Forbidden/Unauthorized Access

@focus310Feb 10.2007

Hello:

Is it possible to accomplish this feature? If so, how?

I want to create a form where a manager can add/modify employee information. Creating the form and updating the tables in the database is already completed and working perfectly.

What I need to do is protect this form from outsiders who through goofing around can type in the URL for the form directly into the browser. Should such a person attempt to type the URL in their browser, I want a page to appear stating something like Forbidden or Unauthorized Access. I have seen these types of pages.

Is it possible to do this? If so, how would I go about doing it?

Another option could be to put the form in a directory and pretect the entire directory from outsiders. Is this possible? If so, how can I do this?

Thank you.

to post a comment

PHP

6 Comments(s) _↴

@bathurst_guyFeb 11.2007 — #If you place all these files in their own directory, then add a .htaccess and .htpasswd in this folder. The user will need to login to see anything within that folder or subfolder, otherwise display the message you requested automatically.

Look at http://tools.dynamicdrive.com/password/

@focus310authorFeb 11.2007 — #Ok. I read about .htaccess. What if I have multiple users? All my users who have authority are stored in a table.

I don't think I can use .htaccess with a MySQL table. At least from the reading I've done. Everything seems to point to hardcoding the usernames and passwords into the file.

For security reasons, I don't want to do that.

@bathurst_guyFeb 11.2007 — #Yes you need to hardcode the usernames and passwords into an [B]invisable[/B] file that cannot be accessed by the Internet, which would have the passwords [B]encrypted[/B]. Why would this be bad for security? It's probably easier to hack a MySQL database then it is to compromise a server. Then if they compromise the server there is no need for them to brute force the passwords as they would already have access to the files it is protecting.

@focus310authorFeb 11.2007 — #Hi,

I guess security was the wrong word to use. I was thinking from a maintenance standpoint.

If a person quits or you hire someone, you'll need to modify the file. I thought with a database, a delete or insert is done and then no other manual intervention is required.

Do you happen to know where I can get some information on exactly what you are talking about?

I'm not quite sure what you mean by "invisible" file. Also, I know how to encrypte passwords into a table but no other way.

There is so much info out there and what I've found recently is that most of the information contradicts each other. So sometimes I find myself chasing my own tail. So, if you know of something that discusses what you suggested, I would love to have the link so I read up on it and put it into use.

Thanks again.

@UltimaterFeb 12.2007 — #To produce the two error pages you speak of with PHP:

[code=php]
 header('HTTP/1.1 403 Forbidden');
 exit;
 [/code]

[code=php]
 header('HTTP/1.1 401 Unauthorized');
 exit;
 [/code]

http://plurged.com/code.php?id=79

If what you are going to use this for is outsite of PHP's control better have a look at httpd.config and htaccess.

@focus310authorFeb 12.2007 — #Hi,

Thanks for the reply.

I have the following code to check if a session was established after login.

[CODE]
 session_start();
 $status = $_SESSION["status"];
 switch ($status)
 {
 case "Not logged":
 include "login.php";
 break;
 case "":
 include "login.php";
 break;
 case "Logged":
 [/CODE]

Do I include the line of code you gave within this check?

Also in #PHP _↴

Error Help permissions problem uploading files/images to localhost iis can someone maybe tell me what is wrong?

Success!

Help @focus310 spread the word by sharing this article on Twitter...

Tweet This

about: ({
version: 0.1.9 — BETA 5.19,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});

changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...

recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...

Forbidden/Unauthorized Access

6 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

Forbidden/Unauthorized Access

6 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

6 Comments(s) _↴

Also in #PHP _↴