Currently I'm using a .htaccess - .htpasswd combo to secure my companies online catalog. The reason for this is that my employer does not want but a select group of customers to see our pricing scale for fear that other companies may try to, well you know. After many tries I did get it to work. Now my employer wants me to do something that I know is not the best idea in the world, but they feel it would make things easier to keep up with. This is what is proposed..

All customers have a 6 digit ID number. Each 6 digit number starts in 00. This is their login for the catalog. My employer wants to know if I can set it up so that anyone can log in with any 6 digit number, as long as it starts with 00 while using a single, universal password for all logins that meet the criterion (6 digit number starting in 00).

Personally, I am totally against doing it this way (can we say almost too easy to hack?), but I promised I would at least look into it.

First question, is it possible to do using .htaccess? If so, what would I need to change/add to it and the .htpasswd file? If this can be done, I will do it for them, but begin lobbying heavily to change it to individualizing passwords exclusive only to the exact customer ID numbers for this is the most secure way in my eyes.

Yes, you can do this. How many logins do you want? It might be favorable to automate the file creation if you need a lot of logins.

We only have about 150 customers. The thought was to have access for up to 10000 customers (using numbers ranging from 000000 to 009999) without having to update any files. Just tell the customer to login using their 6 digit customer ID and the universal Password XXXXXX.

Ok, we covered that it can be done. Can someone please fill me in on how? What do I need to do to the .htaccess and .htpasswd files to do this?

Thank you for any timely responces!

The easiest way to do that would be to write a script that can automatically create the files. Manually entering that many users would take too long.

Please forgive my ignorance on this.. I know little in this area aside from minor html. Can you give me an example of this kind of script and where I put it in?

I don't have anything offhand that can do this, but it would be fairly simple to write. Unless someone else wants to take ownership of it, I can write something for you this weekend.

Sorry, I could not get back sooner. Had to rush out of town for a few days. No one needs it but me, thankfully. I have not been doing this but for a few weeks and must admit I know little or nothing about Javascript. I plan on eventually creating a database for it, but for the time being I just need this as a quick fix. Thanks again!