htpasswd - not working?

Ask the community for help and support.
Post Reply
loop
VIP Member
VIP Member
Posts: 230
Joined: Thu Mar 25, 2021 12:26 pm
Has thanked: 7 times
Been thanked: 3 times

htpasswd - not working?

Post by loop »

Hi Everyone, i changed to "enable htpasswd" on my user and it's green and enabled. i also checked, there is a htaccess file on the server in admin

but whenn i access a admin/test.html for example (which is only a html and nothing else, only for testing) i do not get a htpassword question and i can execute the file.

normaly, if i put manualy a .htaccess file in the folder the full folder is secured with basic auth, do i get something wrong from the feature "enable htpasswd" from phoenixcart? i thought that the script makes a normal htpasswd entry with the username...

thank you for helping me understand this...
ecartz
Lead Developer
Lead Developer
Posts: 2637
Joined: Tue Nov 05, 2019 6:02 pm
Has thanked: 4 times
Been thanked: 181 times

Re: htpasswd - not working?

Post by ecartz »

There is nothing special about using "Enable htpasswd" from Phoenix. It just adds the lines to the .htaccess and .htpasswd_phoenix files. If you can access admin/test.html, then you are not protected by Basic Authentication.

Note that in order to use "Enable htpasswd" from Phoenix, your host has to allow you to use .htaccess files. If they have them turned off, you will have to password protect your directory separately. Your host can do this for you.

If you use the normal host version of password protection, it will store the passwords somewhere else. Phoenix won't know about it and will show the red X under protected by htpasswd unless you allow it to write to the .ht* files. Phoenix only knows about the files. It doesn't know about whether Apache is configured to use them or not.

It is possible to use your host's password protection with Phoenix. But if you do that, you will probably have to maintain the passwords yourself. Because Phoenix only knows about admin/.htaccess and admin/.htpasswd_phoenix. Your host probably does not store its passwords there. So changing the password in the Phoenix admin won't change the Basic Authentication password for the host. And changing the password in the host won't change the Phoenix administrator password.

If you set up your host to use the same username/password as Phoenix, then it will work regardless of whether Phoenix thinks htpasswd is enabled. Because Phoenix only looks at the files.
Post Reply