I'm in need of a solution to allow clients access to physical folders.
My first intention was to manually control this by using a .htpasswd file, but I was curious if any of you have come across a solution that already exists.
Something that would allow an admin to create users with passwords, and create physical folders for those users.
We have an application that stores paths in relation to users. So by default all paths are blocked. But we grant each user access to a path in our table. Then when a page is accessed we check to see if there is a record in our database for a user to have access to that particular page/path.
In coldfusion this can be done in the onRequest method before any page processing is done. You could do it on the page itself I guess. Are you looking for a plugin or just a way to do it?
Related
I am creating website which is similar to dropbox. My logic behind the project is that I am going to create 1 table which includes username and pass and unique id.
Then I will create folder with name as that of the unique code and I will store that particular person file like video, mp3, txt in that particular folder. Now my question is how to restrict other users from entering into that folder(because I can access that folder by directly entering the url)?
Also suggest me if any other logic is more efficient.I am working on mini project.
I believe that Google Drive (and Dropbox probebly too), use https behind the scenes. In that case you simply need to make sure that your php/asp files make sure only the logged on user can access his/her files. It all depends on how your creating your cloud platform. You could also use scp, ssh, in that case your server automatically directs the client command to his/her own files.
You would need to create a controller that handles access to files. Do not direct link to the files, for example if you pass your arguments as /myFolder/myImg.jpg, then the controller would take the logedin user unique_id and the path as arguments, and then it would create a path it self.
2323-2332-a51df/myFolder/myImg.jpg
The idea is that the uniqueID will serve as base path, and your controller will handle all file access. This way you dont have to chmod 777 anything. Your controller will have access only to the folders you require and all will remain within your php settings. No need to worry about somebody trying to access any system folders.
Next to that you would just need to load the file contents and return it with the appropiate mime type.
We have several webapps based in Wordpress and Codeigniter, which are based on different servers but under the same domain (ie: intranet.something.local) and most of them use Active Directory login credentials.
For Wordpress, I'm using a plugin called Active Directory Integration to log in with these credentials and it's working perfectly after configuring openLDAP.
The thing is, our client asked us to have a single log on for every app, meaning that once I'm logged into Wordpress, I should be logged in when I go to another app, that uses the same login user and password.
Is there a possible way to do this? And if so, where should I start?
I believe, that is possible in multiple ways..
Setup Single Sign On in your apps
Use a script which automatically copies User data from a web app,
and then using that information creates user login to the other
apps..Idea is to let user register for one site, and based on that information, register him to other sites automatically
May be, some sort of Database sharing be possible, but that would be
really really a tough job, still Possible (I believe, in Computer
Science, nothing is impossible forever)
create a common cookie file and when user switches the app, use that
cookies to get the user login in between different apps
I'm working in php and want to make directories for each user where I would store their uploaded images. Only the user can access his/her directory and respective images.
I couldn't find much documentation on how to do this, namely creating directories, best place to put them in my server, how to link them to a user, and setting them to private. Please share your guidance on where to start. What is the standard practice?
You should consider to put Files with restricted access outside the public webroot folder and serve them via PHP, which will enable you to check the users credentials before.
(see Fastest Way to Serve a File Using PHP)
That way you might not need one directory per user.
Whenever we use chmod, we set different authorities to different users types like
owner, group, others, all
What I dont know is, how do define who is owner, who is group and who are others.
Can we use this while implementing login system? What I mean is, by verifying a username, I want to define if the logged in user is owner, a group or others so that I can deny access to file or folder.
May be my title does not reflect the question, if someone with rep power finds a better title, please edit it?
Are you trying to use file system permissions to allow or deny access to the files served by php, or to php scripts themselves?
This is not possible. There is always one and only one user who runs apache and php. What that user is called depends on your system: it could be called "apache" or "www" or even "nobody".
When you implement a login system to your website, you are not dealing with this. When you implement a login system, you are doing nothing more than associating a token to the current session. Then according to the token you can change the normal course of the php script (allowing or denying access, display one or another data template, etc...). But, for the operating system, there is absolutely no difference.
You should take a look at some php tutorials about authentication. If you don't want to implement one yourself, this is a viable solution:
http://framework.zend.com/manual/en/zend.auth.introduction.html
I am creating a PHP script for my website that would allow my clients to login to their client account and view a list of files I've uploaded for them. Then they can download them without having to relogin or re enter a password.
I want to keep it secure so anyone cant come in and download the files if they know the clients name.
I've tried .htacccess, protecting the folders, etc.. but it doesnt seem to work. I've written the client login script thatl ets them login and view a list of files in their directory but I can't have them right click to download it without having them login.
Something similar can be seen here:
http://forums.cgsociety.org/showthread.php?f=76&t=808482
In the 2nd post, if you try to click delete.jpg it won't let you download it without logging in. I want this similar feature for my site.
The site is created in PHP, with a MySQL database.
The folder itself should have security permissions set that regular users do not have access to it, only whatever user runs the PHP process.
Your PHP scripts act as a passthrough for the actual file system. The users don't have permissions to see a list of files, but your scripts do. The users don't have permissions to access a file, but your scripts do so you can open them as binary files and write the data out to be sent to the user.
Do some research into PHP File Downloaders, this is fairly standard behaviour.
You could use cookies to signify that the user has been there before, and been authenticated. Make the value of the cookie be fairly random, so it can't be guessed. I would encrypt the username . timestamp and store that with the username, so username_token and that way you can time people out and force them to login, if you want, later.
Then, move the files out of the webapp directory, and have a cgi program that will show the files in the directory, and allow them to download them.
This way you can control what people see, and what actions are allowed.