.htaccess Login prompt - How do I get the users name
Searching on php.net reveals that this function has been broken on several versions of php. I wonder if it's broken on the version currently on ccgi? It looks as if it worked from 5.0.1.
Or...
you could just do what everyone else does, (as most Content Management Systems work)
and have a MySQL Database with a User Table and make it all Dynamic so that calling information is easier.
Then have a separate Table which contains the News Items, and create admin pages to manipulate that.
It would als obe possible then for any other aspects of your webite if you created a table for permissions or even bundled that in the User table and make a means of working around that.
You can "Protect" PHP Files from being executed directly on requests,
it's just you haven't figured it out yet.
I can provide a solution to that one just it depends on which method you have your heart set.
If you really want to use .htpasswd / .htaccess alot - by no means am I a judge of correct methodology.
Jim,
you could just do what everyone else does, (as most Content Management Systems work)
and have a MySQL Database with a User Table and make it all Dynamic so that calling information is easier.
Then have a separate Table which contains the News Items, and create admin pages to manipulate that.
It would als obe possible then for any other aspects of your webite if you created a table for permissions or even bundled that in the User table and make a means of working around that.
You can "Protect" PHP Files from being executed directly on requests,
it's just you haven't figured it out yet.
I can provide a solution to that one just it depends on which method you have your heart set.
If you really want to use .htpasswd / .htaccess alot - by no means am I a judge of correct methodology.
Jim,
Thanks for your response to this guys.
Peter: You are right, the framed option isn't really one i fancy but thanks for confirming that the PHP_AUTH_USER value does not get set and thats why I cant read it.
Prod_Man: I did consider the users database table as an option and I don't particularly have my heart set on the .htaccess method but i do like it and beleive it to be quite secure.
I have previously written an asp web application with MS Access as a data source and for that i used a users table in the database and that was okay but I found the .htaccess method more suitable for my current project.
I may switch over to the table method though because of the problems detailed in this thread.
I am interested to hear the one about protecting PHP files. My PHP files are protected because they are in a folder that is protected by .htaccess/.htpasswd or have I missed something?
Please let me know on this one
Thanks
Peter: You are right, the framed option isn't really one i fancy but thanks for confirming that the PHP_AUTH_USER value does not get set and thats why I cant read it.
Prod_Man: I did consider the users database table as an option and I don't particularly have my heart set on the .htaccess method but i do like it and beleive it to be quite secure.
I have previously written an asp web application with MS Access as a data source and for that i used a users table in the database and that was okay but I found the .htaccess method more suitable for my current project.
I may switch over to the table method though because of the problems detailed in this thread.
I am interested to hear the one about protecting PHP files. My PHP files are protected because they are in a folder that is protected by .htaccess/.htpasswd or have I missed something?
Please let me know on this one
Thanks
Go to the home page of this site (not the forum home).
Scroll down to the very bottom - there you will find a link.
Scroll down to the very bottom - there you will find a link.
Yes,
your PHP files are (or at least should be, as I don't know of any exploits off hand)
Protected with reguards to .htaccess being processed by the Webserver. xD
Good to know you have knowledge of Server Side Scripting with ASP and Database stuff SQL already down.
I meant more protecting PHP execution, just with in it's own execution as scripts, it's not too hard.
It also comes with preventing SQL injection fairly effectively, this is especially with longin pages and it all works within PHP functionality.
It's alittle complicated to put in one Post but I can show the Method I've used if you PM me,
I can supply basic framework of Source for you to have a butchers.
As far as I know, this method hasn't been documented or used anywhere,
it certainly seems to protect against any SQL Injection i've tried,
and I should hope any random chances of crosssite scripting or code injection.
yes login may become slower with larger tables but I think it will save in the long run on Security.
Jim,
your PHP files are (or at least should be, as I don't know of any exploits off hand)
Protected with reguards to .htaccess being processed by the Webserver. xD
Good to know you have knowledge of Server Side Scripting with ASP and Database stuff SQL already down.
I meant more protecting PHP execution, just with in it's own execution as scripts, it's not too hard.
It also comes with preventing SQL injection fairly effectively, this is especially with longin pages and it all works within PHP functionality.
It's alittle complicated to put in one Post but I can show the Method I've used if you PM me,
I can supply basic framework of Source for you to have a butchers.
As far as I know, this method hasn't been documented or used anywhere,
it certainly seems to protect against any SQL Injection i've tried,
and I should hope any random chances of crosssite scripting or code injection.
yes login may become slower with larger tables but I think it will save in the long run on Security.
Jim,