Welcome to htprotect 0.0.1 !
============================



	Well, did you realize it? Yeah! It is pre pre pre alpha 0.0.0 version.
	What that means? You have the chance to be able to run it successfull :-)


	ok, seriously...



Files
=====
	
	README			you are reading it...         
	
	en.lang			english language definitions
	de.lang        		german language definitions
	lang.pl			a symlink to the current language definition file
	
	index.html     		a sample startpage
	
	manage.cgi     		the account maintain script
	new.cgi        		the account creation script
	mkp			password encryption utility (ELF binary)
	
	woanders.conf		sample configuration file
	functions.pl   		required function definitions
	
	sql			database table structure definition (valid SQL)

	htaccess.sample		sample .htaccess file



Installation
============

	Huh? Very complicated ;-)

	o unpack it. If you are reading this README, you have already done that.

	o create a directory under the document root of your customers web, or some-
	  where else.

	o create, if neccessary, an alias in your httpd.conf (under the virtualhost 
	  directive) or in srm.conf, i.e.:
		Alias /admin /home/customer/admin
	  this alias have not to be neccessarily within the document root. Say, the 
	  document root would be /home/customer/www, then you can install it to
	  /home/customer/admin. By creating the alias, the customer will be able to 
	  access it.
	
	o Turn the option ExecCGI on for this directory. Refer to the apache 
	  documentation for details, how to do it. Here my setup:
	  	<VirtualHost 10.10.33.5>
	  	ServerName www.woanders.de
          	ServerAdmin webmaster@woanders.de
	  	DocumentRoot /home/woanders/www
	  	ErrorLog /home/woanders/www.error_log
	  	CustomLog /home/woanders/www.access_log combined
	  	TransferLog /home/woanders/www.access_log
 		<Directory /home/woanders/www>
		  order allow,deny
		  AllowOverride AuthConfig
		  allow from all
		  Options All
		 </Directory>
		 <Directory /home/woanders/admin>
		  order allow,deny
		  AllowOverride AuthConfig
		  allow from all
		  Options ExecCGI
		 </Directory>
		 Alias /admin /home/woanders/admin/
		</VirtualHost>
	  Don't forget to restart the webserver or to send it a SIGHUP to make sure
	  it will use the new configuration.

	o make sure, the webserver is able to run the scripts. Check for permissions.

	o edit the config. You can call it however, as long as you edit the index.html
	  with the correct name. see below.
	  The path and URL parameters are very important, be carefull!

	o Choose you language. By default there exists a link called lang.pl pointing
	  to "en.lang". If you prefer german, you have to issue the following command:
	  rm lang.pl;ln -s lang.pl de.lang
	  Of course you can edit the language definition file as you like.

	o in the config you specified a .htpasswd file location. Now create this file.
	  Don't forget to check for permissions. Create it at the exact location as you 
	  specified, i.e. /home/woanders/.htpasswd.

	o Now create the .htaccess file in the directory you want your customer to be
	  able to protect. You can use the supplied sample htaccess.sample file, but you 
	  have to rename it to ".htaccess". Don't forget to edit it. The .htpasswd has to
	  point to the proper location. 
	  Note, that the "order allow,deny" + "AllowOverride AuthConfig" clauses are
	  required to use the apache functionality called "htaccess". If apache finds
	  under the document root (or the specified directory) a .htaccess file, it will
	  prompt the web visitor for a username/password and look in the specified
	  .htpasswd file for a matching combination.
	  Note, that the passwords used in .htpasswd are stored encrypted.

	o Now you have to create the database. Since there is currently only mysql supported
	  I only will point you to mysql :-)
	  Create the database:
	  mysqladmin create databasename
	  (The name of the database you specified in the config)
	  Now create the table structure:
	  mysql databasename < sql
	  ("sql" is the file containing the SQL-statements to create the table.)
	  Additionally you may need to check, if the webserver is able to read/write to this
	  newly created database (UPDATE, CREATE, DELETE). Refer to the mysql documentation
	  for further informations about permissioins on mysql databases.

	o last, edit the index.html. It must point to the correct URL's and you will need to
	  change the value of the "?config" parameter of the .cgi calls. Just open it, you'll
	  see.
	
	That should be all to do. Not that much, isn't it :-)



Usage
=====

	Try to connect to the system using the URL you configured, say:
	"http://www.woanders.de/admin/". (You will need to protect this directory itself
	as well, it's a good idea.

	You will be presented with two choices. Simply click on "Create a new account" and
	create a new one. After doing that, you could try to access to the protected directory
	using this account.

	You can change some values of every account from the management page. 

	Additionally you are able to set an account to "INACTIVE", which means, the user will
	temporarly not be able to use it ;-)

	


Future
======

	Tell me if find it usefull and I will proceed the development of the program(s).




TODO
====

	A lot of stuff needs to be done. Here a short list:
		o an installation script
		o more (much more) config options
		o more flexibility using templates or the like
		o using frames or something
		o configuration via browser (only customer related values)
		o possibility of maintaing multiple protected directories
		o oracle compatibility
		... (tell me)



Author
======

	Name:	Thomas Linden
	Email:	tom@daemon.de
	URL:	http://www.daemon.de



License
=======

	It is GPL. You should already got a copy of the GPL.
	Do what you want with the sources, just drop me a line, what you are planing.



Last Change
===========

	02.11.1999 MET Munich, Germany.




	 
