Posted by Phil Coen on 11/14/34 11:21

I have never tried to build a web site to restrict users. Before, I always
wanted everyone to be able to get to everything that I put on one of my
sites. So now I am trying to write (actually just to learn to write) a
site with a passworded front door. That is to say, you don't get in
without the password. Not a thermonuclear secure site proof against
crackers, the CIA and so forth - just a site with authorization needed.
Kind of like they do at online newspapers.

Right now it is the concept that I am needing. I spent the day in the
bookstore trying to find a book on the subject but no dice. All web
building books just concern themselves with fancy HTML concepts and PHP
books just on using the language. Apache books have quite a few chapters
on security, but only from the standpoint of preventing deep cracking, open
proxies, etc. Could find none that were concerned with how to actually
build one. Ok, so back to figuring it out.

One way that worked is to check (after the login in screen) the
PHP_AUTH_USER and PHP_AUTH_PW at the start of every module that I call.
Works ok, but seems to be a kludge.

The method that I am trying now is to put everything past the login module
into a subdir, put authorized users into a Linux group, and give access to
that group. But so far the examples of passing the user and password from
PHP to the Linux server aren't working. Or rather to say that I haven't
made it work yet. Well, actually I can do it with Perl easily, but that
isn't the point and I will never learn PHP if I go back and use what I
already know.

More reading to do. Fortunately, just before I clicked the print button I
realised the the official PHP manual is 3300 and so pages!!! So much for
taking the manual to the hammock for some comfortable reading. :-)

Insights anyone?

Thanks
Phil

[Back to original message]