SitePoint Sponsor

User Tag List

Results 1 to 11 of 11

Thread: Admin Script

  1. #1
    SitePoint Wizard Defender1's Avatar
    Join Date
    Apr 2001
    Location
    My Computer
    Posts
    2,808
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Admin Script

    can someone give some advice on building an admin script to protect a directory?
    basically, i want to access the url, enter user/pass and get access to said dir.
    Defender's Designs
    I'm Getting Married!

    Not-so-patiently awaiting Harry Potter Book 7 *sigh*

  2. #2
    Feel my RewiredMind KMxRetro's Avatar
    Join Date
    Jan 2001
    Location
    Exeter, Devon, UK
    Posts
    477
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Howdy,
    Your best bet is to either use .htaccess or a PHP/MySQL database combo.

    Have a look at the tutorials section at http://www.hotscripts.com/PHP for more info on the latter.

    Hope this helps,

  3. #3
    Node mutilating coot timnz's Avatar
    Join Date
    Feb 2001
    Location
    New Zealand
    Posts
    516
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have never used these before, but you might want to look at the directory functions of PHP, and see if there is anything that might be useful there:

    http://www.php.net/manual/en/ref.dir.php

  4. #4
    SitePoint Wizard Defender1's Avatar
    Join Date
    Apr 2001
    Location
    My Computer
    Posts
    2,808
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    well, the hotscript tutorial wasn't any help, becuase the script needed to use script wrapping, and my host doesn't support that.

    is there any other way to protect the directory securly without using an .htcacess?

    i'm only going to use that if i have to.

    oh and btw, i'm pretty much a php newbie, so the directory functions just kinda flew over my head.
    Defender's Designs
    I'm Getting Married!

    Not-so-patiently awaiting Harry Potter Book 7 *sigh*

  5. #5
    imagine no limitations exbabylon's Avatar
    Join Date
    Dec 2000
    Location
    Idaho, USA
    Posts
    452
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Use PHP HTTP Auth. It's a great way, real similiar to .htaccess, in fact it's the same, but only with PHP, which gives you a lot more control over it.
    Blamestorming: Sitting around in a group discussing why a deadline was missed or a project failed and who was responsible.

    Exbabylon- Professional Internet Services

  6. #6
    SitePoint Wizard Defender1's Avatar
    Join Date
    Apr 2001
    Location
    My Computer
    Posts
    2,808
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    do you think you could tell me how?
    Defender's Designs
    I'm Getting Married!

    Not-so-patiently awaiting Harry Potter Book 7 *sigh*

  7. #7
    imagine no limitations exbabylon's Avatar
    Join Date
    Dec 2000
    Location
    Idaho, USA
    Posts
    452
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sure.

    In order to use this feature in PHP you must have it running as an Apache module, sorry, won't work on CGI

    It displays the same type of dialog box as does HTTP Authorazation via Apache, but allows you the capability of drawing the usernames out of a database or some other thing, as well as have the ability of grabbing their username and password.

    Here is an example of doing this with a MySQL database and a table called users.

    PHP Code:
    $sql "SELECT username, password, realname, email FROM users WHERE username='$PHP_AUTH_USER' and password='$PHP_AUTH_PW'"
    $result mysql_query($sql);
    if(
    mysql_num_rows($result) < 1){
        
    Header("WWW-Authenticate: Basic realm=\"My Realm\"");
        
    Header("HTTP/1.0 401 Unauthorized");
        echo 
    "Incorrect Username/password please email the admin: [email]webmaster@domain.com[/email]";
        exit;
      } else {
            while(
    $row mysql_fethc_array($result)){
                
    extract($row);
                echo 
    "Name: $realname<P>";
                echo 
    "Email: $email<P>";
      } 
    That *should* work... no guarantees though. Here is one if you only want a few users, not using a database:

    PHP Code:
    if(($PHP_AUTH_USER != "myusername" and $PHP_AUTH_PW != "mypassword") or ($PHP_AUTH_USER != "hisusername" and $PHP_AUTH_PW != "hispassword")) {
        
    Header("WWW-Authenticate: Basic realm=\"My Realm\"");
        
    Header("HTTP/1.0 401 Unauthorized");
        echo 
    "No username/password. Please email admin: [email]webmaster@domain.com[/email]";
        exit;
    } else {
        echo 
    "Hello $PHP_AUTH_USER.";

    Hope that helps. This is not as ideal as other methods, but it seems to work.
    Blamestorming: Sitting around in a group discussing why a deadline was missed or a project failed and who was responsible.

    Exbabylon- Professional Internet Services

  8. #8
    Victory shall be mine tubedogg's Avatar
    Join Date
    Mar 2001
    Location
    Medina, OH
    Posts
    440
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This line
    Code:
            while($row = mysql_fethc_array($result)){
    has a tiny typo. It should be
    Code:
            while($row = mysql_fetch_array($result)){
    Kevin

  9. #9
    SitePoint Wizard Defender1's Avatar
    Join Date
    Apr 2001
    Location
    My Computer
    Posts
    2,808
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    is this as secure as an .htaccess?

    also, this is to protect a phpMyAdmin directory, and it has a index.php so, what should i name the file so it comes up when someone access the directory?
    Defender's Designs
    I'm Getting Married!

    Not-so-patiently awaiting Harry Potter Book 7 *sigh*

  10. #10
    imagine no limitations exbabylon's Avatar
    Join Date
    Dec 2000
    Location
    Idaho, USA
    Posts
    452
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    In your application, yes it is as secure as .htaccess, but utterly pointless unless you have a specialized use for it, ie you want to be able to have a .htaccess type of authorazation but want to be able to database functionality. Truthfully, unless you are going to have dynamic users, then go with .htaccess.

    This was just a good time to show some odd capabilities of PHP.
    Blamestorming: Sitting around in a group discussing why a deadline was missed or a project failed and who was responsible.

    Exbabylon- Professional Internet Services

  11. #11
    SitePoint Wizard Defender1's Avatar
    Join Date
    Apr 2001
    Location
    My Computer
    Posts
    2,808
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    doh. oh well. .htacces it is.
    Defender's Designs
    I'm Getting Married!

    Not-so-patiently awaiting Harry Potter Book 7 *sigh*


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •