My OWN free TryWare: Windows 8, 7 and XP - PHP-HtPasswd

I want to password protect some files only in one particular webfolder on my website, lets call it SeoProtect, so I have 2 webfolders, the first with total free access around the world, lets call it Seo, and the second called SeoProtect, is the only webfolder that I want password protected.

I’m using the EzGenerator (EZG) webeditor to create and upload everything on my website, except the files in the SeoProtect webfolder, which I uploads using a FTP connection in FireFox, because I uploads these files without being near my own computer. EZG has a perfect PHP solution to password protect the webpages, files, movies and pictures in the SeoProtect webfolder using their "EZG PHP Online Admin system" (EZG PHP).

So all my EZG created urls in the free webpages in the webfolder called Seo, to these files in the SeoProtect webfolder, is password protected by EZG PHP, so that’s no problem.

But if anybody can guess (or google from other of my payed users) what’s the unique url is to these webpages in the SeoProtect webfolder, then anybody will get access without being prompted by my EZG PHP password.

So if they knew the unique url to http://www.tryware.dk/SeoProtect/<filename>, they will get access without password.

I could try to make sure, that search engine webcrawlers didn't get access to these files in the SeoProtect webfolder, so nobody would be able to find it using e.g. Google.

I’ve made an index.html file in the SeoProtect webfolder, with meta tags to restrict most search engines webcrawlers

<HTML> <HEAD> <META http-equiv="REFRESH" content="0; url=http://www.tryware.dk"> <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW, NOARCHIVE, NOSNIPPET, NOOPD, NOIMAGEINDEX, NOTRANSLATE"> <TITLE>www.tryware.dk</TITLE> </HEAD> <BODY> This website is under construction </BODY> </HTML>

and I also made a robots.txt file located in the root folder of my webserver to restrict the searchengines webcrawlers,

User-agent: * Disallow: /accountprotect/

because that’s where the search engines webcrawlers is looking for them, and I hided the SeoProtect webpages from my Sitemap.

And I can't solve this issue if I use my FTP editor to password protect the SeoProtect webfolder or the files using e.g. 0750, so I only needed to have 1 logon using EZG PHP protection, because the group and admin (me) fileattributes have the same ID, and webfolder attributes must always be 0755, so there's only the file attributes to deal with, and the url's in the Seo webfolder won't work if I use 0750 on the files in the SeoProtect webfolder.

You can of course pay for solutions to that, but these solutions is very expensive, so my only free solution is to use an extra password protected logon to these webpages in the SeoProtect webfolder:

• The first logon protected by "EZG PHP" for the webpages in the SeoProtect webfolder, so urls pointing from the Seo webpages to the webpages in the SeoProtect webfolder is password protected.
• The second logon is protecting the SeoProtect webpages using .htaccess and .htpasswd files in the SeoProtect webfolder

;Version=1.0.0.0

;

; © Copyright 2012: IT-Programmer J. Malmgren, www.tryware.dk, version 1.0.0.0, Oktober 2012.

;

; *** IMPORTANT - IMPORTANT - IMPORTANT - IMPORTANT - IMPORTANT  - IMPORTANT- IMPORTANT

;      DON'T CHANGE THE FIRST LINE ABOVE, BECAUSE IT'S PART OF THE AUTOMATICAL ALERT TO YOU,

;      IF THERE'S A NEW BUILDS READY ON MY WEBSITE. IF YOU CHANGE OR DELETE THIS LINE, YOU

;      WILL BE ALERTED ABOUT A NEW BUILD READY, EVEN IF THERE ISN'T ANY!

; *** IMPORTANT - IMPORTANT - IMPORTANT - IMPORTANT - IMPORTANT  - IMPORTANT- IMPORTANT

;

; Please don't remove my remark lines, and please be carefull and read my detailed syntax

; descriptions below before changing anything. You can run W7-PHP-HtPasswd.exe silent using

; -silent as a command line switch. If settings file syntax is wrong, I normally can force

; using of my builtin default settings, but in this particular settings file, it's only

; examples, that can't be used without modification. If so, W7-PHP-HtPasswd.exe will termi-

; nate with an error shown in a logfile located in the C:\ITD\TrywareDk\W7-PHP-HtPasswd\Log

; folder

;

; If spaces is part of the settings value below, then please use   <space>

;

; IMPORTANT: As told below, you must change some words in the W7-PHP-HtPasswd-Email.txt file,

;                   and please note, that my solution might NOT work in other scenarios than

;                   EZG's PHP, and a Apache webserver, as I've tested it on my own website

;                   hosted by www.one.com

;                   PLEASE NOTE THAT THE MAX. NUMBERS OF ACCOUNTS IN .htpasswd IS 1.000

;

;                   If this file doesn't work, just delete it, and it will automatically be

;                   produced again with my default settings examples and remark lines   ;O)

;

; © Copyright 2012: IT-Programmer J. Malmgren, www.tryware.dk, version 1.0.0.0, Oktober 2012.

;

[FTP]        <------------------------ Run with these SETTINGS FILE values -----------------

FtpUsername=<YourFtpLogonName>

FtpPassword=<DontSpecifyItWillBeEncryptedByMeLater>

[PHP]

PhpAdminPath=ftp://ftp.<website>.com/<subfolder>

PhpAdminFile=<OnlineAdminFileName>.php

PhpSynUsername=username

  PhpSynUnameSepBegin=username="

  PhpSynUnameSepEnd="<space>password

PhpSynPassword=password

  PhpSynPwSepBegin=password="

  PhpSynPwSepEnd="><access_data>

PhpSynEmail=email

  PhpSynEmailSepBegin=email="

  PhpSynEmailSepEnd="<space>name=

PhpSynFirstName=name

  PhpSynFnameSepBegin=name="

  PhpSynFnameSepEnd="<space>sirname="

PhpSynLastName=sirname

  PhpSynLnameSepBegin=sirname="

  PhpSynLnameSepEnd="<space>sr="

[WEB]

WebOnlineAdmin=http://www.<website.com>/<EzgPhpOnlineAdmin.php>

WebsiteExplain=http://www.<website.com>/<ToolNameIndex.php>

[Tool]

ToolName=<ToolName>

ToolUrl=<ftp://ftp.<website.com>/<subfolder>

[Email]

SmptServer=<YourEmailServerUrl or ip-number>

SmptFromName=

SmtpFromAddress=

SmtpSubject=Account activation for the %ToolName% webpages

SmtpHelo=<Optinal>

SmtpFirst=<Optinal>

SmtpLogonName=

SmtpPassword=<DontSpecifyItWillBeEncryptedByMeLater>

; ----------------------------------> Syntax Descriptions <----------------------------------

;

; [FTP]

; FtpUsername: The username to your FTP server.

; FtpPassword: The password to your FTP server. Don't write anything here, because you will be

;                  prompted, and I'll encrypt your password here.

;

; [PHP]

; PhpAdminPath: Path to your PHP online protection file, e.g. http://www.<website.com>/ezg_data

; PhpAdminFile: Filename of your PHP online protection file, e.g. centraladmin.ezg.php, located

;                   in the PhpAdminPath

; PhpSynUsername:       The syntax name for username in PhpAdminFile

;    PhpSynUnameSepBegin: The characters before PhpSynUsername

;    PhpSynUnameSepEnd:   The characters after PhpSynUsername

; PhpSynPassword:       The syntax name for password in PhpAdminFile

;    PhpSynPwSepBegin:    The characters before PhpSynPassword

;    PhpSynPwSepEnd:      The character after PhpSynPassword

; PhpSynEmail:          The syntax name for email address in PhpAdminFile

;    PhpSynEmailSepBegin: The characters before PhpSynEmail

;    PhpSynEmailSepEnd:   The characters after PhpSynEmail

; PhpSynFirstName:      The syntax name for first name in PhpAdminFile

;    PhpSynFnameSepBegin: The characters before PhpSynFirstName

;    PhpSynFnameSepEnd:   The characters after PhpSynFirstName

; PhpSynLastName:       The syntax name for last name in PhpAdminFile

;    PhpSynLnameSepBegin: The characters before PhpSynLastName

;    PhpSynLnameSepEnd:   The characters after PhpSynFirstName

;

; Example: Your PhpAdminfile usually have a very long line with lots of information, and it

;              could look like this:

; <user id="1" username="user1" password="$1$5FNtqjgerjqTg$Ws9dk..a87xMJ//bA/WCF/"><access_data>

; date="1348327810" email="jmalmgren@tryware.dk" name="Jorgen" sirname="Malmgren" sr="1"

;

;              If so the settings about the user account above must be:

;                  PhpSynUsername=username               (the word between id="1"  and ="user1")

;                     PhpSynUnameSepBegin="<space>       (the " after user id="1)

;                     PhpSynUnameSepEnd="                (the " after ="user1)

;          

;              If your PhpAdminfile looked like this:               <user id="1" uname="user1"

;              Your settings about the user account must be:

;                  PhpSynUsername=uname

;          

;              So the 3 Php Uname settings describes how I can find/copy/paste e.g. the "user1"

;              value e.g. using a Script function Mid(PhpAdminFile,x,y), where x is the

;              PhpSynUnameSepBegin position, and y is PhpSynUnameSepEnd - PhpSynUnameSepBegin

;

; [WEB]

; WebOnlineAdmin: The HTTP url to your PHP Online Admin, where you can manage your users, e.g.

;                     http://www.<website.com>/documents/centraladmin.php?process=manageusers

; WebsiteExplain: The HTTP url to your ToolName service's index webpage, where your users

;                     starts finding the urls to the .htpasswd protected webfolder, like e.g.

;                     http://www.<website>.com/<ToolName>/index.html

;

; [Tool]

; ToolName:       The name of the service you are selling, like e.g. SEO

; ToolUrl:        The FTP url to your ToolNames webfolder, where you want me to create/modify

;                     .htaccess and .htpasswd files, so your webpages in that webfolder is

;                     protected

;

;                      Please note that ToolName is used as %ToolName%, and ToolUrl is used as

;                 %ToolUrl%, and that WebsiteExplain is used as %WebsiteExplain% in the email,

;                 that's sent to the enduser. You can find/modify the email message in the

;                 W7-PHP-HtPasswd-Email.txt file, located in the

;                 C:\ITD\TrywareDk\W7-PHP-HtPasswd\Ini folder, and before you use it the first

;                 time, you MUST change the last lines about accept, payment and the lines after

;                 sincerely. Please note that it's not the txt file I attach when emailing to

;                 the enduser, because I copy/paste the content of the txt file to the email

;                 message, and "converts" the %% with the simular values in this settings file

;

; [Email]

; SmptServer:      Your Email SMTP Servers Url or ip-number, like e.g. send.one.com

; SmptFromName:    The name shown in endusers inbox, like e.g. your support-department or name

; SmtpFromAddress: Your email address, used as sender, but not usable for the enduser to reply

; SmtpSubject:     Example: Account activation for the %ToolName% webpages

; SmtpHelo:        <Optinal> If your SMTP server needs it, it could e.g. be your computername

;                      and in some cases preceded with EHLO

; SmtpFirst:       <Optinal> If your SMTP server needs it, it could e.g. be {SPACD} or -1

; SmtpLogonName:   The user account you use to logon to your SMTP server

; SmtpPassword:    The password to your SMTP server. Don't write anything here, because you will

;                      be prompted, and I'll encrypt your password here.

These 3 first lines isn't used. If this file doesn't work, just delete it, and it will automatically be produced
again with my default values, so you MUST change the last lines about passwords, accept, payment and
the lines after sincerely  ;O)

Dear %PhpSynFirstName% %PhpSynLastName%

Thank you for being a member of our %ToolName% webpages at %ToolUrl%

We use 2 different password protecting security systems, and you have created your username and
password in the #1 system, but you can't create your username and password in the #2 system.
We do that for you, so now your passwords are:

#1 system: Your password isn't changed

#2 system: Your password is identical with your #1 password

We use 2 systems, because our %ToolName% is located in 2 different webfolders:

#1 systems webfolder: Contains %ToolName% webpages with urls pointing to webpages in #2 webfolder.
                               The %ToolName% webpages isn't protected, it's only the url's thats protected when
                               being redirected to the webpages in the #2 webfolder.
                               The #1 system can't fully protect the webpages in the #2 webfolder.

#2 systems webfolder: Contains the webpages in the #2 webfolder, that you have purchased license to.
                               The #2 system fully protects the webpages in the #2 webfolder, but can't protect
                               the redirection of the url's in the webpages located in the #1 webfolder.

Both your password to the #1 system and the #2 system works until you logoff the %ToolName%'s
webpage, or closes your browser.

But you can consider to let your browser remember the password to the #2 system using a cookie, but
that's not possible with your #1 system's password. You can read more about how to do that on our
website at %WebsiteExplain%, so you only need to login with the password to the #1 system.

IMPORTANT: Please note, that your account doesn't work, before you have received another email from us,
about accepting the account that you created, and we don't do that before we have received a valid
payment for our %ToolName% service. And please don't reply to this email, because it's written/sent
automatical by our #1 security system, and we don't get or see any response..

Sincerely

<your name>

<your job title>

<your company>

<your department>

<your street name and number>

<your post number and town>

<your country>

<your phone number>

<your email address>

<your website>