I have multiple interfaces to manage different sections of our website.
Every user is responsible of his own section, and should just have access to the interface of his section.
some users like Webmaster, Big Boss and website content manager (let call them VIP) must have global access to all the interfaces.
To manage access to each section, I use a .htaccess file in the root folder of each section, with specific users for each one. But in order to geive access to all sections to VIP, I have to write theire names in all the .htaccess files.. this causes me a lot of work when one of them changes or if I have to create a new global access to some new manager.
is there any way for me to put the global access informations in one .htaccess file in the root folder (which contains all the sections as sub folders) and inherit this in the subfolders while adding specific users for each subfolder?
I hope I was clear.. thank you in advance
You will probably want to implement HTTP Basic Authentication (that's what you are doing with the .htaccess file right now) in PHP.
There is a tutorial on HTTP Basic Authentication on the PHP website.
Related
I am working on admin panel to add/edit/delete the posts.
So far I had all php files in root directory but I would like to structure it and put admin's related files in other directory(root/adminFiles) and here comes the issue of accessing adminLogin's URL as I was accessing it by typing domain/adminLogin and after moving admin's related file to different directory I would have to type domain/adminFiles/adminLogin.
I was thinking about renaming adminLogin.php to index.php (I think this is how Wordpress solved it) but then I have more than one index.php and it may be confusing, please advice best solution
I have a website, let's call it "public" with an admin site, let's call it "admin."
Both websites are hosted on the same Debian server and each site is owned by a different user: public_user and admin_user
public site is in var/www/public
admin is in var/www/admin
Now; using php mkdir() and copy() from the admin site I would like:
1) Create a folder inside the public site.
2) move/copy files within public from the admin site.
From admin I would like to do the following inside public:
Create a folder in www/public/assets/images
Move images from www/public/assets/temp to my newly created folder
At the moment I have "permission denied"; I could chmod 777 but surely there must be a safer and better way?
What would the pros do?
If you have the ability to setup user groups on the server,
Setup a new user group
Assign both public_user and admin_user to the group
Then assign the desired folder(s) [www/public/assets/images] to the group with read/write (and if necessary, execute) permissions.
After that, you should be able to copy files/move files to said folder as either user.
For more info, refer to the Debian administration documentation for adding groups and adding users to those groups.
I'm currently building a simply file hosting script using Slim 3. Currently I have my users folder on the same level as my public directory. Now that I'm attempting to access the files inside the user folder I'm getting errors caused by my document root not being able to access my users folder. Would it be a better idea to put my users folder inside my public folder because technically that would be public info to the logged in user?
It depends on what these files are - If they are only for the specific user or if they are available to all users.
When the files has to be private you can not put them into public, simple because everyone could hack url and get access to them. So you should put them in any data directory and make them available using an endpoint like /file/{username}/{name}.
In such endpoint you can easily append Header about filetype or if it should download or try to show in the browser window.
Whatever you make publicly available to the web server will be handled by default as any other asset:
Its URL is based upon the actual file name
If you know the URL you can download it
If it's a .php file it will be executed
You can certainly address all this concerns (and some of them may not even be concerns for your use case) but I don't think this is the ideal layout for a typical user-managed directory tree. Your current approach makes more sense to me.
To access such files you need to create a proper download script that makes all the appropriate checks (e.g. access checks), matches file system stuff from URLs and serves the assets as static files. In Slim that means creating a route with parameters and writing a handler function that does all this stuff.
I am attempting to create a website utilizing PHP as the driving power behind the gears. The idea behind the site (generally) requires that each user be presented with the option of creating their own profile (currently considering creating a directory for each user).
I have been doing considerable research in order to set this application up in the best means possible. But I am suffering from extreme confusion when it comes to creating the directory structure. I am considering downloading a framework assistant (CodeIgniter) which might assist me in the venture, but I'd rather get the opinions of others first.
Currently I have all of my files and content within my public_html folder, and I am aware that this is not the ideal set-up. But I'm not sure how to go about creating an alternative structure. I do not know where to store the various templates (header.php, footer.php, etc) and how/where to call them.
I want to create pages to list the "About", "Contact Page", and other content, but do not know where these pages should be located? Do I save the content of these pages within the public_html directory and simply include the templates from the various subfolders?
Concerning a config.php file: I am attempting to have all of the necessary information pertaining to MySQL connections within a single file, as well as other necessary information to be included at the beginning of EACH page within the site.
Thoughts? I'm fairly new to the cloud, and so simple and basic responses would be greatly appreciated!
You're thinking of this wrong. You don't need a directory for each user. You can use GET params to have one script (profile.php, for example) pull the appropriate profile for a user dependent on data passed to it. For example, profile.php?userid=5212 would pull the profile for user 5212 ($_GET['userid'] would contain the user's id in this case). Passing nothing could easily default to pulling the profile for the currently logged in user.
You could also use mod_rewrite so that http://www.yoursitehere.com/profile/5212/ could do the same thing (look into routes in most PHP frameworks)
Your directory structure should suit you. If the site is simple enough you could get away with something simple like just
public_html/
css/
includes/
images/
js/
Your database configuration could live in public_html/includes/ and you could include it on any page requiring a database connection. Your about and contact pages can be actual files located in public_html/ to keep things simple. Again, these are just suggestions. Your directory structure should be whatever you need it to be.
Store everything in a structure that makes sense to you. Something like this should work:
public_html
-Includes
-images
-css
-blog
And so on...
regarding the config file, you can store in in the public_html directory, or in the includes directory
You might consider using a PHP Web Framework like Symfony. It will help with a lot of the basics so that you can concentrate on the Product features.
For the user profile, Store all there information in a database with user id as a field.
When the user logs on, run a query to select all the information by querying against there user id.
As for file structure, you could use:
public html
includes
header.html
footer.html
config.php
classes
pages (stores other pages besides index.php here, contact, about etc.)
css
JS
index.php/html
and outside of the public_html folder I have my mysqli.php file.
To include these header files in your index.php file you would simply create (in your includes folder or wherever you choose) a config.php file with something like the following :
require_once($server['document_root']."/classes/filename.php"); // include needed files and mysqli connection here as well
You could also set a custom error handler in the config file as well if required.
In your index.php file you would then call the config file (which would automatically include any files you specified in the config file as well) and your header and footer i.e
include('/includes/header.html');
include('/includes/config.php');
<!--ENTER PAGE CONTENT HERE-->
include('/includes/footer.html');
In a Zend Framework 1.10 application, I have a controller UsersController in a module api and in the index view of that controller I would like to reference a static asset (like a javascript file). How can I do that without putting the file in the main public?
so, we have a directory setup like this:
zfproj/
../application/modules/api/controllers/UserController.php
../application/modules/api/views/scripts/users/index.phtml
../application/modules/api/public/javascript/apimodule.js
../application/controllers/
../application/views/
../public/
I want to be able to include the apimodule.js in a view (in this case the users/index view). Ideally, this would able to be done without adding anything into zfproj/public
The intention behind this is to create a module that can be deployed into a ZF 1.10 application that is completely self-contained and does not require adding assets (like Javascript files) into the applications existing public/javascript files.
Typically all your publicly accessible assets go in public. It's meant to be the web root of your application and typically you set the DOCUMENT_ROOT of your apache virtual host to this folder. I'm not sure why you'd want to store client files (javascript, css, etc) outside the webroot. Can you elaborate more on your directory/application structure (maybe hinting at the location of the file you want to include)?
Edit
What you're asking should be possible. To make a standalone module, I think you'd just move "api" inside the primary public folder and the module would have its own bootstrap or you'd have to do something in your primary bootstrap based on the module name ("api" in this case). You'd have to modify your include paths accordingly. You'd need to add an .htaccess file to protect your code directories in this case.
../application/controllers
../public/api/controllers
../public/api/javascript/apimodule.js
../public/api/index.php
You might also create a symlink in your public folder that points to the public folder of api. So,
../public/api > ../application/modules/api/public
This would allow access to public but protect your code files. One thing I often do is check out subversion external into the public folder that just points to the public folder of the module. My CMS looks like this:
application/modules/cms
application/modules/cms/ui (public facing cms UI)
public/ui (svn:external pointing to application/modules/cms/ui)
HTH give you some ideas.