Protecting forums with htaccess and using its passwords to login in minibb

Hello,

I want to use minibb in a private way, so that only my users (only a handfull) can see it.
I want to use htaccess (unless there is another way) to completely protect the forum from strangers. But I also want to simplify the login, because the users are not much into computers..

I would like the users to automatically be logged in by using their login/pass in the htaccess.

I know how to put all the login/passwords in the htaccess/htpasswd files, but how do i pass this info to minibb to do the login in the forums ?

I found this somewhere :
$_SERVER['PHP_AUTH_USER']
$_SERVER['PHP_AUTH_PW']

to get the login/pass from the htaccess login, but how do i use it for minibb ?

Thanks :)

It's a big programming task having deep custom level.

Whatever you need to do first, is to generate .htaccess somehow basing on user information coming from mySQL database. This data should be some how synchronized. miniBB can't work without users database.

Then pay attention to bb_cookie.php file of miniBB and its functions. Currently, functions are tied up to work with cookies. So you need to implement code to work with $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'], i.e. comparing these values with those specified in database.

hmm.. ok, seems hard, as for the database, the users will give me their name/passwords and i'll sign them up myself in the forum, so they will be in the database.

The only thing is that they now have to enter their login/pass twice, once for htacces and then for minibb, i was just wondering if they could be directly logged in to the forum thanks to the name/pass they enter for htaccess..

Yes, like I mentioned - you should program a script which will generate and put .htaccess regarding what is inside of your users database. That's the only possible approach.

However here you have another problem - all passwords in miniBB are MD5-encoded, so you can't get them easily for building such a list. Most probably, you would need to program an add-on, which inserts line in .htaccess as soon as you register the user. Quite a complicated task if you don't know the structure of miniBB. But I guess that's possible. You only need to know how Apache stores its .htaccess passwords.

Basically, I just don't understand, why do you need both ways of authorization? One default would be enough even for newbies.

you mean, the same password for everyone for the htaccess and then the individual one for the forum ?

Yes, i thought of that, but that would mean 2 different logins and passwords to enter the system, which for the target users (some at age of retiring soon) a bit too much.. I really want to simplify the login process.. if you have any other idea... :)

Basically, what i need is :

- Only a few selected people can access and see the forums
- Login has to be ultra easy


Thanks again for the help

It's a custom solution. We provide such for a fee only.

No, you don't need 2 .htaccess files. What I mean, the .htaccess should be generated by some other script which puts the data based on what is put under users table. Then the authorization script (bb_cookie.php) should also parse and take this data into consideration.

In other words, it's a task for a very experienced coder ;-)