Page Login

D Willett
SilverLounger
Posts: 1705
Joined: 25 Jan 2010, 08:34
Location: Stoke on Trent - Staffordshire - England

Page Login

Post by D Willett »

Hi. I have setup several directories for customers where I can upload a daily report. I want to secure each directory so a user can't return to the root folder and access other accounts via the address bar. Can anyone lend any advice on setting up authentication to each index.php so there is a unique login to each customer directory?

Cheers
Cheers ...

Dave.

User avatar
Leif
Administrator
Posts: 7274
Joined: 16 Jan 2010, 08:21
Location: UK/France

Re: Page Login

Post by Leif »

I don't think you can prevent anyone manually typing in an address, and thereby attempting to access a specific folder.

If you have an index.html (or index.php etc.) in the parent directory, I think that should prevent anyone browsing the contents.

You may be able to manually set up individual passwords for security in your web control panel. I have 'CPanel' (provided by my host) and can easily set it up:
x.jpg
You do not have the required permissions to view the files attached to this post.
Leif.

User avatar
StuartR
Administrator
Posts: 11862
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: Page Login

Post by StuartR »

How are your users accessing these folders? Is this a local Windows login? Are they using a browser? Is there an http:// url or a file:// one or something completely different?
StuartR


D Willett
SilverLounger
Posts: 1705
Joined: 25 Jan 2010, 08:34
Location: Stoke on Trent - Staffordshire - England

Re: Page Login

Post by D Willett »

Hi Leif.
I have cPanel :-)...

I also have an index.php in each sub directory ( newby on web design ), should I just have one in the root?
I have structured the directories as follows:

(Root): "/home/mmcon/public_html/reports"

In reports there are several other directories, one for each of my customers. Looking into cPanel, I can protect the reports directory but can I drill down further and protect each of the customers so they have individual logins.?

Hi Stuart. The users are accessing the folders via web browser.
Cheers ...

Dave.

D Willett
SilverLounger
Posts: 1705
Joined: 25 Jan 2010, 08:34
Location: Stoke on Trent - Staffordshire - England

Re: Page Login

Post by D Willett »

Got it, didn't realise you could drill down to each directory (customer folder ). Much easier than creating a MySQL database.

I do have one other question, I need to hide a file "AccessOutput.css" and I have searched everywhere for a solution.
I'm using this tutorial for my Directory Listing:

http://css-tricks.com/snippets/php/disp ... nt-1367822

Which is great. The easy solution is to add a dot (.) to the front of the filename as it will be ignored then. But I have to use the css file locally so we can see the report on our desktops through the browser, Windows does not allow a filename starting with a dot (.) so I need to hide the file in the php script.
The most recent script is here:

http://pastebin.com/FTTzpLM1

If there are any web guru's here I would be greatful if the code could be enhanced to hide either a particular file or a file with an extension of *.css

Regards
Cheers ...

Dave.

User avatar
Leif
Administrator
Posts: 7274
Joined: 16 Jan 2010, 08:21
Location: UK/France

Re: Page Login

Post by Leif »

Can you explain exactly why you want to hide the file?
Leif.

D Willett
SilverLounger
Posts: 1705
Joined: 25 Jan 2010, 08:34
Location: Stoke on Trent - Staffordshire - England

Re: Page Login

Post by D Willett »

Hi Leif
Link as below for the reporting web page for the client of "sot":

http://www.mic-console.com/reports/sot/

This is a dummy report and no protection so you can see what the client see's.
There is a report "Acme............ " and a css file. I simply don't want the client to see the css file to keep things more professional.

Kind Regards
Cheers ...

Dave.

User avatar
Leif
Administrator
Posts: 7274
Joined: 16 Jan 2010, 08:21
Location: UK/France

Re: Page Login

Post by Leif »

Ah, you simply don't want it showing up in a 'file listing' as it were?

Does How do I block css from being viewed give you any ideas? The second half of the thread suggests you store the css file in a different folder, and simply change your code to load it from the new location.

(I say 'simply' - it's all a bit beyond me :laugh: )
Leif.

D Willett
SilverLounger
Posts: 1705
Joined: 25 Jan 2010, 08:34
Location: Stoke on Trent - Staffordshire - England

Re: Page Login

Post by D Willett »

Cheers Leif, its beyond me also.... lol

I would rather hide it to be honest, easy enough by just renaming it from"AccessOutput.css" to ".AccessOutput.css" so its hidden but local viewing here onsite cannot use the file then.
There must be some script I can add to the index.php that stops it being seen in the file,listing !!!
Cheers ...

Dave.

User avatar
Rudi
gamma jay
Posts: 25393
Joined: 17 Mar 2010, 17:33
Location: Cape Town

Re: Page Login

Post by Rudi »

Not sure if this is useful or not....I don't deal with this stuff at all...
See: http://www.n1studios.net/tutorials/php/ ... ction.html
Regards,
Rudi

If your absence does not affect them, your presence didn't matter.

User avatar
Leif
Administrator
Posts: 7274
Joined: 16 Jan 2010, 08:21
Location: UK/France

Re: Page Login

Post by Leif »

Treading water desperately...

Code: Select all

// Checks to see if veiwing hidden files is enabled
/*
  if ($_SERVER['QUERY_STRING'] == "hidden") {
    $hide = "";
    $ahref = "./";
    $atext = "Hide";
  } else {
 
    $hide = ".";
    $ahref = "./?hidden";
    $atext = "Show";
  }
 */
suggests to me that you go in with a different 'QUERY_STRING' if you don't want to hide certain files.

If remote and local viewers are going to access the folder using the same route, you are going to have to do something to differentiate who they are.
Could your 'local' users go in via a separate folder that ran a different script (pointing to the original directory) listing all the files?
Leif.

D Willett
SilverLounger
Posts: 1705
Joined: 25 Jan 2010, 08:34
Location: Stoke on Trent - Staffordshire - England

Re: Page Login

Post by D Willett »

Hi Leif
I fixed this, it seems windows does allow a filename to start with a dot "." to be saved.
However, another request with this, I'm using Allway Sync to upload files and syncronise online ftp folders. When this is done the sync software creates a folder with and xml inside it.
I have no control of where the software puts this folder but it is called _SYNCAPP and is created in each directory where syncronisation has occured. I guess it keeps a log of files within the directory, when I update files in my local pc the local xml and the online xml are compared, if there's a difference the two are synced.
The query above stops anything starting with a dot from being shown when it resides in the directory, can the query be edited to also stop anything starting with an underscore from being shown.
I thought of renaming the _SYNCAPP folder, can't do this because the sync software locally will not find the folder.

Cheers
Cheers ...

Dave.