Google Answers Logo
View Question
 
Q: Secure Directory Access via PHP/MYSQL ( Answered 5 out of 5 stars,   0 Comments )
Question  
Subject: Secure Directory Access via PHP/MYSQL
Category: Computers > Internet
Asked by: hlf-ga
List Price: $25.00
Posted: 29 Mar 2003 12:08 PST
Expires: 28 Apr 2003 13:08 PDT
Question ID: 182901
I am looking for complete and explicit directions on creating PHP code
to work with the Apache mod_mya for MYSQL to provide secure access to
specified directories.

Request for Question Clarification by wildeeo-ga on 29 Mar 2003 14:27 PST
Hi,

A couple of questions: Is the mod_mya module already installed on the
server, and am I correct in thinking you would like to use the PHP
scripts to add users to the database?

Clarification of Question by hlf-ga on 30 Mar 2003 06:10 PST
Reply to wildeeo-ga

Thank you for your request for clarification.

Yes, the module is installed. I know how to use PHP to create new
entries in the database. I seek the PHP (or PERL) code needed to login
users in one or both of the following ways:

1. All users in the database may log in to the same protected
directory.
2. User in the database are logged in to a specific protected
directory as defined in the database.

I also need the correct form of the .htaccess file to be placed in
each protected directory.

Thank you for addressing my query.

HLF
Answer  
Subject: Re: Secure Directory Access via PHP/MYSQL
Answered By: wildeeo-ga on 31 Mar 2003 11:58 PST
Rated:5 out of 5 stars
 
Hi, hlf-ga. Thank you for your question.

As long as everything's set up correctly, you shouldn't need to create
any PHP or Perl scripts to protect a directory - the .htaccess files
and the mod_mya module should take care of it themselves. The server
should ask the browser to prompt the visitor for a username and
password.

The first step should be to create the mysql database and tables, if
you haven't already. You can do this with the following queries (taken
from the mod_mya site):

CREATE TABLE virtual_users (
  username char(32) NOT NULL,
  password char(32),
  PRIMARY KEY (username)
);

CREATE TABLE groups (
  groupname char(32) NOT NULL,
  username char(32) NOT NULL
);

(I assumed this was added to a database called 'authinfo' in the
following examples).

You can then add users to the 'virtual_users' table (or whatever you
named it).

You then need to create a '.htaccess' file in the directory you want
to protect. (Placing a .htaccess in a directory will also protect all
files and subdirectories; for example, if you created a .htaccess file
in '/foo/', any files in /foo/, such as /foo/file.txt, as well as
directories, like /foo/bar/, would need a password to be accessed).

The .htaccess file would need to contain (without the comments):


# Tell apache authentication should be done
AuthType basic
# Set the message the user should be shown
AuthName "Top Secret Stuff"

# Tell the server that any user with a valid user/pass should be let
in
require valid-user

# Turn on mya
mya On
# Replace 'virtual_users' with the name of the database the info's
stored in
mya_MySQL_Database authinfo
# Replace 'virtual_users' with the name of the table the user/pass
stuff is in
mya_MySQL_Table virtual_users
# Replace 'virtual_users' with the name of the table where the group
info lives
mya_MySQL_Group_Table groups
# Replace 'sqlusername' with the username to connect to the server
with
mya_MySQL_Username sqlusername
# Replace 'sqlusername' with the username to connect to the server
with
mya_MySQL_Password sqlpassword
# Set the kind of authentication needed - see the mod_mya webpage for
more info
mya_Authoritative On
mya_Encryption PlainText
# These are the names of the fields with the user/pass/groupname in
mya_MySQL_Username_Field username
mya_MySQL_Password_Field password
mya_MySQL_Group_Field groupname


This would allow any user with a valid username and password to access
that directory.

You can also grant only a specific group of users permission to access
a directory. To do this, you'd need to change a line in the applicable
.htaccess file. Change the line:

require valid-user

to, for example:

require group nicepeople

where 'nicepeople' is the name of the group of users you want to allow
to access that directory. To add a user to a group, you add a record
to the 'groups' table, with the username, and the name of the group
you want the user in. For example, to add the user 'foo' to the group
'nicepeople', you'd do something like this:

INSERT INTO groups (username, groupname) VALUES ('foo', 'nicepeople')

That user is now a member of the 'nicepeople' group, and should be
able to access that directory. (The user 'foo' will also need a
corresponding record in the 'virtual_users' table containing his
password).

I hope this was of use to you.

The mod_mya website can be found at:
http://www.synthemesc.com/mod_mya/

The following search may also be useful:
://www.google.com/search?q=mod_mya

If that was unclear, or you have any additional queries about this,
please feel free to request a clarification.

-- wildeeo-ga
hlf-ga rated this answer:5 out of 5 stars
I had already figured this out while waiting for the answer.
Nevertheless, the researcher has done an excellent job and payment is
authorized. HLF

Comments  
There are no comments at this time.

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  


Google Home - Answers FAQ - Terms of Service - Privacy Policy