• Welcome to the Chevereto user community!

    Here users from all over the world gather around to learn the latest about Chevereto and contribute with ideas to improve the software.

    Please keep in mind:

    • 😌 This community is user driven. Be polite with other users.
    • 👉 Is required to purchase a Chevereto license to participate in this community (doesn't apply to Pre-sales).
    • 💸 Purchase a Pro Subscription to get access to active software support and faster ticket response times.

Password protect Chevereto

Rodolfo

⭐ Chevereto Godlike
Chevereto Staff
Administrator
This manual will help you to set up a password protected Chevereto, with the ability of display the uploaded images to non authorized users.

What does
Ask for user:password in .php and .js files, so if someone want to upload an image, he or she will need the permission to do this. And, this will no ask for user:password when someone wants to see an uploaded image.

Step by step HOW TO
Add this in your .htaccess
Code:
AuthName "Restricted Area" 
AuthType Basic 
AuthUserFile /home/full/path/to/thepasswordfile/.htpasswd 
AuthGroupFile /dev/null 
<Files *.php>
require valid-user
</Files>
<Files *.js>
require valid-user
</Files>

So, you can use any name in the AuthName, like "Who are you?" or "Please enter your user and password"... It's your call. In AuthUserFile you must put the full path to your user:password list (.htpasswd), The easiest way is to puth this file in the same place of the Chevereto instalation. You can get this path looking up the path bar of your FTP program.

Then create a .htpasswd file and copy the user:password in a new file named .htpasswd witch has to be uploaded to the path that you choose earlier.

And that is all... Now you have a password protected Chevereto... Wich can be used to a very personal or selected usage. You can set a lot of users in your .htpasswd file, one user:password per line and you are ready.

;)
 
Thanks.

This would help for restricting non-authorized users from viewing a particular directory. But a complete User account system would be really helpful. With the ability to have users that can login, upload images, view all their images, delete them, etc.

Like discussed here: http://chevereto.com/foro/post677.html
:)
 
Not really... This ask for user:password in order to use any .php file, not a directory. So no one can upload without the right user:password but anyone can see the uploaded images (if they have the url). It's closer to your suggestion, but your suggestion has a lot more of minerals and work to do.

Look a this, a password protected Chevereto:
http://dev.chevereto.com

But, you can see this image... and even show it right here.
304.jpg


So, if you want a personal image host to share with the world and easy set up who can upload, this is for you.
 
I put this htpasswd file in the same place of my Chevereto installation

I added your code into the .htaccess file supplied like that...

Code:
<Files ~ "^\.ht">
order allow,deny
deny from all
</files>

ErrorDocument 400 /index.php?p=400
ErrorDocument 401 /index.php?p=401
ErrorDocument 403 /index.php?p=403
ErrorDocument 404 /index.php?p=404
ErrorDocument 500 /index.php?p=500
ErrorDocument 503 /index.php?p=503

AuthName "Restricted Area" 
AuthType Basic 
AuthUserFile /my-patch/.htpasswd 
AuthGroupFile /dev/null 
<Files *.php>
require valid-user
</Files>
<Files *.js>
require valid-user
</Files>

But... 500 Internal Server Error !
Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@register.it and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Please! could you tell me why ?
 
i had the same problem at one of my recent hosts:

Some hosts are handling the htaccess requests through their sql databases.
Add the following code to the htaccess and try again:

Code:
Auth_Mysql off

solved my problem ;)
 
jashsayani said:
Thanks.

This would help for restricting non-authorized users from viewing a particular directory. But a complete User account system would be really helpful. With the ability to have users that can login, upload images, view all their images, delete them, etc.

Like discussed here: http://chevereto.com/foro/post677.html
:)
I am currently working on something like that :).

But I have run into a few problems mentioned here:
http://chevereto.com/foro/post1633.html
 
Code:
AuthName "Restricted Area" 
AuthType Basic 
AuthUserFile /home/full/path/to/thepasswordfile/.htpasswd 
AuthGroupFile /dev/null 
<Files *.php>
require valid-user
</Files>
<Files *.js>
require valid-user
</Files>

it's cool, I can see the uploaded direct images but...
When I click on thumbnails a can't see viewer (it's restricted area). How to fix it?
plz help :(
 
OK I find out, in index.php replece:

Code:
<input tabindex="2" value="[url=<?=$URLvim?>][img]<?=$URLthm?>[/img][/url]" onclick="this.focus();this.select();"

>>>>

Code:
<input tabindex="2" value="[url=<?=$URLimg?>][img]<?=$URLthm?>[/img][/url]" onclick="this.focus();this.select();"

No viewer - no problem :p
 
Hi. Can someone help me pls. I cant get this to work.

I placed my .htpasswd file on the same folder where I uploaded the chev files.

I tried these two .htaccess files and it did not work.

I get 404 error with this:

Code:
<Files ~ "^\.ht">
order allow,deny
deny from all
</files>

ErrorDocument 400 /index.php?p=400
ErrorDocument 401 /index.php?p=401
ErrorDocument 403 /index.php?p=403
ErrorDocument 404 /index.php?p=404
ErrorDocument 500 /index.php?p=500
ErrorDocument 503 /index.php?p=503

AuthName "Restricted Area" 
AuthType Basic 
AuthUserFile /.htpasswd 
AuthGroupFile /dev/null 
<Files *.php>
require valid-user
</Files>
<Files *.js>
require valid-user
</Files>

And i get "Internal Server Error" when i add "Auth_Mysql off ":

Code:
<Files ~ "^\.ht">
order allow,deny
deny from all
</files>

ErrorDocument 400 /index.php?p=400
ErrorDocument 401 /index.php?p=401
ErrorDocument 403 /index.php?p=403
ErrorDocument 404 /index.php?p=404
ErrorDocument 500 /index.php?p=500
ErrorDocument 503 /index.php?p=503

AuthName "Restricted Area" 
AuthType Basic 
AuthUserFile /.htpasswd 
AuthGroupFile /dev/null 
<Files *.php>
require valid-user
</Files>
<Files *.js>
require valid-user
</Files>
Auth_Mysql off

I'm using v1.91 Many thanks
 
Back
Top