Hi SideshowJo,
Not a simple way, but...
You can protect static files with .htpasswd on ccgi. However, files with a .php extension get executed before the server even looks for an .htaccess file, so that's trickier, but there is a devious workaround.
First, to protect static files (.html, etc), create an .htpasswd file. Telnet into cshell.plus.net, cd to the folder you want to protect and type
htpasswd -c .htpasswd secureuser
replace "secureuser" with the login name you want to use. You'll be prompted for a password. That creates an .htpsswd file in your folder. Then type
readlink -f .htpasswd
and shell will return the path to that file, which you'll need in the next step. exit.
Then create an .htaccess file for the same directory, including
AuthUserFile /share/storage/path/to/your/folder/.htpasswd
AuthType Basic
AuthName "protected"
Require valid-user
Replace "/share/storage/path/to/your/folder/" with the path to your folder. (The file needs to be stored as plain txt, uploaded as ASCII and have full read permissions.)
Now for the devious bit. Add the following line to the .htaccess file
AddHandler cgi-script .php4
Then change your .php extensions to .php4 extensions. Edit your .php4 files to start with a shebang line, e.g.
#!/usr/local/bin/php
<?php
phpinfo();
?>
The .php4 files still need to be executable. Now you have .htpassword protected PHP files.
This may all sound like more trouble than it's worth. An alternative is to put the password and session handling in the PHP code of each file.
Gabe
