Greetings
I have tried to do all the homework I can on this but I'm stuck now. I am using sNews CMS, which creates dynamic pages using a MySQL database. I want to protect pages that I have created by using htaccess. Searching for the last few days, I found out that textpattern CMS also can and has been protected this way. Here is the theory and code the guy used --
Theory
Suppose your website is at http://example.com and TXP is installed in the root directory and you want to use HTTP authentication to protect the section called ‘protected’ (http://example.com/protected).
This example assumes your website is hosted on an Apache webserver and that you already have an existing .htpasswd file containing usernames and passwords.
1. Physically create that directory ‘protected’
2. Within that directory ‘protected’, create the following .htaccess file:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^(.*) ../index.php
</IfModule>
AuthType Basic
AuthUserFile /path/on/server/to/.htpasswd
AuthName "Only for registered users"
require valid-user
End How To
Theory Explanation --
When you’re allowed to visit the protected directory (which exists physically on the server), the RewriteRule prevents that physical directory from being shown to the user. Instead it redirects the request to Textpattern’s index.php (which would have happened if that protected directory hadn’t existed physically on the server), so TXP can show the section you really wanted to see.
Normally, sections in TXP don’t have a corresponding physical directory. It is all handled by index.php. To be able to password protect with .htaccess, a physical directory is required, but… when you request a file or directory that physically exists, the default TXP installation will no longer take care of it; instead that real, physical directory/file will be shown by the webserver. The rewrite rule overrides that by saying: even though there is a physical file/directory here, we still want TXP to handle the request. Because that happens after the authentication step, you get what you want: a password protected TXP section.
End Theory
I tried to get sNews to work with this but no luck. I kept getting redirected to my index.php page and not to the other page I wanted to go to ("protected" folder in this example). I think the 3rd line needs modifying for sNews --
RewriteRule ^(.*) ../index.php
I think something needs to be added at the end of index.php but I dnn't know what. Here is the htaccess file that comes with sNews, maybe that will help --
<IfModule mod_php4.c>
php_value session.use_trans_sid 0
</IfModule>
RewriteEngine On
#RewriteBase /sNews15
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^(.*) $1 [L]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^(.*)$ index.php?category=$1 [L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?category=$1 [L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([a-z_]+)/([^/]+) index.php?category=$1&title=$2 [L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([a-z_]+)/([^/]+)/([^/]+)/ index.php?category=$1&title=$2&commentspage=$3 [L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([a-z0-9_-]+)/([0-9]+)/ index.php?category=$1 articlespage=$2 [L]
tyee