mutli user web hosting

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

benxuk
Forum Newbie
Posts: 8
Joined: Mon Mar 22, 2004 10:50 pm

mutli user web hosting

Post by benxuk »

can i offer mutli users the abillity to host *.php or will it leave open big security problems, ie: filesystem access? i'm running windows 2003 WE and i was hoping i could run other domains with php...

if there are problems with doing this in the state php ships, what suggested routes is there?

ty :roll:
User avatar
softsolvers
Forum Commoner
Posts: 75
Joined: Fri Feb 13, 2004 4:26 am
Location: India

Post by softsolvers »

What i feel that there is no such probs is running a multi user site,(Sites are multi user??)
WHAT prob u actually facing
benxuk
Forum Newbie
Posts: 8
Joined: Mon Mar 22, 2004 10:50 pm

Post by benxuk »

sorry, i think i may have misled you :roll:

by multi-user i mean multiple administrative users, eg: geocities
User avatar
softsolvers
Forum Commoner
Posts: 75
Joined: Fri Feb 13, 2004 4:26 am
Location: India

Post by softsolvers »

What i feel that u can do that ,but if you will be a bit specific then it will be helpful for me
benxuk
Forum Newbie
Posts: 8
Joined: Mon Mar 22, 2004 10:50 pm

Post by benxuk »

:) Thank you, I have registered at WebHostingTalk and I haven't got any response yet so i will keep trying!

This is what i want to acheive in the final product...

PHP Web Hosting
ASP.net Web Hosting
MySQL (I have set this up successfully with PHPMyAdmin)

I want to offer all these service's thru a turnkey based system, and I want to be confident that my clients will only have administrative and power-user access in there set directorys...

In ColdFusion I would setup Sandbox Security to limit the function of CFM tags to work only in the user's home directory, I was curious about whether the same functionallity is available in PHP (and .net for that matter).

Does this help describe my situation?
User avatar
softsolvers
Forum Commoner
Posts: 75
Joined: Fri Feb 13, 2004 4:26 am
Location: India

Post by softsolvers »

You can do this by giving privileges to the users,i.e to your registered or free users.Just create a session according to the priviledge and then continue accordingly.
magicrobotmonkey
Forum Regular
Posts: 888
Joined: Sun Mar 21, 2004 1:09 pm
Location: Cambridge, MA

Post by magicrobotmonkey »

IIS or apache? or soething else?
benxuk
Forum Newbie
Posts: 8
Joined: Mon Mar 22, 2004 10:50 pm

Post by benxuk »

yeah its iis 6 to be precise, so are we talking standard windows users? what i mean is (sorry i'm new to php) in other markup languages there has never needed to be any permission other than for the user IUSER_MACHINENAME -

should i assign a username with read/write/delete permission to the user home directory and then maybe have them include the relevent user/pass etc in there php documents?

i don't want to worry that users can write script that will have access to any other data on the filesystem

:lol: i guess i should learn more about php also :roll:
magicrobotmonkey
Forum Regular
Posts: 888
Joined: Sun Mar 21, 2004 1:09 pm
Location: Cambridge, MA

Post by magicrobotmonkey »

I dunno, I use apache.
benxuk
Forum Newbie
Posts: 8
Joined: Mon Mar 22, 2004 10:50 pm

Post by benxuk »

magicrobotmonkey wrote:I dunno, I use apache.
would what i'm asking work on apache? is there no "tools" to configure php in a multi user enviroment?
magicrobotmonkey
Forum Regular
Posts: 888
Joined: Sun Mar 21, 2004 1:09 pm
Location: Cambridge, MA

Post by magicrobotmonkey »

I dunno, I think it would be better on a linux machine with the stronger and clearer permissions. To me, windows permissions are about as clear as mud! But never having touchesd IIS I can't comment on the setting up of directories and such there, whereas with apache you should be able to do it pretty nicely, what with .htaccess files and stuff. I bet if you look at apaches website, they'll have stuff about what you're trying to do. Its not a matter of configuring php for a multiuser environment, but configuring the server for a multiuser environment.
malcolmboston
DevNet Resident
Posts: 1826
Joined: Tue Nov 18, 2003 1:09 pm
Location: Middlesbrough, UK

Post by malcolmboston »

ok ill give my ideas on this subject and how i achieved it.

ok you talk about geocities
geocities uses teh format geocities.com/yoursite/
your site is basically a folder

now to actually make administrative changes the user MUST login obviously, ok say we have a form like this
* username
* password
* sitename

obviously in the mysql members table all 3 of these fields would be present and all 3 would be required to authenticate

now after they have been logged in successfuly set a var such as
$_SESSION['domain'];

for eg $_SESSION['domain'] would be equal to evolution
as your site is called http://www.geocities.com/evolution

now in all sql queries and and such like only run queries using evolution table

so.......

Code: Select all

// just an eg
$query = "SELECT * FROM $_SESSION[domain]";
hopefully this gives you some ideas

mal
magicrobotmonkey
Forum Regular
Posts: 888
Joined: Sun Mar 21, 2004 1:09 pm
Location: Cambridge, MA

Post by magicrobotmonkey »

yea exactly - each user has their own folder and you restrict their access to that folder. Cept often there will be a separate cgi-bin folder where is the only place things can be run. you could either have one for each user or have a universal one, with permissions set file to file.
but this part of the discussion is more for some other type of forum.
malcolmboston
DevNet Resident
Posts: 1826
Joined: Tue Nov 18, 2003 1:09 pm
Location: Middlesbrough, UK

Post by malcolmboston »

simple

if you have knowledge of mkdir (basically directory commands)
at registration after everything is created run SEVERAL creation scripts

such as
mkdir (for the domain)
mysql insert command (to populate mysql tables

then open up your newly created directory
and run another mkdir for
CGI-BIN


pretty simple
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

If php runs under the same ID for all (and it does) it can go anywhere in any user account.

This link might be interesting.
Last edited by McGruff on Tue Mar 23, 2004 8:34 am, edited 1 time in total.
Post Reply