Protect my scripts 1

[Qwark]

Hello PHP Guru,

I have made some scripts for manage a database. But not everybode is permissed to manage the database. I must protect the script all files or one directory with a central password. Is this possible with PHP or must i use Perl. I hope PHP can handle the problem.

Thanks,

Qwark.

 

[ChrisMacPherson]

I am not sure if this is the best way to do it, as I'm very new to PHP, but here is what I have done...

Have a login screen where users must enter a username & password. If the username & password is correct then set a cookie named verified(or whatever)with a value of userok (or whatever)

<?

//This sets a cookie which expires when the browser is
//closed.

$cookie_name = &quot;verified&quot;;
$cookie_value = &quot;userok&quot;;
$cookie_expire = &quot;&quot;;
$cookie_domain = &quot;&quot;;
setcookie($cookie_name,
$cookie_value,
$cookie_expire, &quot;/&quot; ,
$cookie_domain, 0);

?>


Then on each script at the top you can check to see if the cookie is present or not. If it is not you can redirect the user to your login page.

<?

//This checks to see if the cookie 'verified' is present.
//If not user is redirected.

if (!$verified)
{
header(&quot;Location:

http://www.youraddress.com/login_page.html&quot;);

exit;
}

//The rest of your code here...

?>

As I said, I'm new to this, but I think this should be what your after. If anyone has a better way I would be glad to learn of it as well. Hope this helps.

Chris MacPherson
thedamager@hotmail.com

http://www.macpweb.org

Bring on the new Browza's!!

 

[Qwark]

Thanks Chris,

I think your tip is a smart one. Beginners can use that tip very easy.

 

[SteveBrett]

i used a similar method but used a session variable to check whether the user had been authenticated ...

 

[bluetac]

On the subject of protecting scripts, Zend technologies just released a range of tools available to freelance PHP developers for USD 50 a year, that allows you to lock down your scripts from alteration. they also have tools to set up and manage PHP caching :


Zend News and Press Releases

Zend Technologies Introduces Value-Added Product Line to Address Enterprise PHP Users


BALTIMORE, Md., January 23, 2001 – Zend Technologies today announced a robust set of value-added products and services for enterprise users and developers of PHP technology (PHP: Hypertext Preprocessor). The new Zend products and services are designed to enhance PHP application performance, enable Web professionals to significantly increase their productivity, and provide software vendors with the ability to safeguard their intellectual property from copyright infringement and theft.

&quot;Zend is building on the enormous success of PHP in the Internet economy by leading the PHP revolution into the enterprise,&quot; said Doron Gerstel, CEO and president of Zend Technologies. &quot;Zend is committed to providing valued-added solutions to PHP users in Internet, extranet and intranet environments, all of whom must increase performance and decrease time to market in order to maintain their edge.&quot;

Zend Cache™ Increases Performance and Scalability

The Zend Cache dramatically increases the performance and efficiency of PHP-driven Web applications. It is a customizable script-caching module that stores an intermediate coded version of a PHP application in the Web server's memory. This enables many more transactions per second, significantly reduces latency time – one of the major obstacles for e-commerce, since it frustrates users and can deter them from completing transactions – and puts less drain on computing resources.

The Zend Cache delivers the best ROI of any conventional solution aimed at increasing the responsiveness of high-traffic, dynamic Web sites. The Zend Cache includes an intuitive graphical user interface that enables users to control Cache settings, perform benchmarking, compile customized blacklists of script sections that should not be cached, and view hits and other statistics.

&quot;The Zend Cache is a critical part of our infrastructure,&quot; said Marc Slayton, Director of Systems Engineering for AuctionWatch.com. &quot;Our site serves millions of requests a day and we are committed to having our customers receive the best user experience possible. Since installing this product, our response time has gone up significantly and our hit rate is impressive, without compromising memory. We had considered hardware solutions, but with ongoing maintenance and upkeep, we realized that Zend could answer our needs much more efficiently.&quot;

Zend Encoder Unlimited Protects Source Code

The Zend Encoder Unlimited enables companies to increase Web site security and distribute their exclusive software solutions and commercial PHP applications without revealing the source code. This product, which creates a platform-independent binary file and provides extra protection against reverse engineering, may be reused for an unlimited number of applications and allows secure distribution of PHP-based Web applications to an unlimited number of end users. By providing such protection, the Zend Encoder Unlimited opens the way for the widespread acceptance of PHP for business and commercial applications, where protection of proprietary information is of primary concern.

Zend Subscription Plan for Ongoing Updates Year-Round

The Zend Subscription Plan is a set of constantly updated Zend products and services for supporting and speeding the development of PHP and for deploying and maximizing PHP-based Web applications. The subscription plan includes major version updates, special offers, and exclusive offerings throughout the year. All products and services are available through the Zend Web site (

http://www.zend.com).

The Zend Subscription Plan is available in commercial and non-commercial versions. The non-commercial plan, available at nominal cost, has been created for personal use and is geared toward the PHP freelance community. &quot;It is part of our commitment to promote the proliferation of PHP as the scripting language of choice for the Web,&quot; said Gerstel. The commercial plan is targeted for professional developers and vendors and offers online access to Zend technical support services.

Zend IDE™ (Integrated Development Environment) Increases Programmer Productivity

Zend's PHP development environment speeds development time and reduces time to market. The Zend IDE provides subscribers with a full suite of customizable tools, including a powerful remote debugger that enables debugging scripts on the server, a customizable text editor, PHP and HTML highlighting, and HTML code completion. The Zend IDE also provides the framework for adding future extensions.

Zend Support-Online Services (SOS) Provides 24/7 Web-Enabled Support

Zend's Support-Online Service is a dedicated application designed to make it easy to get support when needed. This Web-enabled service for commercial subscribers entitles the user to two support incidents, which may include requests for PHP or Zend products support. The service is provided through the Web by a large group of PHP experts.

Zend LaunchPad™ a Convenient, Reliable Source for PHP

The Zend LaunchPad provides quality-assured, hassle-free, updated PHP downloads. PHP sources are tested in Zend's own labs, and results are stamped, ensuring that they have undergone various testing levels before release. The Zend LaunchPad includes an easy to use GUI module that enables the user to select a personal PHP platform, server, database, and standards environment prior to downloading. Zend LaunchPad keeps subscribers up-to-date with the latest quality-assured modules through the Zend LaunchPad section on Zend's Web site.

&quot;The Zend LaunchPad is ideal for running PHP products,&quot; said Gerstel. &quot;Enterprises receive unlimited downloads. No more worries about compatibility, no more worries about updates; they are available year round. It is the most convenient, reliable source for PHP.&quot;

Zend Encoder SE, for protecting source code and enabling limited application distribution The Zend Encoder SE, like the Zend Encoder Unlimited, increases Web security and protects the intellectual property of a Web site or PHP applications. It enables limited distribution of applications through the Zend Encoder Runtime plug in. Subscribers may purchase this runtime option, in increments of 5, 50, and 100.


Practical Details

The Zend Subscription Plan is priced at $50 per year for non-commercial customers and $70 per month for commercial developers. Perpetual licensing of the Zend Encoder Unlimited is priced at $6000 and licensing for the Zend Cache is priced below $2000 per CPU. All products announced today are available for download at the Zend Store on

http://www.zend.com.

About Zend Technologies

Zend Technologies (

http://www.zend.com),

headquartered in Ramat Gan, Israel, develops and markets Internet infrastructure software programs. In addition to offering value-added products and services for Web application development, Zend remains committed to the advancement and proliferation of PHP as a freeware, open-source scripting language. In this role, the company offers expertise and technical backing to the PHP open-source community.

PHP is used to develop dynamic Web pages for e-commerce and other Web applications. PHP applications run on more than 36 percent of Web servers running Apache software, making it the most popular language module for Apache servers. PHP is an open-source server-side scripting language (freely downloadable from php.net and zend.com) that offers a simple, universal solution for easy-to-program dynamic Web pages – pages that interact with the user, so that each user visiting the page sees customized information.

# # #

Zend Cache™, Zend Encoder Unlimited™, Zend LaunchPad™ and Zend IDE™ are trademarks of Zend Technologies Ltd. All other trademarks are the property of their respective owners.s

For more information:


Andres Jugnarain
Wireless Editor

http://www.thetuckshop.com