htaccess question.

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • longdongsilver
    Confirmed User
    • Aug 2003
    • 378

    #1

    htaccess question.

    hi,

    Does anyone one know if there is a way to make one .htacess file check 2 htpasswd files?

    So that it checks one htpasswd for a user and pass and if it's not there it checks the second htpasswd file.

    I found a previous thread on this, but there was no conclusive answer, someone mentioned it was possible but did not explain how to do it.

    ok thanks for reading.
  • JDog
    Confirmed User
    • Feb 2003
    • 7453

    #2
    Not possible Sorry!

    jDoG
    NSCash now powering ReelProfits.com
    ALSO FEATURING: NSCash.com :: SoloDollars.com :: ReelProfits.com :: BiminiBucks.com :: VOD
    PROGRAMS COMING SOON: Greedy Bucks :: Vengeance Cash
    NOW OFFERING OVER 60 SITES
    CONTACT :: JAMES SMITH :: CHIEF TECHNOLOGY OFFICER :: ICQ (711385133)

    Comment

    • longdongsilver
      Confirmed User
      • Aug 2003
      • 378

      #3
      ok thanks for the answer.

      It saved me hours of searching on google and forums.

      cheers.

      Comment

      • zoic
        Registered User
        • Nov 2001
        • 84

        #4
        We get around it by running a cron script every minute that joins two or more password files into one. Achieves the same thing.


        Cheers,
        Dave.

        Comment

        • myneid
          Confirmed User
          • Jan 2003
          • 736

          #5
          or you could make your own custom auth module in C or mod_perl
          Tanguy 0x7a69 inc. Programmer/President/CEO
          http://www.0x7a69.com
          A Leader in Programming since 1996
          PHP, Ruby on Rails, MySQL, PCI DSS, and any Technical Consulting

          Comment

          • myneid
            Confirmed User
            • Jan 2003
            • 736

            #6
            heres a freebee mod_perl for what you want that should work with apache2 and mod_perl 1.99

            MemberAuth.pm
            <code>
            package Apache::MemberAuth;

            use strict;
            use warnings;

            use Apache::Access ();
            use Apache::RequestUtil ();
            use Apache::RequestRec ();
            use Apache::Connection ();
            use APR::SockAddr;

            use ModPerl::Util ();
            use Apache::RequestIO ();
            use Apache::Server ();
            use Apache::ServerUtil ();
            use APR::Table ();

            use Apache::Const -compile => qw(OK DECLINED HTTP_UNAUTHORIZED HTTP_NOT_FOUND);


            sub handler
            {
            my $r = shift;

            my $pw_file = $r->dir_config("AuthUserFile1");
            my $username = $r->user();
            my $user = Apache->request->user();

            my ($status, $password) = $r->get_basic_auth_pw;
            my $file_db_enc_pass = get_file_pass($user, $pw_file);
            if($file_db_enc_pass)
            {
            my $seed = substr($file_db_enc_pass, 0, 2);
            my $crypt_pass = crypt($password, $seed);
            my $status = 0;
            if($file_db_enc_pass eq $crypt_pass)
            {
            return Apache::OK;
            }
            else
            {
            $pw_file = $r->dir_config("AuthUserFile2");
            $file_db_enc_pass = get_file_pass($user, $pw_file);
            if($file_db_enc_pass)
            {
            my $seed = substr($file_db_enc_pass, 0, 2);
            my $crypt_pass = crypt($password, $seed);
            my $status = 0;
            if($file_db_enc_pass eq $crypt_pass)
            {
            return Apache::OK;
            }
            else
            {

            $r->note_basic_auth_failure;
            return Apache::HTTP_UNAUTHORIZED;
            }
            }
            }

            }

            $r->note_basic_auth_failure;
            return Apache::HTTP_UNAUTHORIZED;
            }

            sub get_file_pass($$)
            {
            my($user, $pw_file) = @_;
            $user = Apache->request->user();
            if(!$user)
            {
            $user = '';
            }
            open(FILE, "<$pw_file") || die $!;
            while(<FILE>)
            {
            chomp();
            my($u, $p) = split(/:/, $_, 2);
            if($u eq $user)
            {
            close FILE;
            return $p;
            }
            }
            return undef;
            }

            1;

            </code>
            in httpd.conf do

            PerlOptions +GlobalRequest +SetupEnv +Authen +Access +Authz

            PerlAuthenHandler Apache::MemberAuth
            PerlSetVar AuthUserFile1 /passwords/.htpasswd
            PerlSetVar AuthUserFile2 /passwords/.htpasswd2
            AuthName "protected"
            AuthType Basic
            Require valid-user
            Tanguy 0x7a69 inc. Programmer/President/CEO
            http://www.0x7a69.com
            A Leader in Programming since 1996
            PHP, Ruby on Rails, MySQL, PCI DSS, and any Technical Consulting

            Comment

            • fsfaz
              Confirmed User
              • Apr 2003
              • 747

              #7
              By default, you cannot make .htaccess do this. However, I saw a while back that Pay Site Power Tools was offering a "Multi Mod Auth" which is exactly what your lookng for.


              http://www.paysitepowertools.com/

              http://www.paysitepowertools.com/os-mma.html

              Comment

              • longdongsilver
                Confirmed User
                • Aug 2003
                • 378

                #8
                Thanks to everyone who replied, thats awesome.
                cheers.

                Comment

                Working...