How to make a php file readable only?

This is my HTML code from my login page

function validate()
{
	var un = document.login.username.value;
	var pw = document.login.password.value;
	var valid=false;
	var usernameArray = ["Ali", "Naqi", "Mohammad"];
	var passwordArray = ["ali", "naqi", "mohammad"];

	for (var i=0; i<usernameArray.length; i++)
	{
		if((un == usernameArray[i]) && (pw == passwordArray[i]))
		{
			valid = true;
			break;
		}
	}

	

	if (valid)
	{
		if (usernameArray[i]=="Ali" && passwordArray[i]=="ali")
		{
			alert("User identified, Welcome " + usernameArray[i]); 
			
			window.location = "http://localhost:8888/A/index.php";
			return false;
		}

How can I make the index.php file only readable. The user who has logged in cannot modify it

Please reply

The user can not edit the php as that is creating the content on the server. The output on the page will just be html or javascript created by the php code.

Have you viewed the source of your page to see what it contains?

That’s javascript code, though, not PHP. So anyone viewing the source will see the array of passwords and usernames.

1 Like

I have moved this topic to the Javascript category as it does not pertain particularly to PHP with the snippet given.


All PHP codes will never be outputted to the user unless you deliberately output it yourself. HTML, CSS, and Javascript on the other hand CANNOT be protected using PHP. Whatever is outputted to the screen, users can modify using the dev tools on their browsers. So it is out of your control. All you can do is actually validate user inputs on PHP side.

yes it contains an event calendar

I want to make it read only for guests so that they can’t add set any events on the calendar. Only those authorized to can

here’s the code for the calendar event file.

<!DOCTYPE html>
<html>
<head>
    <title>HTML5 Event Calendar</title>
	<!-- demo stylesheet -->
    	<link type="text/css" rel="stylesheet" href="media/layout.css" />    

        <link type="text/css" rel="stylesheet" href="themes/calendar_g.css" />    
        <link type="text/css" rel="stylesheet" href="themes/calendar_green.css" />    
        <link type="text/css" rel="stylesheet" href="themes/calendar_traditional.css" />    
        <link type="text/css" rel="stylesheet" href="themes/calendar_transparent.css" />    
        <link type="text/css" rel="stylesheet" href="themes/calendar_white.css" />    

	<!-- helper libraries -->
	<script src="js/jquery-1.9.1.min.js" type="text/javascript"></script>
	
	<!-- daypilot libraries -->
        <script src="js/daypilot/daypilot-all.min.js" type="text/javascript"></script>
	
</head>
<body>
    <!--
        <div id="header">
			<div class="bg-help">
				<div class="inBox">
					<h1 id="logo"><a href='http://code.daypilot.org/17910/html5-event-calendar-open-source'>HTML5 Event Calendar</a></h1>
					<p id="claim"><a href="http://javascript.daypilot.org/">DayPilot for JavaScript</a> - AJAX Calendar/Scheduling Widgets for JavaScript/HTML5/jQuery</p>
					<hr class="hidden" />
				</div>
			</div>
        </div>
        <div class="shadow"></div>
        <div class="hideSkipLink">
        </div>
    -->
        <div class="main">
            
            <div style="float:left; width: 160px;">
                <div id="nav"></div>
            </div>
            <div style="margin-left: 160px;">
                
                <div class="space">
                    Theme: <select id="theme">
                        <option value="calendar_default">Default</option>
                        <option value="calendar_white">White</option>                        
                        <option value="calendar_g">Google-Like</option>                        
                        <option value="calendar_green">Green</option>                        
                        <option value="calendar_traditional">Traditional</option>                        
                        <option value="calendar_transparent">Transparent</option>                        
                    </select>
                </div>
                
                <div id="dp"></div>
            </div>

            <script type="text/javascript">
                
                var nav = new DayPilot.Navigator("nav");
                nav.showMonths = 3;
                nav.skipMonths = 3;
                nav.selectMode = "week";
                nav.onTimeRangeSelected = function(args) {
                    dp.startDate = args.day;
                    dp.update();
                    loadEvents();
                };
                nav.init();
                
                var dp = new DayPilot.Calendar("dp");
                dp.viewType = "Week";

                dp.onEventMoved = function (args) {
                    $.post("backend_move.php", 
                            {
                                id: args.e.id(),
                                newStart: args.newStart.toString(),
                                newEnd: args.newEnd.toString()
                            }, 
                            function() {
                                console.log("Moved.");
                            });
                };

                dp.onEventResized = function (args) {
                    $.post("backend_resize.php", 
                            {
                                id: args.e.id(),
                                newStart: args.newStart.toString(),
                                newEnd: args.newEnd.toString()
                            }, 
                            function() {
                                console.log("Resized.");
                            });
                };

                // event creating
                dp.onTimeRangeSelected = function (args) {
                    var name = prompt("New event name:", "Event");
                    dp.clearSelection();
                    if (!name) return;
                    var e = new DayPilot.Event({
                        start: args.start,
                        end: args.end,
                        id: DayPilot.guid(),
                        resource: args.resource,
                        text: name
                    });
                    dp.events.add(e);

                    $.post("backend_create.php", 
                            {
                                start: args.start.toString(),
                                end: args.end.toString(),
                                name: name
                            }, 
                            function() {
                                console.log("Created.");
                            });

                };

                dp.onEventClick = function(args) {
                    alert("clicked: " + args.e.id());
                };

                dp.init();

                loadEvents();

                function loadEvents() {
                    var start = dp.visibleStart();
                    var end = dp.visibleEnd();

                    $.post("backend_events.php", 
                    {
                        start: start.toString(),
                        end: end.toString()
                    }, 
                    function(data) {
                        //console.log(data);
                        dp.events.list = data;
                        dp.update();
                    });
                }

            </script>
            
            <script type="text/javascript">
            $(document).ready(function() {
                $("#theme").change(function(e) {
                    dp.theme = this.value;
                    dp.update();
                });
            });  
            </script>

        </div>
        <div class="clear">
        </div>
        
</body>
</html>


I would recommend using if statements using PHP to determine if the user is logged in or not. Then determine if they have the ability to modify page contents. I would start by throwing those POST request in the if statement. I will move this topic back to the PHP category when you show some PHP codes. For now, all I see is HTML and Javascript.

As @droopsnoot pointed out, this is javascript, not php. Javascript being a client-side language, it will always be visible in the page source in anyone’s browser. Also, clients will be able to edit that script to whatever they want. Which in a case where you are wanting to authenticate a user, could potentially make that process very insecure and prone to hacking.
Perhaps what you should be doing is using the server-side scripting (php) to do this instead of javascript.

1 Like

I know these codes are HTML and Javascript

My target is to make user login and open separate calendars for the users - COMPLETE

My second target is to make a view button where users can see each other calendars but cannot modify their schedule - This is where I’m confused and don’t know where and which command to use

I tried inserting php function chmod in my IF code for user validation but didn’t work.

I’m already using IF statement to determine if the user has logged in. But I also want other users to see other users calendar But I don’t want them to modify their schedule

I don’t know how to achieve this, that’s why I’m asking for tips, advice

You are using Javascript’s if statement. You need to use PHP’s if statement for this. I am guessing you have very little PHP experience. I will give you a snippet that DOES NOT work and get you in the direction that is appropriate. This snippet is NOT supposed to be a complete snippet, but a general idea for you to see what you need to do in order to get what you want.

<?php
if($var == ...) {

    // ...

}
?>

You do realize what that function does right? It changes the permissions for the actual file. So regardless of the content inside that file, it pretty much won’t do anything besides NOT allowing actual people to view the contents in that file.

chmod is also a Linux command. So if you really don’t know what it does, I would highly suggest you acquaintance yourself with Linux as some PHP functions are taken literally from Linux.

I did not know that. I’m lost here

I changed by files to html. Now how can I make read only ?

please reply soon

You are not listening. You need to use PHP to validate that the user indeed does have the right permissions to modify contents on the page. For this, I have suggested to use PHP’s if statement, NOT Javascript’s if statement. Then the next thing you need to do is wrap those if statements around the POST request because this is what is allowing anyone to modify content in the first place. And in those specific files, you also need to validate the user in case they go directly to those files.


Do NOT use chmod as chmod is for changing the permissions for the literal file.

1 Like

what about Guest users (visitors who don’t need to log in), who i only want to view the calendar ? should I also use PHP for that ?

You should be using PHP if you have any kind of authentication or any kind of dynamic content. I suggest that you use PHP for authentication instead of Javascript as anything client side (anything that the user can see - HTML, CSS, Javascript) can be modified at will by anyone.

2 Likes

Yes, many users may not know how to manipulate JavaScript, but many do.

If you want to display something to all but limit action to only some, then some server-side code will be essential.

The first step is to isolate what code is needed to show the page and what code can make modifications.
Hopefully the code is not such that this can’t be done.

Then you could do something like

<?php
// code to determine users status
// output code needed by all users 
if($user === 'OK') {
// output code that allows update, add, delete, etc. 
} 
?>

I have a feeling you will need to have more than one “if”, but that’s the idea.

4 Likes

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.