Ok I"m creating a private forum for my school but what I want to know is how to make  a guest who  tries to view the forum to make them have to either register or log in. And on the registration they have to put in a password. Ensuring only people from the school are actually trying to sign up.

The first part, stopping anyone from accessing the entire forum other than people with usernames and passwords you can check the setting "Disable Guest Access:" that will show only the login page when a user accesses the forum.

as for the only allowing your school folks are signing up I've got two suggestions, first, tick "disable guest registration" and then have a member of staff create their accounts. that's the safest way.

Other than that, this is a long shot, there is a mod called Assira which is designed to stop bots registering by showing images of cats and dogs and asking the user to tick all cats...

You could list pictures of people and ask the user to tick only the school teachers. In theory only the school staff/pupils would know that.. not as safe as the first option though...

i-CONICA

Ok thanks alot, I saw some of those things on the demo board and was wondering. How easy do you think it would be to make a mod where guests had to enter a password on registration?

Ah you mean so you could distribute that passkey to all your pupils and they can only register if they enter that key? It shouldn't be too difficult.

Lets see if anyone volunteers to make one?

i-CONICA

A quick fire simple way to stop anyone accessing any part of the forum even the registration form would be to use .htaccess and .htpasswd files. you'd create a username and password and they'd have the effect shown here

http://i-conica.net/pics/pics.htm

You'd enter username password and then if the above options are ticked then the first screen they'd see would be the registration screen.

It's worth adding that the .htpasswrd way isn't 100% bullet proof in security terms... But unless your protecting classified FBI information it should be ok... Security can be increased by various means though.

Depends what route you wanna go down though i suppose...

Ok that looks cool but how easy is it to add or do. I mean I'll be honest I know how to edit files, create forums, and to create banners/images and stuff but I don't know how to create files.

http://alexsantos.net/htpasswd.htm is quite useful, it will create and encrypt the username and password, You can set as many usernames and passwords as you like but from what i understand you just want one distributable password that can be given to all pupils so they can access the registration field or access the forum if they have already created an account.


There are usually two files. one .htpasswd file which needs to go in the root, directory of your host at the lowest point you have access to, this needs to be a place that isn't accessible via the web. so for instance...

chat.i-conica.net
downloads.i-conica.net
i-conica.net
i-conica.org
.htpasswd <<<
logs

as you can see that wouldn't be viewable from the web, only the contents of those subdomains are viewable. that's not so crucial though, as they are encrypted anyway. To improve security though. its best.

Then follow the instructions on the link above, that will help you create a .htaccess file to authenticate via said .htpasswd.

There may be a way via a mod this could be done, but if/when someone creates that.... This is a quick fix.

Hope that helps.

i-CONICA

Ok I'm attempting to upload them to my host..I'll let you know if it worked in like...5 min.:p

Ok I'm confused can the htpasswd file be outside the cgi-bin? and the htaccess goes where you have the main Blah.pl file right?

yeah. .htaccess should go in the same place blah.pl is.

the .htpasswd file the .htaccess file is pointing to needs to go in the lowest point you have access to. so if your document root is

/host/thishost/youraccountname/yourdomainname/

then you'd put the .htpasswd file in

/host/thishost/youraccountname/

because only the files inside /yourdomainname/ are viewable on-line. That makes the .htpasswd file more secure. Because it is in a place not accessible via the web. only accessible to other files on the server. i.e the .htaccess file.

If you post your root here. I'll have a go at suggesting a place if your still unsure.

Worth noting though. I'm guessing your on a Linux server? If your on a windows server (not likely) then we've both been wasting our time with this idea...

i-CONICA

Ok I put the .htpasswd file in the main root making sure not to put it in the WWW root and I put the .htaccess file with the blah.pl. I got this
Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Does it matter how I upload it or chmod it?

it should be uploaded in ascii but chmod wouldn't prevent it running, it's simply a set of rules rather than a script, it doesn't run or do anything, it's just a rule for the server to follow.

I just tried it on my forum, it worked fine, i created a .htaccess file containing the following text

Code AuthType Basic AuthUserFile /hsphere/local/home/mysiteftplogin/.htpasswd AuthName "Restricted Area" require valid-user

and put this in the forum folder, next to Blah.pl

Then the .htpasswd file was put in
/hsphere/local/home/mysiteftplogin/

that .htpasswd file contains simpily one line of text. this "me:$apr1$2RXUf...$oGfAZUGlu8uKmxagUJk5T0" (no quotes)
thats the username "me" and the password mememe encrypted.

I loaded my forum and was presented with the login box shown on the link on one of my original posts above. after entering the username and password the forum loaded.

Check all that is what you did.

Also check you named that htpasswd file .htpasswd because when you download the file created by that site, it doesn't put the . in place. making the path in .htaccess incorrect.

i-CONICA

ps. those files have been removed from my server now after testing it.

Thanks for all your help, but Martin says he'll create the mod by the weekend. You've taught me something new though thanks! lol

As i said it's a quick fix until/if someone creates a mod. The mod is beyond me though.

Martin saves the day! again...