Contact







03/08/2016

htaccessED

How to use .htaccess to secure admin pages

Well hasn't it been a busy summer? No Blog Posts can only mean one thing, lots and lots of work! The site has had a huge overhaul and not only on its front end! I've implemented a lot of backend PHP scripts to help dynamically load content for the site and to create an admin page which allows me to add content without going near a text editor. I can now log in securely to my admin page from any web browser and drop a new blog post, or update an old one, add a project or publish some of my work. All thanks to a little PHP and a new tool in my repertoire, .htaccess.As I mentioned in my last post 'No Front Without Back', I was looking to learn either some PHP or node.js. After speaking with some people in the business, I felt node.js would be a much harder mountain to climb, and with PHP having so much documentation and online support, it would be an easier route. The key was to remember that I'm a front end developer and although a grasp of backend languages is good, lets not run before we can walk eh? So I set about learning how to write JSON files to the server, then learnt about getting php to write html files and then how to get form data and have that put into said html files. File uploads were a stumbling block but with a little perseverance, I manages to get them down. Before I knew it, I'd written a page that writes its own pages. From there, with a little customisation, I had the backbone to my admin page.In truth, it wasn't as easy as that. Php seems easy to pick up, but difficult to master. A fair amount of trial and error went into the script and a ton of googling. Still, another flag down in the world of web development. Just another million or so to go! All this functionality meant nothing if I couldn't stop any old Joe from writing all over my page. That's where .htaccess came in. I had messed around with this before but never managed to get it working, partly due to the dodgy web hosting I was using before and partly due to my ignorance. The small amount of code I needed to write 2 files; a .htaccess file (to protect the admin page) and a .htpasswd file (to store the users and password), was a welcome change of pace. Let me screenshot my password file... Nah.