# Simple download site: Requesting password before access



## Omega_Shadow (Aug 2, 2004)

Long time no see guys. I have come across a problem I can not solve and need to rely on your wisdom one more time.

I have made a simple webserver out of my home computer using apache 2.0.54 on a linux system. Currently I can access this server online and see all the directories in an "index of /" page. This is sort of the end result I want, except I want to password protect the page so no one can see these directories apart from my friends and I. Be it simple html or php, I need this password protected. Does anyone have any suggestions on how to do that?


----------



## harmor (Mar 15, 2007)

This is all in the same PHP file


```
<?php

$password = "pass";

if(empty($_GET['do']))
{
  $_GET['do'] = "main";
}

if( $_GET['do'] == "main")
{

  echo "
Password: 
";
}

if($_GET['do'] == "download")
{
    if(empty($_POST['password']) OR $_POST['password'] != $password)
    {
       die('You did not enter the correct password');
    }

//the code that you use to have the users select what they want to download
}

?>
```


----------



## MMJ (Oct 15, 2006)

.htaccess would probably be the easiest for you.


----------



## Sequal7 (Apr 15, 2001)

I agree with MMJ, you should use .htaccess and .htpasswd to protect the directory.
The code harmor supplied is good to protect the downloads if that is what you wanted, but I think you want to lock peeps out of your servers root. The problems with php is that they have access to your server,and can randomly look for files by typing the names in the web address, also, unless your files are encoded they will be able to get them too once they learn the files system

here is a simple script that will generate it for you, and here are the directions on how to place it on your server.


----------



## haswalt (Nov 22, 2004)

Alternatively, if you have cPanel hosting there is an option on there to password protect a directory. If you knowledge is good enough (or try looking on hotscripts) you can get a script that uses files that are hidden and then creates a link to that files, which is only valid for say 30 days and gives it to the user once thay have logged in.


----------

