Techno Trade Logo
.htaccess Password Protector

Version 3.0 released !

Click here to visit the new .htaccess manager site

Description     This script is used to manage multiple usernames/passwords for .htaccess/.htpasswd directory protection. This works with the apache web server (tested on Unix systems) and can be used to handle multiple password protected directories. In addition to storing the username and encrypted password, you may add additional info for users such as name, e-mail and comments to help you manage who has access to your "members only" web site. Users can be notified via e-mail when you add them to the user list and when you modify their password. Also generates what your .htaccess file should look like for the directory you're about to protect.

New Features
  • Batch import a list of users either from a file or copy/paste
  • Extract a list of e-mail addresses for your members
  • Generates .htaccess files for apache, zeus and Cobalt RAQ servers
  • Notifies users via e-mail after adding them as members.
How it works Everything is done through the admin.cgi script
The values that need to be changed in the script are :
  1. $formloc = ""; Where the script is located
  2. $basedir = "/users/home/myname/htdocs/"; full path to the root directory where the member directories will be located in
  3. $correctpass = "aaqPiZY5xR5l."; Encrypted password
  4. $htpasswdname = ".htpasswd"; Name of file where user data is stored (can be anything)
  5. Remaining variables such as Admin name, admin e-mail address etc. are commented in the script

The script only needs to be run by the Administrator, the web server takes care of the rest by looking for a .htaccess file in the password protected directory then seeing what data file it points to for the usernames/passwords.

Demo Admin Script : username is test , directory is set to secure for demo purposes

Admin Script with password/directory : Or you can bookmark your admin script directly so you don't have to enter the password/directory each time

Feel free to add/delete/modify users in the database

Secured Page : After you've tested the admin script and added a username/password, try accessing a page in the password protected directory

Script Price $50
Script Price
With Installation to your server

Go To : Secure Order Form

Also included when you purchase the .htaccess Password Manager
  • Pixel Logger : logs the date, time and username of people who access your members page by hiding a pixel.cgi script in an IMG SRC tag. New features include logging to daily files and even being notified via e-mail or ICQ when a member logs in to your site. Try the demo to test it out!

  • First you need to modify the script's variables to match your web site (see above : $formloc, $basedir, $correctpass)
  • Upload the admin.cgi script to your root directory or a /cgi-bin folder (in ASCII mode)
  • chmod admin.cgi to 755 See the FAQ page for help on chmod'ing
  • Next, to run the script, just pull it up in your browser
  • You will then be prompted to enter your password and the directory you wish to protect.
  • For some web servers where your cgi scripts run as user nobody (or similar) you may have to upload a blank .htpasswd file in the password protected directory and chmod it to 666.

Q & A

  • Does my server support .htaccess ?
    In the majority of cases, if it's unix and runs the apache server then yes. The best way to find out is by uploading a .htaccess file to a subdirectory on your server then access it with your browser and see if it asks you for a login.

    • Here's one you can use on your site : .htaccess upload this file to a directory on your server (in ASCII mode), example : then rename it to .htaccess (yes, that's a period infront of "htaccess")
    • Then using your browser, go to If you're prompted to enter a username and password, then it will work!

  • After a member enters their username/password to the protected directory, do they need to re-enter it each time they access a new file ?
    No, the way .htaccess works, is it protects all files in the directory it is in. So once a user is authenticated, they have access to everything in that folder. But if a user bookmarks a page in the secure area, they will be required to re-enter the user/pass if they shut down their web browser and restart.

  • Can I protect multiple directories with the same list of users ?
    Yes, in this case, you would have the admin.cgi script only manage one of the directories for you, then all you would need to do is copy the same .htaccess file over to the new directory you want to protect. If you look in the .htaccess file, it says right there the full path to the .htpasswd file it will look for to authenticate users AuthUserFile /home/secure/.htpasswd.

  • Can I protect multiple directories with a different list of users ?
    Yes, in this case, you just run the admin.cgi script and tell it to refresh to a new directory to access that list of users. By doing this, each directory will have its own .htpasswd and .htaccess file.

  • How do I configure the e-mail that is sent to members ?
    When you add a new user, you have the option of sending them an e-mail with their new username/password (saves you the time of having to do it manually each time). There are 4 variables in the admin.cgi script that control what is sent :
    • $emailfrom : This sets the FROM: part of the e-mail, just type in your name and e-mail address here. Be sure the e-mail address has a \ before the @
    • $emailsubject : Sets the subject of the e-mail "Thank you new member"
    • $emailtop : The text that will appear at the top of the e-mail (before username/password)
    • $emailbottom : The text that will appear at the bottom of the e-mail (after username/password)

  • How do I add a long list of users at once (instead of adding them one at a time) ?
    This is what the Manual Import feature does. After running the script, scroll down to "Manual Import" and you'll see a large TEXT box, this is where you can copy/paste your list of users.
    Format is : username, password, name, email, comments
    Each field is separated by a comma, the script will automatically check for duplicates, valid usernames and valid passwords. You can even skip some fields such as the name, email, comments. Let's say you have a list of username,password,email then the data you copy and paste will look like :
    Notice the 2 commas after eachother, this tells the script that the name field will be blank.

  • Will this script work on NT server ?

  • I don't know anything about CGI, chmod etc. can I still use it ?
    Not a problem, we have an "install" price where we load the script on your web site. When you place your order, be sure to provide your URL (http://....) ftp username and password.