Password Protected Webpage error with wrong password

Avatar
  • updated
  • Answered

I just added password protection to a few directories on my website, however, when I test it and enter a wrong password, I get an error screen that takes me away from my site. Is there a way to more graciously handle the wrong entry, like returning to the signin and or invalid signin message and return to the form? 

Pinned replies
Avatar
anonymous
  • Answer
Quote from lewis stevens

Thanks for the info, not going to pursue a payware solution, on a budget.

Hi Lewis, good news! I discussed this issue with one of our senior technicians and learned of a way to do this that I was not previously aware of. If you add a line like the below to your .htaccess file

ErrorDocument 401 /unauthorized.html


Then, you can redirect to a custom error page. In this example, that is an html page named unauthorized, which you would then need to code yourself and place in your site directory, but you can use this to either send users to a nicer page if they type the wrong password, or even put in a redirect from that page back to the homepage. 

Also, the passwords for this are are stored in ~/.htpasswds/. 

Hope that helps! 

Avatar
lewis stevens

Yep, he is correct. I already found this in your online documentation. Took some digging and using the correct terminology, but I found it. I added a 401.html page which basically does the same.


I appreciate your additional searching and asking, however. Thanks.

Avatar
anonymous
  • Answer
Quote from lewis stevens

Thanks for the info, not going to pursue a payware solution, on a budget.

Hi Lewis, good news! I discussed this issue with one of our senior technicians and learned of a way to do this that I was not previously aware of. If you add a line like the below to your .htaccess file

ErrorDocument 401 /unauthorized.html


Then, you can redirect to a custom error page. In this example, that is an html page named unauthorized, which you would then need to code yourself and place in your site directory, but you can use this to either send users to a nicer page if they type the wrong password, or even put in a redirect from that page back to the homepage. 

Also, the passwords for this are are stored in ~/.htpasswds/. 

Hope that helps! 

Avatar
lewis stevens
Quote from anonymous

Hi Lewis, I removed the link for your privacy after I took a look at your site. I get what you're trying to do now, and the downside is that you've hit a point where moving beyond the current level of complexity will require you to either 1) custom code a solution, including security features, or 2) find an affordable off the shelf solution. I don't know how familiar you are with WordPress, but there's an add-on a colleague recommended to me for this scenario: the Restrict Content Pro plugin. I don't know if I'd jump right to that, but that should give you an idea of what one possible solution looks like. 

It seems to me that the server side should handle the "Cancel" function a little better. The password processing, both correct and incorrect function, works fine, it is just the "Cancel" How much code is involved in returning the user to the previous page or the home page? Where is the password file located? it does not show up in a search using normal field like .htpasswd or .htpassword.

Avatar
lewis stevens

Thanks for the info, not going to pursue a payware solution, on a budget.

Avatar
anonymous
Quote from lewis stevens

Hi Ronnie,

Yes I am using cPanel's directory privacy to password protect a set of webpages with documents I( only want officers to be able to pull up. I have added a user and all works well unless you hit "Cancel" in the form. since there is no html code in the .htaccess file and I can't locate the .password? file I have no idea how to gracefully send the user back to the home page.  Just in case, the site is: ... on one of the servers.

Hi Lewis, I removed the link for your privacy after I took a look at your site. I get what you're trying to do now, and the downside is that you've hit a point where moving beyond the current level of complexity will require you to either 1) custom code a solution, including security features, or 2) find an affordable off the shelf solution. I don't know how familiar you are with WordPress, but there's an add-on a colleague recommended to me for this scenario: the Restrict Content Pro plugin. I don't know if I'd jump right to that, but that should give you an idea of what one possible solution looks like. 

Avatar
lewis stevens

Hi Ronnie,

Yes I am using cPanel's directory privacy to password protect a set of webpages with documents I( only want officers to be able to pull up. I have added a user and all works well unless you hit "Cancel" in the form. since there is no html code in the .htaccess file and I can't locate the .password? file I have no idea how to gracefully send the user back to the home page.  Just in case, the site is: ... on one of the servers.

Avatar
anonymous
  • Answered

Hello! It sounds like you are using cPanel's directory privacy feature, or perhaps directly modifying the htaccess file to password protect the directory. While these are effective, they do favor simplicity over user experience as you've pointed out; an improper password simply prevents the server from returning anything in that directory. Unfortunately, a more user friendly error message is going to require custom code, and probably a different approach to site-building. 


If you describe a bit more about what you're trying to do, though, I'm happy to suggest other site building tools if anyone on the team knows of one that fits your use case. I hope that helps!

Avatar
lewis stevens

I tried to correct the above post, but could not see how. The problem is when I enter the wrong info and hit submit, it does return with the sign-in form, but when I hit "cancel" I get the error and not returned to the home page.