I wanted to create a website that would be like a dropbox of sort, which just has files that me and my organization can access. I wanted to password protect the website, just a simple username and password. I have my own domain. I have been looking all over the web to find how to do this(I am a beginner) and found that using httaccess and htpasswd would be used to secure a website similar to what is shown here: http://www.htaccesstools.com/articles/password-protection/
But I cannot seem to get it to work. I am using the s3 bucket and putting the httaccess and htpasswd file in the same folder as the index.html file. Do you know how I would get my site to have a simple password protection(thats not seen in the source code or by typing in the html)? I am not sure if I am finding the directory correctly or not to implement this password protection correctly. Thank you for taking the time to read this and hopefully this makes sense!
Anyone else had this issue?
Amazon AWS alone won't do it. htaccess and htpasswd are also not the right tools for what you want to do.
Get yourself a cheap hosting account with a company like hostgator or godaddy or namecheap or any other that will host your web page and give you PHP and MySQL.
You cannot accomplish what you want just using javascript/jQuery. Those languages run on the browser, but you want to store your files on a server. Therefore, you need the language that controls the server - that is usually PHP. (The other popular solution is ASP, which is by Microsoft and runs on costly and complex Microsoft servers -- PHP is free and runs on (free) Linux and is therefore what ALL of the cheap web hosting companies provide. MySQL is the (free) database that is analogous to Microsoft SQL)
Next, watch a video tutorial on creating a PHP / MySQL login system, such as the ones over at:
phpAcademy (now called codecourse, apparently)
theNewBoston.com
You need to learn more about:
PHP sessions
Ajax
jQuery
MySQL (possibly)
On a basic website, you can stick your files into directories and control who can access those directories by whether or not they are logged in.
You can determine if a visitor is "logged-in" or not by asking for a username/password and setting a session variable. Session variables are just variables that are stored on the server, rather than on a user's own computer (of course, that wouldn't work since every visitor has his own computer and your files are stored on a central server -- so that is where the security (variables) must reside, right?)
Anyway, in a weekend of video watching and trial-and-error you can probably get something cobbled together that will do what you want.
Related
I'm learning to code and encounter a problem with making a form using HTML.
In the book, it stated that "every <form> element requires an action attribute and its value is the URL for the page on the server that will receive the information in the form when it is submitted."
But I thought about it for a long time, and I couldn't figure it out. What is meant by "the URL for the page on the server". If I got a site uploaded to a web hosting company, I would need to get it there? Or I need to rent a server elsewhere so that I will get one? Or it just fine to be store on a local file? Because I saw the data need to be processed by PHP, although I don't know whats that.
Can anyone help me with this? Really appreciated.
Regards,
Ace
An HTTP(S) URL will include a hostname (which identifies a computer (acting as a server) on a network) and a path (and possibly some other components which don't matter for this question).
When you type a URL into the address bar of a browser, the browser will make a request to the server and ask for whatever is at the path.
The server will respond (typically with some data like an HTML document).
The server has to perform some logic to decide what to respond with. Typically this will either be:
Reading a file from its hard disk and returning the contents or
Executing a program and generating some content programmatically
When you submit a form, you are making a request to a URL with some data attached to it. Almost all of the time you will want the server to execute a program and do something with that data (such as put it in a database).
The program that gets executed can be written in any programming language you like (such as Perl, PHP, JavaScript, Java, or whatever).
If I got a site uploaded to a web hosting company, I would need to get it there?
Typically, if you have web hosting already then you will use that web hosting for any server-side programming you need to do.
If the hosting service doesn't provide you with any server-side hosting options (i.e. if it is just static hosting such as you might find from Github Pages). Then that isn't an option. Likewise if the server-side options they program aren't suitable for you (e.g. they only support PHP but you want to run something written in Node.js) then you'll have to find an alternative.
The two alternatives you have are:
Move everything to hosting that provides the features you want
Host something elsewhere and keep the majority of your site in the original hosting
(There is nothing wrong with the latter option, I have one site which uses Amazon S3 static hosting for most of it but has a couple of web services running in Heroku).
Or I need to rent a server elsewhere so that I will get one?
Dedicated hosting is almost certainly very expensive overkill for your purposes.
Or it just fine to be store on a local file?
It isn't possible to do server-side programming with a file: scheme URL. There's no server to execute the program.
If you are only working locally then you can install a web server on your computer. This is normal for development purposes.
It is probably worth mentioning that there are a few common server-side programs which are available prewritten with hosting services (e.g. contact forms which email you when someone fills them in). These typically come with advertising and require that the <form> and its contents are constructed with the specific fields the service expects. If you look for one of these be careful to follow their instructions precisely.
Aside: The statement that the action attribute is required is flat out wrong. It is an optional attribute and in its absence the form will be submitted to the URL of the current page.
HTML is a front-end tool that allows you to take inputs using a form from the user. once the user clicks the submit button a post request is sent to the back-end tool (PHP in this casse; PHP is a back-end programming language). the back-end tool handles the information given and deals with it to your liking. the action attribute is basically telling the front-end (HTML) where to give the information to the back-end(PHP) which is in the form of a URL.
i highly suggest trying out this example on W3schools :
https://www.w3schools.com/tags/att_form_action.asp
I see you want to send your HTML form data to a PHP script. You can use WAMP server or XAMP server to do this locally. You should use the PHP script file path as the input for the .
For instance,
Home.html
<HTML>
....
<form action="process.php">
...
</form>
</HTML>
So, when you submit the form , the form data is passed onto the PHP file which you can access using a $_[SUBMIT] super global array in your PHP script.
Check github for projects on HTML,JAVASCRIPT,PHP.
Here's one to start: https://github.com/kristej/Uniform-Database-Management.git
If you are sending the data to an online server, you need to own it to process it. Hence try it out locally first.
We have a site running to drupal and migrated it to Squarespace. I have to retrieve some pages of drupal site but I can no longer view the site. Do you know any way to get the old content of website on drupal? Please know that we still have access to the drupal box. Any suggestions will be a big help.
Easiest way would be to make the old Drupal site available again through the browser running on a different domain like old.example.com, login into the admin panel and start copy/pasting content.
If you know your way around your computer, know the IP address the old server is running on you could for the time being change the host file of your machine to send requests for your site to the old server and get access to the site that way.
Migrating content by automating the process is also an option, but it is not only time consuming, it requires in depth knowledge of both platforms so is mostly a very expensive solution if you are not able to do this yourself.
But if I read your question, I think the first option is the easiest option. Get a hold of the technical person/party of the server the site is running on and get them to make the site accessible on a different domain.
I am trying to configure Apache2 so I can use MySQL for authenticating users to access certain pages. Also authorization needs to work so different groups can reach differen pages.
Now, I have googled a lot but can't find out how to do this. At least not for the configuration I am having. There doesn't seem to be any version of mod_auth_mysql that supports my configuration.
OSX 10.6.4
Apache 2.2
Now, how do I achieve this not creating my own login-application in php but using the built in support of Apache2? I'm totally stuck on this one...
Thanks in advance!
Regards,
Niklas
I also would like to use a taylormade login page, not pop-up
....
how do I achieve this not creating my own login-application in php but using the built in support of Apache2
Short answer is that you can't. Unless you rewrite the Apache source code or create your own module, you can't mix HTTP based authentication with non-pop-up login prompts.
However if you are using PHP then a relatively low impact solution would be to use auto-prepend to prefix every protected page with a check on the users session. Obviously this would need a bit more thought if it is to be applied to files other than PHP source files (it'll work perfectly well if you tell Apache to apply the php engine to, say .gif files, but your script will need to detect and return the appropriate mime type).
A simpler solution might be to put a tool like squid in front of the webserver as a reverse proxy, then make the session handling data available to the squid url-rewriter.
You can build mod_auth_mysql from the source. Have a look at this post.
I you want your own log-in page, you cannot use Apache to do authentication.
Apache authentication uses the Authentication portion of the HTTP standard, and as a result you're reliant on the browser to handle the interaction with the user. There are plugins (like mod_auth_mysql) to use a database as the backend for this, but Apache can't ask the user for their credentials any other way.
The fastest approach might well be to set up Drupal or Joomla, which will get you user and group management as well as full content editing, in a way that will let you control who can edit what.
This is my first time building a website and using CodeIgniter for a school project. I was wondering whether you have any tips on uploading CI to a free web host , my database, free webhosting and basic security tips.
Can I just upload the entire CI folder? Or do I have to upload individual files (God no!)? What are my options?
What about my MySQL database - do I just upload my mysqldump to the webhost?
Also, can you recommend a good free webhost. I was thinking about 000webhost.
Any basic tips on security would also be appreciated (I've implemented many of the form_validation rules like xss_clean for starters)
Any other suggestions will be more than welcome. Thanks!
I used 000webhost.com long time ago and remembered having minor inconvenient here and there (i.e.: slow connection, server unreachable sometime). I don't have any suggestion on a good free webhost because in most situation the words "good" and "free webhost" do not belong in the same sentence. You get what you paid for.
Now, onto the uploading itself.
You need to upload the entire CI folder and your app as well
You can either zip them all and extract the zip if you have shell access to the server
You can use FTP to upload all files at once
MySQL DB: if you have SQL scripts, you can execute them in phpMyAdmin interface if the web host provider gives you access to it. Please read phpMyAdmin documentation for ways to upload your MySQL data.
In terms of security:
http://codeigniter.com/user_guide/installation/index.html
http://codeigniter.com/user_guide/general/security.html
Sanitize user input if you're using SQL expression directly
If you are using CI ORM/database library, make sure you keep yourself up to date to any security issues by checking CI mailing-list, IRC, or whichever the preferred communication channel the CI people use.
For simplicity, avoid HTML tags (as a user) input, treat them as literal
Instead of uploading individual files make the entire directory into a zip folder (or any compressed folder) to save bandwidth and time.
Also most webhosts will have an uploader, but im not sure about free hosts supporting database services, you would have to look into that.
I want to build a web based front-end to manage/administer my Linux box. E.g. I want to be able to add users, manage the file system and all those sorts of things. Think of it as a cPanel clone but more for system admin rather that web admin.
I was thinking about creating a service that runs on my box and that performs all the system levels tasks. This way I can have a clear separation between my web based front-end and the actual logic. The server pages can than make calls to my specialized server or queue tasks that way. However, I'm not sure if this would be the best way to go about this.
I guess another important question would be, how I would deal with security when building something like this?
PS: This just as a pet project and learning experience so I'm not interested in existing solutions that do a similar thing.
Have the specialized service daemon running as a distinct user -- let's call it 'managerd'. Set up your /etc/sudoers file so that 'managerd' can execute the various commands you want it to be able to run, as root, without a password.
Have the web server drop "trigger" files containing the commands to run in a directory that is mode '770' with a group that only the web server user and 'managerd' are members of. Make sure that 'managerd' verifies that the files have the correct ownership before executing the command.
Make sure that the web interface side is locked down -- run it over HTTPS only, require authentication, and if all possible, put in IP-specific ACLs, so that you can only access it from known locations, in advance.
Your solution seems like a very sensible solution to the 'root' issue.
Couple of suggestions:
Binding the 'specialised service' to localhost as well would help to guarantee that requests can't be made externally.
Checking request call functions that perform the actions and not directly give the service full unrestricted access. So calling a function "addToGroup(user,group)" instead of a generic "performAction(command)".