Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
mercman
Regular
Regular


Joined: Nov 29, 2006
Posts: 64
Location: TN, USA

PostPosted: Thu Mar 20, 2008 10:02 pm Reply with quote

Hi all,
I hope this doesn't sound too confusing but...

I have some directories that are outside my nuke installation directory that I would like to bar from anyone EXCEPT the registered users of my nuke site.

I was checking out Raven's posting: Only registered users can see links on this board! Get registered or login! and I've used .htaccess before, in small ways, but is there any way to have it access the user:pass info of the registered users of the site without my having to enter the user:pass of each registered user into a .staccess file or having my registered users re-enter thier user names:passwords when the try to gain access to these protected directories?

What would be perfect is if the registered user could simply click the link and enter, but the non-member gets stopped and asked for a user:pass (blocked).

Any ideas/help would be much appriciated!

_________________
-Merc 
View user's profile Send private message Visit poster's website
mercman
PostPosted: Sat Mar 22, 2008 10:15 am Reply with quote

Perhaps I should rephrase this question.

Is it possible to use .htaccess to 'deny from all' except a web address?
For example, from the contents page of my site?
Something like: Only registered users can see links on this board! Get registered or login!

I could then use the site user permissions to deny access to non-registered users.

Thanks!
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9453
Location: Arizona

PostPosted: Sat Mar 22, 2008 12:16 pm Reply with quote

mercman, I am no Apache expert, so it would take way too much time for me to research, so I am not sure it can be done the way you want in your first post.

However, you might be able to use something like NukeWrap to wrap the content in and just make the NukeWrap module only accessible to registered users. Now, this is not foolproof if your links can be "guessed".

Another way would be to write something like NukeWrap, but without the frames, and you could read the content using native PHP file read commands and then display the output back to the browser. Using this approach, you could first do a is_user($user) check to see if they are a logged in user.

Sorry, no easy answers as I suspect you will need something slightly custom.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
mercman
PostPosted: Sat Mar 22, 2008 1:30 pm Reply with quote

montego,
Thanks you for your suggestions.
I'm currently doing more research on .htaccess and I'll definately be looking into NukeWrap.

The reason I'm asking all this, is I'm trying to create another website.
This site would be a very secure social networking site specifically for family and friends with no access to forums, news items, topics, etc. for non-registered users.
Registration would require admin approval, of course (this is what makes this new RN distro {I'll add the approve membership module} so exciting for me).
I'd want to do all I could to protect family pictures, etc. from outside eyes.

Thanks again for your suggestions.
 
mercman
PostPosted: Sat Mar 22, 2008 9:12 pm Reply with quote

Well montego, this does the trick:

I have a folder on the site (dir1) which contains two sub-folders (dir2 & dir3).
I want to protect everything, except one html file in dir3 (I want my registered users to see it, but no one else).
So I rename the html file in dir3 anything but "index.html" - I like to use alphanumeric file names to make it a little harder to "guess".
Then I make a custom .htaccess file like this:
Code:


Options +FollowSymlinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !myrenamedfile.html$

and place it in dir1. Now anyone attempting to access these folders gets a "403- Forbidden" error, unless they just happen to figure out what the name of that html file is in dir3 (which seems a very remote possibility to me).

Now I go into the AP of my site and set the 'Content' module to 'Registered Users Only', activate it and create a new page in an iframe that links directly to the renamed html file; like this:
Code:


<iframe SRC="http://mywebsite/dir1/dir3/myrenamedfile.html" FRAMEBORDER=0 /></iframe>


Works like a charm.
Is it 100% secure? Nope. But it should be at least six-sigma. Smile
 
montego
PostPosted: Mon Mar 24, 2008 5:08 am Reply with quote

Hey, glad its working for you.

"six-sigma": that hits a little too "home" with my work... Wink


EDIT: I just realized that without the right context, that statement sounds pretty arrogant. I am not meaning the work that I produce! Laughing I am talking about my work's six-sigma program.
 
mercman
PostPosted: Mon Mar 24, 2008 4:11 pm Reply with quote

WHAT?!?!?!
You mean your coding isn't six-sigma?!?!? Shocked
LOL Just kidding!
You and the crew here make some great stuff!

BTW - I think 'View Source' could be the bane of my existence. Rolling Eyes
 
montego
PostPosted: Mon Mar 24, 2008 9:53 pm Reply with quote

mercman wrote:
You mean your coding isn't six-sigma?!?!?


Far from it I am afraid... Laughing
 
pdfx
Regular
Regular


Joined: Mar 13, 2008
Posts: 68

PostPosted: Tue Mar 25, 2008 10:20 am Reply with quote

I have a similar point well it maybe related..

Is there a way to make only registered users be ble to view the full extended news and topics?

I have topics as reg users in the admin but as I have news in the home its to all visitors?

P
 
View user's profile Send private message
mercman
PostPosted: Tue Mar 25, 2008 3:33 pm Reply with quote

pdfx,
A non-registered user may be able to see the 'Topics' link in the modules block, but as long as you have Topics set to 'Registered Users Only' in the AP, all they see is "You are trying to access a restricted area."
 
montego
PostPosted: Tue Mar 25, 2008 7:19 pm Reply with quote

You can also keep a module from showing up in the modules block with one switch within the modules administration.
 
pdfx
PostPosted: Wed Mar 26, 2008 2:36 am Reply with quote

Yeah hello, thanks for the answer but i think you slightly misunderstand or i didnt make it that clear.

In my admin i have topics to reg users only thats all fine. But as I have news set to visible in home the article content i have added all becomes visible to all visitors which seems to be standard. I would like to still have the story text in the home but all the articles and extended text of a article for registered users, is that possible..

Thanks again P
 
montego
PostPosted: Wed Mar 26, 2008 7:26 pm Reply with quote

Not without hacking code... at least not what I can think of anyways.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©