Hello,
Is it possible to use php to generate different menus for users who
have access to files in different folders?
For example, user Fred might be able to access files in folders A, B
and F, whilst use Jane might be able to access files in folders A, D
and E. I would want each user to only see text and links relevant to
the files in their chosen folders...
Can mysql hold data which php then uses to create the pages?
Cheers
Geoff
23  2362 
On Fri, 8 Aug 2008 15:10:23 -0700 (PDT), macca
<pt*******@googlemail.comwrote:
>yes.
just a little more info would be appreciated!
Cheers
Geoff
..oO(Geoff Cox)
>On Fri, 8 Aug 2008 15:10:23 -0700 (PDT), macca
<pt*******@googlemail.comwrote:
>>yes.
just a little more info would be appreciated!
The answer was appropriate. ;)
Your questions are a bit too general to give more specific answers.
Of course you can use some DB-based user management, where in some table
it is stored what folders the users are allowed to access. These folders
should be placed outside the document root to avoid direct URL access,
but instead their contents should only be readable by a script. This
script then just has to check the privileges of the currently logged-in
user, according to the rules in the DB. Using sessions would be helpful
here as well.
But maybe simple HTTP Authentication would be enough? Controlling access
to the various folders can be done quite easily with .htaccess files. Of
course a PHP solution might be more convenient and easier to maintain.
Micha
Well there are various ways to do it but you didnt ask that in your
OP :-)
You could create a record in the db for each user called say, "users"
that could hold the allowed directories as a comma separated string.
The table could be something like this like this:
CREATE TABLE users(
user_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
firstname VARCHAR(100),
surname VARCHAR(100),
allowed_dirs VARCHAR(255)
)ENGINE=MyISAM;
then a query such as "SELECT allowed_dirs FROM users WHERE user_id =
$user_id"
Then explode the result:
$allowed_folders_array = explode(',',$sql_result);
Then something like
foreach ($allowed_folders_array as $folder){
.... link to folder ...
}
Do you want to show a list of the files in the directories?
you could use something like
$files = scandir($dir);
$skip = array('.','..');
foreach ($files as $file){
if (in_array($file,$skip)){
continue;
}
echo $file.'<br />';
}
That should get you started.
macca wrote:
Well there are various ways to do it but you didnt ask that in your
OP :-)
You could create a record in the db for each user called say, "users"
that could hold the allowed directories as a comma separated string.
The table could be something like this like this:
CREATE TABLE users(
user_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
firstname VARCHAR(100),
surname VARCHAR(100),
allowed_dirs VARCHAR(255)
)ENGINE=MyISAM;
If you're going to do it this way you should make two tables. One for
users and one for directories. Comma separated data in a column simply
creates problems.
Database normalization is more than just a good idea ;-).
.......
"The first normal form (or 1NF) requires that the values in each column
of a table are atomic. By atomic we mean that there are no sets of
values within a column."
So create two tables (somewhat) like this:
CREATE TABLE users(
user_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
firstname VARCHAR(100),
surname VARCHAR(100),
)ENGINE=MyISAM;
CREATE TABLE dirs(
dir_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
user_id INT UNSIGNED NOT NULL
dir_path VARCHAR(255)
)ENGINE=MyISAM;
then a query such as "SELECT allowed_dirs FROM users WHERE user_id =
$user_id"
or ...
"SELECT dir_path FROM `dirs` WHERE user_id = $user_id"
Loop through each row of results to get the allowed directories for a
particular user.
... link to folder ...
}
That should get you started.
I actually liked your first answer.
--
*****************************
Chuck Anderson • Boulder, CO http://www.CycleTourist.com
Nothing he's got he really needs
Twenty first century schizoid man.
***********************************
If you're going to do it this way you should make two tables. One for
users and one for directories.
Actually if you are going to Normalize, you would need THREE tables...
>Comma separated data in a column simply
creates problems.
It simply provides a simplest solution to the problem.
Database normalization is more than just a good idea ;-).
......
"The first normal form (or 1NF) requires that the values in each column
of a table are atomic. By atomic we mean that there are no sets of
values within a column."
okay so...
So create two tables (somewhat) like this:
CREATE TABLE users(
user_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
firstname VARCHAR(100),
surname VARCHAR(100),
)ENGINE=MyISAM;
Okay so far...
CREATE TABLE dirs(
dir_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
user_id INT UNSIGNED NOT NULL
dir_path VARCHAR(255)
)ENGINE=MyISAM;
This would still generate duplication as you would have to duplicate
the directory path for every user.
you would use three tables:
CREATE TABLE users(
user_id INT UNSIGNED NOT NULL AUTO_INCREMENT
PRIMARY KEY,
firstname VARCHAR(100),
surname VARCHAR(100)
)ENGINE=MyISAM;
CREATE TABLE directories(
directory_id INT UNSIGNED NOT NULL
AUTO_INCREMENT PRIMARY KEY,
directory_path VARCHAR(255)
)ENGINE=MyISAM;
This way you only define each directory in the directories table once.
CREATE TABLE directory_permissions(
permission_id INT UNSIGNED NOT NULL
AUTO_INCREMENT PRIMARY KEY,
directory_idfk INT UNSIGNED NOT
NULL DEFAULT 0,
user_idfk INT UNSIGNED NOT NULL
DEFAULT 0
)ENGINE=MyISAM;
Now this is the table that holds the permissions - permission_id,
which is an auto increment to identify the record,
directory_idfk: the directory_id primary key from the directories
table (not a true foreign key, as in InnoDB tables, but same
principal)
user_idfk : the user_id primary key from the user table
This way, you define all your directories first in the 'directories'
table, then as you add each user you create a record in the
directory_permissions table for each dir the user has permission, with
that user's id and and the directory id.
Then query:
"SELECT directory_path AS allowed_directories FROM
directories,directory_permissions WHERE directory_id = directory_idfk
AND user_idfk = $user_id"
Loop through each row of results to get the allowed directories for a
particular user.
Yes, but now it's as it should be.
I actually liked your first answer.
Me too - much simpler - and would work too! Sometimes the simplest
solution is the best one.
Have a nice day Charles! ;-)
On Fri, 8 Aug 2008 16:30:35 -0700 (PDT), macca
<pt*******@googlemail.comwrote:
>Well there are various ways to do it but you didnt ask that in your
OP :-)
You could create a record in the db for each user called say, "users"
that could hold the allowed directories as a comma separated string.
The table could be something like this like this:
CREATE TABLE users(
user_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
firstname VARCHAR(100),
surname VARCHAR(100),
allowed_dirs VARCHAR(255)
)ENGINE=MyISAM;
then a query such as "SELECT allowed_dirs FROM users WHERE user_id =
$user_id"
Then explode the result:
$allowed_folders_array = explode(',',$sql_result);
Then something like
foreach ($allowed_folders_array as $folder){
... link to folder ...
}
Do you want to show a list of the files in the directories?
you could use something like
$files = scandir($dir);
$skip = array('.','..');
foreach ($files as $file){
if (in_array($file,$skip)){
continue;
}
echo $file.'<br />';
}
That should get you started.
Thanks for this - I know I over simplified!
At the moment I have just 6 categories (each one having a series of
sub-categories) and each one has access to files in a folder using
..htaccess and .htpasswd.
Once in this folder the user sees 2 frames. In the left hand frame are
the different areas with file selection boxes. Once a file has been
selected summary text re this file is taken from mysql and appears in
the right hand frame with a link to the actual file.
The reason for asking these questions is that we wish to move to
allowing users to subscribe to any combination of the sub-categories
and not just the 6 as now....
This would mean lots of different combinations and the need to create
these pages on the fly depending on which combination has been chosen.
Cheers
Geoff
On Sat, 09 Aug 2008 01:20:20 +0200, Michael Fesser <ne*****@gmx.de>
wrote:
>.oO(Geoff Cox)
>>On Fri, 8 Aug 2008 15:10:23 -0700 (PDT), macca
<pt*******@googlemail.comwrote:
>>>yes.
just a little more info would be appreciated!
The answer was appropriate. ;)
Your questions are a bit too general to give more specific answers.
Of course you can use some DB-based user management, where in some table
it is stored what folders the users are allowed to access. These folders
should be placed outside the document root to avoid direct URL access,
but instead their contents should only be readable by a script. This
script then just has to check the privileges of the currently logged-in
user, according to the rules in the DB. Using sessions would be helpful
here as well.
But maybe simple HTTP Authentication would be enough? Controlling access
to the various folders can be done quite easily with .htaccess files. Of
course a PHP solution might be more convenient and easier to maintain.
Micha
Thanks Micha - please see what I have said in reply to Macca.
Cheers
Geoff
Geoff Cox wrote:
On Fri, 8 Aug 2008 16:30:35 -0700 (PDT), macca
<pt*******@googlemail.comwrote:
>Well there are various ways to do it but you didnt ask that in your
OP :-)
You could create a record in the db for each user called say, "users"
that could hold the allowed directories as a comma separated string.
The table could be something like this like this:
CREATE TABLE users(
user_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
firstname VARCHAR(100),
surname VARCHAR(100),
allowed_dirs VARCHAR(255)
)ENGINE=MyISAM;
then a query such as "SELECT allowed_dirs FROM users WHERE user_id =
$user_id"
Then explode the result:
$allowed_folders_array = explode(',',$sql_result);
Then something like
foreach ($allowed_folders_array as $folder){
... link to folder ...
}
Do you want to show a list of the files in the directories?
you could use something like
$files = scandir($dir);
$skip = array('.','..');
foreach ($files as $file){
if (in_array($file,$skip)){
continue;
}
echo $file.'<br />';
}
That should get you started.
Thanks for this - I know I over simplified!
At the moment I have just 6 categories (each one having a series of
sub-categories) and each one has access to files in a folder using
.htaccess and .htpasswd.
Once in this folder the user sees 2 frames. In the left hand frame are
the different areas with file selection boxes. Once a file has been
selected summary text re this file is taken from mysql and appears in
the right hand frame with a link to the actual file.
The reason for asking these questions is that we wish to move to
allowing users to subscribe to any combination of the sub-categories
and not just the 6 as now....
This would mean lots of different combinations and the need to create
these pages on the fly depending on which combination has been chosen.
Cheers
Geoff
I have implemented something similar: It goes like this.
At the first level, .htaccess and .htpasswd are used to do the primary
login. These are written to bya PHP script that sets them up in the
first place.
Then every php page to be displayed has a standard include file, that
looks up the user name in a database, and validates it with respect to
permissions to access that page.
It would be trivial to hold a table of all php forms, another of all
users, and a table of valid links that link a user to a page if he/she
has permission to access it.
On Sat, 09 Aug 2008 09:19:29 +0100, The Natural Philosopher <a@b.c>
wrote:
Thanks for your reply.
>I have implemented something similar: It goes like this.
At the first level, .htaccess and .htpasswd are used to do the primary
login. These are written to bya PHP script that sets them up in the
first place.
at the moment I have to use ssh and then .htpasswd etc - how do you
use php to do this?
>Then every php page to be displayed has a standard include file, that
looks up the user name in a database, and validates it with respect to
permissions to access that page.
It would be trivial to hold a table of all php forms, another of all
users, and a table of valid links that link a user to a page if he/she
has permission to access it.
trivial sound fine!
I have put up a sample set of files at http://www.micro-active.com/atest.htm
if you go into Group 1 you can select a file in the left hand frame
and the summary info plus the link to the files appears in the right
hand frame.
My idea is to have Group 1, Group 2 etc etc (probably a total of 20)
and allow users to have access to any combination of these groups.
Can you point me at the site where you have this happening?
Cheers
Geoff
Geoff Cox wrote:
Hello,
Is it possible to use php to generate different menus for users who
have access to files in different folders?
For example, user Fred might be able to access files in folders A, B
and F, whilst use Jane might be able to access files in folders A, D
and E. I would want each user to only see text and links relevant to
the files in their chosen folders...
Can mysql hold data which php then uses to create the pages?
Cheers
Geoff
When I need to do things like this I install Joomla with the DocMan
component. All that is then left is to configure it for who has access to
what.
On Sat, 9 Aug 2008 11:14:37 +0100, "Paul Lautman"
<pa**********@btinternet.comwrote:
>Geoff Cox wrote:
>Hello,
Is it possible to use php to generate different menus for users who
have access to files in different folders?
For example, user Fred might be able to access files in folders A, B
and F, whilst use Jane might be able to access files in folders A, D
and E. I would want each user to only see text and links relevant to
the files in their chosen folders...
Can mysql hold data which php then uses to create the pages?
Cheers
Geoff
When I need to do things like this I install Joomla with the DocMan
component. All that is then left is to configure it for who has access to
what.
'have never used joomla - will look into this.
thanks
Geoff
Geoff Cox wrote:
On Fri, 8 Aug 2008 16:30:35 -0700 (PDT), macca
<pt*******@googlemail.comwrote:
>Well there are various ways to do it but you didnt ask that in your
OP :-)
You could create a record in the db for each user called say, "users"
that could hold the allowed directories as a comma separated string.
The table could be something like this like this:
CREATE TABLE users(
user_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
firstname VARCHAR(100),
surname VARCHAR(100),
allowed_dirs VARCHAR(255)
)ENGINE=MyISAM;
then a query such as "SELECT allowed_dirs FROM users WHERE user_id =
$user_id"
Then explode the result:
$allowed_folders_array = explode(',',$sql_result);
Then something like
foreach ($allowed_folders_array as $folder){
... link to folder ...
}
Do you want to show a list of the files in the directories?
you could use something like
$files = scandir($dir);
$skip = array('.','..');
foreach ($files as $file){
if (in_array($file,$skip)){
continue;
}
echo $file.'<br />';
}
That should get you started.
Thanks for this - I know I over simplified!
At the moment I have just 6 categories (each one having a series of
sub-categories) and each one has access to files in a folder using
.htaccess and .htpasswd.
Once in this folder the user sees 2 frames. In the left hand frame are
the different areas with file selection boxes. Once a file has been
selected summary text re this file is taken from mysql and appears in
the right hand frame with a link to the actual file.
The reason for asking these questions is that we wish to move to
allowing users to subscribe to any combination of the sub-categories
and not just the 6 as now....
This would mean lots of different combinations and the need to create
these pages on the fly depending on which combination has been chosen.
Cheers
Geoff
Geoff,
This is pretty simple if you normalize your database as others have
noted. Three tables:
User
UserId
Name
Password
(Other Stuff)
Category
CategoryId
ParentCategoryId // Null if not a subcategory
CategoryName
(Other Stuff)
User_Category
UserId (same as in User table)
CategoryId (same as in Category table)
This allows for unlimited combinations of categories and users, and even
unlimited depths of subcategories.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
On Sat, 09 Aug 2008 10:22:19 -0400, Jerry Stuckle
<js*******@attglobal.netwrote:
>Geoff Cox wrote:
>On Fri, 8 Aug 2008 16:30:35 -0700 (PDT), macca
<pt*******@googlemail.comwrote:
>>Well there are various ways to do it but you didnt ask that in your
OP :-)
You could create a record in the db for each user called say, "users"
that could hold the allowed directories as a comma separated string.
The table could be something like this like this:
CREATE TABLE users(
user_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
firstname VARCHAR(100),
surname VARCHAR(100),
allowed_dirs VARCHAR(255)
)ENGINE=MyISAM;
then a query such as "SELECT allowed_dirs FROM users WHERE user_id =
$user_id"
Then explode the result:
$allowed_folders_array = explode(',',$sql_result);
Then something like
foreach ($allowed_folders_array as $folder){
... link to folder ...
}
Do you want to show a list of the files in the directories?
you could use something like
$files = scandir($dir);
$skip = array('.','..');
foreach ($files as $file){
if (in_array($file,$skip)){
continue;
}
echo $file.'<br />';
}
That should get you started.
Thanks for this - I know I over simplified!
At the moment I have just 6 categories (each one having a series of
sub-categories) and each one has access to files in a folder using
.htaccess and .htpasswd.
Once in this folder the user sees 2 frames. In the left hand frame are
the different areas with file selection boxes. Once a file has been
selected summary text re this file is taken from mysql and appears in
the right hand frame with a link to the actual file.
The reason for asking these questions is that we wish to move to
allowing users to subscribe to any combination of the sub-categories
and not just the 6 as now....
This would mean lots of different combinations and the need to create
these pages on the fly depending on which combination has been chosen.
Cheers
Geoff
Geoff,
This is pretty simple if you normalize your database as others have
noted. Three tables:
User
UserId
Name
Password
(Other Stuff)
Category
CategoryId
ParentCategoryId // Null if not a subcategory
CategoryName
(Other Stuff)
User_Category
UserId (same as in User table)
CategoryId (same as in Category table)
This allows for unlimited combinations of categories and users, and even
unlimited depths of subcategories.
Jerry,
Many thanks for above - I have changed my example set up to http://www.micro-active.com/abest/index.htm
The idea being that users can choose to subscribe to any combination
of Group 1, Group 2 ... Group 5.
Any thoughts on how php would be used to dynamically create the
various different pages which I have created by hand!?
Cheers
Geoff
Geoff Cox wrote:
On Sat, 09 Aug 2008 10:22:19 -0400, Jerry Stuckle
<js*******@attglobal.netwrote:
>Geoff Cox wrote:
>>On Fri, 8 Aug 2008 16:30:35 -0700 (PDT), macca
<pt*******@googlemail.comwrote:
Well there are various ways to do it but you didnt ask that in your
OP :-)
You could create a record in the db for each user called say, "users"
that could hold the allowed directories as a comma separated string.
The table could be something like this like this:
CREATE TABLE users(
user_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
firstname VARCHAR(100),
surname VARCHAR(100),
allowed_dirs VARCHAR(255)
)ENGINE=MyISAM;
then a query such as "SELECT allowed_dirs FROM users WHERE user_id =
$user_id"
Then explode the result:
$allowed_folders_array = explode(',',$sql_result);
Then something like
foreach ($allowed_folders_array as $folder){
... link to folder ...
}
Do you want to show a list of the files in the directories?
you could use something like
$files = scandir($dir);
$skip = array('.','..');
foreach ($files as $file){
if (in_array($file,$skip)){
continue;
}
echo $file.'<br />';
}
That should get you started.
Thanks for this - I know I over simplified!
At the moment I have just 6 categories (each one having a series of
sub-categories) and each one has access to files in a folder using
.htaccess and .htpasswd.
Once in this folder the user sees 2 frames. In the left hand frame are
the different areas with file selection boxes. Once a file has been
selected summary text re this file is taken from mysql and appears in
the right hand frame with a link to the actual file.
The reason for asking these questions is that we wish to move to
allowing users to subscribe to any combination of the sub-categories
and not just the 6 as now....
This would mean lots of different combinations and the need to create
these pages on the fly depending on which combination has been chosen.
Cheers
Geoff
Geoff,
This is pretty simple if you normalize your database as others have
noted. Three tables:
User
UserId
Name
Password
(Other Stuff)
Category
CategoryId
ParentCategoryId // Null if not a subcategory
CategoryName
(Other Stuff)
User_Category
UserId (same as in User table)
CategoryId (same as in Category table)
This allows for unlimited combinations of categories and users, and even
unlimited depths of subcategories.
Jerry,
Many thanks for above - I have changed my example set up to
http://www.micro-active.com/abest/index.htm
The idea being that users can choose to subscribe to any combination
of Group 1, Group 2 ... Group 5.
Any thoughts on how php would be used to dynamically create the
various different pages which I have created by hand!?
Cheers
Geoff
Your request really is too nebulous for an intelligent answer. There
are an almost unlimited number of ways to create pages using PHP, but
you haven't identified exactly what you want.
You need to determine exactly what you want to do on each page. Then I
would recommend you decide how to do it using some pseudo-code.
Finally, implement the pseudo code.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
On Sat, 09 Aug 2008 14:28:50 -0400, Jerry Stuckle
<js*******@attglobal.netwrote:
>Your request really is too nebulous for an intelligent answer. There
are an almost unlimited number of ways to create pages using PHP, but
you haven't identified exactly what you want.
Jerry,
I was trying hard not to be nebulous!
I thought by showing http://www.micro-active.com/abest/index.htm
this was being concrete.
How would I dynamically create something like the above for a user who
has access to Group 1 and Group 3 files and another user who has
access to Group 1, Group 3 and Group 5 files?
There would be many other combinations and so dynamically creating the
different pages seems the way to go.
Cheers
Geoff
>
You need to determine exactly what you want to do on each page. Then I
would recommend you decide how to do it using some pseudo-code.
Finally, implement the pseudo code.
Geoff Cox wrote:
On Sat, 09 Aug 2008 14:28:50 -0400, Jerry Stuckle
<js*******@attglobal.netwrote:
>Your request really is too nebulous for an intelligent answer. There
are an almost unlimited number of ways to create pages using PHP, but
you haven't identified exactly what you want.
Jerry,
I was trying hard not to be nebulous!
I thought by showing
http://www.micro-active.com/abest/index.htm
this was being concrete.
How would I dynamically create something like the above for a user who
has access to Group 1 and Group 3 files and another user who has
access to Group 1, Group 3 and Group 5 files?
There would be many other combinations and so dynamically creating the
different pages seems the way to go.
Cheers
Geoff
This shows just some outlines of pages. That's all. There are a lot of
things you can do with it.
As I said before: You need to determine exactly what you want to do on
each page. Then I would recommend you decide how to do it using some
pseudo-code. Finally, implement the pseudo code.
Alternatively, hire someone to do it for you. Your question is really
to broad for usenet, ant this group is to help with specific PHP
questions. It's not to help you write your code for you or even teach
you basic programming principles.
If you don't have an idea about how to approach the problem (which from
your question you don't), you have more than just a PHP coding problem.
You need to go back and learn basic programming techniques.
>
>You need to determine exactly what you want to do on each page. Then I
would recommend you decide how to do it using some pseudo-code.
Finally, implement the pseudo code.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
On Sat, 09 Aug 2008 15:55:12 -0400, Jerry Stuckle
<js*******@attglobal.netwrote:
>Geoff Cox wrote:
>On Sat, 09 Aug 2008 14:28:50 -0400, Jerry Stuckle
<js*******@attglobal.netwrote:
>>Your request really is too nebulous for an intelligent answer. There
are an almost unlimited number of ways to create pages using PHP, but
you haven't identified exactly what you want.
Jerry,
I was trying hard not to be nebulous!
I thought by showing
http://www.micro-active.com/abest/index.htm
this was being concrete.
How would I dynamically create something like the above for a user who
has access to Group 1 and Group 3 files and another user who has
access to Group 1, Group 3 and Group 5 files?
There would be many other combinations and so dynamically creating the
different pages seems the way to go.
Cheers
Geoff
This shows just some outlines of pages. That's all. There are a lot of
things you can do with it.
As I said before: You need to determine exactly what you want to do on
each page. Then I would recommend you decide how to do it using some
pseudo-code. Finally, implement the pseudo code.
OK! Will out nore effort into getting some code written.
Cheers
Geoff
>
Alternatively, hire someone to do it for you. Your question is really
to broad for usenet, ant this group is to help with specific PHP
questions. It's not to help you write your code for you or even teach
you basic programming principles.
If you don't have an idea about how to approach the problem (which from
your question you don't), you have more than just a PHP coding problem.
You need to go back and learn basic programming techniques.
>>
>>You need to determine exactly what you want to do on each page. Then I
would recommend you decide how to do it using some pseudo-code.
Finally, implement the pseudo code.
>At the moment I have just 6 categories (each one having a series of
>sub-categories) and each one has access to files in a folder using
.htaccess and .htpasswd.
Once in this folder the user sees 2 frames. In the left hand frame are
the different areas with file selection boxes. Once a file has been
selected summary text re this file is taken from mysql and appears in
the right hand frame with a link to the actual file.
Note that if you have a link to the actual file, not one that goes
through a script, the only thing protecting the files is .htaccess
/ .htpasswd . File URLs can be guessed, found in browser histories,
or saved before access was revoked. For an access scheme as
complicated as what you want, that probably means dynamically
generating .htaccess/.htpasswd files, or (probably much better)
gating access through a script that checks authorization, with the
actual files stored where no URL can directly reach them.
When the user logs in, go through the database and look at what
groups he's subscribed to. Generate a link for each group.
You might want to have a human-readable description in the
database for each group. If the user has access to NO groups,
say so and perhaps provide a link to where he can sign up for
access.
When the user goes to a group menu, go through the database and/or
directories and generate a link for each subgroup. This may be
a good reason to NOT store a list of directories as a comma-separated
list in one field. You may also want to present a human-understandable
description for the link, pulled from the database, rather than
just directory names.
When the user goes to a subgroup menu, go through the directory
and generate a link to the script to deliver each file.
Each level of menu should check whether the user has permission to
access it at all. Note that failure to generate a link to something
does NOT mean the user can't guess the URL and type it in manually.
On Sat, 09 Aug 2008 15:40:43 -0500, go***********@burditt.org (Gordon
Burditt) wrote:
>>At the moment I have just 6 categories (each one having a series of
sub-categories) and each one has access to files in a folder using
.htaccess and .htpasswd.
Once in this folder the user sees 2 frames. In the left hand frame are
the different areas with file selection boxes. Once a file has been
selected summary text re this file is taken from mysql and appears in
the right hand frame with a link to the actual file.
Note that if you have a link to the actual file, not one that goes
through a script, the only thing protecting the files is .htaccess
/ .htpasswd . File URLs can be guessed, found in browser histories,
or saved before access was revoked. For an access scheme as
complicated as what you want, that probably means dynamically
generating .htaccess/.htpasswd files, or (probably much better)
gating access through a script that checks authorization, with the
actual files stored where no URL can directly reach them.
When the user logs in, go through the database and look at what
groups he's subscribed to. Generate a link for each group.
You might want to have a human-readable description in the
database for each group. If the user has access to NO groups,
say so and perhaps provide a link to where he can sign up for
access.
When the user goes to a group menu, go through the database and/or
directories and generate a link for each subgroup. This may be
a good reason to NOT store a list of directories as a comma-separated
list in one field. You may also want to present a human-understandable
description for the link, pulled from the database, rather than
just directory names.
When the user goes to a subgroup menu, go through the directory
and generate a link to the script to deliver each file.
Each level of menu should check whether the user has permission to
access it at all. Note that failure to generate a link to something
does NOT mean the user can't guess the URL and type it in manually.
thanks Gordon - need to think through what you've written!
Cheers
Geoff
On Sat, 09 Aug 2008 15:40:43 -0500, go***********@burditt.org (Gordon
Burditt) wrote:
>>At the moment I have just 6 categories (each one having a series of
sub-categories) and each one has access to files in a folder using
.htaccess and .htpasswd.
Once in this folder the user sees 2 frames. In the left hand frame are
the different areas with file selection boxes. Once a file has been
selected summary text re this file is taken from mysql and appears in
the right hand frame with a link to the actual file.
Note that if you have a link to the actual file, not one that goes
through a script, the only thing protecting the files is .htaccess
/ .htpasswd . File URLs can be guessed, found in browser histories,
or saved before access was revoked. For an access scheme as
complicated as what you want, that probably means dynamically
generating .htaccess/.htpasswd files, or (probably much better)
gating access through a script that checks authorization, with the
actual files stored where no URL can directly reach them.
Gordan,
Re the "where no URL ..." are you saying that the files would be
stored above the public_html directory? I have just tried that and php
cannot find them. I am using "../../" etc to get at them but isn't
this a security issue?
Cheers
Geoff
>
When the user logs in, go through the database and look at what
groups he's subscribed to. Generate a link for each group.
You might want to have a human-readable description in the
database for each group. If the user has access to NO groups,
say so and perhaps provide a link to where he can sign up for
access.
When the user goes to a group menu, go through the database and/or
directories and generate a link for each subgroup. This may be
a good reason to NOT store a list of directories as a comma-separated
list in one field. You may also want to present a human-understandable
description for the link, pulled from the database, rather than
just directory names.
When the user goes to a subgroup menu, go through the directory
and generate a link to the script to deliver each file.
Each level of menu should check whether the user has permission to
access it at all. Note that failure to generate a link to something
does NOT mean the user can't guess the URL and type it in manually.
Geoff Cox wrote:
On Sat, 09 Aug 2008 15:40:43 -0500, go***********@burditt.org (Gordon
Burditt) wrote:
>>At the moment I have just 6 categories (each one having a series of
sub-categories) and each one has access to files in a folder using
.htaccess and .htpasswd.
Once in this folder the user sees 2 frames. In the left hand frame are
the different areas with file selection boxes. Once a file has been
selected summary text re this file is taken from mysql and appears in
the right hand frame with a link to the actual file.
Note that if you have a link to the actual file, not one that goes
through a script, the only thing protecting the files is .htaccess
/ .htpasswd . File URLs can be guessed, found in browser histories,
or saved before access was revoked. For an access scheme as
complicated as what you want, that probably means dynamically
generating .htaccess/.htpasswd files, or (probably much better)
gating access through a script that checks authorization, with the
actual files stored where no URL can directly reach them.
Gordan,
Re the "where no URL ..." are you saying that the files would be
stored above the public_html directory? I have just tried that and php
cannot find them. I am using "../../" etc to get at them but isn't
this a security issue?
Cheers
Geoff
If you use the correct path, PHP can find them (I always use paths based
off of $_SERVER['DOCUMENT_ROOT']).
And it's LESS of a security issue than having the files in your web
root. Files outside of the web root cannot be accessed directly through
http protocol. Ones within the web root can.
>
>When the user logs in, go through the database and look at what
groups he's subscribed to. Generate a link for each group.
You might want to have a human-readable description in the
database for each group. If the user has access to NO groups,
say so and perhaps provide a link to where he can sign up for
access.
When the user goes to a group menu, go through the database and/or
directories and generate a link for each subgroup. This may be
a good reason to NOT store a list of directories as a comma-separated
list in one field. You may also want to present a human-understandable
description for the link, pulled from the database, rather than
just directory names.
When the user goes to a subgroup menu, go through the directory
and generate a link to the script to deliver each file.
Each level of menu should check whether the user has permission to
access it at all. Note that failure to generate a link to something
does NOT mean the user can't guess the URL and type it in manually.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
On Mon, 11 Aug 2008 07:13:08 -0400, Jerry Stuckle
<js*******@attglobal.netwrote:
$_SERVER['DOCUMENT_ROOT']).
>If you use the correct path, PHP can find them (I always use paths based
off of $_SERVER['DOCUMENT_ROOT']).
And it's LESS of a security issue than having the files in your web
root. Files outside of the web root cannot be accessed directly through
http protocol. Ones within the web root can.
Thanks Jerry for the $_SERVER['DOCUMENT_ROOT']) thought.
Cheers
Geoff This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: dr. zoidberg |
last post by:
Hello, I'm creating simple menu.
MySQL:
+----+-----+----------------------+
| id | sid | Title |
+----+-----+----------------------+
| 1 | 0 | Main Menu 1
| 2 | 0 | Main Menu 2
| ...
|
by: Jason |
last post by:
I have a client that would like to have drop down menus added to a nav
bar that is generated from MySQL. Is it possible to have a dynamically
driven DHTML menu from MySQL?
example link...
|
by: AF |
last post by:
I am a real novice to php and MySQL, with about a week's worth of
reading and self tutoring. I have an urgent need to publish a
database of information and need some guidance on how to do this.
...
|
by: Matthew Bates |
last post by:
Hi,
I've been using PHP for a while now and I'm beginning to migrate to
PHP5. So far, I'm impressed.
I need to develop an admin application to enable users to update a
website that is built...
|
by: Johannes B. Ullrich |
last post by:
--=-WKgoK98ejo9BZyGYc3N/
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
I am having problems with MySQL 4.0.12 on RedHat Advanced Server 2.1
using a dual Xeon with 8...
|
by: chicha |
last post by:
Hey people,
I have to convert MS Access 2000 database into mysql database, the whole
thing being part of this project I'm doing for one of my faculty
classes. My professor somehow presumed I...
|
by: Steven An |
last post by:
I'm gonna describe the situation I'm dealing with..but if you're not
interested, just skip to the last line where I bluntly ask my question
:)
Here's my scenario: I've got a huge website that...
|
by: Chris Ochs |
last post by:
Not to change the topic too much, but as a new postgresql user I have to say
that it takes quite a bit of time to find even the basic postgresql
tools/interfaces/etc that are available.
The main...
|
by: Atli |
last post by:
This is an easy to digest 12 step guide on basics of using MySQL. It's a great refresher for those who need it and it work's great for first time MySQL users.
Anyone should be able to get...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
| |
