Hello there,
In summary: How to make my password protected php scripts available for use
to public, without letting them do anything they want to DB.
Previously a shared hosting hosted MySQL database was only used by internal
staff and so all the php scripts were simply held on a password protected
folder (HTTP style) that the staff would know to do their duties with the
DB.
However, a requirement has come for a public website to become available
that allows anyone to visit a webpage, and submit some details via a webform
and these details need to be inserted into the database.
This currently creates the problem that when they HTML form is submitted to
a PHP script (adapted from an existing insert data php script from before)
that is located in the password protected folder, it obviously prompts for
the password.
Even if I move this script out of the password protected directory, this
script still relies on many library php scripts that do things like connect
to the DB.
So therefore what is the best way of going about making this work. I want
users to be able to submit the webform without being prompted for a username
and password, but I want to protect access to php scripts because we do not
want anyone else to do the many other functions available (such as view /
amend records etc.)
This may be really simple and I am just missing something very obvious. A
Google search just led me to many things explaining password protection in
general.
Kind regards and TIA.
Dave