Password Protect Directories
- Password Protect Directories Plugin
- Installation
- Using Password Protect Directories
- BUGS AND LIMITATIONS
- SEE ALSO
- Thanks
- AUTHOR
- LICENSE AND COPYRIGHT
Password Protect Directories Plugin
The Password Protect Directories plugin allows you to create an Apache Webserver-style .htaccess and .htpasswd file in specific directories that will then prompt a visitor for a username and password, before they can access the directory itself.
The username used will be one of your mailing list's subscribers email address> The password will be either their Dada Mail Profile password, or if the subscriber doesn't have a Dada Mail Profile, you may set a default password.
Since the password use is the Dada Mail Profile password, the user will be able to create, change and reset their own password. List Owners will also be able to reset this Profile Password in the, Membership >> View Screen. Search the address you want to work with, click on their email address and once the screen has refreshed, scrolle down to, Member Profile and look under, Profile Password for a form to change this password.
Profile passwords are saved in an encryped form, using crypt and can't be unencrypted. When this plugin creates the .htpasswd file, it will simple copy the saved, encrypted password to this file, from the Dada Profile database table.
Currently, only Apache-style, .htaccess/.htpasswd files are supported.
Installation
This plugin can be installed during a Dada Mail install/upgrade, using the included installer that comes with Dada Mail. The below installation instructions go through how to install the plugin manually.
Change permissions of "password_protect_directories.cgi" to 755
The, password_protect_directories.cgi plugin will be located in your, dada/plugins diretory. Change the script to, 755
Configure your .dada_config file
Now, edit your .dada_config file, so that it shows the plugin in the left-hand menu, under the, Plugins heading:
First, see if the following lines are present in your .dada_config file:
# start cut for list control panel menu
=cut
=cut
# end cut for list control panel menuIf they are, remove them.
Then, find these lines:
# {
# -Title => 'Password Protect Directories',
# -Title_URL => $S_PROGRAM_URL."/password_protect_directories",
# -Function => 'password_protect_directories',
# -Activated => 1,
# },Uncomment the lines, by taking off the, "#"'s:
{
-Title => 'Password Protect Directories',
-Title_URL => $S_PROGRAM_URL."/password_protect_directories",
-Function => 'password_protect_directories',
-Activated => 1,
},Save your .dada_config file.
Using Password Protect Directories
Once installed, log into a mailing list and under Plugins click the link labeled, Password Protect Directories
A form labeled, New Password Protected Directory will allow you to set up a new directory to password protect. You may set up as many Password Protect Directories as you may like.
Name
This allows you to set a name for your password-protected directory. This will be shown in the dialogue box, asking for the visitor's username and password
Protected URL
This should hold the URL for the directory that you want to password protect. For example:
You should not set this to a file in that directory:
http://example.com/secret/index.html
Corresponding Server Path
This should hold the Absolute Server Path to where this directory is located on the server. For example:
/home/youraccount/public_html/secret
To start you off, the best guess absolute path to your public html directory is pre-filled in - in our example, /home/youraccount/public_html/ - you will need to simply make sure this is correct and then fill in the directory path of where the directory you typed for, Protected URL resides.
Use a Custom Error Page
If checked, any problems with the login will go to the page listed under, Custom Error Page (Path):
Custom Error Page (Path):
This should hold the path of your custom error page and confusingly, should not hold an absolute path, but rather the path, starting with a, / from your public html directory to the error page. For example:
/error_logging_in.html
In our example, this will redirect us to the following URL, for the, http://example.com site:
http://example.com/error_logging_in.html
Make sure to not set this to a page inside your password protected directory, as that will just not work.
Default Password
This optionally, may hold a default password that any subscriber of your mailing list may use, if they do not have a Dada Mail Profile.
BUGS AND LIMITATIONS
Currently, if you have more than one mailing list that attempts to password protect the same directory, one mailing list will overwrite the .htaccess and .htpasswd created by any other mailing list.
If you already have a .htaccess and/or .htpasswd file in the directory you attempt to password protect, created manually/outside of this plugin, it will also be overwritten by this plugin.
SEE ALSO
The Authentication, Authorization and Access Control doc from Apache has an overview on the nuts and bolts of how this works:
http://httpd.apache.org/docs/2.0/howto/auth.html
Thanks
This plugin was originally commissioned by Jeff Berger for "Websites That Work" -- http://www.websitesthatworkusa.com.
AUTHOR
Justin Simoni
See: https://dadamailproject.com/contact
LICENSE AND COPYRIGHT
Copyright (c) 1999 - 2023 Justin Simoni All rights reserved.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.