File and Directory Security

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi knowledgeable people.

I'm building a very basic website, in php, to display a catalog of
jewel to be sold. The website have to basic functionality, one is the
consultation of the catalog and the other one is the maintenance of the
catalog. I have a MySQL ddatabase that contain the catalog, except the
images, which are keep in a directory.

website structure

.\          PHP scripts to consult catalog.
.\images    Image of the catalog jewel.
.\admin     PHP scripts to maintain information. Password protected

I have a share hosting, the web-server run under Apache and I cannot
create new Apache user.

I have one directory where I store all the image of the catalog. I need
to allow everybody to consult it in order to display the image, but
only authorized user should be able to create,update and delete images
in it.

I need some help the basic way to protect this using PHP script, if

Anybody have an idea?


Re: File and Directory Security

On Wed, 14 Sep 2005 13:00:10 -0700, vaudr wrote:

Maybe you should provide a login form for authorized users.

Authorized users should have her/his name checked against database,
and if correct, she/he should be allowed to enter administration part
of the site.  

Ordinary users could get access level 0, and authorized should get access
level 1, for example. Access code could be stored in HTTP session (PHP
$_SESSION array)

Each and every page in the administration page sholud have access level check code
at the beggining. If the access level is not sufficient, user should be
redirected to the error page.  


Re: File and Directory Security wrote:
Quoted text here. Click to load it


Apache's security can do this for you.  Look up .htaccess in the Apache  
doc.  Even though you're using shared hosting, you probably have  
.htaccess enabled.  And your control panel may even have a way to create  
and maintain the file.

Much easier to use existing functions for this than to write your own code.

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Site Timeline