WebSite X5Help Center

 
Andy A.
Andy A.
User

Access personal files via secure log in  en

Autor: Andy A.
Visited 998, Followers 1, Udostępniony 0  

Can anyone please point me in the right direction how to allow our members to access their own section of our site where indiviual documents can be downloaded via a passworded area for that individual?

Thank you in advance.

Posted on the
17 ODPOWIEDZI - 1 PRAWIDłOWA ODPOWIEDź
John S.
John S.
User

Be aware that even if you make it possible to download a document via restricted pages then the documents are still accessible by all users.

If a user knows the name of the document then it can be accessed.

Giving the documents very unique names will not solve that problem, as search-engines can find the documents and that could make them shown in search results.

You could tell search engines not to crawl the folders where you have the documents, but this is not a reliable method.

The best way is to secure your document-folder(s).

You can have several folders where access is restricted for different groups.

You should use htaccess. to secure the files.

See information here:

https://help.dreamhost.com/hc/en-us/articles/216363187-Password-protecting-your-site-with-an-htaccess-file

https://www.youtube.com/watch?v=o6q374gtNVg

Using htaccess. you have no holes in the system.

If the documents has no confidental information at all, then you could just use the method of making protected pages where you make download possible.

Czytaj więcej
Posted on the from John S.
John S.
John S.
User

Another approach could be to use a document system.

https://www.phpjabbers.com/file-sharing-script/#sectionFeature

There is also the free ADMIDIO https://www.admidio.org/ - member system.

Depending on the number of users, if the document content is critical, if users should be able to co-work on the documents or if it is only a system for downloading documents with non-sensitive information, there is a lot of possibilities. The more information you could give the better answers you will maybe get back.

Using a document system for few users and non-sensitive documents could be as using a sledgehammer to crack a nut - but using secured pages as a method to access documets with sensitive information, could be as using a water pistol to fight against an army of machine-gun armed hackers.

Czytaj więcej
Posted on the from John S.
Andy A.
Andy A.
User
Autor

Attached are the screen shots showing that I cant add uers to the locked pages ?

Czytaj więcej
Posted on the from Andy A.
Andy A.
Andy A.
User
Autor

screen shot showing no users listed ?

Thanks

Czytaj więcej
Posted on the from Andy A.
John S.
John S.
User

@Andy

You have to create one or more groups that are NOT administrator

Czytaj więcej
Posted on the from John S.
John S.
John S.
User

And of course - also create one or more users for the group(s) you create.

Czytaj więcej
Posted on the from John S.
John S.
John S.
User

@Andy

*** IMPORTANT ***  You have exposed admin passwords in the attchments. It is important that you change these immediately.

Czytaj więcej
Posted on the from John S.
Andy A.
Andy A.
User
Autor

Hi John.

Thanks for the info, think I now have the list populating .

The passwords etc are for testing purposes any way but I will change everything, thanks for the pointer.

Regards

Andy

Czytaj więcej
Posted on the from Andy A.
Andy A.
Andy A.
User
Autor

Got the list populating, made page hidden and set to locked with access to one of the users on the list. Uploaded the site but can't access the page, get 404 error ?

Czytaj więcej
Posted on the from Andy A.
John S.
John S.
User

The page you have "locked" is now made as a PHP-page. The original html page still exists.

Some of the links in the project maybe need to be refreshed.

You should delete the html-page.

What happens if you directly specify the URL that leads to the PHP in the browser?

Czytaj więcej
Posted on the from John S.
John S.
John S.
User

You probably know, but it has to be tested on the server - PHP functionality cannot function in the preview.

Czytaj więcej
Posted on the from John S.
Andy A.
Andy A.
User
Autor

If I try direct amwarkup.co.uk/andy-addy.php       get page 404

This page is not in our directory ?

Czytaj więcej
Posted on the from Andy A.
John S.
John S.
User

Try a full upload of your project.

Czytaj więcej
Posted on the from John S.
John S.
John S.
User

It seems that you now are very close to the finish linewink

Czytaj więcej
Posted on the from John S.
Andy A.
Andy A.
User
Autor

Hi John.

Many thanks for your help. The complete upload seems to have worked, I can now continue to work on the private areas.

Regards

Andy

Czytaj więcej
Posted on the from Andy A.