I have a directory of files that need to be protected until I grant access to them via http:// on an ASP server elsewhere. If I use the CP to protect the directory, is there a way to ship the username and password to allow access to a file in the protected directory. Or Maybe my ASP file on the other server could talk to a PHP file on the 100megshosting for authentication?? I'm really unsure.:confused:

Yeah, you need to copy the .htaccess file to wherever you want to protect the directory (you'll have to edit the path to the password file)

You also need to transfer the pass file.

i understand the passwording.. what I'm wondering is, how do I allow my asp pages on the other server to deliver directory protected contents after the user has been authorized to recieve it. Do I pass a username password in the header? or should I right a PHP page to recieve handle it. It seems as though once I protect the directory using the control panel here at 100megs that is it, nothing in or out. (I'm such a newbie).

thanks.

You should be able to send the username and password in the url. It should look like

http://username:password@yourdomain.com/filename.

Hmm,

That didn't show up too well. I don't remeber how to over ride the smiley faces, but the :p should be a colon folowed by a p.

lol

But then the username and password is shown. I don't know if you want that.

The best way is to create a PHP login page, that stores your login into a cookie. Encrypt the password in the cookie using md5()

Then all you do is call the cookie from each page that you want encrypted. All you would need is to call the cookie, verify that the username and password is still correct by querying a text file or database. If the login is incorrect, then you redirect the person back into the login page. You can then update the text file or database to add more users.

I did this once for Abyss Joe. I can create one for you for a reasonable price.

You guys rock.. that's perfect... I have a final question for you... to save me the running around. Can I pass the username and password behind the scenes... I don't want to write in in the header.. actually.. perhaps I'll be using a an asp upload tool or something hummm.. now I'm thinking outloud. thanks again for your help.

I'm a little further a long in the development here. The situation is as follows.
1. Image content here at 100megs. in a password protected directory.
2. User using shopping cart on an ASP server makes a purchase.
3. I recieve approval of the purchase, then I give them a list of images they have just purchased (on the other ASP server), then they click on the links to the images and are given the high resolution images from my web space here at 100megs.

I don't want to create a bunch of indivdual users for the 100megs webspace. I just want to be able to control when to give the ASP server access to the content. I want to pass the master user name and password to the CGI protected directory and give them the content they purchased. Thanks.

So basically what your saying is - you have a secure area on your site with just one master username and password. Someone must purchase access to gain access to this secure area. But you don't want them to have their own username and password. Then you would have to give out the username and password to everyone. To be fully secure, each person needs a username and password. The server can't tell who a visitor is just by IP and hostname. That just lets the server know the computer's or network information. - not john smith or bob smith.

What you need is a mysql database with a list of users

it would look like this

username | password | name | email | status

eg.

porkroll | nanobug | Mark | email@domain.com | active

status checks to see if a username is active, deleted or suspended. If its deleted, well the information can be removed so your database ain't huge.

If you need something like this - I can create it for you. Each secure page will need about 10-15 lines of code to access the database and do a username/password check.

I see. Yeah, that sounds like the membership authentication I have going on the ASP server. Your solution is the most secure way. Can CGI talk to an MSacess database... or can a CGI page talk to an ASP page?. Lastly, the content I'm trying to deliver is an image.. is there anyway to ship the jpg's as things they download.. like they click a link then the image is downloaded to their machine.. because as is they will view the image in the browser which I don't want because the path is in the head. BTW, do you have a cost estimate on coding custom CGI pages?. Thanks again for your help. Maybe I should be picking up the CGI for dummies huh?.