@
Regss has insert HTTP authentication since version 1.4.2 - thanks for your great work.
HTTP authentication give you much more secure for your movielib website because HTTP auth is at a higher level than the standard movielib-user-password.
When you don't want that everybody around the world have access to movielib you have to use HTTP auth.
Now you have a problem when you want to use banner too, because you need a username and a password.
Normally you can access banner.jpg by using the follow link: "http://username:password@your_movielib_website.tld/cache/banner.jpg", but most in cases forums don't show the picture.
For
HTTP auth you need two files in your movielib folder:
.htaccess and
.htpasswd
For access to banner.jpg you have to insert in .htaccess after movielib-lines:
Code:
existing lines above
# ------------------------------
# More secure for Movielib and access for individual user
AuthName "Secure Website"
AuthType Basic
AuthUserFile >>insert here your path starting from root-path<< e.g. /var/www/html/movielib/.htpasswd
Require valid-user
# ------------------------------
# access to /cache/banner.jpg, despite AUTH
SetEnvIf Request_URI "cache/banner\.jpg" allow
Order allow,deny
Allow from env=allow
Satisfy any
#--------------------------------------------------------------
# Deny access to important files
<FilesMatch "(\.htaccess|\.htpasswd|config\.php|db\.php|function\.php)">
Order deny,allow
Deny from all
</FilesMatch>
# ------------------------------
# Prevent Directory Listings
Options -Indexes
# ------------------------------
In .htpasswd you have to insert one line per user like this:
user1:passwd-md5-hash1
user2:passwd-md5-hash2
...
Attention username and password are case-sensitive.
Password not in clear letter instead you have to encypt the password with md5 hash.
You can generate the password hash with some online tools, I use this free offline tool from Gaijin
Password Generator
Now you can use banner normally like this: "http://your_movielib_website.tld/cache/banner.jpg"