Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Hi All- <Wipes sweat from brow> I had a busy night! Last night I decided to make my Debian box be more than just a layover for file transfers between machines and a shoddy web server. I added Perl and php into my apache install. I installed MySql and configured my db_users and access etc. I got together some photos, imagemagicked them into a variety of contortions and file types (thumbnails) and I ended up piecing together a basic php web based photo album. Because my php knowledge is abysmal at best, I borrowed 95% of what I put up from a program called "slooze". This is where it gets tricky. I'm using the default apache root /var/www. I installed my slooze (as he recommended) in a folder called "photos". I promptly made it "x" only by users, so they couldn't go directly to the folder and "see" what was in it online. Basically, I point slooze at sub directories within this "photos" folder. It calls them rolls. It then parses through the "rolls" aka directories, looking for files that I determine. It uses one type of image file as a thumb (.gif), and one type as a nicer and larger viewable image(.jpg). This all works flawlessly. My problem is there are 2 php files in the photos directory that I want to have varying levels of public access. One is photos.php which controls basic user access. I want this in the open. I'd like <randomly points> YOU to be able to go and see my pictures if you have the desire, without getting touch a user/pass. The other is the admin.php file that controls all of the photo album administration. If I put an .htaccess file in the directory and configure apache, everyone will be forced to authenticate. Again, let me reiterate, my programming skills are poor. Beyond dull. What I'm trying to do is move EVERYTHING -but- the photos.php into a sub directory (called admin) and just fix all the pointers so that it still works. Then I can use <Directory> or .htaccess to limit the availability of my admin page. This is not enterprise level traffic or corporate secrets. If someone owns my server, it just sucks for me to put everything back together. I'm just trying to make something that is kind of neat and moderately secure. Anyone have any experience with this? Any suggestions for what to use -instead- of .htaccess files? I've read on apaches website about the dangers of using .htaccess when you directory structure is -deep- because it checks each directory as it goes down. I'm not worried about that so much. Still. Give a few pointers folks, if you've got a sec! TIA, Ryan -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.blu.org/pipermail/discuss/attachments/20040315/70e9d55b/attachment.html>
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |