PHP For Dummies...
I have four questions...
1:
When I want to password protect a page I put (copied out of my PHP book)
<?php
$auth_ok = 0;
$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];
$login = "ast3r3x";
$password = "xxxxx";
if($user==$login && $pass==$password)
{
$auth_ok = 1;
}
if(!$auth_ok)
{
header('WWW-Authenticate: Basic realm="Private!"');
header('HTTP/1.0 401 Unathorized');
}
?>
<html>
<head><title>Test</title></head>
<body>
</body>
</html>
Is that ok to put, I mean is there a better way, and is it unsafe to put my login and password into the actual page? I understand it might be better to store it in another document so that I can just refer to that with all my programs so that if I ever want to change it I can just change one file, but is it a security concern to do what I did?
2:
I'm making a browser so I can browse all my file from any internet connected computer easily, I have it password protected...like shown above, but I can't get to all the files because of permission errors. Is there a way to give myself permissions as if I was logged in?
3:
For my browser I'm making, when I check if something is a directory, it tells me that .app's are directories. Also I have it automatically make links of files, and it never lets me download them because it says they are not found...because they arent in my webserver folder, is there anything I can do about this?
4:
Least, but probably not last, is my question of if there is anyway to send an array along with a form being processed. I am working on something different where I need to process a form, but is it possible to not lose an array I am working with in that page after it processes?
Edit: An example of my directory program is this
1:
When I want to password protect a page I put (copied out of my PHP book)
Code:
<?php
$auth_ok = 0;
$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];
$login = "ast3r3x";
$password = "xxxxx";
if($user==$login && $pass==$password)
{
$auth_ok = 1;
}
if(!$auth_ok)
{
header('WWW-Authenticate: Basic realm="Private!"');
header('HTTP/1.0 401 Unathorized');
}
?>
<html>
<head><title>Test</title></head>
<body>
</body>
</html>
Is that ok to put, I mean is there a better way, and is it unsafe to put my login and password into the actual page? I understand it might be better to store it in another document so that I can just refer to that with all my programs so that if I ever want to change it I can just change one file, but is it a security concern to do what I did?
2:
I'm making a browser so I can browse all my file from any internet connected computer easily, I have it password protected...like shown above, but I can't get to all the files because of permission errors. Is there a way to give myself permissions as if I was logged in?
3:
For my browser I'm making, when I check if something is a directory, it tells me that .app's are directories. Also I have it automatically make links of files, and it never lets me download them because it says they are not found...because they arent in my webserver folder, is there anything I can do about this?
4:
Least, but probably not last, is my question of if there is anyway to send an array along with a form being processed. I am working on something different where I need to process a form, but is it possible to not lose an array I am working with in that page after it processes?
Edit: An example of my directory program is this
Comments
Originally posted by ast3r3x
Is that ok to put, I mean is there a better way, and is it unsafe to put my login and password into the actual page? I understand it might be better to store it in another document so that I can just refer to that with all my programs so that if I ever want to change it I can just change one file, but is it a security concern to do what I did?
Last time I used PHP without MySQL for storing passwords, I seem to recall keeping that info in an external file outside of the document root folder, that is, up one level from htdocs or whatever yours is called.
Check this site out in general:
http://www.onlamp.com/php/
Originally posted by ast3r3x
3:
For my browser I'm making, when I check if something is a directory, it tells me that .app's are directories. Also I have it automatically make links of files, and it never lets me download them because it says they are not found...because they arent in my webserver folder, is there anything I can do about this?
.apps really are directories, sorry.
I can't really answer the rest at the moment.
Storing passwords in the file is fine for what your doing I guess. I typically use a PHP-mysql model with encrypted passwords or .httpaccess
Least, but probably not last, is my question of if there is anyway to send an array along with a form being processed. I am working on something different where I need to process a form, but is it possible to not lose an array I am working with in that page after it processes?
You lost me a bit here, You can either set the array as a cookie and carry it along after its processed if thats what your asking or if your asking how to make a form item an array you simply make its name variable[]
Originally posted by SilentEchoes
Why don't you just turn FTP on?
Storing passwords in the file is fine for what your doing I guess. I typically use a PHP-mysql model with encrypted passwords or .httpaccess
You lost me a bit here, You can either set the array as a cookie and carry it along after its processed if thats what your asking or if your asking how to make a form item an array you simply make its name variable[]
I could do ftp, but I wanted to do this as a little project just to play around with PHP, and I wanted to try and do something cool like make a little OS X window and then list the files in there so it's like a finder window...just something to work with to push the limits of what I can do. I just want to get back to learning PHP and thought a couple little projects would be good.
Originally posted by ast3r3x
I could do ftp, but I wanted to do this as a little project just to play around with PHP, and I wanted to try and do something cool like make a little OS X window and then list the files in there so it's like a finder window...just something to work with to push the limits of what I can do. I just want to get back to learning PHP and thought a couple little projects would be good.
That's fine. I have done similar things.
One thing you can do is to trap extensions and map the proper icons to them. (You'll need to develop or find the icons as png or gifs of course.)
You can trap that .app extension too and have it show as an application icon (again, if you make or find them and set it up).
However you are not going to be able to run the app or drag and drop to transfer it...
But I wouldn't try to trick the webserver into serving files outside of the document root. At least, not while also going online and asking for advice and showing your IP.
It's not impossible to do it safely it's just a huge effort. Might be better to play with it offline however.
However you are not going to be able to run the app or drag and drop to transfer it...
Not solely with PHP but it can be done.
This project is going to be huge for you if you want it to be perfect, I suggest checking out codewalkers.com you will find a lot more help there.
Second if this is just a for fun project you could try thinking abotu something different like an internet version of iTunes with covers the same basic stuff as this but is far less of a security issue.
Originally posted by johnq
But I wouldn't try to trick the webserver into serving files outside of the document root. At least, not while also going online and asking for advice and showing your IP.
Which is why I password protected the the thing. I guess I just don't do that project
http://hotwired.lycos.com/webmonkey/...tml?tw=backend