Support

Can you please tell me exactly what you are trying to achieve? Do you want that folder password protected so even the upload scripts don't run? You want to prevent access to any file except the two .php file? Something else?

You can do all of that through the .htaccess Maker settings without copying any files. By their nature, .htaccess files cascade. In fact, they cascade through the filesystem. That's why the .htaccess file created by the .htaccess Maker in your site's root can protect all subdirectories under the site's root. I just need to know what you're trying to do so I can tell you how to do it :)

I think that your main problem is that you have done something wrong with the .htaccess configuration in the subdirectory. But let's take this step by step.

First in the .htaccess Maker page find the Allow direct access to these files textarea and add the following lines

/pdf-upload/index.php
/pdf-upload/upload.php

This will allow users who have already gone through the password authentication to access these files.

From an SSH terminal go into your site's pdf-upload folder and type

htpasswd -c `pwd`/.htpasswd yourusername

Where yourusername is the username you want to use. You will be asked for a password, twice. This creates the initial .htpasswd file.

Now we need its absolute filename — because the .htaccess file requires the full filename, not just a relative one (yeah, I know, it's annoying!). In the SSH terminal type:

echo `pwd`/.htpasswd

This will reply with something like the following:

/home/myuser/public_html/pdf-upload/.htpasswd

Copy that. We'll need it in the next step.

Create a .htaccess file in the pdf-upload folder with the following content:

AuthName "Your dialog prompt"
AuthType Basic
AuthUserFile /home/myuser/public_html/pdf-upload/.htpasswd
Require valid-user

You need to change the things in bold type.

Your dialog prompt is what the browser authentication dialog title will be when someone tries to access the pdf-upload folder.

/home/myuser/public_html/pdf-upload/.htpasswd is what we copied from the echo command output earlier.

I have tested this with Apache 2.4. If you have a different web server your mileage may vary.

Yeah, the rating feature has been on the chopping block for quite a while and hasn't been updated. The next version, Akeeba Ticket System 5, will not have it at all.

Star reviews had a place in time when the Internet was young and people were honest and responsible. I have reviewed several tickets with bad reviews and there was a disturbing pattern: if the issue requires the client to do something they rate the ticket bad even though they were told what is going on and how to fix it. If people downrate tickets because, for example, we have no control on the PHP configuration of their servers but tell them exactly what to ask their host (who are responsible for it!) to do, well, there's no point having ticket ratings. We already know which clients are problematic.