that for sure, but there are like 80 thousand plugins for WordPress. I'm sure somebody out there wrote one to support selling of premium content or something.<br><br>Post edited by: Joe, at: 2007/08/31 00:56

--

Check out the forum guidelines!

Thu, 08/30/2007 - 15:00
RickHaga

Actually, I'm not wanting to make it that locked down. Whenever someone clicks on her name or goes to her folder, they have to enter the username and password twice before anything appears on the screen. I'd rather only have to enter it once.

I set up a user for you to try out.

http://www.pshsscience.com/agonzalez/

username is tempuser
pass is TEST07

Try it out and see that is requests it twice. I tried to set up the protected directory with the / and without it. I didn't know if maybe that was causing the problem, but it's not.

Thanks

Thu, 08/30/2007 - 23:19 (Reply to #3)
Joe
Joe's picture

Weird. How'd you manage that?

You've got two different realms asking for authentication (so the browser asks for passwords twice). Remove the extra login check, or set them to the same realm (identical realm--any difference means the browser will re-ask for pass) if you really need two layers for some reason (but I'm thinking you're not intending to have that).

Depending on how you setup the password protection, you could have an .htaccess file in the relevant directory, or it could be in the httpd.conf file in the Directory section of this script.

--

Check out the forum guidelines!

Thu, 08/30/2007 - 15:02
RickHaga

Actually, I'm not wanting to make it that locked down. Whenever someone clicks on her name or goes to her folder, they have to enter the username and password twice before anything appears on the screen. I'd rather only have to enter it once.

I set up a user for you to try out.

http://www.pshsscience.com/agonzalez/

username is tempuser
pass is TEST07

Try it out and see that is requests it twice. I tried to set up the protected directory with the / and without it. I didn't know if maybe that was causing the problem, but it's not.

Thanks

Thu, 08/30/2007 - 15:02
RickHaga

Sorry about the double post. Not sure what I did.

Topic locked