Sound Feelings Banner 1
Sound Feelings Banner 2
Sound Feelings Logo
SoundFeelingsSearchMailingList
Pin It >

Three Easy Steps Create
Password Protection For
Digitally-Deliverable Products
Using Only FTP

 

        Webmasters can now implement password-protected pages without Telnet access to sell all downloadable products. We will explain how-to create access authorization using only FTP. This will be helpful to most webmasters who want to create authentication files but who do not have Telnet. Unfortunately, most of the restricted access tutorials assume that the webmaster can use Telnet, which of course, is not true. Now you can sell your software, documents, images and music — online. You can easily protect files and directories that require the use of a username and password, and you don’t have to be a computer programmer to do it!

        See what others say about this free information.

Requirements.

      • You own the domain name and maintain the site.
      • Your site is posted on a UNIX server. (It’s possible that these tips may work on other servers.)
      • You have FTP access. If you don’t have an FTP program, you can get one from http://www.ipswitch.com/

Here’s How To Do It.

        We will be creating three separate files contained in two separate directories on your website. Please note: Elements in red bold should be replaced with your customizations.

http://www.yourdomain.com/protect/product1/index.htm
http://www.yourdomain/hidden/product1/
.htpasswd
http://www.yourdomain.com/protect/product1/.htaccess

        Notice that the last directory of each filepath has /product1/ in common. The reason for this is so that later, when you add additional products, it will be easier to create a unique username and passcode for each of your downloadable products, and to keep track of it all. Just rename the /product1/ directory with the names of each of your additional products.

        1) Create the page(s) you want protected. This could be anything you want limited access to. For example, it could be a special document, or an image, a music file, software, or anything. Name the page:

http://www.yourdomain.com/protect/product1/index.htm

        Publish (upload) it in the normal way you would publish any other web page. Notice that the directory,/protect/ is a dedicated directory just for password-protected files. (You could name it anything you want.) Repeat this process for each page or file you want protected.

        2) Create the .htpasswd file. This is the file that contains the secret username(s) and password(s) that corresponds to the page you want to protect. We do two things to help prevent people from discovering this information. (1) The password is encrypted. (2) The file itself is hidden in a different directory than the one of the page being protected.

        First, we have to create the encryption: If we had Telnet access, there is a procedure to use the unix apache server to create the crypt code needed, right on your own server. Since most webmasters do not have Telnet access, you can build the appropriate encryption by going to a few websites that offer this free service. The following sites work great:

        http://www.flash.net/cgi-bin/pw.pl or
        http://www.sonic.net/~derk/htaccess/
        http://home.golden.net/generator/

        Just type in the username and the password you have chosen for the page you want to restrict.

        username ishoward
        password is opensesame

        After running it through the encryption, you get:

howard:9lljfi88eqp5s

        (Please note that everytime you run the same username and password, you end up with a different encrypted password. This is the whole point of encryption! But they all will work!)

        If you want to allow multiple username and passwords to be able to access the same directory, just list them on top of one another like this:

howard:9lljfi88eqp5s
harry:62dI0B3riwv6g
cindy:46Of11oy.hmss
jim:85xYleVHLYe0M
 

        Theoretically there is no limit, but it does slow things down a bit if you have too many listed.

        Copy and paste this combination (username matched with encrypted password) into a simple text file.

        Now save the file. Windows does not allow you to save a file beginning with a “.” So just save it as “htpasswd.txt” and change the name remotely after you FTP it.

        Upload the file to the /hidden/product1/ directory on your site using your FTP program. (You must use in ASCII mode for this or it won’t work!)

        Now, remotely change the name of the file to “.htpasswd”

        Finally, you must now use the CHMOD command through your FTP program to set the permissions of the directory where this file is stored to CHMOD 755. Click here on more info on CHMOD.

        3) Create the .htaccess file. This is the file that does the magic. When the browser detects this file, it will display a request for username and passcode before allowing a visitor to see the desired file. This file affects the directory and all sub-directories in which it is placed.

        In a new text file, type the following:

AuthUserFile /home/yourdomain/docs/hidden/product1/.htpasswd
AuthGroupFile /dev/null
AuthName
Restricted Access
AuthType Basic

<Limit GET>
require valid-user
</Limit>

        AuthUserFile tells the server that it will find the file containing the passwords (.htpasswd) in the directory called /hidden/product1/
        It needs to be the full UNIX pathname of where the .htpasswd file is stored. Your web host can provide you with this information.

        AuthGroupFile tells the server where to find the group file. You only need a group file if you have multiple usernames associated with a single password for the same password-protected page. ( It contains only user names and doesn't hold password information.) Just leave it as /dev/null to leave this function unused.

        AuthName specifies what shows up on the entry box when the browser asks the user to enter a password. You can write whatever you want here, but “Restricted Access” is the most common.

        AuthType describes the type of authentication we’re using. In this case, it’s “Basic.”

        <Limit GET> is an HTTP request for a file that is sent by a browser to a server. This line limits the power of GET by saying that only the valid user may look at files in this directory. If you want to allow other methods (particularly in CGI directories), you can specify them separated by spaces in the LIMIT directive. (LIMIT GET POST PUT)

        Add one blank line at the end of the .htaccess file or it won’t work!
        There must not be any spaces or special characters after any of the lines.

        Now save the file. Windows does not allow you to save a file beginning with a “.” So just save it as “htaccess.txt” and change the name remotely after you FTP it.

        Upload this file to the /protect/product1/ directory on your site using your FTP program. (You must use in ASCII mode for this or it won’t work!)

        Now, remotely change the name of the file to “.htaccess”

        Finally, you must now use the CHMOD command through your FTP program to set the permissions of the directory where this file is stored to CHMOD 755. Click here on more info on CHMOD.

        Now, when someone attempts to access the password-protected page, their browser will display a request for “authentication.” The user must type in the correct username and passcode. Once this is done, they will gain immediate access to the desired page.

        Repeat the above process for any web page or file you wish to have restricted access.

Automate Your Sales.

        You can automate your sales if you use the above password -protection technique in conjunction with an Digital Product Delivery Interface, connected to a shopping cart. This way, people can select the product they want, pay for it online, immediately be issued the username and password to access the product, receive email confirmation of all this, and then access the product — all without requiring your attention! The money gets deposited to your bank account, while you can be off creating more products (If not finally taking a vacation).

About This Information.

        My name is Howard Richman. I am not a computer programmer. If I can do this, so can you! What I’ve attempted to do here is research rather hard-to-find information from many, many sources and put it clearly all in one place. If you have additional questions about this, I definitely cannot help you because everything I possibly know about this subject is here on this page. But I do believe that you’ll find it very helpful.

        For more details on this subject, please consult the following sources:
        NCSA httpd documentation on .htaccess files.
        Mosaic User Authentication Tutorial

        Please see our information on setting up digital product delivery for any merchandise that does not need to be shipped.

        Please see our free information on setting up a custom error message to keep people on your site.

Products We Recommend.

 

 

Home   About Us  Contact Us  Free  Products

Links  Privacy Policy  Security Statement  Site Map  Awards  Affiliates

Q&A  Testimonials  Disclaimers  Guarantee  Order Now!  Shopping Cart

Visa MasterCard American Express Discover Carte Blanche Diners Club En Route JCB

 

Click for the BBB Business Review Sound Feelings Publishing in Tarzana CA 

Credit Card Online Payments
 


Copyright © 1996-2014 Sound Feelings Publishing, Tarzana, California, All Rights Reserved.
Tel: +1-818-757-0600
Customer Comments

Website created by
Howard Richman with special thanks
Website maintained by
web engineer
Last updated Monday, April 03, 2017