homepage Welcome to WebmasterWorld Guest from 54.161.214.221
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
User created Password Protected Directories
Registering a user name and password via PHP creates a private directory
quixotic




msg:1278253
 12:51 am on Nov 18, 2005 (gmt 0)

Okay any ideas on how do I do this?

A user goes to a page on the site:
------------------------------------------------
1. The page prompts the user to create a user ID/Password.

2. A folder is created for the user, which is protected by their user ID/Password.

3. The user is then allowed to upload/download files to the folder (and no other).

4. When they return to the site, they log in and are immediately taken to their folder.
-------------------------------------------------

Any pointers, code etc. would be greatly appreciated and reciprocated!

((((@
c(.).)
\__>

 

coopster




msg:1278254
 5:44 am on Nov 18, 2005 (gmt 0)

Welcome to WebmasterWorld, quixotic.

I can talk it out in pseudocode a bit if that is what you are looking for ...

  1. Create a form that prompts the user for their user ID/Password; if they don't have one, give them an option to register/setup.
  2. Upon successful setup create a folder on the backend for this user and store the user's *home* folder path/name in the database along with their other information, userid, password, email, home folder, etc.
  3. Setup a script which allows the user to upload/download files to their folder only. Basically, after they login they can go to your page that allows for file uploads and upon a successful file upload you move the uploaded file to the directory on record for the currently authenticated user.
  4. By default when a user performs an initial login they are immediately taken to their folder. You can do this by checking the database for their *home* folder.

quixotic




msg:1278255
 4:41 pm on Nov 18, 2005 (gmt 0)

Thank you very much Coopster. This definitely helps, I think I only need one more piece of the puzzle.

2. is the most difficult for me:
I can use mkdir to create the folder for the user, but I can't figure out how to lock read/write/execute priveledges to just the user.

For instance,

mkdir("/user",0700);

would create the user's folder, and while the permissions are locked to the "owner", the "owner" is the webserver, not the person currently logged in when the script is called.

Thanks again!

quixotic




msg:1278256
 8:38 pm on Nov 18, 2005 (gmt 0)

okay i think i might have answered my own question... I'm new to the world of security, but if i do this:

mkdir("/user",0700);

only the webserver has access to user. But it doesn't matter since I should be able to make a PHP page that compares ID/password to the DB, then asks the webserver to feed the contents of the user directory back to the user.

I'll also need something else to keep them logged in though so they can navigate the files, which I guess would be a cookie. Am I on the right track?

henry0




msg:1278257
 5:10 pm on Nov 19, 2005 (gmt 0)

You could use a SESSION

To initiate:

session_start();// always on top of script
// post value through $_POST
$username=$_POST['username'];
$password=$_POST['password'];

$_SESSION['username'] = $username;
$_SESSION['password'] = $password;

To use it:
session_start()
$username=$_SESSION['username'];
// etc...
// all pages the need the username session
// will start by SESSION_START()

Check the manual
[us2.php.net...]

quixotic




msg:1278258
 5:22 pm on Nov 21, 2005 (gmt 0)

Ahh, I see now. It sounds like there are a few ways to do this. The easiest and least secure is to create and edit .htaccess & .htpass files, which should keep you logged in while the browser is open. The most secure appears to be using a DB and tracking the user by using SESSIONS. I like the DB and using SESSIONS option, it's safer, easier to manage in the long run, and I can customize the login. Looks I've got some code to try and write now...

Thank's everyone for your input!

henry0




msg:1278259
 6:24 pm on Nov 21, 2005 (gmt 0)

Before diving in coding you might give a try to the following:
Do not let you DB_connection script at root level or anywhere by WWW
set it below www for ex where lies your CGI
it provides you with more secured way of protecting your Db_conn.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved