|
|
Posted by Rob on 10/10/38 11:22
Rob wrote:
> Chris wrote:
>
>> On Thu, 28 Jul 2005 11:51:06 +0000 (UTC), Rob
>> <rob.@.no.spam.please.tbswebdesign.com> wrote:
>>
>>
>>> Gordon Burditt wrote:
>>>
>>>>> I have a PHP query for a MySQL database that I'd like to restrict
>>>>> access to. It's linked from a .htm webpage with other links on a
>>>>> company intranet site.
>>>>
>>>>
>>>>
>>>> Restrict based on *WHAT*? IP address the client is connecting
>>>> from, username/password, SSL certificates, retinal eye scanner,
>>>> something else?
>>>>
>>>> Gordon L. Burditt
>>>
>>>
>>> LOL nice gordon,
>>> I think if its a "feature" you only want a "site admin" to access the
>>> best option would be to drop the query in a file... "admin.php" and
>>> put it in a directory "admin" where by you use .htacess to password
>>> up the directory.
>>>
>>> An example of what your trying to do chris might help a little bit
>>> more :)
>>>
>>> Cheers
>>> Rob
>>
>>
>>
>> I think you pretty much hit it on the head, Rob. I have a series of
>> databases on a dedicated server that are designed to compliment a
>> worthless CMMS bringing more data to a group of guys. for now, the
>> admin idea would work fine since I'll be the only one accessing 2 of
>> those databases but eventually, may free up the access to a small
>> group within a department as usable information. At that point,
>> either a shared password OR allow known IPs would be effective and
>> actually, known IPs may be better in that the extra step of entering
>> something would be bypassed. thanks for the replies, gents.
>
>
> Chris... iv come up with this for you...
> This example will give access dependant on the username and password
> entered.
> You can added/delete users from the $users array.
>
> -----------
>
> function do_auth()
> {
> $realm = mt_rand(1,1000);
> header('WWW-Authenticate: Basic realm="CMMS Administation ID:
> '.$realm.'"');
> header('HTTP/1.0 401 Unauthorized');
> die("Permission Denied");
> }
> //your access info... user => pass
> $users = array('admin' => 'admin', 'staff' => 'staff');
>
> if (!isset($_SERVER['PHP_AUTH_USER']))
> {
> do_auth();
> }
> elseif (!isset($_SERVER['PHP_AUTH_PW']))
> {
> do_auth();
> }
> elseif($users[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW'])
> {
> do_auth();
> }
> //if were here... then were logged in successfully :)
> print('Welcome to the control panel
> <b>'.$_SERVER['PHP_AUTH_USER'].'</b>');
>
> -----------
>
>
> This second example give access to ips listed the array $allowed_ips
> hopefully one of these may be of help to you...
> but http auth is not the best method of passwording, all depends on how
> secure you want the protected content to be.
>
>
> ---------
>
> function do_auth()
> {
> $realm = mt_rand(1,1000);
> header('WWW-Authenticate: Basic realm="CMMS Administation ID:
> '.$realm.'"');
> header('HTTP/1.0 401 Unauthorized');
> die("Permission Denied");
> }
> //your access info... user => pass
>
> $userip = (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) ?
> $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER["REMOTE_ADDR"];
> $allowed_ips = array('212.100.120.40','212.100.120.41','212.100.120.42');
> if(!in_array($userip,$allowed_ips)
> {
> do_auth();
> }
> //if were here... then were logged in successfully :)
> print('Welcome to the control panel <b>'.$userip.'</b>');
>
> ----------
>
>
>
> Good luck
> *Rob
sorry parse error in 2nd example replace line...
if(!in_array($userip,$allowed_ips)
with
if(!in_array($userip,$allowed_ips))
;)
*Rob
Navigation:
[Reply to this message]
|