468,512 Members | 1,474 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,512 developers. It's quick & easy.

use php/mysql to generate menu pages?

Hello,

Is it possible to use php to generate different menus for users who
have access to files in different folders?

For example, user Fred might be able to access files in folders A, B
and F, whilst use Jane might be able to access files in folders A, D
and E. I would want each user to only see text and links relevant to
the files in their chosen folders...

Can mysql hold data which php then uses to create the pages?

Cheers

Geoff
Aug 8 '08 #1
23 2078
yes.
Aug 8 '08 #2
On Fri, 8 Aug 2008 15:10:23 -0700 (PDT), macca
<pt*******@googlemail.comwrote:
>yes.
just a little more info would be appreciated!

Cheers

Geoff
Aug 8 '08 #3
..oO(Geoff Cox)
>On Fri, 8 Aug 2008 15:10:23 -0700 (PDT), macca
<pt*******@googlemail.comwrote:
>>yes.

just a little more info would be appreciated!
The answer was appropriate. ;)
Your questions are a bit too general to give more specific answers.

Of course you can use some DB-based user management, where in some table
it is stored what folders the users are allowed to access. These folders
should be placed outside the document root to avoid direct URL access,
but instead their contents should only be readable by a script. This
script then just has to check the privileges of the currently logged-in
user, according to the rules in the DB. Using sessions would be helpful
here as well.

But maybe simple HTTP Authentication would be enough? Controlling access
to the various folders can be done quite easily with .htaccess files. Of
course a PHP solution might be more convenient and easier to maintain.

Micha
Aug 8 '08 #4
Well there are various ways to do it but you didnt ask that in your
OP :-)

You could create a record in the db for each user called say, "users"
that could hold the allowed directories as a comma separated string.
The table could be something like this like this:

CREATE TABLE users(
user_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
firstname VARCHAR(100),
surname VARCHAR(100),
allowed_dirs VARCHAR(255)
)ENGINE=MyISAM;

then a query such as "SELECT allowed_dirs FROM users WHERE user_id =
$user_id"

Then explode the result:

$allowed_folders_array = explode(',',$sql_result);

Then something like

foreach ($allowed_folders_array as $folder){

.... link to folder ...

}
Do you want to show a list of the files in the directories?

you could use something like

$files = scandir($dir);

$skip = array('.','..');

foreach ($files as $file){
if (in_array($file,$skip)){
continue;
}
echo $file.'<br />';

}
That should get you started.
Aug 8 '08 #5
macca wrote:
Well there are various ways to do it but you didnt ask that in your
OP :-)

You could create a record in the db for each user called say, "users"
that could hold the allowed directories as a comma separated string.
The table could be something like this like this:

CREATE TABLE users(
user_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
firstname VARCHAR(100),
surname VARCHAR(100),
allowed_dirs VARCHAR(255)
)ENGINE=MyISAM;
If you're going to do it this way you should make two tables. One for
users and one for directories. Comma separated data in a column simply
creates problems.

Database normalization is more than just a good idea ;-).
.......
"The first normal form (or 1NF) requires that the values in each column
of a table are atomic. By atomic we mean that there are no sets of
values within a column."

So create two tables (somewhat) like this:

CREATE TABLE users(
user_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
firstname VARCHAR(100),
surname VARCHAR(100),
)ENGINE=MyISAM;

CREATE TABLE dirs(
dir_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
user_id INT UNSIGNED NOT NULL
dir_path VARCHAR(255)
)ENGINE=MyISAM;

then a query such as "SELECT allowed_dirs FROM users WHERE user_id =
$user_id"

or ...

"SELECT dir_path FROM `dirs` WHERE user_id = $user_id"

Loop through each row of results to get the allowed directories for a
particular user.
... link to folder ...

}
That should get you started.
I actually liked your first answer.

--
*****************************
Chuck Anderson Boulder, CO
http://www.CycleTourist.com
Nothing he's got he really needs
Twenty first century schizoid man.
***********************************

Aug 9 '08 #6
If you're going to do it this way you should make two tables. One for
users and one for directories.
Actually if you are going to Normalize, you would need THREE tables...

>Comma separated data in a column simply
creates problems.
It simply provides a simplest solution to the problem.

Database normalization is more than just a good idea ;-).
......
"The first normal form (or 1NF) requires that the values in each column
of a table are atomic. By atomic we mean that there are no sets of
values within a column."
okay so...
So create two tables (somewhat) like this:

CREATE TABLE users(
user_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
firstname VARCHAR(100),
surname VARCHAR(100),
)ENGINE=MyISAM;

Okay so far...
CREATE TABLE dirs(
dir_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
user_id INT UNSIGNED NOT NULL
dir_path VARCHAR(255)
)ENGINE=MyISAM;
This would still generate duplication as you would have to duplicate
the directory path for every user.
you would use three tables:
CREATE TABLE users(
user_id INT UNSIGNED NOT NULL AUTO_INCREMENT
PRIMARY KEY,
firstname VARCHAR(100),
surname VARCHAR(100)
)ENGINE=MyISAM;

CREATE TABLE directories(
directory_id INT UNSIGNED NOT NULL
AUTO_INCREMENT PRIMARY KEY,
directory_path VARCHAR(255)
)ENGINE=MyISAM;
This way you only define each directory in the directories table once.
CREATE TABLE directory_permissions(
permission_id INT UNSIGNED NOT NULL
AUTO_INCREMENT PRIMARY KEY,
directory_idfk INT UNSIGNED NOT
NULL DEFAULT 0,
user_idfk INT UNSIGNED NOT NULL
DEFAULT 0

)ENGINE=MyISAM;
Now this is the table that holds the permissions - permission_id,
which is an auto increment to identify the record,

directory_idfk: the directory_id primary key from the directories
table (not a true foreign key, as in InnoDB tables, but same
principal)
user_idfk : the user_id primary key from the user table
This way, you define all your directories first in the 'directories'
table, then as you add each user you create a record in the
directory_permissions table for each dir the user has permission, with
that user's id and and the directory id.

Then query:

"SELECT directory_path AS allowed_directories FROM
directories,directory_permissions WHERE directory_id = directory_idfk
AND user_idfk = $user_id"

Loop through each row of results to get the allowed directories for a
particular user.
Yes, but now it's as it should be.

I actually liked your first answer.
Me too - much simpler - and would work too! Sometimes the simplest
solution is the best one.

Have a nice day Charles! ;-)
Aug 9 '08 #7
On Fri, 8 Aug 2008 16:30:35 -0700 (PDT), macca
<pt*******@googlemail.comwrote:
>Well there are various ways to do it but you didnt ask that in your
OP :-)

You could create a record in the db for each user called say, "users"
that could hold the allowed directories as a comma separated string.
The table could be something like this like this:

CREATE TABLE users(
user_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
firstname VARCHAR(100),
surname VARCHAR(100),
allowed_dirs VARCHAR(255)
)ENGINE=MyISAM;

then a query such as "SELECT allowed_dirs FROM users WHERE user_id =
$user_id"

Then explode the result:

$allowed_folders_array = explode(',',$sql_result);

Then something like

foreach ($allowed_folders_array as $folder){

... link to folder ...

}
Do you want to show a list of the files in the directories?

you could use something like

$files = scandir($dir);

$skip = array('.','..');

foreach ($files as $file){
if (in_array($file,$skip)){
continue;
}
echo $file.'<br />';

}
That should get you started.
Thanks for this - I know I over simplified!

At the moment I have just 6 categories (each one having a series of
sub-categories) and each one has access to files in a folder using
..htaccess and .htpasswd.

Once in this folder the user sees 2 frames. In the left hand frame are
the different areas with file selection boxes. Once a file has been
selected summary text re this file is taken from mysql and appears in
the right hand frame with a link to the actual file.

The reason for asking these questions is that we wish to move to
allowing users to subscribe to any combination of the sub-categories
and not just the 6 as now....

This would mean lots of different combinations and the need to create
these pages on the fly depending on which combination has been chosen.

Cheers

Geoff

Aug 9 '08 #8
On Sat, 09 Aug 2008 01:20:20 +0200, Michael Fesser <ne*****@gmx.de>
wrote:
>.oO(Geoff Cox)
>>On Fri, 8 Aug 2008 15:10:23 -0700 (PDT), macca
<pt*******@googlemail.comwrote:
>>>yes.

just a little more info would be appreciated!

The answer was appropriate. ;)
Your questions are a bit too general to give more specific answers.

Of course you can use some DB-based user management, where in some table
it is stored what folders the users are allowed to access. These folders
should be placed outside the document root to avoid direct URL access,
but instead their contents should only be readable by a script. This
script then just has to check the privileges of the currently logged-in
user, according to the rules in the DB. Using sessions would be helpful
here as well.

But maybe simple HTTP Authentication would be enough? Controlling access
to the various folders can be done quite easily with .htaccess files. Of
course a PHP solution might be more convenient and easier to maintain.

Micha
Thanks Micha - please see what I have said in reply to Macca.

Cheers

Geoff
Aug 9 '08 #9
Geoff Cox wrote:
On Fri, 8 Aug 2008 16:30:35 -0700 (PDT), macca
<pt*******@googlemail.comwrote:
>Well there are various ways to do it but you didnt ask that in your
OP :-)

You could create a record in the db for each user called say, "users"
that could hold the allowed directories as a comma separated string.
The table could be something like this like this:

CREATE TABLE users(
user_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
firstname VARCHAR(100),
surname VARCHAR(100),
allowed_dirs VARCHAR(255)
)ENGINE=MyISAM;

then a query such as "SELECT allowed_dirs FROM users WHERE user_id =
$user_id"

Then explode the result:

$allowed_folders_array = explode(',',$sql_result);

Then something like

foreach ($allowed_folders_array as $folder){

... link to folder ...

}
Do you want to show a list of the files in the directories?

you could use something like

$files = scandir($dir);

$skip = array('.','..');

foreach ($files as $file){
if (in_array($file,$skip)){
continue;
}
echo $file.'<br />';

}
That should get you started.

Thanks for this - I know I over simplified!

At the moment I have just 6 categories (each one having a series of
sub-categories) and each one has access to files in a folder using
.htaccess and .htpasswd.

Once in this folder the user sees 2 frames. In the left hand frame are
the different areas with file selection boxes. Once a file has been
selected summary text re this file is taken from mysql and appears in
the right hand frame with a link to the actual file.

The reason for asking these questions is that we wish to move to
allowing users to subscribe to any combination of the sub-categories
and not just the 6 as now....

This would mean lots of different combinations and the need to create
these pages on the fly depending on which combination has been chosen.

Cheers

Geoff
I have implemented something similar: It goes like this.

At the first level, .htaccess and .htpasswd are used to do the primary
login. These are written to bya PHP script that sets them up in the
first place.

Then every php page to be displayed has a standard include file, that
looks up the user name in a database, and validates it with respect to
permissions to access that page.

It would be trivial to hold a table of all php forms, another of all
users, and a table of valid links that link a user to a page if he/she
has permission to access it.
Aug 9 '08 #10
On Sat, 09 Aug 2008 09:19:29 +0100, The Natural Philosopher <a@b.c>
wrote:

Thanks for your reply.
>I have implemented something similar: It goes like this.

At the first level, .htaccess and .htpasswd are used to do the primary
login. These are written to bya PHP script that sets them up in the
first place.
at the moment I have to use ssh and then .htpasswd etc - how do you
use php to do this?
>Then every php page to be displayed has a standard include file, that
looks up the user name in a database, and validates it with respect to
permissions to access that page.

It would be trivial to hold a table of all php forms, another of all
users, and a table of valid links that link a user to a page if he/she
has permission to access it.
trivial sound fine!

I have put up a sample set of files at

http://www.micro-active.com/atest.htm

if you go into Group 1 you can select a file in the left hand frame
and the summary info plus the link to the files appears in the right
hand frame.

My idea is to have Group 1, Group 2 etc etc (probably a total of 20)
and allow users to have access to any combination of these groups.

Can you point me at the site where you have this happening?

Cheers

Geoff


Aug 9 '08 #11
Geoff Cox wrote:
Hello,

Is it possible to use php to generate different menus for users who
have access to files in different folders?

For example, user Fred might be able to access files in folders A, B
and F, whilst use Jane might be able to access files in folders A, D
and E. I would want each user to only see text and links relevant to
the files in their chosen folders...

Can mysql hold data which php then uses to create the pages?

Cheers

Geoff
When I need to do things like this I install Joomla with the DocMan
component. All that is then left is to configure it for who has access to
what.
Aug 9 '08 #12
On Sat, 9 Aug 2008 11:14:37 +0100, "Paul Lautman"
<pa**********@btinternet.comwrote:
>Geoff Cox wrote:
>Hello,

Is it possible to use php to generate different menus for users who
have access to files in different folders?

For example, user Fred might be able to access files in folders A, B
and F, whilst use Jane might be able to access files in folders A, D
and E. I would want each user to only see text and links relevant to
the files in their chosen folders...

Can mysql hold data which php then uses to create the pages?

Cheers

Geoff

When I need to do things like this I install Joomla with the DocMan
component. All that is then left is to configure it for who has access to
what.
'have never used joomla - will look into this.

thanks

Geoff
Aug 9 '08 #13
Geoff Cox wrote:
On Fri, 8 Aug 2008 16:30:35 -0700 (PDT), macca
<pt*******@googlemail.comwrote:
>Well there are various ways to do it but you didnt ask that in your
OP :-)

You could create a record in the db for each user called say, "users"
that could hold the allowed directories as a comma separated string.
The table could be something like this like this:

CREATE TABLE users(
user_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
firstname VARCHAR(100),
surname VARCHAR(100),
allowed_dirs VARCHAR(255)
)ENGINE=MyISAM;

then a query such as "SELECT allowed_dirs FROM users WHERE user_id =
$user_id"

Then explode the result:

$allowed_folders_array = explode(',',$sql_result);

Then something like

foreach ($allowed_folders_array as $folder){

... link to folder ...

}
Do you want to show a list of the files in the directories?

you could use something like

$files = scandir($dir);

$skip = array('.','..');

foreach ($files as $file){
if (in_array($file,$skip)){
continue;
}
echo $file.'<br />';

}
That should get you started.

Thanks for this - I know I over simplified!

At the moment I have just 6 categories (each one having a series of
sub-categories) and each one has access to files in a folder using
.htaccess and .htpasswd.

Once in this folder the user sees 2 frames. In the left hand frame are
the different areas with file selection boxes. Once a file has been
selected summary text re this file is taken from mysql and appears in
the right hand frame with a link to the actual file.

The reason for asking these questions is that we wish to move to
allowing users to subscribe to any combination of the sub-categories
and not just the 6 as now....

This would mean lots of different combinations and the need to create
these pages on the fly depending on which combination has been chosen.

Cheers

Geoff

Geoff,

This is pretty simple if you normalize your database as others have
noted. Three tables:

User
UserId
Name
Password
(Other Stuff)

Category
CategoryId
ParentCategoryId // Null if not a subcategory
CategoryName
(Other Stuff)

User_Category
UserId (same as in User table)
CategoryId (same as in Category table)

This allows for unlimited combinations of categories and users, and even
unlimited depths of subcategories.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Aug 9 '08 #14
On Sat, 09 Aug 2008 10:22:19 -0400, Jerry Stuckle
<js*******@attglobal.netwrote:
>Geoff Cox wrote:
>On Fri, 8 Aug 2008 16:30:35 -0700 (PDT), macca
<pt*******@googlemail.comwrote:
>>Well there are various ways to do it but you didnt ask that in your
OP :-)

You could create a record in the db for each user called say, "users"
that could hold the allowed directories as a comma separated string.
The table could be something like this like this:

CREATE TABLE users(
user_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
firstname VARCHAR(100),
surname VARCHAR(100),
allowed_dirs VARCHAR(255)
)ENGINE=MyISAM;

then a query such as "SELECT allowed_dirs FROM users WHERE user_id =
$user_id"

Then explode the result:

$allowed_folders_array = explode(',',$sql_result);

Then something like

foreach ($allowed_folders_array as $folder){

... link to folder ...

}
Do you want to show a list of the files in the directories?

you could use something like

$files = scandir($dir);

$skip = array('.','..');

foreach ($files as $file){
if (in_array($file,$skip)){
continue;
}
echo $file.'<br />';

}
That should get you started.

Thanks for this - I know I over simplified!

At the moment I have just 6 categories (each one having a series of
sub-categories) and each one has access to files in a folder using
.htaccess and .htpasswd.

Once in this folder the user sees 2 frames. In the left hand frame are
the different areas with file selection boxes. Once a file has been
selected summary text re this file is taken from mysql and appears in
the right hand frame with a link to the actual file.

The reason for asking these questions is that we wish to move to
allowing users to subscribe to any combination of the sub-categories
and not just the 6 as now....

This would mean lots of different combinations and the need to create
these pages on the fly depending on which combination has been chosen.

Cheers

Geoff


Geoff,

This is pretty simple if you normalize your database as others have
noted. Three tables:

User
UserId
Name
Password
(Other Stuff)

Category
CategoryId
ParentCategoryId // Null if not a subcategory
CategoryName
(Other Stuff)

User_Category
UserId (same as in User table)
CategoryId (same as in Category table)

This allows for unlimited combinations of categories and users, and even
unlimited depths of subcategories.
Jerry,

Many thanks for above - I have changed my example set up to

http://www.micro-active.com/abest/index.htm

The idea being that users can choose to subscribe to any combination
of Group 1, Group 2 ... Group 5.

Any thoughts on how php would be used to dynamically create the
various different pages which I have created by hand!?

Cheers

Geoff

Aug 9 '08 #15
Geoff Cox wrote:
On Sat, 09 Aug 2008 10:22:19 -0400, Jerry Stuckle
<js*******@attglobal.netwrote:
>Geoff Cox wrote:
>>On Fri, 8 Aug 2008 16:30:35 -0700 (PDT), macca
<pt*******@googlemail.comwrote:

Well there are various ways to do it but you didnt ask that in your
OP :-)

You could create a record in the db for each user called say, "users"
that could hold the allowed directories as a comma separated string.
The table could be something like this like this:

CREATE TABLE users(
user_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
firstname VARCHAR(100),
surname VARCHAR(100),
allowed_dirs VARCHAR(255)
)ENGINE=MyISAM;

then a query such as "SELECT allowed_dirs FROM users WHERE user_id =
$user_id"

Then explode the result:

$allowed_folders_array = explode(',',$sql_result);

Then something like

foreach ($allowed_folders_array as $folder){

... link to folder ...

}
Do you want to show a list of the files in the directories?

you could use something like

$files = scandir($dir);

$skip = array('.','..');

foreach ($files as $file){
if (in_array($file,$skip)){
continue;
}
echo $file.'<br />';

}
That should get you started.

Thanks for this - I know I over simplified!

At the moment I have just 6 categories (each one having a series of
sub-categories) and each one has access to files in a folder using
.htaccess and .htpasswd.

Once in this folder the user sees 2 frames. In the left hand frame are
the different areas with file selection boxes. Once a file has been
selected summary text re this file is taken from mysql and appears in
the right hand frame with a link to the actual file.

The reason for asking these questions is that we wish to move to
allowing users to subscribe to any combination of the sub-categories
and not just the 6 as now....

This would mean lots of different combinations and the need to create
these pages on the fly depending on which combination has been chosen.

Cheers

Geoff

Geoff,

This is pretty simple if you normalize your database as others have
noted. Three tables:

User
UserId
Name
Password
(Other Stuff)

Category
CategoryId
ParentCategoryId // Null if not a subcategory
CategoryName
(Other Stuff)

User_Category
UserId (same as in User table)
CategoryId (same as in Category table)

This allows for unlimited combinations of categories and users, and even
unlimited depths of subcategories.

Jerry,

Many thanks for above - I have changed my example set up to

http://www.micro-active.com/abest/index.htm

The idea being that users can choose to subscribe to any combination
of Group 1, Group 2 ... Group 5.

Any thoughts on how php would be used to dynamically create the
various different pages which I have created by hand!?

Cheers

Geoff

Your request really is too nebulous for an intelligent answer. There
are an almost unlimited number of ways to create pages using PHP, but
you haven't identified exactly what you want.

You need to determine exactly what you want to do on each page. Then I
would recommend you decide how to do it using some pseudo-code.
Finally, implement the pseudo code.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Aug 9 '08 #16
On Sat, 09 Aug 2008 14:28:50 -0400, Jerry Stuckle
<js*******@attglobal.netwrote:
>Your request really is too nebulous for an intelligent answer. There
are an almost unlimited number of ways to create pages using PHP, but
you haven't identified exactly what you want.
Jerry,

I was trying hard not to be nebulous!

I thought by showing

http://www.micro-active.com/abest/index.htm

this was being concrete.

How would I dynamically create something like the above for a user who
has access to Group 1 and Group 3 files and another user who has
access to Group 1, Group 3 and Group 5 files?

There would be many other combinations and so dynamically creating the
different pages seems the way to go.

Cheers

Geoff

>
You need to determine exactly what you want to do on each page. Then I
would recommend you decide how to do it using some pseudo-code.
Finally, implement the pseudo code.
Aug 9 '08 #17
Geoff Cox wrote:
On Sat, 09 Aug 2008 14:28:50 -0400, Jerry Stuckle
<js*******@attglobal.netwrote:
>Your request really is too nebulous for an intelligent answer. There
are an almost unlimited number of ways to create pages using PHP, but
you haven't identified exactly what you want.

Jerry,

I was trying hard not to be nebulous!

I thought by showing

http://www.micro-active.com/abest/index.htm

this was being concrete.

How would I dynamically create something like the above for a user who
has access to Group 1 and Group 3 files and another user who has
access to Group 1, Group 3 and Group 5 files?

There would be many other combinations and so dynamically creating the
different pages seems the way to go.

Cheers

Geoff
This shows just some outlines of pages. That's all. There are a lot of
things you can do with it.

As I said before: You need to determine exactly what you want to do on
each page. Then I would recommend you decide how to do it using some
pseudo-code. Finally, implement the pseudo code.

Alternatively, hire someone to do it for you. Your question is really
to broad for usenet, ant this group is to help with specific PHP
questions. It's not to help you write your code for you or even teach
you basic programming principles.

If you don't have an idea about how to approach the problem (which from
your question you don't), you have more than just a PHP coding problem.
You need to go back and learn basic programming techniques.
>
>You need to determine exactly what you want to do on each page. Then I
would recommend you decide how to do it using some pseudo-code.
Finally, implement the pseudo code.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Aug 9 '08 #18
On Sat, 09 Aug 2008 15:55:12 -0400, Jerry Stuckle
<js*******@attglobal.netwrote:
>Geoff Cox wrote:
>On Sat, 09 Aug 2008 14:28:50 -0400, Jerry Stuckle
<js*******@attglobal.netwrote:
>>Your request really is too nebulous for an intelligent answer. There
are an almost unlimited number of ways to create pages using PHP, but
you haven't identified exactly what you want.

Jerry,

I was trying hard not to be nebulous!

I thought by showing

http://www.micro-active.com/abest/index.htm

this was being concrete.

How would I dynamically create something like the above for a user who
has access to Group 1 and Group 3 files and another user who has
access to Group 1, Group 3 and Group 5 files?

There would be many other combinations and so dynamically creating the
different pages seems the way to go.

Cheers

Geoff

This shows just some outlines of pages. That's all. There are a lot of
things you can do with it.

As I said before: You need to determine exactly what you want to do on
each page. Then I would recommend you decide how to do it using some
pseudo-code. Finally, implement the pseudo code.
OK! Will out nore effort into getting some code written.

Cheers

Geoff

>
Alternatively, hire someone to do it for you. Your question is really
to broad for usenet, ant this group is to help with specific PHP
questions. It's not to help you write your code for you or even teach
you basic programming principles.

If you don't have an idea about how to approach the problem (which from
your question you don't), you have more than just a PHP coding problem.
You need to go back and learn basic programming techniques.
>>
>>You need to determine exactly what you want to do on each page. Then I
would recommend you decide how to do it using some pseudo-code.
Finally, implement the pseudo code.
Aug 9 '08 #19
>At the moment I have just 6 categories (each one having a series of
>sub-categories) and each one has access to files in a folder using
.htaccess and .htpasswd.

Once in this folder the user sees 2 frames. In the left hand frame are
the different areas with file selection boxes. Once a file has been
selected summary text re this file is taken from mysql and appears in
the right hand frame with a link to the actual file.
Note that if you have a link to the actual file, not one that goes
through a script, the only thing protecting the files is .htaccess
/ .htpasswd . File URLs can be guessed, found in browser histories,
or saved before access was revoked. For an access scheme as
complicated as what you want, that probably means dynamically
generating .htaccess/.htpasswd files, or (probably much better)
gating access through a script that checks authorization, with the
actual files stored where no URL can directly reach them.
When the user logs in, go through the database and look at what
groups he's subscribed to. Generate a link for each group.
You might want to have a human-readable description in the
database for each group. If the user has access to NO groups,
say so and perhaps provide a link to where he can sign up for
access.

When the user goes to a group menu, go through the database and/or
directories and generate a link for each subgroup. This may be
a good reason to NOT store a list of directories as a comma-separated
list in one field. You may also want to present a human-understandable
description for the link, pulled from the database, rather than
just directory names.

When the user goes to a subgroup menu, go through the directory
and generate a link to the script to deliver each file.

Each level of menu should check whether the user has permission to
access it at all. Note that failure to generate a link to something
does NOT mean the user can't guess the URL and type it in manually.

Aug 9 '08 #20
On Sat, 09 Aug 2008 15:40:43 -0500, go***********@burditt.org (Gordon
Burditt) wrote:
>>At the moment I have just 6 categories (each one having a series of
sub-categories) and each one has access to files in a folder using
.htaccess and .htpasswd.

Once in this folder the user sees 2 frames. In the left hand frame are
the different areas with file selection boxes. Once a file has been
selected summary text re this file is taken from mysql and appears in
the right hand frame with a link to the actual file.

Note that if you have a link to the actual file, not one that goes
through a script, the only thing protecting the files is .htaccess
/ .htpasswd . File URLs can be guessed, found in browser histories,
or saved before access was revoked. For an access scheme as
complicated as what you want, that probably means dynamically
generating .htaccess/.htpasswd files, or (probably much better)
gating access through a script that checks authorization, with the
actual files stored where no URL can directly reach them.
When the user logs in, go through the database and look at what
groups he's subscribed to. Generate a link for each group.
You might want to have a human-readable description in the
database for each group. If the user has access to NO groups,
say so and perhaps provide a link to where he can sign up for
access.

When the user goes to a group menu, go through the database and/or
directories and generate a link for each subgroup. This may be
a good reason to NOT store a list of directories as a comma-separated
list in one field. You may also want to present a human-understandable
description for the link, pulled from the database, rather than
just directory names.

When the user goes to a subgroup menu, go through the directory
and generate a link to the script to deliver each file.

Each level of menu should check whether the user has permission to
access it at all. Note that failure to generate a link to something
does NOT mean the user can't guess the URL and type it in manually.
thanks Gordon - need to think through what you've written!

Cheers

Geoff
Aug 9 '08 #21
On Sat, 09 Aug 2008 15:40:43 -0500, go***********@burditt.org (Gordon
Burditt) wrote:
>>At the moment I have just 6 categories (each one having a series of
sub-categories) and each one has access to files in a folder using
.htaccess and .htpasswd.

Once in this folder the user sees 2 frames. In the left hand frame are
the different areas with file selection boxes. Once a file has been
selected summary text re this file is taken from mysql and appears in
the right hand frame with a link to the actual file.

Note that if you have a link to the actual file, not one that goes
through a script, the only thing protecting the files is .htaccess
/ .htpasswd . File URLs can be guessed, found in browser histories,
or saved before access was revoked. For an access scheme as
complicated as what you want, that probably means dynamically
generating .htaccess/.htpasswd files, or (probably much better)
gating access through a script that checks authorization, with the
actual files stored where no URL can directly reach them.
Gordan,

Re the "where no URL ..." are you saying that the files would be
stored above the public_html directory? I have just tried that and php
cannot find them. I am using "../../" etc to get at them but isn't
this a security issue?

Cheers

Geoff

>
When the user logs in, go through the database and look at what
groups he's subscribed to. Generate a link for each group.
You might want to have a human-readable description in the
database for each group. If the user has access to NO groups,
say so and perhaps provide a link to where he can sign up for
access.

When the user goes to a group menu, go through the database and/or
directories and generate a link for each subgroup. This may be
a good reason to NOT store a list of directories as a comma-separated
list in one field. You may also want to present a human-understandable
description for the link, pulled from the database, rather than
just directory names.

When the user goes to a subgroup menu, go through the directory
and generate a link to the script to deliver each file.

Each level of menu should check whether the user has permission to
access it at all. Note that failure to generate a link to something
does NOT mean the user can't guess the URL and type it in manually.
Aug 11 '08 #22
Geoff Cox wrote:
On Sat, 09 Aug 2008 15:40:43 -0500, go***********@burditt.org (Gordon
Burditt) wrote:
>>At the moment I have just 6 categories (each one having a series of
sub-categories) and each one has access to files in a folder using
.htaccess and .htpasswd.

Once in this folder the user sees 2 frames. In the left hand frame are
the different areas with file selection boxes. Once a file has been
selected summary text re this file is taken from mysql and appears in
the right hand frame with a link to the actual file.
Note that if you have a link to the actual file, not one that goes
through a script, the only thing protecting the files is .htaccess
/ .htpasswd . File URLs can be guessed, found in browser histories,
or saved before access was revoked. For an access scheme as
complicated as what you want, that probably means dynamically
generating .htaccess/.htpasswd files, or (probably much better)
gating access through a script that checks authorization, with the
actual files stored where no URL can directly reach them.

Gordan,

Re the "where no URL ..." are you saying that the files would be
stored above the public_html directory? I have just tried that and php
cannot find them. I am using "../../" etc to get at them but isn't
this a security issue?

Cheers

Geoff

If you use the correct path, PHP can find them (I always use paths based
off of $_SERVER['DOCUMENT_ROOT']).

And it's LESS of a security issue than having the files in your web
root. Files outside of the web root cannot be accessed directly through
http protocol. Ones within the web root can.
>
>When the user logs in, go through the database and look at what
groups he's subscribed to. Generate a link for each group.
You might want to have a human-readable description in the
database for each group. If the user has access to NO groups,
say so and perhaps provide a link to where he can sign up for
access.

When the user goes to a group menu, go through the database and/or
directories and generate a link for each subgroup. This may be
a good reason to NOT store a list of directories as a comma-separated
list in one field. You may also want to present a human-understandable
description for the link, pulled from the database, rather than
just directory names.

When the user goes to a subgroup menu, go through the directory
and generate a link to the script to deliver each file.

Each level of menu should check whether the user has permission to
access it at all. Note that failure to generate a link to something
does NOT mean the user can't guess the URL and type it in manually.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Aug 11 '08 #23
On Mon, 11 Aug 2008 07:13:08 -0400, Jerry Stuckle
<js*******@attglobal.netwrote:
$_SERVER['DOCUMENT_ROOT']).
>If you use the correct path, PHP can find them (I always use paths based
off of $_SERVER['DOCUMENT_ROOT']).

And it's LESS of a security issue than having the files in your web
root. Files outside of the web root cannot be accessed directly through
http protocol. Ones within the web root can.
Thanks Jerry for the $_SERVER['DOCUMENT_ROOT']) thought.

Cheers

Geoff
Aug 13 '08 #24

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

4 posts views Thread by dr. zoidberg | last post: by
2 posts views Thread by Jason | last post: by
7 posts views Thread by AF | last post: by
6 posts views Thread by Matthew Bates | last post: by
17 posts views Thread by chicha | last post: by
reply views Thread by Chris Ochs | last post: by
Atli
6 posts views Thread by Atli | last post: by
1 post views Thread by fmendoza | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.