Add HTTP Authentication To Your Admin Area

Description: How to make your admin area more secure

Version: 1.0

Added on: 16 June 2007

Author: ped

Difficulty Level: Intermediate

Views: 791

Rating: 9.5 (2 Votes)

Detailed Profile • View Comments (1) •

Make backups of the files we are going to edit on your server.. (.htaccess)

If you want to add HTTP authentication to your admin area and you cant get it to work with Nuke Sentinel this is how you do it!

Place this code into a file called crypt.php and upload it to your site and call it in your browser
http://yoursite.com/crypt.php

Code:

A simple crypt script to use on your sentinal install<br /><br /> <form method='post'> Enter your password to be encrypted using crypt(): <input name='pw'><br /><br /> Enter the 'salt' value for the encryption (2 long i.e. R7 or JR or 0b): <input name='salt' maxlength='2'><br /><br /> <input type='submit' name='submit' value='Encrypt'><br /><br /> <? if (isset($_POST['submit'])&&isset($_POST['pw'])&&!empty($_POST['pw'])) {    echo "Password <b>".$_POST['pw']."</b> translated is <b>".crypt($_POST['pw'],$_POST['salt'])."</b>"; } ?>

Enter your admin password and a 2 letters/numbers key like 6h,9,0o,$v what ever you want this will generate your admin password and the encrypted password too. We will need this later so save it.
So for example after I used the crypt.php script I got a generated password of 08C8Wloj56OEw
Now you need to make a text file call it whatever you like for this example I will call it fred.txt
Open fred.txt and place your USERNAME : CRYPT PASSWORD like this ped:08C8Wloj56OEw then upload fred.txt to your server and rename it from fred.txt to .fred
That’s the hardest part done ! (if you cant see the files on your server beginning with .fred .htaccess then you need to contact your host and ask them)
Next we need to tell .htaccess to use your .fred password file
So grab your .htaccess off your roots sites location and we need to add this to it

Code:

# ------------------------------------------- # Start of NukeSentinel(tm) admin.php Auth # ------------------------------------------- <Files .fred>   deny from all </Files> <Files admin.php>    <Limit GET POST PUT>       require valid-user    </Limit>    AuthName "Restricted"    AuthType Basic    AuthUserFile /home/ped/public_html/.fred </Files> # ------------------------------------------- # Start of NukeSentinel(tm) DENY FROM area # -------------------------------------------

Notice at the top the .fred in red make sure you add the same file as you named your pass worded file. And also note that the bottom AuthUserFile is the true location on your server.
All you need to do now is go to your admin.php and you will be prompted to enter your username and password.
Ive included my two files .fred and .htaccess to show you what they look like, if you have problems after adding this mod then delete the .htaccess from your server. And re upload your backup .htaccess
Thanks