Gossamer Forum
Home : Products : Links 2.0 : Discussions :

.htaccess

Quote Reply
.htaccess
Hello, I know that this matter have been discussed many time but I think that I have a specific problem.
My web provider netfirms.com doese not support .htaccess, is there another way to protect admin.cgi or admin directory?

the server is:
SERVER_SOFTWARE = Apache/1.3.9 (Unix)

Thank you for reading this

Quote Reply
Re: .htaccess In reply to
Yeah I believe there's a few admin password protect mods around somewhere. Try searching the forum for password protect. They're obviously not as secure as .htaccess but are better than nothing.

Glenn

Links 2 Mods Site:
http://cgi-resource.co.uk/pages/links2mods.shtml
Quote Reply
Re: .htaccess In reply to
Hello,

I search desperate for the password mod. Unfortunately, I could not find it.
Can somebody help me?



regards

Bernd


Quote Reply
Re: .htaccess In reply to
Guess you did not:

a) Click on Resources in the top menu bar
of the forum pages.
b) Did not even browse through the Links section.
c) Did not search for password protect in the Resources
section's search box.
d) All the above
e) Some of the above, but still no excuse

Go to the following page:

http://www.gossamer-threads.com/...ery=protect+password

AND you WILL see a number of PASSWORD PROTECTION FOR THE ADMIN script on that page.

Regards,

Eliot Lee
Quote Reply
Re: .htaccess In reply to
There's one available here:

http://www.ace-installer.com

Glenn

Links 2 Mods Site:
http://cgi-resource.co.uk/pages/links2mods.shtml
Quote Reply
Re: .htaccess In reply to
I wouldn't recommend it though (sorry Andy) - it only protects admin.cgi and none of the other files so anyone can run nph-build.cgi or and other file in the admin directory.

Paul
Installations:http://wiredon.net/gt/
Support: http://wiredon.net/forum/

Quote Reply
Re: .htaccess In reply to
Did anyone do a password protect using a session cookie. Cause that would be a better solution. Then you could have a few lines of code at the top of each cgi script nph-build.cgi, etc... that looks for and takes the value of the cookie.

If there's not already one available I don't mind posting one as it wouldn't take too much time to do.

Glenn

Links 2 Mods Site:
http://cgi-resource.co.uk/pages/links2mods.shtml
Quote Reply
Re: .htaccess In reply to
Widgetz old Mod did have session/client cookies enabled, I believe...but there is not a current Mod that uses session variables...one thing to consider is adapting DBMAN's authentication scheme across the LINKS 2.0 admin CGI scripts.

Regards,

Eliot Lee
Quote Reply
Re: .htaccess In reply to
I've put together a quick solution and posted the instructions here:

http://cgi-resource.co.uk/pages/password.shtml

I'll improve it etc.. later in the summer when I get some spare time..

Remember if you can use .htaccess etc.. then use that instead. This is only for those that for some reason can not use .htaccess files.

It uses a session cookie and offers a bit of protection to all of the cgi files in the admin directory.

Glenn

Links 2 Mods Site:
http://cgi-resource.co.uk/pages/links2mods.shtml
Quote Reply
Re: .htaccess In reply to
Oh yeah also it has the following features:

Temporarily log the person's ip address plus count the number of attempts they have made. A person only has 5 attempts. They would then need to log off and log on again before they could try again. Their ip address is stored for x number of hours and so will not be able to log in that time. Once logged in any previous attempts/failures are cleared.

There's also a timeout so, if the login window was left open for more than x number of minutes the user would need to refresh the browser before going in.

Glenn

Links 2 Mods Site:
http://cgi-resource.co.uk/pages/links2mods.shtml
Quote Reply
Re: .htaccess In reply to
Thank you for all these replies. I did exactly what Glenn wrote, but admin.cgi gives 404 error and if i remove that part of Glenn it works again...
thanx

Quote Reply
Re: .htaccess In reply to
I'll check I didn't do any typo's etc.. in the instructions sometime next week. I tested it on my site and it works fine with no errors.

I just had a quick check and can't see any imediate errors there. Have you created a blank timer.txt and have you created a password file in your admin directory?

Did you put the code below where it says my %in = &parse_form;?

When you go to admin.cgi did you make sure you pointed to:

admin.cgi?&login=yes





Glenn

Links 2 Mods Site:
http://cgi-resource.co.uk/pages/links2mods.shtml
Quote Reply
Re: .htaccess In reply to
Yeah I made an admin protect script that used cookies and it worked pretty well - in fact perfectly, but Jerry Su told me it wasn't very safe because anyone could manually make a cookie and get into the admin area.

Paul
Installations:http://wiredon.net/gt/
Support: http://wiredon.net/forum/

Quote Reply
Re: .htaccess In reply to
'anyone could manually make a cookie and get into the admin area'

Yep peope can't do that with mine Smile as the password is stored in a session cookie and before a cgi script in admin is run their session cookie is checked to see if that password is exactly the same as the one defined in admin.

The only problem with mine is that their password is stored in a text file on their server. However as long as they don't have directory browsing and don't name the file something obvious like password.txt it should be fine.

Glenn

Links 2 Mods Site:
http://cgi-resource.co.uk/pages/links2mods.shtml
Quote Reply
Re: .htaccess In reply to
Another thing that could be done (but wouldn't be useful to most people). Is if your ip address isn't dynamic. Ie. you have a set ip address. Then this could be added as an extra check as well so people can only access the admin scripts from that ip.

Glenn

Links 2 Mods Site:
http://cgi-resource.co.uk/pages/links2mods.shtml