How to Add Username and Password Protection to h5ai

Overview

By default, h5ai installations allow directory browsing without a username or password, which is not secure. To fix this, you need to manually add code to require authentication before viewing the directory.

Steps to Secure h5ai

1. Log in to your VPS using WinSCP.
2. Navigate to the h5ai directory and locate the file _h5ai/public/index.php.
3. Edit the file with a text editor.

Step 1: Add the Auth Function Call

In the header of the file, immediately after the opening <?php tag, add the following line:

auth();

Step 2: Define the Authentication Function

At the bottom of the file, add the following function definition:

function auth ()
{
        $valid_passwords = array ("username" => "password");
        $valid_users = array_keys($valid_passwords);

        $user = $_SERVER['PHP_AUTH_USER'];
        $pass = $_SERVER['PHP_AUTH_PW'];

        $validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]);

        if (!$validated) {
          header('WWW-Authenticate: Basic realm="My Realm"');
          header('HTTP/1.0 401 Unauthorized');
          die ("Not authorized");
        }
}

Note: You can replace "username" and "password" in the $valid_passwords array with any custom username and password you wish to use.

---

Source: Rat's Blog
Original Link: https://www.moerats.com/archives/125/
Please credit the original author and include this statement when reposting.