tags:

views:

70

answers:

2
+1  Q: 

CodeIgniter and htaccess - Protect a specific controller and its methods via AuthType?

I have an admin controller which has some methods that I want to protect.

http://blabla.com/admin/

http://blabla.com/admin/edit_coupon/

http://blabla.com/admin/edit_photo/

I don't need a full blown authentication system for this site, so I'd prefer to just utilize htaccess and AuthType for any /admin/ URLs.

My current .htaccess is a basic CI one.

RewriteEngine on
RewriteRule ^$ /index.php [L]
RewriteCond $1 !^(index\.php|uploads|images|css|js|videos|code|robots\.txt|favic
on\.ico)
RewriteRule ^(.*)$ /index.php/$1 [L]

How do I do this?

[Added] I know how to use htaccess and htpasswd. My question is how to protect a CI controller which is not really a directory (/admin). I tried using the Location directive with no success. Here is that htaccess:

<Location /admin>  
 AuthUserFile /var/www/vhosts/blabla.com/httpdocs/.htpasswd
 AuthType Basic
 AuthName "Admin"
 Require valid-user
</Location>

RewriteEngine on
RewriteRule ^$ /index.php [L]
RewriteCond $1 !^(index\.php|uploads|images|css|js|videos|code|robots\.txt|favicon\.ico)
RewriteRule ^(.*)$ /index.php/$1 [L]

That throws a 500 Server Error.

I believe the Location directive can't be in an htaccess file, so I also tried it inside this server's httpd.conf for this VirtualHost. Doesn't throw an error that way, but doesn't work either.

A: 

http://httpd.apache.org/docs/2.0/howto/auth.html

You will need to create the .htpasswd file with the name-passwords and set up rule in your .htaccess file that requires a valid user for the to-be-protected location.

DrColossos  2010-07-30 12:21:05
I know how to use htaccess and htpasswd. My question is how to protect a controller which is not really a directory. I tried using the Location directive with no success.
k00k  2010-07-30 13:00:12
Can you post your code used for protection of the controller from your htaccess?
DrColossos  2010-07-30 13:09:32
I've added it to the original post.
k00k  2010-07-30 13:12:18
+1  A: 

I got this to work by following the advice in this post:

http://codeigniter.com/forums/viewthread/141775/

k00k  2010-07-30 13:50:50

related questions

How do I write Firefox add-on that automatically enters proxy passwords?
Login Integration in PHP
Strange Rails Authentication Issue
Concurrent logins in a web farm
Is there a browser equivalent to IE's ClearAuthenticationCache?
How can I authenticate using client credentials in WCF just once?
Why can't I connect to my CAS server with Perl's AuthCAS?
Best Solution For Authentication in Ruby on Rails
Authenticate on an ASP.Net Forms Authorization website from a console app
How do I use NTLM authentication with Active Directory
What have you used Windows CardSpace for, if anything
Forms Authentication across Applications
Retreiving the PC Name of a Client? (Windows Auth)
How would you implement FORM based authentication without a backing database?
What's the best way to authenticate over WCF?
Only accepting certain ajax requests from authenticated users
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
What to use for login ID?
ASP.NET authentication: user name Vs User ID
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Checklist for IIS 6/ASP.NET Windows Authentication?
The Definitive Guide To Website Authentication