htaccess htpasswd no prompt
https://stackoverflow.com/questions/5848375
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm trying to protect a folder using '.htaccess' and '.htpasswd'.
I used http://www.tools.dynamicdrive.com/password/ to generate the files.
Copied them to the corresponding folders.
When I attempted to access the protected folder, I got a login prompt.
Input incorrect login details, get sent to error page.
All good.
Now, without any changes, I revisit the page to try and login again to access the protected folder, and it just throws an error, there's no login box.
If I delete the .htaccess, I can get into the folder again without errors.
Upon replacing the .htacces, I get the error again, still no login box.
I have tried to regenerate a new set of files, user/pass combo, and slight modifications to .htaccess just to try get some form of response back.
I have checked for any bytemark, both files are clean UTF-8.
What's going on? Why am I not getting a prompt anymore?
On a side note, where should the log be? All I managed to find was some access logs with nothing useful in them.
Site location on server
/home/labvccom/
/home/labvccom/public_html/admin/.htaccess
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /htpasswords/.htpasswd
AuthGroupFile /dev/null
require valid-user
/home/labvccom/htpasswords/.htpasswd [user: admin | pass: password]
admin:02yd6IWnPes66
This is the page that i get when it throws the error with NO login prompt
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, webmaster@labvc.com.au and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_fcgid/2.3.5 Phusion_Passenger/2.2.15 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at labvc.com.au Port 80
Solution
Your browser remembers the first login attempt and send the credentials in the Authorization header - that is why you do not get a new login prompt.
Try to clear the authorization cache.
The underlying problem is most likely as @openscript.ch suggests.
OTHER TIPS
I think your path to the .htpasswd-File is wrong. If it is not absolute, it is treated as relative to the ServerRoot. Try to use an absolute path to your .htpasswd-File.
You need to create login/pass .htaccess inside the folder that you want to protect... otherwise the trick will not work as wanted! I created some days ago a simple php tool that creates login/pass for you. It's a part of another my project... so I extracted it from my archive for you. Pay attention that under windows the password is sent clear... is not a bug of my script but a request by windows servers. So use only it in remote hosting with unix, linux running apache. Put apache-ht.php inside the folder you want to protect and then execute it. Be prompted to create user/pass! After done delete apache-ht.php from folder. You fail because you are trying to set relative path. This kind of .htaccess needs full path! I hope this helps:
apache-ht.php
<?php
############################################
# Created By Alessandro Marinuzzi [Alecos] #
# apache-ht.php - Version 1.5 - 07/04/2015 #
# WebSite: ---> http://www.alecos.it/ <--- #
############################################
if ((isset($_POST['username']) && (!empty($_POST['username']))) && ((isset($_POST['password'])) && (!empty($_POST['password'])))) {
$username = $_POST['username'];
$password = $_POST['password'];
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Apache - Username :: Password Generator</title>
<style type="text/css">
@import url(http://fonts.googleapis.com/css?family=Oswald);
@import url(http://fonts.googleapis.com/css?family=Roboto+Condensed);
html {
display: table;
}
html, body {
width: 100%;
height: 100%;
margin: 0;
padding: 0;
}
body {
background-color: lightgray;
display: table-cell;
vertical-align: middle;
font-family: Oswald, 'Helvetica Neue', Helvetica, Arial, sans-serif;
font-size: 14px;
font-style: normal;
line-height: normal;
font-weight: normal;
font-variant: normal;
}
.mainbox {
border-radius: 7px;
border: 1px solid gray;
background-color: darkgray;
width: 420px;
height: auto;
margin-top: 50px;
margin-bottom: 50px;
vertical-align: middle;
text-align: center;
margin: 0 auto;
padding: 20px;
}
.title {
font-family: Oswald, 'Helvetica Neue', Helvetica, Arial, sans-serif;
font-size: 24px;
font-style: normal;
line-height: normal;
font-weight: normal;
font-variant: normal;
vertical-align: middle;
text-align: center;
}
.save {
font-family: Oswald, 'Helvetica Neue', Helvetica, Arial, sans-serif;
font-size: 20px;
font-style: normal;
line-height: normal;
font-weight: normal;
font-variant: normal;
border-radius: 3px;
border: 1px solid black;
background-color: darkviolet;
cursor: pointer;
box-shadow: inset -5px 5px 5px rgba(255, 255, 255, 0.15), inset 5px -5px 5px rgba(0, 0, 0, 0.15);
vertical-align: middle;
text-align: center;
padding: 10px;
}
.data {
font-family: Oswald, 'Helvetica Neue', Helvetica, Arial, sans-serif;
font-size: 17px;
font-style: normal;
line-height: normal;
font-weight: normal;
font-variant: normal;
vertical-align: middle;
text-align: center;
}
.doit {
vertical-align: middle;
text-align: center;
}
.user {
font-family: Oswald, 'Helvetica Neue', Helvetica, Arial, sans-serif;
font-size: 14px;
font-style: normal;
line-height: normal;
font-weight: normal;
font-variant: normal;
background-color: #006699;
border: #C0C0C0 2px solid;
vertical-align: middle;
text-align: center;
border-radius: 3px;
color: white;
width: 80px;
margin: 5px;
}
.pass {
font-family: Oswald, 'Helvetica Neue', Helvetica, Arial, sans-serif;
font-size: 14px;
font-style: normal;
line-height: normal;
font-weight: normal;
font-variant: normal;
background-color: #006699;
border: #C0C0C0 2px solid;
vertical-align: middle;
text-align: center;
border-radius: 3px;
color: white;
width: 80px;
margin: 5px;
}
</style>
</head>
<body>
<?php
if ((substr($_SERVER['DOCUMENT_ROOT'],-1,1) == "/") && (substr($_SERVER['PHP_SELF'],0,1) =="/")) {
$path = $_SERVER['DOCUMENT_ROOT'] . substr(dirname($_SERVER['PHP_SELF']),1) . "/.htpasswd";
} else {
$path = $_SERVER['DOCUMENT_ROOT'] . dirname($_SERVER['PHP_SELF']) . "/.htpasswd";
}
$tmp1 = fopen(".htaccess", "w");
$tmp2 = "AuthType Basic\n";
$tmp2 .= "AuthName \"Restricted Area\"\n";
$tmp2 .= "AuthUserFile \"$path\"\n";
$tmp2 .= "Require valid-user\n";
fwrite($tmp1, $tmp2);
fclose($tmp1);
unset($tmp1);
unset($tmp2);
if (strtoupper(substr(PHP_OS,0,3) == 'WIN')) {
$tmp1 = fopen(".htpasswd", "w");
$tmp2 = "$username:$password\n";
fwrite($tmp1, $tmp2);
fclose($tmp1);
unset($tmp1);
unset($tmp2);
} else {
$tmp1 = fopen(".htpasswd", "w");
$tmp2 = "$username:" . crypt($password,'$6$rounds=5000$usesomesillystringforsalt$') . "\n";
fwrite($tmp1, $tmp2);
fclose($tmp1);
unset($tmp1);
unset($tmp2);
}
exit("<div class=\"mainbox\">\n<span class=\"title\">Apache - Username :: Password Generated!</span>\n</div>\n</body>\n</html>");
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Apache - Username :: Password Generator</title>
<style type="text/css">
@import url(http://fonts.googleapis.com/css?family=Oswald);
@import url(http://fonts.googleapis.com/css?family=Roboto+Condensed);
html {
display: table;
}
html, body {
width: 100%;
height: 100%;
margin: 0;
padding: 0;
}
body {
background-color: lightgray;
display: table-cell;
vertical-align: middle;
font-family: Oswald, 'Helvetica Neue', Helvetica, Arial, sans-serif;
font-size: 14px;
font-style: normal;
line-height: normal;
font-weight: normal;
font-variant: normal;
}
.mainbox {
border-radius: 7px;
border: 1px solid gray;
background-color: darkgray;
width: 420px;
height: auto;
margin-top: 50px;
margin-bottom: 50px;
vertical-align: middle;
text-align: center;
margin: 0 auto;
padding: 20px;
}
.title {
font-family: Oswald, 'Helvetica Neue', Helvetica, Arial, sans-serif;
font-size: 24px;
font-style: normal;
line-height: normal;
font-weight: normal;
font-variant: normal;
vertical-align: middle;
text-align: center;
}
.save {
font-family: Oswald, 'Helvetica Neue', Helvetica, Arial, sans-serif;
font-size: 20px;
font-style: normal;
line-height: normal;
font-weight: normal;
font-variant: normal;
border-radius: 3px;
border: 1px solid black;
background-color: darkviolet;
cursor: pointer;
box-shadow: inset -5px 5px 5px rgba(255, 255, 255, 0.15), inset 5px -5px 5px rgba(0, 0, 0, 0.15);
vertical-align: middle;
text-align: center;
padding: 10px;
}
.data {
font-family: Oswald, 'Helvetica Neue', Helvetica, Arial, sans-serif;
font-size: 17px;
font-style: normal;
line-height: normal;
font-weight: normal;
font-variant: normal;
vertical-align: middle;
text-align: center;
}
.doit {
vertical-align: middle;
text-align: center;
}
.user {
font-family: Oswald, 'Helvetica Neue', Helvetica, Arial, sans-serif;
font-size: 14px;
font-style: normal;
line-height: normal;
font-weight: normal;
font-variant: normal;
background-color: #006699;
border: #C0C0C0 2px solid;
vertical-align: middle;
text-align: center;
border-radius: 3px;
color: white;
width: 80px;
margin: 5px;
}
.pass {
font-family: Oswald, 'Helvetica Neue', Helvetica, Arial, sans-serif;
font-size: 14px;
font-style: normal;
line-height: normal;
font-weight: normal;
font-variant: normal;
background-color: #006699;
border: #C0C0C0 2px solid;
vertical-align: middle;
text-align: center;
border-radius: 3px;
color: white;
width: 80px;
margin: 5px;
}
</style>
</head>
<body>
<div class="mainbox">
<span class="title">Apache - Username :: Password Generator</span><br>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<span class="data"><label for="username">Username:</label> <input type="text" class="user" id="username" name="username"></span><br>
<span class="data"><label for="password">Password:</label> <input type="text" class="pass" id="password" name="password"></span><br>
<span class="doit"><input type="submit" class="save" value="Create Username & Password"></span><br>
</form>
</div>
</body>
</html>
