Password protected vbulletin folder via .htaccess requires two correct logins / entries of username and password to get in

**Wayne Luke** · Fri 4 Aug '17, 9:06am

Most likely caused by the redirects. Solutions would be to use the Two Factor Authentication added for Administrators and Moderators or to restrict access to the AdminCP and ModCP by IP Address using the settings in /core/includes/config.php.

https://www.vbulletin.com/forum/arti...authentication
https://www.vbulletin.com/forum/foru...-now-available

I suspect the /AdminCP directory will be removed from new installs in the future. It is currently empty on new installations and isn't really needed anymore. The ModCP will also be removed when it is no longer needed in the future.

**Maltair** · Fri 4 Aug '17, 9:52am

I want to block access to the forum period to anyone who does not have a username and PW, which is why I am PW protecting the entire forums folder.

**Wayne Luke** · Fri 4 Aug '17, 10:58am

The only thing I can suggest is to deny access via permissions to all usergroups except the ones that should have access.

**Joshua Gonzales** · Fri 4 Aug '17, 11:34am

Forgive me if I am just contributing something you already know or is useless, but I made a private installation using htaccess a while back and used what was in our manual at http://www.vbulletin.com/docs/html/upgrade_testsite

It talks about htaccess at Step 3 - Files

**Maltair** · Fri 4 Aug '17, 1:01pm

Right: "You will need to protect this directory from the general public. The most common way to do this is by a combination of .htaccess and .htpasswd files." ---- as noted I have done that. The issue is that for some reason this method creates a need for having to input the username / PW twice to gain entry.

**glennrocksvb** · Fri 4 Aug '17, 2:04pm

I think the second one is triggered by one of the resources/requests on the page. Open the Network tab in the browser dev tools to see the requests. When the second prompt appears, check what the last request is.

**Maltair** · Fri 4 Aug '17, 2:24pm

When the second pull down Authentication Required window appears (or the first, for that matter), you have not yet "landed" on the page so there isn't a way that I am aware to view or access anything from the page.

You go to the URL that corresponds to the PW protected directory, get this, and enter the correct username and password:

Then, even though you have entered the correct username and PW, you get this second almost, but not quite identical request:

and then after submitting the correct, same username and password this second time, it lets you in. It just doesn't want to let you in on the first correct entry of username and password.

ALSO, if you enter the correct username and PW the FIRST time (only first time), and then enter NOTHING the second round, and just keep hitting Cancel, eventually you wind up in the forum, somewhat, without the CSS in play, and it looks like this:

Now, if you enter nothing at all, EVER (not first, not ever) and click cancel then you'll just end up here:

**glennrocksvb** · Fri 4 Aug '17, 2:56pm

Open the dev tools (F12) and then click Network tab before loading the page. If Firefox doesn't allow you to do that, then use Chrome

**glennrocksvb** · Fri 4 Aug '17, 3:00pm

My guess is the second time is authentication for the CSS URL requests based on what you said that the layout is broken when not entering on the second prompt

**Maltair** · Fri 4 Aug '17, 3:47pm

With Chrome I am able to access Developer Tools, but can't click within it to access Network.

As long as that Authorization Required window remains up the browser is more or less locked from doing much other than entering the username or password into that window.

However once I enter some data and get as far as the lacking CSS version of the website (by entering correct username/password into first window, and then just hitting cancel on the second), I see this:

**Maltair** · Fri 4 Aug '17, 4:45pm

Well, given that there is nothing in the directory (folder) but vbulletin, how best to PW protect the entire folder then without this twice entry of username/password?

**BirdOPrey5** · Sat 5 Aug '17, 3:38am

Are you choosing to save the password? I've done this many times, including for VB 5.x but I always choose to save the password to the browser.

**Maltair** · Sat 5 Aug '17, 9:57am

This issue - having to enter the password twice, isn't so much an issue for me today, but I want to use this PW protection feature for a live forum elsewhere and in that case if every newbie who goes to the PW protected forum has to enter the PW twice, will be discouraged from even trying to enter.

**BirdOPrey5** · Sat 5 Aug '17, 3:41pm

Originally posted by MDawg

This issue - having to enter the password twice, isn't so much an issue for me today, but I want to use this PW protection feature for a live forum elsewhere and in that case if every newbie who goes to the PW protected forum has to enter the PW twice, will be discouraged from even trying to enter.

So is that mean you're net having the browser save the password?

Password protected vbulletin folder via .htaccess requires two correct logins / entries of username and password to get in

[Bug / Issue] Password protected vbulletin folder via .htaccess requires two correct logins / entries of username and password to get in

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Related Topics