Protected Admin and HTTP Authorization

registered · Regular Joined: May 03, 2004 Posts: 62 Location: USA

Hi Everyone,

I have two questions regarding Sentinel 2 which I just installed last night.

First is regarding admin. Under "Protected Admin" it lists all of my admin ... but shows only myself as being protected. How can I protect my other admin?

Also, after the admin name, it says "HTTPAuth Login" "Not available".

Is this something specific to my site where I need to enable the HTTPAuthorization Log in? Is it a feature in Sentinel ... or is it something planned?

I'm asking because the original admin authorization script I was using suddenly stopped working ... and I am not sure why. I would like to enable the authorization for admin to reach the administrative area again ... if it can be done through Sentinel, that would be great.

All help is appreciated.

Take care.

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Are you running Linux or IIS?

registered · Posted: Sun Jul 25, 2004 7:14 pm

1) When looking at the "Protected Admin" list, click the admins name to set them as "Is Protected" or "Not Protected".

2) REguarding the second, check with your host. They may have recompiled PHP as PHP-CGI, this happened with my host and they quickly recompiled it as an Apache module for me.

You can check yourself fairly easily. create a new text document in any text editor and place:

Code:

<?php


phpinfo();


?>

in the document, save it as something like phpinfo.php and upload it to yoru site then call it in yoru browser. The 4th line should be Server API and if it says CGI then that is what happened. Be sure to remove that file once you have run it otherwise anyone that finds the file will know everything about your server.

Posted: Sun Jul 25, 2004 7:16 pm

Forgot to say, let us know your server type and if it has CGI or Apache as the server api please.

Posted: Sun Jul 25, 2004 7:29 pm

Thanks to both of you!!!!!!

Bob, you nailed it on the head. It's CGI now.

Here's my server specifics:

Operating System: Linux
Kernel version 2.4.26-HN-1.6-P4
Apache version 1.3.31 (Unix)
PERL version 5.8.1
PHP version 4.3.8
MySQL version 4.0.20-standard
Perl Modules installed (never mind ... too many to list ;o)

Now ... since they have the CGI version installed ... until I can get them to act on it and hopefully fix it .... is there another way for me to use http authorization?

Thanks again ...

Posted: Sun Jul 25, 2004 7:31 pm

Whoops!

Forgot to say .... I enabled the protection for all admin. That was simple enough ...... if only I'd had the foresight to actually CLICK on them, LOL

Thanks!

Posted: Sun Jul 25, 2004 8:59 pm

The only way to actually use HTTP Auth under CGI is to call it from .htaccess or straight from Apache. This is a bit involved. i would say let's wait to hear back from your host.

Posted: Sun Jul 25, 2004 9:09 pm

With my host it was a mistake during the recompiling that lead to it being PHP-CGI. I'm willing to bet your host will recompile it as an Apache module since you have contacted them.

Posted: Mon Jul 26, 2004 2:26 am

Raven wrote:

The only way to actually use HTTP Auth under CGI is to call it from .htaccess or straight from Apache. This is a bit involved. i would say let's wait to hear back from your host.

Thanks Raven,

I'll go ahead and wait for their response ... hopefully, it's as Bob mentioned, and a mistake that they will correct right away. I sure do miss that additional feature.

As a matter of fact .... I've left it on ... (even though we can't log in like that) and just disable it when I need to get in and make some changes or something.

I'm going to take a peek at the .htaccess files in some of the folders I have http authorization set for, and maybe, just maybe I can figure out a fix till I hear from our host Wink

Take care,

Posted: Mon Jul 26, 2004 2:28 am

BobMarion wrote:

With my host it was a mistake during the recompiling that lead to it being PHP-CGI. I'm willing to bet your host will recompile it as an Apache module since you have contacted them.

Thanks Bob,

Hopefully, it's the same case with my host.

I really appreciate your help on this.... it was driving me nuts trying to figure out why the features I like and need the most suddenly stopped working.

Take care,

Posted: Mon Jul 26, 2004 4:03 am

I'm confused Laughing

Are you saying http auth was working until you added this version of Sentinel?

Posted: Mon Jul 26, 2004 4:59 am

Hi Raven,

Oh no!

No, it doesn't have anything to do with Sentinel. Sentinel is fine.

I was using your other Admin HTTP Authorization script for a couple months now. And it suddenly stopped working about a week ago. Just keeps requesting the password ... even though I know it's right.

HTTP Authorization still works on folders on my server .... but it won't work on the individual file (admin.php) anymore. But .... luckily, Bob had experienced something similar with his host which should solve my provlem once I hear from the host.

Thanks and take care.

Posted: Mon Jul 26, 2004 5:34 am

Bob always had CGI and that's why I wrote a special routine to detect if CGI was being used. If you were using my other http auth script, then Sentinel's should work too because I just included it in Sentinel. If you comment out the Sentinel include code in mainfile.php, does the old http auth routine work?

Posted: Mon Jul 26, 2004 1:12 pm

You know what?

THAT may be part of my problem. I must have two http authorizations going. One from your original and the one in Sentinel.

The one in Sentinel .... is it basically the same as the other? I mean .... do all admin have the same details to log in?

Thanks.

Posted: Mon Jul 26, 2004 1:14 pm

Raven,

I have been using your "analyze.php" script for quite awhile.

That's an awesome script!

You are so talented! Thanks for always sharing your knowledge.

Take care.

Posted: Mon Jul 26, 2004 1:24 pm

Hi Raven,

I just tried commenting out Sentinel in mainfile.php.

Nope .... it still doesn't work.

I guess I just have to wait for the response from my host Confused

Posted: Mon Jul 26, 2004 1:29 pm

HI Raven,

I just checked out one of my password protected directories .htaccess file and it reads similar to this:

AuthType Basic
AuthName "Directory"
AuthUserFile "/home/xxxxx/.htpasswds/username/passwd"
require valid-user

Now .... I am wondering if I can use something similar for my admin.php file that will work with the PHP-CGI setup?

Could I write an entry in .htaccess, similar to the above, pointing it to my "myprivatefile.php" and "basicauthfile.php" files to get the http authorization to work on admin.php again?

Thanks!

Posted: Mon Jul 26, 2004 2:12 pm

So many questions, so little time! That's the .htaccess code I was speaking to earlier. But, you said my auth script was working before. That's what's confusing me. The .htaccess will work under both conditions, but the HTTP Auth only works when PHP is compiled as a CGI. Yes, you can set admin.php up the same way.

analyze.php is from nukecops. I contributed to the GD recognition, but that is not my origination.