|
Three Easy Steps Create
Password Protection For
Digitally-Deliverable Products
Using Only FTP
Webmasters can now implement password-protected pages without Telnet access to sell all downloadable products. We will explain how-to create access authorization using only FTP. This will be helpful to most webmasters who want to create authentication files but who do not have Telnet. Unfortunately, most of the restricted access tutorials assume that the webmaster can use Telnet, which of course, is not true. Now you can sell your software, documents, images and music — online. You can easily protect files and
directories that require the use of a username and password, and you don’t have to be a computer programmer to do it!
You don’t need to read this paragraph. LEARN THE PASSWORD PROTECTION TUTORIALS AND RESTRICTED ACCESS SECRETS YOU NEED. ALL PASSWORD-PROTECTED FILES USER NAME AND .HTACCESS FILES ARE POSSIBLE ALONG WITH DOWNLOADABLE PRODUCTS AND .HTPASSWD FILES. MAKE SURE TO INCLUDE ONLINE PASSWORD-PROTECTING DIRECTORIES WITH ACCESS RESTRICTION. TOOLS FOR AUTHENTICATION AND ACCESS AUTHORIZATION ARE HERE. HOW-TO PUBLICATIONS PROVIDE TUTORIALS AND FREE INFORMATION. THE FILES, DOCUMENTS
ARE FREE TIPS OR FREE INFORMATION. ALL TIPS FOR HOW-TO BOOKS ARE SOLUTIONS.
Requirements.
- You own the domain name and maintain the site.
- Your site is posted on a UNIX server. (It’s possible that these tips may work on other servers.)
- You have FTP access. If you don’t have an FTP program, you can get one from http://www.ipswitch.com/
Here’s How To Do It.
http://www.yourdomain.com/protect/product1/index.htm
http://www.yourdomain/hidden/product1/.htpasswd
http://www.yourdomain.com/protect/product1/.htaccess
Notice that the last directory of each filepath has “ /product1/” in common. The reason for this is so that later, when you add additional products, it will be easier to create a unique username and passcode for each of your downloadable products, and to keep track of it all. Just rename the /product1/
directory with the names of each of your additional products.
1) Create the page(s) you want protected. This could be anything you want limited access to. For example, it could be a special document, or an image, a music file, software, or anything. Name the page:
http://www.yourdomain.com/protect/product1/index.htm
Publish (upload) it in the normal way you would publish any other web page. Notice that the directory, “/protect/” is a dedicated directory just for password-protected files. (You could name it anything you want.) Repeat this process for each page or file you want protected.
2) Create the .htpasswd file. This is the file that contains the secret username(s) and password(s) that corresponds to the page you want to protect. We do two things to help prevent people from discovering this information. (1) The password is encrypted. (2) The file itself is hidden in a different directory than the one of the page being protected.
First, we have to create the encryption: If we had Telnet access, there is a procedure to use the unix apache server to create the crypt code needed, right on your own server. Since most webmasters do not have Telnet access, you can build the appropriate encryption by going to a few websites that offer this free service. The following sites work great:
http://www.flash.net/cgi-bin/pw.pl or
http://www.sonic.net/~derk/htaccess/
http://home.golden.net/generator/
Just type in the username and the password you have chosen for the page you want to restrict.
username is “howard”
password is “opensesame”
After running it through the encryption, you get:
howard:9lljfi88eqp5s
(Please note that everytime you run the same username and password, you end up with a different encrypted password. This is the whole point of encryption! But they all will work!)
If you want to allow multiple username and passwords to be able to access the same directory, just list them on top of one another like this:
howard:9lljfi88eqp5s
harry:62dI0B3riwv6g
cindy:46Of11oy.hmss
jim:85xYleVHLYe0M
Theoretically there is no limit, but it does slow things down a bit if you have too many listed.
Copy and paste this combination (username matched with encrypted password) into a simple text file.
Now save the file. Windows does not allow you to save a file beginning with a “.” So just save it as “htpasswd.txt” and change the name remotely after you FTP it.
Upload the file to the “/hidden/product1/” directory on your site using your FTP program. (You must use in ASCII mode for this or it won’t work!)
Now, remotely change the name of the file to “.htpasswd”
Finally, you must now use the CHMOD command through your FTP program to set the permissions of the directory where this file is stored to CHMOD 755. Click here on more info on CHMOD.
3) Create the .htaccess file. This is the file that does the magic. When the browser detects this file, it will display a request for username and passcode before allowing a visitor to see the desired file. This file affects the directory and all sub-directories in which it is placed.
In a new text file, type the following:
AuthUserFile /home/yourdomain/docs/hidden/product1/.htpasswd
AuthGroupFile /dev/null
AuthName Restricted Access
AuthType Basic
<Limit GET>
require valid-user
</Limit>
AuthUserFile tells the server that it will find the file containing the passwords (.htpasswd) in the directory called /hidden/product1/
It needs to be the full UNIX pathname of where the .htpasswd file is stored. Your web host can provide you with this information.
AuthGroupFile tells the server where to find the group file. You only need a group file if you have multiple usernames associated with a single password for the same password-protected page. ( It contains only user names and doesn't hold password information.) Just leave it as /dev/null to leave this function unused.
AuthName specifies what shows up on the entry box when the browser asks the user to enter a password. You can write whatever you want here, but “Restricted Access” is the most common.
AuthType describes the type of authentication we’re using. In this case, it’s “Basic.”
<Limit GET> is an HTTP request for a file that is sent by a browser to a server. This line limits the power of GET by saying that only the valid user may look at files in this directory. If you want to allow other methods (particularly in CGI directories), you can specify them separated by spaces in the LIMIT directive. (LIMIT GET POST PUT)
Add one blank line at the end of the .htaccess file or it won’t work!
There must not be any spaces or special characters after any of the lines.
Now save the file. Windows does not allow you to save a file beginning with a “.” So just save it as “htaccess.txt” and change the name remotely after you FTP it.
Upload this file to the “/protect/product1/” directory on your site using your FTP program. (You must use in ASCII mode for this or it won’t work!)
Now, remotely change the name of the file to “.htaccess”
Finally, you must now use the CHMOD command through your FTP program to set the permissions of the directory where this file is stored to CHMOD 755. Click here on more info on CHMOD.
Now, when someone attempts to access the password-protected page, their browser will display a request for “authentication.” The user must type in the correct username and passcode. Once this is done, they will gain immediate access to the desired page.
Repeat the above process for any web page or file you wish to have restricted access.
Automate Your Sales.
You can automate your sales if you use the above password -protection technique in conjunction with an Digital Product Delivery Interface, connected to a shopping cart. This way, people can select the product they want, pay for it online, immediately be issued the username and password to access the product, receive email confirmation of all this, and then access the product — all without requiring your attention!
The money gets deposited to your bank account, while you can be off creating more products (If not finally taking a vacation).
About This Information.
My name is Howard Richman. I am not a computer programmer. If I can do this, so can you! What I’ve attempted to do here is research rather hard-to-find information from many, many sources and put it clearly all in one place. If you have additional questions about this, I definitely cannot help you because everything I possibly know about this subject is here on this page. But I do believe that you’ll find it very helpful.
For more details on this subject, please consult the following sources:
NCSA httpd documentation on .htaccess files.
Mosaic User Authentication Tutorial
Please see our information on setting up digital product delivery for any merchandise that does not need to be shipped.
Please see our free information on setting up a custom error message to keep people on your site.
Products We Recommend.
 I don’t think it’s a good idea to give your toddler access to the internet. But if it’s unavoidable, you absolutely must get an internet filter.
CyberPatrol's
 big advantage is versatility. It gives parents more options than any competing product. Customization can apply to any or all users. All parental control software lets users restrict kids' access to Internet
applications like chat, file-sharing or web browsing, but CyberPatrol can also restrict access to programs on the computer's hard drive, such as games or finance software.
|
