I have a PHP query for a MySQL database that I'd like to restrict
access to. It's linked from a .htm webpage with other links on a
company intranet site.
Does anyone know of any PHP code examples on the net to perform such a
task? I have to think it's a pretty common application for
passwording in PHP.
thanks,
Chris
7  1418 
>I have a PHP query for a MySQL database that I'd like to restrict access to. It's linked from a .htm webpage with other links on a
company intranet site.
Restrict based on *WHAT*? IP address the client is connecting
from, username/password, SSL certificates, retinal eye scanner,
something else?
Gordon L. Burditt
Gordon Burditt wrote: I have a PHP query for a MySQL database that I'd like to restrict
access to. It's linked from a .htm webpage with other links on a
company intranet site.
Restrict based on *WHAT*? IP address the client is connecting
from, username/password, SSL certificates, retinal eye scanner,
something else?
Gordon L. Burditt
LOL nice gordon,
I think if its a "feature" you only want a "site admin" to access the
best option would be to drop the query in a file... "admin.php" and put
it in a directory "admin" where by you use .htacess to password up the
directory.
An example of what your trying to do chris might help a little bit more :)
Cheers
Rob
Gordon Burditt wrote: I have a PHP query for a MySQL database that I'd like to restrict
access to. It's linked from a .htm webpage with other links on a
company intranet site.
Restrict based on *WHAT*? IP address the client is connecting
from, username/password, SSL certificates, retinal eye scanner,
(off topic, just ignore :)
Retinal eye scanner is one of the few areas that doesn't have built-in
functions in PHP. Almost everything else is covered... should you send a
bug report? ;p
-veikko
--
veikko
mail@ .com
makinen
On Thu, 28 Jul 2005 11:51:06 +0000 (UTC), Rob
<rob.@.no.spam. please.tbswebde sign.com> wrote: Gordon Burditt wrote:I have a PHP query for a MySQL database that I'd like to restrict
access to. It's linked from a .htm webpage with other links on a
company intranet site.
Restrict based on *WHAT*? IP address the client is connecting
from, username/password, SSL certificates, retinal eye scanner,
something else?
Gordon L. Burditt
LOL nice gordon,
I think if its a "feature" you only want a "site admin" to access the
best option would be to drop the query in a file... "admin.php" and put
it in a directory "admin" where by you use .htacess to password up the
directory.
An example of what your trying to do chris might help a little bit more :)
Cheers
Rob
I think you pretty much hit it on the head, Rob. I have a series of
databases on a dedicated server that are designed to compliment a
worthless CMMS bringing more data to a group of guys. for now, the
admin idea would work fine since I'll be the only one accessing 2 of
those databases but eventually, may free up the access to a small
group within a department as usable information. At that point,
either a shared password OR allow known IPs would be effective and
actually, known IPs may be better in that the extra step of entering
something would be bypassed. thanks for the replies, gents.
Chris wrote: On Thu, 28 Jul 2005 11:51:06 +0000 (UTC), Rob
<rob.@.no.spam. please.tbswebde sign.com> wrote:
Gordon Burditt wrote:
I have a PHP query for a MySQL database that I'd like to restrict
access to. It's linked from a .htm webpage with other links on a
company intranet site.
Restrict based on *WHAT*? IP address the client is connecting
from, username/password, SSL certificates, retinal eye scanner,
something else?
Gordon L. Burditt
LOL nice gordon,
I think if its a "feature" you only want a "site admin" to access the
best option would be to drop the query in a file... "admin.php" and put
it in a directory "admin" where by you use .htacess to password up the
directory.
An example of what your trying to do chris might help a little bit more :)
Cheers
Rob
I think you pretty much hit it on the head, Rob. I have a series of
databases on a dedicated server that are designed to compliment a
worthless CMMS bringing more data to a group of guys. for now, the
admin idea would work fine since I'll be the only one accessing 2 of
those databases but eventually, may free up the access to a small
group within a department as usable information. At that point,
either a shared password OR allow known IPs would be effective and
actually, known IPs may be better in that the extra step of entering
something would be bypassed. thanks for the replies, gents.
Chris... iv come up with this for you...
This example will give access dependant on the username and password
entered.
You can added/delete users from the $users array.
-----------
function do_auth()
{
$realm = mt_rand(1,1000) ;
header('WWW-Authenticate: Basic realm="CMMS Administation ID:
'.$realm.'"');
header('HTTP/1.0 401 Unauthorized');
die("Permission Denied");
}
//your access info... user => pass
$users = array('admin' => 'admin', 'staff' => 'staff');
if (!isset($_SERVE R['PHP_AUTH_USER']))
{
do_auth();
}
elseif (!isset($_SERVE R['PHP_AUTH_PW']))
{
do_auth();
}
elseif($users[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW'])
{
do_auth();
}
//if were here... then were logged in successfully :)
print('Welcome to the control panel
<b>'.$_SERVER['PHP_AUTH_USER'].'</b>');
-----------
This second example give access to ips listed the array $allowed_ips
hopefully one of these may be of help to you...
but http auth is not the best method of passwording, all depends on how
secure you want the protected content to be.
---------
function do_auth()
{
$realm = mt_rand(1,1000) ;
header('WWW-Authenticate: Basic realm="CMMS Administation ID:
'.$realm.'"');
header('HTTP/1.0 401 Unauthorized');
die("Permission Denied");
}
//your access info... user => pass
$userip = (isset($_SERVER['HTTP_X_FORWARD ED_FOR'])) ?
$_SERVER['HTTP_X_FORWARD ED_FOR'] : $_SERVER["REMOTE_ADD R"];
$allowed_ips = array('212.100. 120.40','212.10 0.120.41','212. 100.120.42');
if(!in_array($u serip,$allowed_ ips)
{
do_auth();
}
//if were here... then were logged in successfully :)
print('Welcome to the control panel <b>'.$userip. '</b>');
----------
Good luck
*Rob
Rob wrote: Chris wrote:
On Thu, 28 Jul 2005 11:51:06 +0000 (UTC), Rob
<rob.@.no.spam. please.tbswebde sign.com> wrote:
Gordon Burditt wrote:
> I have a PHP query for a MySQL database that I'd like to restrict
> access to. It's linked from a .htm webpage with other links on a
> company intranet site.
Restrict based on *WHAT*? IP address the client is connecting
from, username/password, SSL certificates, retinal eye scanner,
something else?
Gordon L. Burditt
LOL nice gordon,
I think if its a "feature" you only want a "site admin" to access the
best option would be to drop the query in a file... "admin.php" and
put it in a directory "admin" where by you use .htacess to password
up the directory.
An example of what your trying to do chris might help a little bit
more :)
Cheers
Rob
I think you pretty much hit it on the head, Rob. I have a series of
databases on a dedicated server that are designed to compliment a
worthless CMMS bringing more data to a group of guys. for now, the
admin idea would work fine since I'll be the only one accessing 2 of
those databases but eventually, may free up the access to a small
group within a department as usable information. At that point,
either a shared password OR allow known IPs would be effective and
actually, known IPs may be better in that the extra step of entering
something would be bypassed. thanks for the replies, gents.
Chris... iv come up with this for you...
This example will give access dependant on the username and password
entered.
You can added/delete users from the $users array.
-----------
function do_auth()
{
$realm = mt_rand(1,1000) ;
header('WWW-Authenticate: Basic realm="CMMS Administation ID:
'.$realm.'"');
header('HTTP/1.0 401 Unauthorized');
die("Permission Denied");
}
//your access info... user => pass
$users = array('admin' => 'admin', 'staff' => 'staff');
if (!isset($_SERVE R['PHP_AUTH_USER']))
{
do_auth();
}
elseif (!isset($_SERVE R['PHP_AUTH_PW']))
{
do_auth();
}
elseif($users[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW'])
{
do_auth();
}
//if were here... then were logged in successfully :)
print('Welcome to the control panel
<b>'.$_SERVER['PHP_AUTH_USER'].'</b>');
-----------
This second example give access to ips listed the array $allowed_ips
hopefully one of these may be of help to you...
but http auth is not the best method of passwording, all depends on how
secure you want the protected content to be.
---------
function do_auth()
{
$realm = mt_rand(1,1000) ;
header('WWW-Authenticate: Basic realm="CMMS Administation ID:
'.$realm.'"');
header('HTTP/1.0 401 Unauthorized');
die("Permission Denied");
}
//your access info... user => pass
$userip = (isset($_SERVER['HTTP_X_FORWARD ED_FOR'])) ?
$_SERVER['HTTP_X_FORWARD ED_FOR'] : $_SERVER["REMOTE_ADD R"];
$allowed_ips = array('212.100. 120.40','212.10 0.120.41','212. 100.120.42');
if(!in_array($u serip,$allowed_ ips)
{
do_auth();
}
//if were here... then were logged in successfully :)
print('Welcome to the control panel <b>'.$userip. '</b>');
----------
Good luck
*Rob
sorry parse error in 2nd example replace line...
if(!in_array($u serip,$allowed_ ips)
with
if(!in_array($u serip,$allowed_ ips))
;)
*Rob
Thanks Rob - appreciate your help VERY much. :-)
Chris
On Thu, 28 Jul 2005 16:28:58 +0000 (UTC), Rob
<rob.@.no.spam. please.tbswebde sign.com> wrote: Chris... iv come up with this for you...
This example will give access dependant on the username and password
entered.
You can added/delete users from the $users array.
-----------
function do_auth()
{
$realm = mt_rand(1,1000) ;
header('WWW-Authenticate: Basic realm="CMMS Administation ID:
'.$realm.'"');
header('HTTP/1.0 401 Unauthorized');
die("Permission Denied");
}
//your access info... user => pass
$users = array('admin' => 'admin', 'staff' => 'staff');
if (!isset($_SERVE R['PHP_AUTH_USER']))
{
do_auth();
}
elseif (!isset($_SERVE R['PHP_AUTH_PW']))
{
do_auth();
}
elseif($users[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW'])
{
do_auth();
}
//if were here... then were logged in successfully :)
print('Welcome to the control panel
<b>'.$_SERVER['PHP_AUTH_USER'].'</b>');
-----------
This second example give access to ips listed the array $allowed_ips
hopefully one of these may be of help to you...
but http auth is not the best method of passwording, all depends on how
secure you want the protected content to be.
---------
function do_auth()
{
$realm = mt_rand(1,1000) ;
header('WWW-Authenticate: Basic realm="CMMS Administation ID:
'.$realm.'"');
header('HTTP/1.0 401 Unauthorized');
die("Permission Denied");
}
//your access info... user => pass
$userip = (isset($_SERVER['HTTP_X_FORWARD ED_FOR'])) ?
$_SERVER['HTTP_X_FORWARD ED_FOR'] : $_SERVER["REMOTE_ADD R"];
$allowed_ips = array('212.100. 120.40','212.10 0.120.41','212. 100.120.42');
if(!in_array($u serip,$allowed_ ips)
{
do_auth();
}
//if were here... then were logged in successfully :)
print('Welcome to the control panel <b>'.$userip. '</b>');
----------
Good luck
*Rob
sorry parse error in 2nd example replace line...
if(!in_array($ userip,$allowed _ips)
with
if(!in_array($ userip,$allowed _ips))
;)
*Rob
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Ben |
last post by:
Hi
I am new to C++ and I want to know if C++ is suitable for making a GUI
application with a MySQL database. I also want to know what keywords
in books I should look for. Is DATA STRUCTURES a good one ? Do you
know any good books that talks about C++ and MySQL ?
Thank you
|
by: w_curtis |
last post by:
I'm an Access user, and I'm trying to learn MySQL and then PHP so I can make
some web databases. But it just isn't clicking.
I've followed some tutorials, and picked up a book, but just getting to
square one has been a pain. I can follow the tutorials and get to the point
where I can make tables and stuff, but I don't know how I got there,...
|
by: Mike Chirico |
last post by:
Interesting Things to Know about MySQL
Mike Chirico (mchirico@users.sourceforge.net)
Copyright (GPU Free Documentation License) 2004
Last Updated: Mon Jun 7 10:37:28 EDT 2004
The latest version of this document can be found at:
http://prdownloads.sourceforge.net/souptonuts/README_mysql.txt?download
|
by: Saqib Ali |
last post by:
I installed mySQL and have it running.... but I think I made a
mistake somewhere along the line...... I believe I did follow the
instructions that were provided with the distribution at:
http://dev.mysql.com/downloads/
The database is up. It seems that a test database
instance has been created (named "test"). I can see
it. However, the...
|
by: Cheryl Langdon |
last post by:
Hello everyone,
This is my first attempt at getting help in this manner. Please
forgive me if this is an inappropriate request.
I suddenly find myself in urgent need of instruction on how to
communicate with a MySQL database table on a web server, from inside
of my company's Access-VBA application. I know VBA pretty well but
have never...
| | |
by: mistral |
last post by:
Need php script to create mySQL database programmatically; since
hosting configuration may not allow create database from script, script
also need eliminate/rewrite all restrictions in appropriate places in
that hosting.
|
by: Coldfire |
last post by:
Since i cannot show the differences in a two-column like table. I am first putting
MS SQL Server 2005 and then MySQL 5.x.
MS SQL Server 2005
Brief Overview
- SQL Server is a full-fledged database system developed specifically for large enterprise databases. All advanced features of a relational database are fully implemented.
- Once...
|
by: cover |
last post by:
I'm trying to password the 'update' page of a MySQL database that runs
on a company intranet w/Apache and PHP. I don't care about the
'entry' page to this database - just the 'update' page and want the
five people (or so) who may be doing updates, to enter only a password
and then write that password to the MySQL database field.
On my...
|
by: Atli |
last post by:
You may be wondering why you would want to put your files “into” the database, rather than just onto the file-system. Well, most of the time, you wouldn’t.
In situations where your PHP application needs to store entire files, the preferred method is to save the file onto the server’s file-system, and store the physical location of the file in...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it. ...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
