Password Protect Directories

Password Protect Directories Plugin

The Password Protect Directories plugin allows you to create an Apache Webserver-style .htaccess and .htpasswd file in specific directories that will then prompt a visitor for a username and password, before they can access the directory itself.

The username used will be one of your mailing list's subscribers email address> The password will be either their Dada Mail Profile password, or if the subscriber doesn't have a Dada Mail Profile, you may set a default password.

Since the password use is the Dada Mail Profile password, the user will be able to create, change and reset their own password. List Owners will also be able to reset this Profile Password in the, Membership >> View Screen. Search the address you want to work with, click on their email address and once the screen has refreshed, scrolle down to, Member Profile and look under, Profile Password for a form to change this password.

Profile passwords are saved in an encryped form, using crypt and can't be unencrypted. When this plugin creates the .htpasswd file, it will simple copy the saved, encrypted password to this file, from the Dada Profile database table.

Currently, only Apache-style, .htaccess/.htpasswd files are supported.


This plugin can be installed during a Dada Mail install/upgrade, using the included installer that comes with Dada Mail. The below installation instructions go through how to install the plugin manually.

Change permissions of "password_protect_directories.cgi" to 755

The, password_protect_directories.cgi plugin will be located in your, dada/plugins diretory. Change the script to, 755

Configure your .dada_config file

Now, edit your .dada_config file, so that it shows the plugin in the left-hand menu, under the, Plugins heading:

First, see if the following lines are present in your .dada_config file:

 # start cut for list control panel menu

 # end cut for list control panel menu

If they are, remove them.

Then, find these lines:

 #                                      {
 #                                      -Title      => 'Password Protect Directories',
 #                                      -Title_URL  => $S_PROGRAM_URL."/password_protect_directories",
 #                                      -Function   => 'password_protect_directories',
 #                                      -Activated  => 1,
 #                                      },

Uncomment the lines, by taking off the, "#"'s:

                                        -Title      => 'Password Protect Directories',
                                        -Title_URL  => $S_PROGRAM_URL."/password_protect_directories",
                                        -Function   => 'password_protect_directories',
                                        -Activated  => 1,

Save your .dada_config file.

Using Password Protect Directories

Once installed, log into a mailing list and under Plugins click the link labeled, Password Protect Directories

A form labeled, New Password Protected Directory will allow you to set up a new directory to password protect. You may set up as many Password Protect Directories as you may like.


This allows you to set a name for your password-protected directory. This will be shown in the dialogue box, asking for the visitor's username and password

Protected URL

This should hold the URL for the directory that you want to password protect. For example:

You should not set this to a file in that directory:

Corresponding Server Path

This should hold the Absolute Server Path to where this directory is located on the server. For example:


To start you off, the best guess absolute path to your public html directory is pre-filled in - in our example, /home/youraccount/public_html/ - you will need to simply make sure this is correct and then fill in the directory path of where the directory you typed for, Protected URL resides.

Use a Custom Error Page

If checked, any problems with the login will go to the page listed under, Custom Error Page (Path):

Custom Error Page (Path):

This should hold the path of your custom error page and confusingly, should not hold an absolute path, but rather the path, starting with a, / from your public html directory to the error page. For example:


In our example, this will redirect us to the following URL, for the, site:

Make sure to not set this to a page inside your password protected directory, as that will just not work.

Default Password

This optionally, may hold a default password that any subscriber of your mailing list may use, if they do not have a Dada Mail Profile.


Currently, if you have more than one mailing list that attempts to password protect the same directory, one mailing list will overwrite the .htaccess and .htpasswd created by any other mailing list.

If you already have a .htaccess and/or .htpasswd file in the directory you attempt to password protect, created manually/outside of this plugin, it will also be overwritten by this plugin.


The Authentication, Authorization and Access Control doc from Apache has an overview on the nuts and bolts of how this works:


This plugin was originally commissioned by Jeff Berger for "Websites That Work" --


Justin Simoni



Copyright (c) 1999 - 2016 Justin Simoni All rights reserved.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

Dada Mail Project