Passwording a MySQL Database

>I have a PHP query for a MySQL database that I'd like to restrict

access to. It's linked from a .htm webpage with other links on a
company intranet site.

Restrict based on *WHAT*? IP address the client is connecting
from, username/password, SSL certificates, retinal eye scanner,
something else?

Gordon L. Burditt

Gordon Burditt wrote:

I have a PHP query for a MySQL database that I'd like to restrict
access to. It's linked from a .htm webpage with other links on a
company intranet site.

Restrict based on *WHAT*? IP address the client is connecting
from, username/password, SSL certificates, retinal eye scanner,
something else?

Gordon L. Burditt

LOL nice gordon,
I think if its a "feature" you only want a "site admin" to access the
best option would be to drop the query in a file... "admin.php" and put
it in a directory "admin" where by you use .htacess to password up the
directory.

An example of what your trying to do chris might help a little bit more :)

Cheers
Rob

Gordon Burditt wrote:

I have a PHP query for a MySQL database that I'd like to restrict
access to. It's linked from a .htm webpage with other links on a
company intranet site.

Restrict based on *WHAT*? IP address the client is connecting
from, username/password, SSL certificates, retinal eye scanner,

(off topic, just ignore :)

Retinal eye scanner is one of the few areas that doesn't have built-in
functions in PHP. Almost everything else is covered... should you send a
bug report? ;p
-veikko

--
veikko
mail@ .com
makinen

On Thu, 28 Jul 2005 11:51:06 +0000 (UTC), Rob
<rob.@.no.spam.please.tbswebdesign.com> wrote:

Gordon Burditt wrote:

I have a PHP query for a MySQL database that I'd like to restrict
access to. It's linked from a .htm webpage with other links on a
company intranet site.

Restrict based on *WHAT*? IP address the client is connecting
from, username/password, SSL certificates, retinal eye scanner,
something else?

Gordon L. Burditt

LOL nice gordon,
I think if its a "feature" you only want a "site admin" to access the
best option would be to drop the query in a file... "admin.php" and put
it in a directory "admin" where by you use .htacess to password up the
directory.

An example of what your trying to do chris might help a little bit more :)

Cheers
Rob

I think you pretty much hit it on the head, Rob. I have a series of
databases on a dedicated server that are designed to compliment a
worthless CMMS bringing more data to a group of guys. for now, the
admin idea would work fine since I'll be the only one accessing 2 of
those databases but eventually, may free up the access to a small
group within a department as usable information. At that point,
either a shared password OR allow known IPs would be effective and
actually, known IPs may be better in that the extra step of entering
something would be bypassed. thanks for the replies, gents.

Chris wrote:

On Thu, 28 Jul 2005 11:51:06 +0000 (UTC), Rob
<rob.@.no.spam.please.tbswebdesign.com> wrote:

Gordon Burditt wrote:

I have a PHP query for a MySQL database that I'd like to restrict
access to. It's linked from a .htm webpage with other links on a
company intranet site.
Restrict based on *WHAT*? IP address the client is connecting
from, username/password, SSL certificates, retinal eye scanner,
something else?

Gordon L. Burditt

LOL nice gordon,
I think if its a "feature" you only want a "site admin" to access the
best option would be to drop the query in a file... "admin.php" and put
it in a directory "admin" where by you use .htacess to password up the
directory.

An example of what your trying to do chris might help a little bit more :)

Cheers
Rob

I think you pretty much hit it on the head, Rob. I have a series of
databases on a dedicated server that are designed to compliment a
worthless CMMS bringing more data to a group of guys. for now, the
admin idea would work fine since I'll be the only one accessing 2 of
those databases but eventually, may free up the access to a small
group within a department as usable information. At that point,
either a shared password OR allow known IPs would be effective and
actually, known IPs may be better in that the extra step of entering
something would be bypassed. thanks for the replies, gents.

Chris... iv come up with this for you...
This example will give access dependant on the username and password
entered.
You can added/delete users from the $users array.

-----------

function do_auth()
{
$realm = mt_rand(1,1000);
header('WWW-Authenticate: Basic realm="CMMS Administation ID:
'.$realm.'"');
header('HTTP/1.0 401 Unauthorized');
die("Permission Denied");
}
//your access info... user => pass
$users = array('admin' => 'admin', 'staff' => 'staff');

if (!isset($_SERVER['PHP_AUTH_USER']))
{
do_auth();
}
elseif (!isset($_SERVER['PHP_AUTH_PW']))
{
do_auth();
}
elseif($users[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW'])
{
do_auth();
}
//if were here... then were logged in successfully :)
print('Welcome to the control panel
<b>'.$_SERVER['PHP_AUTH_USER'].'</b>');

-----------
This second example give access to ips listed the array $allowed_ips
hopefully one of these may be of help to you...
but http auth is not the best method of passwording, all depends on how
secure you want the protected content to be.
---------

function do_auth()
{
$realm = mt_rand(1,1000);
header('WWW-Authenticate: Basic realm="CMMS Administation ID:
'.$realm.'"');
header('HTTP/1.0 401 Unauthorized');
die("Permission Denied");
}
//your access info... user => pass

$userip = (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) ?
$_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER["REMOTE_ADDR"];
$allowed_ips = array('212.100.120.40','212.100.120.41','212.100.1 20.42');
if(!in_array($userip,$allowed_ips)
{
do_auth();
}
//if were here... then were logged in successfully :)
print('Welcome to the control panel <b>'.$userip.'</b>');

----------

Good luck
*Rob

Rob wrote:

Chris wrote:

On Thu, 28 Jul 2005 11:51:06 +0000 (UTC), Rob
<rob.@.no.spam.please.tbswebdesign.com> wrote:

Gordon Burditt wrote:

> I have a PHP query for a MySQL database that I'd like to restrict
> access to. It's linked from a .htm webpage with other links on a
> company intranet site.

Restrict based on *WHAT*? IP address the client is connecting
from, username/password, SSL certificates, retinal eye scanner,
something else?

Gordon L. Burditt
LOL nice gordon,
I think if its a "feature" you only want a "site admin" to access the
best option would be to drop the query in a file... "admin.php" and
put it in a directory "admin" where by you use .htacess to password
up the directory.

An example of what your trying to do chris might help a little bit
more :)

Cheers
Rob

I think you pretty much hit it on the head, Rob. I have a series of
databases on a dedicated server that are designed to compliment a
worthless CMMS bringing more data to a group of guys. for now, the
admin idea would work fine since I'll be the only one accessing 2 of
those databases but eventually, may free up the access to a small
group within a department as usable information. At that point,
either a shared password OR allow known IPs would be effective and
actually, known IPs may be better in that the extra step of entering
something would be bypassed. thanks for the replies, gents.

Chris... iv come up with this for you...
This example will give access dependant on the username and password
entered.
You can added/delete users from the $users array.

-----------

function do_auth()
{
$realm = mt_rand(1,1000);
header('WWW-Authenticate: Basic realm="CMMS Administation ID:
'.$realm.'"');
header('HTTP/1.0 401 Unauthorized');
die("Permission Denied");
}
//your access info... user => pass
$users = array('admin' => 'admin', 'staff' => 'staff');

if (!isset($_SERVER['PHP_AUTH_USER']))
{
do_auth();
}
elseif (!isset($_SERVER['PHP_AUTH_PW']))
{
do_auth();
}
elseif($users[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW'])
{
do_auth();
}
//if were here... then were logged in successfully :)
print('Welcome to the control panel
<b>'.$_SERVER['PHP_AUTH_USER'].'</b>');

-----------
This second example give access to ips listed the array $allowed_ips
hopefully one of these may be of help to you...
but http auth is not the best method of passwording, all depends on how
secure you want the protected content to be.
---------

function do_auth()
{
$realm = mt_rand(1,1000);
header('WWW-Authenticate: Basic realm="CMMS Administation ID:
'.$realm.'"');
header('HTTP/1.0 401 Unauthorized');
die("Permission Denied");
}
//your access info... user => pass

$userip = (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) ?
$_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER["REMOTE_ADDR"];
$allowed_ips = array('212.100.120.40','212.100.120.41','212.100.1 20.42');
if(!in_array($userip,$allowed_ips)
{
do_auth();
}
//if were here... then were logged in successfully :)
print('Welcome to the control panel <b>'.$userip.'</b>');

----------

Good luck
*Rob

sorry parse error in 2nd example replace line...

if(!in_array($userip,$allowed_ips)

with

if(!in_array($userip,$allowed_ips))

;)
*Rob

Thanks Rob - appreciate your help VERY much. :-)

Chris
On Thu, 28 Jul 2005 16:28:58 +0000 (UTC), Rob
<rob.@.no.spam.please.tbswebdesign.com> wrote:

Chris... iv come up with this for you...
This example will give access dependant on the username and password
entered.
You can added/delete users from the $users array.

-----------

function do_auth()
{
$realm = mt_rand(1,1000);
header('WWW-Authenticate: Basic realm="CMMS Administation ID:
'.$realm.'"');
header('HTTP/1.0 401 Unauthorized');
die("Permission Denied");
}
//your access info... user => pass
$users = array('admin' => 'admin', 'staff' => 'staff');

if (!isset($_SERVER['PHP_AUTH_USER']))
{
do_auth();
}
elseif (!isset($_SERVER['PHP_AUTH_PW']))
{
do_auth();
}
elseif($users[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW'])
{
do_auth();
}
//if were here... then were logged in successfully :)
print('Welcome to the control panel
<b>'.$_SERVER['PHP_AUTH_USER'].'</b>');

-----------
This second example give access to ips listed the array $allowed_ips
hopefully one of these may be of help to you...
but http auth is not the best method of passwording, all depends on how
secure you want the protected content to be.
---------

function do_auth()
{
$realm = mt_rand(1,1000);
header('WWW-Authenticate: Basic realm="CMMS Administation ID:
'.$realm.'"');
header('HTTP/1.0 401 Unauthorized');
die("Permission Denied");
}
//your access info... user => pass

$userip = (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) ?
$_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER["REMOTE_ADDR"];
$allowed_ips = array('212.100.120.40','212.100.120.41','212.100.1 20.42');
if(!in_array($userip,$allowed_ips)
{
do_auth();
}
//if were here... then were logged in successfully :)
print('Welcome to the control panel <b>'.$userip.'</b>');

----------

Good luck
*Rob

sorry parse error in 2nd example replace line...

if(!in_array($userip,$allowed_ips)

with

if(!in_array($userip,$allowed_ips))

;)
*Rob