Hi,
I want to password protect a section of a site to use as an admin area for web newbies to be able to update parts of the public area without needing to edit html code.
I've worked it out, tested it without any permissions and everything works fine...
Hoiwever, when I password protect the folder containing the admin are and log in using the username/password I've supplied the code no longer works
I get error messages like 'can't access this file or that file
some of the files that can't be accessed are inside the protected area and some are outside, this is necessary as the updated material is in the main www/ public area which obviously can't be password protected.
The question is, how do I ensure that I can keep the admin area password protected while also allowing the specified user to access certain files both within and outside the protected area, I know it has something to do with chmod and so on but it is not so clear form the options available in the CNC

Thanks

I can't think of a reason why protecting the directory would change the behavior of the admin script(s). The username for accessing a protected directory is unrelated to the file ownership stuff that chmod does.

One guess ... did you test the admin script in /www, then move it to a protected directory? If you used relative file paths, that would explain why they couldn't be found.

If you still can't figure it out, perhaps you could post some code.

-- Tom

hi, apologies for the delay
ok, here is the code simplified for first error
<body onload=load(somepage)>
function load(page){
ajax_get('php/thumbnailgallery.php'+getSid(),'thumbnailgallery');
}
function getSid(){
var sid = "?sid="+Math.random();
return sid;
}
//ajax_get(url, el) returns the output from a php file to a specified <div id=el>
//everything is contained under the password protected area, the testing was carried out in the current location with no password protection

i get the following message

Unable to retrieve "http://www.maire-rua.com/myAdmin/php/thumbnailgallery.php?sid=0.6321409188133382" even though that file does exist

any ideas?

First, I'd try pasting http://www.maire-rua.com/myAdmin/php/thumbnailgallery.php?sid=0.6321409188133382 into your browser address bar and see if it loads.

Then I'd try eliminating ajax_get as the source of the problem by replacing
ajax_get('php/thumbnailgallery.php'+getSid(),'thumbnailgallery');
with
window.location.href='php/thumbnailgallery.php'+getSid();
or even
window.location.href='/myAdmin/php/thumbnailgallery.php'+getSid();
to get rid of potential relative directory issues.

Also, check to see if there's a ".htaccess" file in /myAdmin or /myAdmin/php that might be using mod_rewrite or something else that would cause a problem.

thanks but no joy:dunno:

Is the file that calls ajax_get() also in the password protected area?

You may have to modify ajax_get() to use CURL to supply the login user/password in order to get a file within the password protected directory.

You might also be able to use symlinks to point to a "public" directory within the private one. I think that would bypass the password protection when the directory is accessed through the symbolic link.

If you can't get the .htaccess password working, you could always add the login code to the admin script(s).

Just a few thoughts...