HTACCESS Password Protection Problems

[Zylstra]

EDIT: Just bumped the topic... added another question on the bottom

I am running my families website, and there was a problem.
Protecting data from outsiders.

To start off, we used HTACCESS protection, but, due to the nature of the sites setup, there are various directories.

A brief layout of the file formats:

/familydir/
/photos/
/forum/
/newscontent/

(They are not the real directories, but close enough)
All of those directories are protected by HTACCESS. When you enter the website, you are asked to log in. The log in occurs when you attempt to access the /familydir/ directory. (that’s the first log in)

Once you are there, index.htm is loaded (automatically by Apache) and you are given links to other parts of the site. (eg: forum, photos, newscontent)
This is where the problem occurs. The web applications that are run on those different directories must have their own HTACCESS protection, prompting various times for passwords.

If you were to browse the entire website, you would have to enter your username and password more than once.

This needs to be fixed.
Is there any way to make one main HTACCESS protection that covers all of the site except for index.htm ?

[Rob Pomeroy]

Actually there may be a better way.

Essentially you are describing a Content Management System, which you are currently managing the hard way (i.e. manually).  Why not simply use a real CMS?  Joomla is good: http://www.joomla.org/

If you don't like the look of it, do say, and we can have another think about how to do things.

[Zylstra]

I have used Joomla before, but I didnt like how it worked.
(that, and, we need to create a website with only two master accounts)

Is there any other way?
You see, we want a website for sharing information, and yes, Joomla fits, but it is a bit of a piece of equiptment to manage and start up.

I will go and try it again anyways

If there are any other ways, please do tell

(most of the main site, the parts that are not web apps, at .html files.... )

[Zylstra]

Now I remember

The last time I used Joomla, it had an error, and I was unable to properly manage the content. It was terrible, at least it was just a test run.

EDIT: I did go ahead and try it again, and its just not what it needs to be.
(that and I need to get around to sending around 60 mail messages)

[Zylstra]

Ok, I guess my question is this:

Can I make my HTACCESS file cover various directories instead of protecting individual directories with various HTACCESS files?

[Xeratul]

Sorry if I'm not understanding this right, but can't you just protect the whole site by inserting something like this into the httpd.conf file? Without using .htaccess?

AuthType Basic
AuthName "SERVER"
AuthUserFile "y:\http server\password.txt" (Wrong Path)
Require valid-user

Within the <Directory> and </Directory> sections.

I use this for my site, and I only have to type in my password once. Provided I don't delete my cookies.

[Zylstra]

That would sort of work, but there is one thing:

We need to keep one page open to the public (the welcome page)

[Zylstra]

So... any ideas?

[Rob Pomeroy]

Sorry - any posts that require a bit more thought are at the back of the queue for me at the moment.  I will get to it!

[Zylstra]

Ok
Thanks Rob

If there are alternatives to HTACCESS besides using a content system (since I really have never gotten along with them) feel free to suggest

Also, I think I am going to password protect the entire website. But there is one directory that I need to keep cleared.
An Example:
Our photo sharing program
/photos/
has a greeting card system
The problem is, when password protection is on, and you send a greeting card, and try to read it, you cant 
The picture in the email is password protected
If you dont know the password, your browser crashes!

[Mindwr@ck]

There are multiple CMS solutions out there.  You mentioned Joomla, how about Wordpress, Dragonfly, PHPNuke, the list goes on and on.  Also you can work with some pre made login systems like this one here to protect your content.

[Zylstra]

I have used Wordpress, PostNuke, PHPNuke, and SOOOO many others. None fit.

I will check out that last link, thanks

[Zylstra]

<bump!>

Ok, this is what my HTACCESS file looks like right now


RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://mysite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://mysite.com$      [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]

(Thats the one that is under my WWW directory)

If I wanted to protect my entire site, what would I change it to?