Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    New to the CF scene
    Join Date
    Aug 2007
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Advice - Is this even possible?

    I have a project i am not sure how to achieve the desired results. I need some advice/direction if anyone can help.

    I have a domain name. Under that domain lots of individual websites:

    ??????.com
    ??????.com/website1
    ??????.com/website2
    ??????.com/website3

    1) The domain home page has a login screen. Depending on the username and password the user is taken to the relavent website index page.
    This would all work fine i could specifiy the user/password and corresponding website directory in a mysql table

    THE DILEMA - The websites are large and always being updated therefore i cannot add corresponding (session) php code to every html webpage within the websites. Therefore how can I stop a user copying and pasting a external link to one of these pages or files located within the website i.e. bypassing the login.

    Any ideas?
    Last edited by malik; 01-20-2008 at 05:07 PM.

  • #2
    New Coder
    Join Date
    Dec 2007
    Location
    UK
    Posts
    41
    Thanks
    1
    Thanked 7 Times in 7 Posts
    Are cookies out of the question?
    Remember if someone has answered your question then please use the 'thank user' button below their post.

  • #3
    New to the CF scene
    Join Date
    Aug 2007
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts
    hi
    it needs to be secure. what are you thinking?

  • #4
    Super Moderator
    Join Date
    May 2002
    Location
    Perth Australia
    Posts
    4,073
    Thanks
    11
    Thanked 98 Times in 96 Posts
    you could use HTTP_AUTHENTICATION (htpasswd & htaccess) which will give you folder based authentication.

    note that if the sites are built with forethought then it would be easy to make sure every page includes a config file which would set the relevant sessions etc.
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)

  • #5
    New to the CF scene
    Join Date
    Aug 2007
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by firepages View Post
    you could use HTTP_AUTHENTICATION (htpasswd & htaccess) which will give you folder based authentication.

    note that if the sites are built with forethought then it would be easy to make sure every page includes a config file which would set the relevant sessions etc.

    Looking at this further HTTP authentication appears the only way to successfully secure the folders.
    The problem with this as far as i am aware is that using htaccess i cant find a way to incorporate the central login screen.
    Any ideas how to login then be taken to the correct website folder which is then protected?.
    Last edited by malik; 01-21-2008 at 12:51 AM.

  • #6
    New Coder
    Join Date
    Jan 2008
    Location
    Portugal
    Posts
    17
    Thanks
    0
    Thanked 2 Times in 2 Posts
    You can use a file or a database to assign usernames to urls... or that's not possible for you?

  • #7
    New Coder
    Join Date
    Sep 2007
    Location
    US
    Posts
    88
    Thanks
    4
    Thanked 4 Times in 4 Posts
    If you are running apache, I would recommend you configure <virtualhost> blocks for the individual sites.
    for example some one would use site1.???.com and that would lead them to the site one folder.


    Edit:
    read through this some more.
    I see what you are trying to do, what you would want to do to keep things secure is use PHP session codes.
    To do this you can add a file to the auto append directive in your PHP.ini file. with this central file, you would only have to validate site cookies or session data.
    Last edited by Digicoder; 01-21-2008 at 07:31 PM.
    I need to find a book about all this stuff. God, thats gonna be one big book!

    http://www.gamezftw.com
    Play On!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •