Webmania - php facility

  ScanJet 23:04 15 Aug 05
Locked

I have recently opened an account and started hosting a site with this company as it has had good reviews in this forum.

One of the features I am looking for is the ability to take user input ( eg.client password )confirm suitability to view certain pages ( design work being done for them ) and offer up page 'includes'( their latest update ) depending on the id they enter. Now I am not talking high security.

I then may or may not want to write to files/create files for 'include' at a later date but find that permissions are denied. Has anyone else experienced this? I have contacted tech support but so far today no further contact from them.

Surely what I am asking is access to basic core php features. All advice welcome.

Scanjet

  Taran 19:12 16 Aug 05

I'm not sure what you are asking here.

If you have any doubts about whether or not PHP is running properly on your account, open Notepad and create a new file.

Save it on your desktop with any name.

Close Notepad.

Right click on the file on your desktop and rename it to test.php

Open it again in Notepad or any other plain text editor (not WordPad, Word etc) and paste this into it:

<?php

phpinfo();

?>

Save the file, upload to your web server and call the page in your browser.

The resulting page should display all the modules and other information about your account space.

Delete or rename the file on the server to test.not or something similar after you're done, since some of the information it returns can compromise the security of your web account.

Writing to files using PHP is done in a number of ways, but to begin with if you want your PHP program(s) to be able to write to a text file on the server it should be given write permissions - default file permissions are read. CHMOD the file to 666 or 775, depending on requirements, otherise your PHP can't write to the file.

Perhaps I've completely misunderstood your problem and in that case I apologise. If yuor test.php file with the above code runs OK then PHP is working on your account. If you get an error when calling the page you need to contact support to sort the issue out. Try the test first though.

It could help to know how you are uploading files, what you are editing them with, and possibly even some code to examine.

T

  Taran 19:14 16 Aug 05

If the above seems an odd way in which to create your test file, Notepad defaults to tag a .txt file extension onto the end of any file you create with it.

Rather than walk you through the File, Save As route (which can cause problems depending on your version of Windows) I often find it easier to describe how to paste the code and save the file then rename it, or save the file, rename it, paste the code and save it again.

I know what I mean any way...

;o)

  ScanJet 22:49 16 Aug 05

Thank you Taran,

It is indeed the file/folder permissions and I have chmod some of them and am now getting closer to the required results. I am finding that I need to set some to 777. Is this too weak a setting - from what I can see it is necessary.





Software being used is html kit.


Scanjet

  Taran 23:17 16 Aug 05

CHMOD 777 is OK depending on what it is applied to and how you are writing to it.

So much depends on how you use your PHP and what it actually does.

I can usually get away with 666 for most things - this includes writing to text files using PHP, like for a hit counter or some such (poor example since I hate hit counters, however...).

Sometimes I go as far as 775 but I rarely need and never commercially use 777, which renders a file writable to everyone.

HTML Kit is an excellent program - one of my all time favourites.

Keep us informed of your results.

T

  ScanJet 21:50 19 Aug 05

Taran,


The two main things I want to achieve is:

1/Register users with minimal unsentitive details and save to text file that later will confirm them as a client.

2/The ability to access a password protected part of the page live online and amend page 'includes' of the site itself using forms.

With a password protected page access does the 'allow everyone to write(777)' really pose much threat? Surely it is only writable to those tooled up with the password (namely me) to access the admin page that will only show the forms when password is sent correctly ie. No password - no forms - no fwrite etc.

The site is not highly sensitive - just to allow clients the abilty to logon and see progress with their current cad design drawings.

Thanks again for taking the time to answer, very helpful.

ScanJet

  Taran 03:30 23 Aug 05

CHMOD 777 can potentially be a risk if accessed by those who know if the web server has not been properly locked down.

Basically, and without going off on one about permissions and security issues, 777 is Read, Write and EXECUTE rights to all users.

There are three user groups for files on Linux/UNIX web servers. You get Owners, Group and World. Owners and Group usually have far more in terms of permissions granted for file access on the server. You really want the World group to have as little access as is practical, since opening this groups permissions is potentially allowing ALL visitors the right to read, write to and execute files on your server.

It's a sad fact that shared web hosting sometimes is not as well implemented as it could be and so mistakes can and do happen. One member of this forum had his web server well and truly mangled when someone got in who had no business being there. It's not an uncommon tale, especially with the less expensive hosts who often use old hardware and older version software which, in some cases, has some well known security holes.

In general, you should be safe with 777 on certain files or directories. Unless site visitors are being given upload rights to allow them to send files up to a folder on your web space, or write data to a file, perhaps through a form submission, I can't really see a need to go down a permissions road for user login. This would be best done with a database and little or no CHMOD permissions in sight.

Take a look at Hotscripts.com for some very nice, fully developed user registration and login systems in (almost) any web language you could want.

T

This thread is now locked and can not be replied to.

Surface Pro (2017) vs Surface Pro 4

20 groundbreaking 3D animation techniques

How to mine Bitcoin on Mac