Adam Kalsey

This is the blog of Adam Kalsey. Unusual depth and complexity. Rich, full body with a hint of nutty earthiness.

Content Management

Password protect your blog

14 Aug 2004

I’ve got a new project, let’s call it Project X, and one of the things I needed to do was set up a password-protected blog on an existing installation of Movable Type. Everyone that has a user account in MT needs to be able to view the blog. I also needed to use basic HTTP authentication so that the RSS feed could be password protected but still be accessed by feed readers that know the password.

I created a single PHP file that is included at the top of each page in the blog, including the RSS feed. In order to get the PHP included, each page needs to be processed by PHP. You’ll need to use all .php file extensions (even for the RSS) or get your Web server to process HTML and XML files for PHP as well. (See the end of this article for information on doing that in Apache.)

Your Web server will now ask for a username and password before it will serve any page that includes the file. The username and password are then checked against MT’s database to see if you have the correct credentials. If you do, you won’t be asked to log in again until you close your browser.

Read on for the code. Keep in mind that this only works if you are using MySQL for a database, use PHP to output your site, and want your blog to be available to any user who can log into your copy of MT.

<?php
is_user_valid();

function is_user_valid() {
     $auth=false;
     if (isset( $_SERVER['PHP_AUTH_USER'] ) && isset($_SERVER['PHP_AUTH_PW'])) { 
  		$db=mysql_connect ("localhost", "yourusername", "yourpassword") or die ('I cannot connect to the database.');
  		mysql_select_db ("yourdatabase"); 
  		$sql = "SELECT author_password FROM mt_author WHERE author_name = '".mysql_real_escape_string($_SERVER['PHP_AUTH_USER'])."'";
  		$result = mysql_query($sql) or die ("Bad query");
  		while ($row = mysql_fetch_array($result)) {
   			$real_pass = $row['author_password'];
   		}
  		if (crypt($_SERVER['PHP_AUTH_PW'], substr($real_pass, 0, 2)) == $real_pass) {
   			$auth = true;
   		}
      } 
     if (!$auth) { 
          header( 'WWW-Authenticate: Basic realm="The hidden Blog"' ); 
          header( 'HTTP/1.0 401 Unauthorized' ); 
          echo 'Authorization Required.'; 
          exit(); 
      } else { 
          return true; 
      } 
}
?>

To get Apache to run HTML and XML files as PHP just add the following to your .htaccess file…

AddType application/x-httpd-php .html
AddType application/x-httpd-php .xml

Recently Written

Your OKR Cascade is Breaking Your Strategy
Aug 1: Most companies cascade OKRs down their org chart thinking it creates alignment. Instead, it fragments strategy and marginalizes supporting teams. Here's what works better than the waterfall approach.
Your Prioritization Problem Is a Strategy Problem
Jul 23: Most teams struggle with prioritization because they're trying to optimize for everything at once. The real problem isn't having too many options—it's not having a clear strategy to choose between them. Without strategy, every decision feels equally important. With strategy, most decisions become obvious.
Behind schedule
Jul 21: Your team is 6 weeks late and still missing features. The solution isn't working harder—it's accepting that your deadlines were fake all along. Ship what you have. Cut ruthlessly. Stop letting "one more day" turn into one more month.
VC’s Future Lies In Building Winners
Jun 21: AI and megafunds are about to kill the traditional venture model, forcing smaller VCs to stop hunting for hidden gems and start rolling up their sleeves to fix broken companies instead.
Should individual people have OKRs?
May 14: A good OKR describes and measures an outcome, but it can be challenging to create an outcome-focused OKR for an individual.
10 OKR traps and how to avoid them
May 8: I’ve helped lots of teams implement OKRs or fix a broken OKR process. Here are the 10 most common problems I see, and what to do instead.
AI is Smart, But Wisdom Requires Judgement
May 3: AI can process data at lightning speed, but wisdom comes from human judgment—picking the best imperfect option when facts alone don’t point the way.
Decoding Product Leadership Titles
Mar 18: Not all product leadership titles mean what they sound like. ‘Head of Product’ can mean anything from a senior PM to a true VP. Here’s how to tell the difference.

Older...

What I'm Reading