Site-wide/universal login page for security

General PHP Help
#1

hey you guys,

I’m working on a few things here, including fixing the error I made in my last post. But I have another need that I need a bit of assistance with. I started designing a website with wordpress, however like all 3rd party apps, it’s very limited in what it can do when a need arises that is complex in nature, which is what I have. I’m using GoDaddy as a hosting company and their cPanel tool can’t do this, so I must use PHP or something similar to get it done. Here’s what I’ve got:

=> I have many dirs and subdirs on my site. the reason for this is to partition/separate out many files that cover a wide variety of topics. so the addresses look kind of like this:

www.domain.com/content/software/ms-office/ms-access
www.domain.com/content/software/ms-office/ms-access/advanced/code-samples
www.domain.com/content/software/ms-dot-net/visual-studio

What I would like to do, because my site won’t be available to the general public for a few months yet, is give people who want to know what I’m doing a preview of what they will see in 3 months. But these people always have only one discipline/focus for their job. So I’d like to let them look at the content on the site that is only relevant to their expertise (for instance, like above, the “ms-access” dir), because I can’t be showing them free resources, especially if I have them in my own toolbox to bring in revenue for my business.

So in the above example, how could I use PHP/MYSQL to issue separate usernames and passwords for 2 different people => 1 that wants to look at ms access content (they would only have access to “ms-office/ms-access” and “advanced/code-samples”), and 1 that wants to look at visual studio content (“ms-dot-net/visual-studio”)?? Ideally what I’d like to do is only have to issue one password per software category dir, and have that password work for any other nested dirs lower than that. So in the above example, giving credentials for access would allow the user to view any page on, or nested below the dir “ms-access”. If they try to view any file in any other dir, regardless of whether it is higher or lower on the directory tree, I want to block them. Can this be done? GoDaddy’s tool can’t do it.

It would also be nice if I could issue a universal redirect to a landing page/login page as the result given to a user that tries to access any given page on my website for the first time, if they typed in a literal URL instead of going to the homepage. I hope you guys can help me figure this out, or maybe point me to some good internet resources where I can learn how to do it myself. thanks! (by the way, I know I can use PHP/MYSQL to produce dynamic pages with query strings, but I just chose this method to make it easier for the next developer to follow, because they’re not that intellectual)

#2

You would password protect the directories themselves.

Here is an example, but you can also back it with a database that includes roles. So you check a single table and see what directories a user would have access to.

#3

hey this is wonderful! thank you so much astone! I’ll get back to you on this when I can implement it. shouldn’t be long, as the site is currently in production and I’m going to be issuing previews to developers.

#4

astone,

I haven’t been able to access the site. are they having issues over there? there’s nothing wrong with my connection…

error_connection
error_connection1296×770 62.8 KB

#5

Yeah, shame, I would like to read that too,

#6

I am having an issue getting to it as well. Here is another link that discusses it as well.

https://docstore.mik.ua/orelly/webprog/pcook/ch08_10.htm

#7

thank you astone! I will have a look at it and get back to you if I have issues implementing it. =)

#8

One thing you might consider is just creating a “user-level” of sorts in their account.
You could give them a list of areas they are allowed to visit in the user level field. Then, when they visit, you check the level and allow the user to see different areas based on what they have paid for.
This would be handled in their login script and would show more than one area if they have been okayed to access them. Not complicated to handle. You just need to think out the possible level’s and add them once paid for. The code for displaying multiple areas would need to be sorted out, but, that is just minor…
Just a thought

#9

astone,

neither link you provided is working anymore. I now have the time to get back to this. are you able to get to the links yourself? if I were able to view that content, my question would be…

does this method of security require all of the transactions to be done via command line statements? that seems like a common requirement when doing complex things like this. is that correct?

#10

No command line. I can still access the book

#11

got it. I’ll take a look. thanks!

#12

hey you guys,

I unfortunately already have the include() function on each page on this site that is recording traffic, so do these scripts that are on the following page need to be in separate files and then pointed to also using include() or require()?? or is this an irrelevant point? thanks!

https://docstore.mik.ua/orelly/webprog/pcook/ch08_10.htm

Adam

#13

Can you break it down for me further what you are asking?

#14

sure thing astone. this post by frank is what I’m concerned about:

https://www.phphelp.com/t/include-function-works-with-uri-but-not-with-full-url/31065/4

I have already done what he suggested and changed all of my include functions to contain

"../..file.php" pointer paths instead of full URL pointers like this: “www.domain.com/1/2/page.php

so based on what he said, can I put these HTTP-based authentication scripts in separate files and point to them like I’m pointing to my traffic capturing code? in separate files? so…for each webpage I have, put this at the top?

include("../../..auth_script.php");

thanks!

#15

Okay, yes you can include, or require that specific file so that it doesn’t have to be written several times.

#16

got it…thanks

#17

hey AC,

I want to bookmark this discussion of ours, however both of the links you provided to me here are no longer working. Can you check on your end? here they are:

https://docstore.mik.ua/orelly/webprog/pcook/ch08_10.htm

https://www.phpgang.com/using-http-basic-auth-in-php-the-easy-way_2974.html

the server errors are different between both pages. is this article the same thing as what you gave me here?

Sponsor our Newsletter | Privacy Policy | Terms of Service