Basic Access Authentication

[gwpriester]

Why not find a web host that offers this service at a reasonable price? There are thousands of web hosts, some better than others, but spend some time and check out some. If you need to move to a new web host and you are worried about your domain name, it is usually a simple matter of pointing your domain name registrar's DNS servers to your new web host.

[slavelle]

Right - you should be able to find web hosting for <$10 a month - most shared hosting plans fall into this. Your best options for the most compatability are going to be with Linux hosting, as things like htaccess, PHP, mySQL, etc are typically included for Linux hosting plans and work well with Linux by default, unlike Windows hosting. PM me if you would like more info about who I use - itinial 2 years is only $3.95/month.

[jwhitham]

Not all hosting accounts have the .htaccess capability, first of all. Using a script like the one I've suggested also allows per page access at the html code level - so when you code a new page, you can determine who has access to it at the time, without having to change the htaccess file. Also, this script allows for access groups and levels, has an admin interface, allows users to change their passwords and also uses mySQL for the user database, including built-in functions to be able to call methods directly from your code. You can also create a sitgnup form for users to be able to create an id automatically - or submit request to create one that would then be later approved by some sort of moderator. One minor point - this also allows you to style your login in whatever way you like.

All very true, but the OP was asking about using a common username and password. Also, how likely is it that a hosting service would disable something so basic, yet give you MySQL and scripting?

Thanks for your help.

Slavelle is right - to have a password protected area on my server I need to upgrade my web hosting package - which doubles the annual costs!

I was hoping there was an easy solution to this - it appears not.

SnS

That is one seriously bad hosting service. If they're running Apache they'd have to reconfigure it to remove the protection, it costs them nothing to leave it as is. Find a new host.

[steve_scott]

I've done something similar before using JOTFORM. Using their system you can setup a login page and provided the credentials are met, you can use their script to transfer the user to a 'hidden' page (via the page URL)....relatively rudamentary but it worked. I also then setup another 'login failed' page, for when an unsuccessful attempt was made.

Example is here:

http://www.eclgroup.co.nz/subcontrac...cess/login.htm

It's a basic example, but it worked!!!

Steve

[pauland]

Just one thing to consider. For low-level security, scripts are fine, but if the browser can read the scripts, so can people and then they can hack them. The htaccess protection mentioned doesn't require scripting since the server requires the authentication, so there's no opportunity to hack a script.

Just something to consider if access security is a big issue.