Access personal files via secure log in
Autor: Andy A.
Visited 949,
Followers 1,
Udostępniony 0
Can anyone please point me in the right direction how to allow our members to access their own section of our site where indiviual documents can be downloaded via a passworded area for that individual?
Thank you in advance.
Posted on the
Be aware that even if you make it possible to download a document via restricted pages then the documents are still accessible by all users.
If a user knows the name of the document then it can be accessed.
Giving the documents very unique names will not solve that problem, as search-engines can find the documents and that could make them shown in search results.
You could tell search engines not to crawl the folders where you have the documents, but this is not a reliable method.
The best way is to secure your document-folder(s).
You can have several folders where access is restricted for different groups.
You should use htaccess. to secure the files.
See information here:
https://help.dreamhost.com/hc/en-us/articles/216363187-Password-protecting-your-site-with-an-htaccess-file
https://www.youtube.com/watch?v=o6q374gtNVg
Using htaccess. you have no holes in the system.
If the documents has no confidental information at all, then you could just use the method of making protected pages where you make download possible.
Maybe a better link: https://stackoverflow.com/questions/5229656/password-protecting-a-directory-and-all-of-its-subfolders-using-htaccess
If you want to use the not-so-secure solution with locked pages, then you create groups for the different access levels and then create users for the groups.
Another approach could be to use a document system.
https://www.phpjabbers.com/file-sharing-script/#sectionFeature
There is also the free ADMIDIO https://www.admidio.org/ - member system.
Depending on the number of users, if the document content is critical, if users should be able to co-work on the documents or if it is only a system for downloading documents with non-sensitive information, there is a lot of possibilities. The more information you could give the better answers you will maybe get back.
Using a document system for few users and non-sensitive documents could be as using a sledgehammer to crack a nut - but using secured pages as a method to access documets with sensitive information, could be as using a water pistol to fight against an army of machine-gun armed hackers.
General instructions for setting up a protected area can be found here, see
>> https://guide.websitex5.com/en/support/solutions/folders/44000373872
If problems arise or if you have specific questions, then report back and ask specific questions.
Autor
Attached are the screen shots showing that I cant add uers to the locked pages ?
Autor
screen shot showing no users listed ?
Thanks
@Andy
You have to create one or more groups that are NOT administrator
And of course - also create one or more users for the group(s) you create.
@Andy
*** IMPORTANT *** You have exposed admin passwords in the attchments. It is important that you change these immediately.
Autor
Hi John.
Thanks for the info, think I now have the list populating .
The passwords etc are for testing purposes any way but I will change everything, thanks for the pointer.
Regards
Andy
Autor
Got the list populating, made page hidden and set to locked with access to one of the users on the list. Uploaded the site but can't access the page, get 404 error ?
The page you have "locked" is now made as a PHP-page. The original html page still exists.
Some of the links in the project maybe need to be refreshed.
You should delete the html-page.
What happens if you directly specify the URL that leads to the PHP in the browser?
You probably know, but it has to be tested on the server - PHP functionality cannot function in the preview.
Autor
If I try direct amwarkup.co.uk/andy-addy.php get page 404
This page is not in our directory ?
Try a full upload of your project.
It seems that you now are very close to the finish line
Autor
Hi John.
Many thanks for your help. The complete upload seems to have worked, I can now continue to work on the private areas.
Regards
Andy