Slooze PHP Web Album Application

[Ryan L. Kitchen]

Hi All-

 

<Wipes sweat from brow> 

I had a busy night! Last night I decided to make my Debian box be more than
just a layover for file transfers between machines and a shoddy web server.
I added Perl and php into my apache install. I installed MySql and
configured my db_users and access etc.  I got together some photos,
imagemagicked them into a variety of contortions and file types (thumbnails)
and I ended up piecing together a basic php web based photo album.

 

Because my php knowledge is abysmal at best, I borrowed 95% of what I put up
from a program called "slooze".

This is where it gets tricky.

 

I'm using the default apache root /var/www.  I installed my slooze (as he
recommended) in a folder called "photos".

I promptly made it "x" only by users, so they couldn't go directly to the
folder and "see" what was in it online.

Basically, I point slooze at sub directories within this "photos" folder. It
calls them rolls. It then parses through the "rolls" aka directories,
looking for files that I determine. It uses one type of image file as a
thumb (.gif), and one type as a nicer and larger viewable image(.jpg).  This
all works flawlessly.

 

My problem is there are 2 php files in the photos directory that I want to
have varying levels of public access. One is photos.php which controls basic
user access. I want this in the open. I'd like <randomly points> YOU to be
able to go and see my pictures if you have the desire, without getting touch
a user/pass. The other is the admin.php file that controls all of the photo
album administration. If I put an .htaccess file in the directory and
configure apache, everyone will be forced to authenticate.  Again, let me
reiterate, my programming skills are poor. Beyond dull.

What I'm trying to do is move EVERYTHING -but- the photos.php into a sub
directory (called admin) and just fix all the pointers so that it still
works.  Then I can use <Directory> or .htaccess to limit the availability of
my admin page.

 

This is not enterprise level traffic or corporate secrets. If someone owns
my server, it just sucks for me to put everything back together. I'm just
trying to make something that is kind of neat and moderately secure. Anyone
have any experience with this? Any suggestions for what to use -instead- of
.htaccess files?  I've read on apaches website about the dangers of using
.htaccess when you directory structure is -deep- because it checks each
directory as it goes down. I'm not worried about that so much. Still.

 

Give a few pointers folks, if you've got a sec!

 

TIA,

 

Ryan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.blu.org/pipermail/discuss/attachments/20040315/70e9d55b/attachment.html>