.htaccess is a good way to limit files and such but even the more advanced CMS's have html files which say "You are attempting to access a restricted area." Then the person has to go back to the main page manually. With the small php code with the header it would show the main page in that directory which isn't bad but instead would need to be redirected back to the home page. I don't mind using simple error pages to show someone cannot access a certain folder simply because only people who attempt to try will ever find it. It also allows to use files within a folder but not allow the folder from being directly accessed from the browser end. Either way you do it will work but if someone finds a way to bypass your .htaccess file then it's completely pointless. That is why it's better to have multiple ways to protect your folders than just relying on one. Since html files are accessed before any other server file you can even put up a html welcome page then have it directed to your index.php folder.
It is good that we've shared our ideas and helped Flipper into writing his first how-to let's keep trying to come up with more ways to secure our websites to share them with those who have no clue.
Important Information Reguarding Accounts
-
TheCrymsonLegends
- Posts: 1246
- Joined: Wed Feb 16, 2005 6:59 am
I agree totally with you. We should use several methods of protecting not just one. However, I do find the .htaccess files to be the safest way. 
@Tails5......PM me with an example of your .htaccess file and that will allow me to include that in my next How-To. Like common mistakes, and also how to fix that. I need ideas for my next how-to and that's a good way to go.
@Tails5......PM me with an example of your .htaccess file and that will allow me to include that in my next How-To. Like common mistakes, and also how to fix that. I need ideas for my next how-to and that's a good way to go.
-
TheCrymsonLegends
- Posts: 1246
- Joined: Wed Feb 16, 2005 6:59 am
I got a couple ideas for a how-to. MySql query in php lol. That's one of many, shouldn't be too difficult to explain in a way that even I could understand.
P.S. I figured out how to do it, just don't know exactly how to set the databases up to do everything I am wanting.
P.S. I figured out how to do it, just don't know exactly how to set the databases up to do everything I am wanting.
Reached 5000 Credits! The highest of any member on Smokyhosts! New milestone for Me!
If you PM me with specifics I can help you. And I did make a 'Reload this Page Using PHP to control MySQL Databases ' How-To some time ago, it's link is http://smokyhosts.com/forums/showthread.php?t=4781 hope it helps.
Webmaster Yoda: You must confront the cPanel. Then, and only then, a webmaster will you be.
Julius Caesar: Veni, vidi, posti
-
TheCrymsonLegends
- Posts: 1246
- Joined: Wed Feb 16, 2005 6:59 am
That made it relatively easy to understand. Now if I could understand how to set it so that when a member logs in they will be automatically selected for a certain squad site which they are part of. I'll eventually get the hang of it, maybe lol.
But yeah thanks for the link it should help me understand mysql better and I will run a couple test pages to get the hang of it better. Thanks
But yeah thanks for the link it should help me understand mysql better and I will run a couple test pages to get the hang of it better. Thanks
Reached 5000 Credits! The highest of any member on Smokyhosts! New milestone for Me!
Well if you just store the squad site with their login information, then when you retreive the information you could do something like[php]
header("Location: http://www.crymsonlegends.com/airsoft/$result['squadsite']/")[/php] Or whatever the site URI is
.
By the way, just as a point of interest, URL and URI are both valid, URI is Uniform Resource Identifier, URL is Uniform Resource Locator, which usually refers to a shortcut to the internet
header("Location: http://www.crymsonlegends.com/airsoft/$result['squadsite']/")[/php] Or whatever the site URI is
.By the way, just as a point of interest, URL and URI are both valid, URI is Uniform Resource Identifier, URL is Uniform Resource Locator, which usually refers to a shortcut to the internet
Webmaster Yoda: You must confront the cPanel. Then, and only then, a webmaster will you be.
Julius Caesar: Veni, vidi, posti
Tails5 wrote:Well if you just store the squad site with their login information, then when you retreive the information you could do something like[php]
header("Location: http://www.crymsonlegends.com/airsoft/$result['squadsite']/")[/php] Or whatever the site URI is
By the way, just as a point of interest, URL and URI are both valid, URI is Uniform Resource Identifier, URL is Uniform Resource Locator, which usually refers to a shortcut to the internet
Ummm...the problem with that code is that you didn't check for errors or any of that; which is pretty much necessary everywhere. Plus, the squadsites may be based around a different concept; one of which I still need to discuss with TheCryms about.
