Also the "AuthName" and the "realm" are really the same, but it doesn't matter since your Checking User Credentials code will never run as it will not start before you have a succesfull authentication and then you have a valid $ENV{REMOTE_USER}.

Well i just typed it like this to show that itwas the hashed one, but for greater security i now have it as:

.htaccess

AuthUserFile .htpasswd
AuthType Digest
AuthName "Private Area"
require Nikos
[download]

.htpasswd

Nikos:Private Area:digest encrypted string
[download]

All these files are inside the cgi-bin folder but even if i enter the coorect user nad pass i still cant see games.pl and i cant see why!
Iis this line correct? AuthUserFile .htpasswd

Did you try using the full path to the .htpasswd file? ("drive:/full/path/to/.passwd").

If I'm not mistaken, security-wise it is a bad idea to put this file in the cgi-bin folder. It should even be put outside your htdocs-folder.

Are you sure that your configuration file is OK and that other cgi-bin scipts run as expected?

Update:If you use relative paths, they are relative to the server-root! This is what the docs for Apache say in that respect:

AuthUserFile Directive

Description:	Sets the name of a text file containing the list of users and passwords for authentication
Syntax:	AuthUserFile file-path
Context:	directory, .htaccess
Override:	AuthConfig
Status:	Base
Module:	mod_auth

The AuthUserFile directive sets the name of a textual file containing the list of users and passwords for user authentication. File-path is the path to the user file. If it is not absolute (i.e., if it doesn't begin with a slash), it is treated as relative to the ServerRoot.

CountZero

"If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

Unfortunately you haven't told us what works.

If $ENV{REMOTE_USER} is never being populated (even when you supply correct user and password), then you must ask why your .htpasswd is not being recognised by Apache. This link appears to have some information about .htaccess files.

If, on the other hand, $ENV{REMOTE_USER} works when you supply correct user name and password, and fails when you supply the wrong user name or password, then the question is about Apache's error handling in the case of a failed authorisation attempt.

I do not know for sure, but it may be the case that Apache requires a separate file to display for handling error conditions (such as invalid username/password) so that your script does not receive the error response. In this case you may with to configure Apache with a specific error document using the syntax found at this website.

Actually i decided not to use an .htaccess file at all but instead i edited httpd.conf and put 2 directives in it:

<Directory D:/www/data/private>
AuthType Basic
AuthName "Private Area!"
AuthUserFile D:/www/passwd.txt
Require user Nikos
</Directory>
[download]

<Location D:/www/cgi-bin/make.pl>
AuthType Basic
AuthName "Administrator Only!"
AuthUserFile D:/www/passwd.txt
Require user Nikos
</Location>
[download]

So now iam protecting both the make.pl script and both my private folder! :-)

Iam still thibking though if i need this code:

print header(-status=>'401 Unauthorized', 'WWW-Authenticate'=>'Basic r
+ealm="Restricted Games"') unless $ENV{REMOTE_USER};
exit unless $ENV{REMOTE_USER};

#Restricted code - this code will not run unless user is authenticated
+. Test $ENV{REMOTE_USER} for user-level control
print header(), "Authenticated User: $ENV{REMOTE_USER}\n";
[download]

Any ideas?!?

And also does anybody knows whats changes must i do to transform the above 2 directives to Digest mode?
I heard Digest mode has greater security that basic on which the password travels clear through the net.
In Digest mode will it travel encrypted as well?

I'm may be wrong but I thought .htaccess uses DES for password encryption? So a typical entry in .htaccess looks like:

kiat:2NkiRlY6YCOLA

There are programs to do the encryption. You can use perl's crypt to encrypt the password too.