Thread: Security

I joined this forum to learn about websites and now i am almost at the stage to convert my emindmaps layout to voda.

However in my learning curve i am still unsure how to provide security. My website is for education purposes and as i'm using some exam papers there is a requirement (exam board copyright) to have login/password.

I'd be grateful if someone could advise there are already codes one can use or whatever . . .

On most websites the procedure seems to be similar which suggests that there is. Many thanks

There are two ways of password protecting some pages.
The first is to create a password protected folder in your site, and place all pages that need to be protected, in that folder. However, this implies that you need to send an email to the members (or anyway to people that should have access to those pages) and letting them know the username and password. Usernames and passwords can only be created by you, and if you need each person to have his own loggin details, that becomes very difficult.

The second way, is to have a loggin script, and this is the way that almost all sites use. A loggin script will allow a user to register, select his own username and password, and then he will be able to loggin.
Registration approval in such scripts can be automatic (as soon as they register they have access), or email confirmed (the script doesn't register them immediately, but sends them an email with a confirmation link, the registration becomes active as soon as they visit the link) or administrator approved (you receive an automatic email with the registrant's details, and if you accept their registration, you click on a link in the email, and the registration becomes active, and, in the same time, an email is sent to the user to let him know that his registration has been approved). These scripts also come complete with a user profile page, where the user can edit his details, change password or contact details etc) and an administrator interface, that allowes the administrator to manage the users (edit, delete, manually add, bann, etc).
You can find some free scripts of this type, but usually they are very poor in features and/or layout and offer very little customization and layout possibilities.
If you are interested in a (non free) script of this type, visit this link.

Thanks for your help. I am looking at one method called htaccess that seems a bit more security than i need. Have you heard of it or can advise?

Much appreciated
james

htaccess is (in my opinion) out of the question for you. It can be done in two ways:
1. The first one requires good knowledge of the Apache server system. It is, in fact, the same method that server administrators use to create and allow access to the password protected folders. You create the htaccess file, and you upload it. Read these instructions:

http://httpd.apache.org/docs/1.3/howto/auth.html


2. Through your control panel, as i wrote in my previous post. By password protecting a folder, Control Panel does the same thing for you (creates the htaccess file).

As you understand, If you only want to have a limited number of usernames and password, this is a very good method.

But if you need every member to have his own username and password, and there are many of them, then the only solution is a loggin script.

Thanks for your help. The latter seems the sort of thing i'm after. I've seen something called phpminiadmin. One would enter the user names for certain levels of access but i don't seem to be able to get it to work.

I only need 2/3 usernames to control access it is only to stop people from anywhere copying my resources.

On another note give my love to Italy. I used to work in the oil industry and spent some time in Brecia and Bergamo.

james

Originally Posted by jessejazza

Thanks for your help. The latter seems the sort of thing i'm after. I've seen something called phpminiadmin. One would enter the user names for certain levels of access but i don't seem to be able to get it to work.

I only need 2/3 usernames to control access it is only to stop people from anywhere copying my resources.

On another note give my love to Italy. I used to work in the oil industry and spent some time in Brecia and Bergamo.

james

No, phpMyAdmin is for administration of Databases.

First, create a directory where you will place your protected pages. Then go in your CP, clicl on Pawssword Protect directories, the select the folder you need to protect, and follow the wizard. Before exiting this section, create the usernames and passwords you want to have access to this folder.