homepage Welcome to WebmasterWorld Guest from 54.196.24.103
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Accredited PayPal World Seller

Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / HTML
Forum Library, Charter, Moderators: incrediBILL

HTML Forum

    
Password protected folders
Accessible to my scripts, not to my visitors
dougmcc1




msg:591582
 4:21 pm on Sep 21, 2003 (gmt 0)

I have a form which lets visitors submit information to make customized pages on my site. Information such as address and phone number.

I have three questions:

1. Is it possible to password protect my cgi-bin without prompting users for a username and password when a script is run in that folder? I don't want them to be able to access the folder by typing [mysite.com...] But I also dont want them to get prompted after submitting information from the form.

2. The script creates a page from a template. The template is in a password protected folder. Can the script create the page without the visitor typing in a username and password for the folder the template is in?

3. The script puts the created page in the 'pending' folder and sends the visitor to it so they can see their newly created page. I then decide wether or not to authorize the page. But I don't want people to be able to type in [mysite.com...] to see all the pages that are pending.

The same answer might be applicable to all three questions. Basically I want my scripts, template, and pending pages password protected when accessed from the address bar, but I want users to be able to create their page without being asked for my username and password when creating their page. Is this possible?

Thanks.

 

mapostel




msg:591583
 4:36 pm on Sep 21, 2003 (gmt 0)

HI dougmcc1,

:-\ What I know is that a username/password can be incorporated in a URL: http://username:password@www.example.com/protected/file.cgi
I have run scripts in protected folders via Cron like that. However, if you incorporate username/pass into your source it will be only be protected against superficial users. It would be clearly visible in the source.
Two other thoughts: You could call a php or asp script from the form and this script would then call the protected script.
Or you could try to make rewrite rules that only allow certain referrers (although this could be spoofed).

OK, just my 2p...

Hope it helps,

M.

dougmcc1




msg:591584
 5:35 pm on Sep 21, 2003 (gmt 0)

You could call a php or asp script from the form and this script would then call the protected script.

You mean call a script from an unprotected directory which uses an include to call the real script from the protected directory?

<added>I tried that. I get a 500 Internal Server Error</added>

BlueSky




msg:591585
 6:36 pm on Sep 21, 2003 (gmt 0)

<added>I tried that. I get a 500 Internal Server Error</added>

What exactly gave you the 500 error?

I do something pretty similar to what you want to do on my site. About 3/4 of my code and all the templates are in protected directories to prevent direct access by outsiders. Then my script includes the protected files as they are needed. Works fine.

dougmcc1




msg:591586
 6:52 pm on Sep 21, 2003 (gmt 0)

Thanks for your reply BlueSky. The 500 error is very vague, and I checked my error logs but it doesn't look like this error was recorded.

Can you provide an example of how you set your site up? Here's what I did to generate the 500 error:

I put my real scripts in 'newfolder' and renamed them to 'scriptname_script'. I removed the password from 'cgi-bin' and applied it to 'newfolder'. Then I replaced each script in the cgi-bin with a new script with this include statement:
<? include "../newfolder/scriptname_script.php";?>

Thanks again.

<added>I also tried putting 'newfolder' in 'cgi-bin' and changing the include statement to <? include "newfolder/scriptname_script.php";?>. Still got the 500 server error.</added>

amoore




msg:591587
 7:11 pm on Sep 21, 2003 (gmt 0)

In answer to your first question, to keep people from browsing through your cgi-bin, either take the indexes option off of that directory, or put a (possibly empty) index.html or index.cgi in there to keep them from seeing the directory index.

BlueSky




msg:591588
 7:16 pm on Sep 21, 2003 (gmt 0)

Well, scratch that...I see you went down per the section you added. If your unprotected scripts are at the same level as your /newfolder, try this with the php as part of the tag:

<?php include "newfolder/scriptname_script.php";?>

If that doesn't work, unprotect the directory and try the include again. It kinda sounds like the path is off but might as well rule out the protection being in the way. I've never run PHP as a CGI only as a module which works fine with protected directories. So, I don't see why the CGI wouldn't work too. In fact, I include some protected files located in the CGI-BIN.

[edited by: BlueSky at 7:26 pm (utc) on Sep. 21, 2003]

dougmcc1




msg:591589
 7:26 pm on Sep 21, 2003 (gmt 0)

What are requires?

My paths are fine - cgi-bin contains 'newfolder'. 'newfolder' contains the actual scripts and the scripts in 'cgi-bin' call them with this path "newfolder/scriptname_script.php".

form-->scriptinclude-->realscript
root-->cgi-bin-->newfolder

What I have is a few directories in the cgi-bin so I protected the whole bin. Then outside I call the protected files with includes or requires.

See I use a form so in order to run the script I cant use an include, unless I put the include in another script that the form calls.

BlueSky




msg:591590
 7:38 pm on Sep 21, 2003 (gmt 0)

When I wrote that you had posted the path was going upwards. That is why I said your path sounded off. By the time I posted, you had added that you tried it going downwards. Requires are similar to includes but used unconditionally.

Sounds like you need to rework your script a little to handle includes.

dougmcc1




msg:591591
 7:46 pm on Sep 21, 2003 (gmt 0)

By the time I posted, you had added that you tried it going downwards.

Hehe sorry bout that.

Sounds like you need to rework your script a little to handle includes.

Here is my form:
<form action="cgi-bin/fakescript.php" method="post">
<input type=text value="email@me.com" name="email" size="20">
<input type="SUBMIT" VALUE="Submit">
</form>

My fake script:
<?php include "scripts/realscript.php";?>

My real script:
<?php
echo $email;
?>

Output:
500 Internal Server Error :(

dougmcc1




msg:591592
 12:20 am on Sep 22, 2003 (gmt 0)

I guess that works after all. My host didn't have my cgi-bin activated. Thanks for your help.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / HTML
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved