views:

269

answers:

1

I've created an e-commerce site that uses paypal to accept payment. I am in the testing phase so I have password protected the entire site using htaccess. The trouble is that I am using IPN to verify PayPal payments and therefor my IPN script needs to be publicly accessible so that PayPal can communicate with it.

Is there a way to password protect the entire website except allow public access to 1 script file? (my ipn script file)

I'm using PHP and here is my .htaccess that I'm using to password protect the entire site:

AuthName "Site Administratrion"
AuthUserFile /dir/.htpasswd
AuthGroupFile /dev/null

AuthName secure
AuthType Basic
require user username1
order allow,deny
allow from all
+7  A: 

Put the IPN script in a subdirectory with its own .htaccess that explicitly disables HTTP authentication for the contents of that folder?

Amber
not sure put I think that's not possible.
RageZ
I wasn't sure how to disable the authentication. I tried putting it in its own folder with a blank .htaccess but it didn't change anything. Does anyone know how to disable password protection on a subdirectory?
justinl
I have asked this question on stackoverflow here: http://stackoverflow.com/questions/1431378/how-to-remove-htaccess-password-protection-from-a-subdirectoryIf someone can provide me with the answer to that one, I will mark this answer as my accepted solution.
justinl
the .htaccess file that goes in the subdirectory needs to have "Satisfy Any" in it. Answered question can be found here: http://stackoverflow.com/questions/1431378/how-to-remove-htaccess-password-protection-from-a-subdirectory
justinl
Glad you got what you needed.
Amber