So, swap your CMS logins to use the same access code for the user, then use sessions to swap the mysql stuff in where needed. Or make it use a mysql call from the CMS login to access their mysql information from another table and do it that way. 1 login, 1 password, very user friendly. And only 1 place to have to worry about changing files. HTH, Wolf Shaun wrote: > I see your point, the only problem is that the user will have already logged > once into the CMS, logging in again would be a little frustrating and not > very user friendly... > > > ""Weber Sites LTD"" <berber@xxxxxxxxxxxxxxx> wrote in message > news:2f9101c6624d$00964610$6901a8c0@xxxxxxxxxxxxxxxxxxxxxxxxxx >> I think that you are looking at this from the wrong angle. >> What you should do, is password protect all CMS directories >> And then, anyone that needs access has to punch in a valid >> Username and password. >> >> Have a look at : http://sourceforge.net/projects/modauthmysql/ >> >> Sincerely >> >> berber >> >> Visit the Weber Sites Today, >> To see where PHP might take you tomorrow. >> PHP code examples : http://www.weberdev.com >> PHP & MySQL Forums : http://www.weberforums.com >> >> >> >> -----Original Message----- >> From: Shaun [mailto:shaunthornburgh@xxxxxxxxxxx] >> Sent: Monday, April 17, 2006 2:52 PM >> To: php-general@xxxxxxxxxxxxx >> Subject: Re: Including files from another site >> >> Hi, >> >> Thanks for your reply, sorry I should have been a little clearer in my >> explanation. Here goes... >> >> I have a dedicated UNIX server with many websites on it. On this server I >> have also created a Content Management System which has a database which I >> use to store HTML content for all the other websites. Each website has a >> database connection to the CMS database to retrieve the HTML for its >> pages. >> >> Each website that uses its own database has a folder called /cms and in >> here >> I keep all the database admin scripts for that website. I want these pages >> to only be accessible from within the CMS website and nothing else. So >> when >> the user is in the CMS they can click on database admin and it will >> include >> the pages in that websites /cms folder. >> >> My Question is how can I ensure that the CMS is the only website that can >> access these scripts securely? >> >> Thanks for your advice. >> >> >> ""Weber Sites LTD"" <berber@xxxxxxxxxxxxxxx> wrote in message >> news:2a6601c6621b$fa43bc60$6901a8c0@xxxxxxxxxxxxxxxxxxxxxxxxxx >>> I'm not sure I understand what you are trying to do. >>> What is the connection between frames and security? >>> >>> In general, assuming that all users have access to The same scripts, >>> you need to include in all of your Scripts some kind of security logic >>> that tells the Script which user can do what. >>> >>> Usually you would want to also allow group access Rather then user >>> access for easier maintenance. >>> >>> You should keep a user table with user, password And privileges. There >>> are endless ways to do this And you need to choose what is best for >>> your site. >>> >>> Have a look at some relevant code examples: >>> http://www.weberdev.com/AdvancedSearch.php?searchtype=title&search=aut >>> h >>> >>> berber >>> >>> -----Original Message----- >>> From: Shaun [mailto:shaunthornburgh@xxxxxxxxxxx] >>> Sent: Monday, April 17, 2006 12:46 PM >>> To: php-general@xxxxxxxxxxxxx >>> Subject: Including files from another site >>> >>> Hi, >>> >>> I have created a CMS where all sites on our server are administrated >>> from one central site, and HTML content is stored in the CMS database. >>> >>> I want users to all control their sites database functions from the >>> CMS site, but I want to keep the database and database admin scripts >>> in the individual website account to keep things simple. So I need >>> want to be able to include these scripts within the CMS site but keep >>> them secure. I have tried using frames but I can't keep a session >>> going in the database admin scripts, is there a better way to do this? >>> >>> Any advice would be greatly appreciated. >>> >>> -- >>> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: >>> http://www.php.net/unsub.php >> -- >> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: >> http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
