TCH-RobertM Posted December 14, 2004 Posted December 14, 2004 Hi everyone, Hope all is well with you. I have a pretty general question that could produce complex responses so please bare with me. Fist let me try to explain what it is I am wanting to try and then let you know what I think is a solution. Now, prior to me coding this up I would like to ask for some general concerns and pitfalls I might encounter and or any scenarios that might cause a break in my project. so here goes.. I have my website up ( basically using it as a Learning site ) I am currently teaching myself all the programming that I am using , PHP,CSS,(x)HTML,MySQL I think that about covers what I am using currently. What I would like to do is have those users come to my site to have open access to most of the pages. There are some pages though that I would like to have Username Password protected. ONLY Authorized users can access those pages. The way I currently have the site set up I am thinking of using a PHP MySql solution for login authentication. Once the user is Authenticated then on the Rightside of my page links will become available that Normal users will not see. I have created the form portion of this login that can or will call an authenication php file once the user is authenticated I think I can test that with the if(isset($_POST ..........user valididated. What I dont want is for spiders, non authorized users to gain access to those links and or content on those pages. Should I keep the pages in a non-public folder below the www folder ? would this cause problems for authorized users accessing them ? what kind of open issues might I expect. how easy would it be for someone to get to the pages bypassing the authentication login? any thoughts would be greatly appreciated Thanks Robert Quote
btrfld Posted December 14, 2004 Posted December 14, 2004 Hi Robert. A couple of thoughts; certainly not a complete answer: Should I keep the pages in a non-public folder below the www folder ?Do you mean folders outside www? There are no non-public folders below www. I don't know how spiders handle such things, but I have had some success by putting a PHP check at the top of any page I don't want seen by unauthorized viewers: session_start();if(!$_SESSION['pw']) { header('location: rf_login.php'); exit(); } Then of course the login page does the appropriate authentication and redirects back to the requested page. Once the user is authenticated, the pages just appear normally until the browser is closed. As I say, not a complete answer by any means, but it may shed some light, or at least occasion further discussion. Quote
Madmanmcp Posted December 14, 2004 Posted December 14, 2004 I would think simply using a password protected folder would be all thats needed. Place the pages and data under it and anyone attempting to go there will need to authenticate. Using PHP to authenticate a menu with the links only protects access to the menu. If someone knows the links they can still gain access to the pages by manually typing the URL. Not very secure in my opinion. Quote
TCH-RobertM Posted December 14, 2004 Author Posted December 14, 2004 Thanks for some of the thoughts guys, Madmanmcp I would think simply using a password protected folder would be all thats needed. Place the pages and data under it and anyone attempting to go there will need to authenticate. I probably did not state everything that was going through my mind originally, I needed a more robust way of controlling users access to certian pages on the site based upon there id. I guess in a way, a sort of CMS (content management system) Having to password protect directories certainly would be one solution that I think would work for a few users. I am more interested with the learning process and the flaws associated with implementing such a process. I do thank you and should have been more clear in what I was after... One of my many shortcomings that I will have to try to work on. btrfld Thank you for the piece of information reguarding Sessions. This is something that I did more research on and have been playing with pretty much all day. while researching I found a Tutorial that I happened to find extremely useful as it broke down the actual steps and explained it pretty well for a newbie such as myself Here is the link if anyone is interested. Managing Users with PHP Sessions and MySQL I am sure there are pitfalls to any type of security implementation and I will try to find better ways of doing this going forward. Thank you both for your thoughts This TCH FAMILY FORUM is by far the best arena I have experienced for users trying to help other users out. I hope that I can be helpful to you in the future. If you have any questions please feel free to ask me Take care Robert Rock Sign Quote
jandafields Posted December 17, 2004 Posted December 17, 2004 while researching I found a Tutorial that I happened to find extremely useful as it broke down the actual steps and explained it pretty well for a newbie such as myselfHere is the link if anyone is interested. Managing Users with PHP Sessions and MySQL Thank you for that link. I went through the entire article and found it very useful. Quote
TCH-RobertM Posted December 17, 2004 Author Posted December 17, 2004 Your Quite Welcome jandafields , thats one of the things I like best about TCH is the users and Staff seem to be always willing to help others. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.