htaccess is a nightmare.........

Carpetpaul said: "Why do I get so annoyed at not bieng able to understand something that almost seems like it could have been easy. I've read about the files required to create a password access........it just seems like some things are more complicated that they should be firstly : could anyone explain in better detail the "AuthUserFile" and how you set this up (or determine what the full and correct path is) and this is the path to eerrrrrm what exactly, do I assume it's for the password file itself. please understand that if you about to reply to this thread, the only type of path I've heard of is the [url]http://www.domainname.com/mypage/[/url] type of thing cheers - Paul"

edwin said: "the first thing you need to do is check and make sure you host has "allowoveride" on so that you can use .htaccess [code] AuthName "yoursite" AuthType Basic AuthUserFile /home/files/users require valid-user [/code] that is the .htaccess file. to create the password file you do [code] htpasswd -c /home/files/users carpetpaul [/code] you'll be prompted twice for the password. there, you're done."

Carpetpaul said: "I've already checked, and my host does support this feature. The bits that I don't understand are :- The path that you have as '/home/files/users', I'm not sure what this is the path to (is it the location of the password file ? and when I've created the password file itself, I've seen tutorials describing how to 'telnet' these details in to the server ? I'm aware that the .htaccess file itself can live within the files of my site, but the password file (for security) must be outside......it's this 'outside' bit that I don't follow....I dont understand where it means, and how to get it there (and determine the correct path to it)"

edwin said: "paul, yes that was my example path. on your server it refers to wherever you put the file. you can upload the .htaccess file, but you'll need a way to create the password file. .htpasswd is a common command line utility on linux systems. is "secure shell access" part of your hosting package? hopefully. if so, just download and use [url=http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html]putty.exe[/url]. its an easy to use terminal emulation program for either telnet or secure shell."

Carpetpaul said: "O.K - so when I've managed to get the .htpasswrd file onto the server, is there a way to view the actual path to it, so that I can just copy and paste the details into the .htaccess file ? -forgive my ignorance, but things that seem so obvious to you, are still rather confusing to me ! --P.S - is there still the less secure option of placing the password file in the same directory as the web page files ..... this site does not have to be perfectly secure. I notice that I can get some path information to display in my ftp program ie /domains/cleveleyscarpetcentre.co.uk/logs --when I've got the password file in there, surely I can just locate it and use the path displayed in the window (is the above the comlete path to 'logs' ???? Thanks - Paul"

edwin said: "sure, paul. the main thing about the path is that they agree. so if you have the path name listed in the .htaccess file, just make sure you have the file uploaded there. it should be okay in the main directory. generally you try to keep it out of the "root web", but if the security is not a huge concern, you should be okay. is it prompting you for the password yet? how did you make the .htpasswd file?"