I'm having the some problems getting started here, although I've made some progress, so I figured I'd share what I've learned so far in case anyone else is stuggling. I could definitely use some help too, so if anyone out there can help, I'd appreciate it.

I finally got the module to find my password and group files, but it doesn't recognize users within Drupal groups when I tryo to link to files.

Maybe this module can't do what i want. The readme file and drupal home page for this module I think assume that the user knows more about .htaccess files and whatnot than most of us probably do. Could somebody tell me if I'm wasting my time here? I have a site with images of customers homes in it. I was able to password protect each person's pages using NodeAccess, but I don't like how anyone could view the pictures within those nodes simply by knowing what the url is for them, so I want them to be in a protected folder. I made my protected folder using Bluehost's cPanel (well, I made it with my ftp browser, then protected it with cPanel). Then I found the password files buried within a .htpasswd directory that contained subfolders for each protected folder. I added a group file to the same spot, and linked to it through the admin interface of my drupal site. It found both files - good. I also put an htaccess file within the root of the protected directory (which was located within sites/default/files/) that had the link to these files.

my htaccess file:

AuthType Basic
AuthName "protected"
AuthUserFile "/home/mysite/.htpasswds/public_html/test/sites/default/files/protected/passwd"
AuthGroupFile "/home/mysite/.htpasswds/public_html/test/sites/default/files/protected/group"
require valid-user

-------------

my group file:

authenticated: kyle

---------------

my passwd file:

Kyle:xxxxxxxxxxx (note it's an encrypted password, but i just didn't want to include it here)
-----------------

I tried adding a new role in drupal, but it never got added to the "group" file. I put in links to images:

<%a href="/sites/default/files/protected/1.JPG">sample relative link<%img src="/sites/default/files/protected/1.JPG" height="75" /> (without the "%")

but when I don't get a thumbnail, and when I click the link it prompts me for a password. When I put in my username and password, it doesn't recognize it even though I added the user after i enabled the module. I also tried adding a new role after enabling and adding the user to that role, but no dice.

All I want is the following: to be able to allow any authenticated user to be able to view any file within the protected directory. I don't want them to have to type in their password each time they want to see an image, and I want them to be able to see galleries taken from this protected gallery. Can I do that with this, am I wasting my time, and if not what am I doing wrong?

Also, can somebody make a "how to" guide for this module that walks things through a bit more? It took me nearly two days of tinkering to get it this far. Something written for the technically minded lamen like myself (and probably the bulk of drupal users) who doesn't necessarily know how to program would be ideal.

Comments

m.fu’s picture

m.fu commented

karchie1,

two points. First, if your images are in drupal, you can simply use the "private" method under Administer-> Site configuration -> File System. After that, the permission is also checked when accessing an attached file.

Second, configuring apache to request password will require users to enter a password, but this is separate from the drupal authentication. Hence, users will be request a username password twice, once in drupal a second time in the htaccess protected zone.

as for the configuration, the filename of htpasswd and htgroup must match between the htaccess file and the htpasswdsync configuration. Then update must be automated.

M.fu

karchie1’s picture

karchie1 commented

M.fu,

Thanks for the resonse. I've tried setting the file system to private, but it still allows me to view image files within the /sites/default/files/images folder directly by typing in the url. This is after clearing my termporary internet files and logging out of the drupal. Maybe there's something wrong with my installation - I did it through the cPanel of Bluehost (via simple scripts)... if setting this to private is supposed to solve the problem I'm having then something else is going wrong here that doesn't have to do with this module in any way. I'd still appreciate it if somebody could help me figure this out though - after reading through the forums, it seems a lot of people are having a hard time with this.

m.fu’s picture

m.fu commented

you have to move the files location to a location outside the web server document directory. For instance if your drupal installation is in
/xxx/home/webroot/drupal
you need to use something like
/xxx/home/data
otherwise it is directly accessible from the webserver.

c0psrul3’s picture

c0psrul3 commented

I have a use case where i would like a billing / member management system (outside drupal) to manage access through .htaccess/.htpasswd files. I'm very familiar with how this is accomplished currently.

However i am unclear by the use of the word "sync" in the README / drupal project homepages.

Will this module, on cron run, pickup new users and put them into the drupal user database?

From the way your docs are worded, it seems like this is built as a one-way synchronization from the drupal database. I am forced to use something that creates users in the drupal db, whether on cron run or whatever, FROM .htpasswd file (and maybe even have the option to delete them on removal).

I'm not too keen on how to build users in drupal programatically, but could probably hack it out in a day or so... unless this does it already?

TIA

m.fu’s picture

m.fu commented

c0psrul3,

sorry I missed your post.

HTPasswdSync will not achieve what you are looking for. If you would like to create you users in the htpasswd file and then let drupal use it instead of its own database you should look at:

http://drupal.org/project/webserver_auth

Cheers

M.Fu

stfwi’s picture

stfwi commented
Status: Active » Closed (works as designed)

Can be closed, the readme describes how the synchronization works.