Page 1 of 2
mutli user web hosting
Posted: Mon Mar 22, 2004 10:50 pm
by benxuk
can i offer mutli users the abillity to host *.php or will it leave open big security problems, ie: filesystem access? i'm running windows 2003 WE and i was hoping i could run other domains with php...
if there are problems with doing this in the state php ships, what suggested routes is there?
ty

Posted: Mon Mar 22, 2004 10:54 pm
by softsolvers
What i feel that there is no such probs is running a multi user site,(Sites are multi user??)
WHAT prob u actually facing
Posted: Tue Mar 23, 2004 2:22 am
by benxuk
sorry, i think i may have misled you
by multi-user i mean multiple administrative users, eg: geocities
Posted: Tue Mar 23, 2004 3:17 am
by softsolvers
What i feel that u can do that ,but if you will be a bit specific then it will be helpful for me
Posted: Tue Mar 23, 2004 3:38 am
by benxuk

Thank you, I have registered at WebHostingTalk and I haven't got any response yet so i will keep trying!
This is what i want to acheive in the final product...
PHP Web Hosting
ASP.net Web Hosting
MySQL (I have set this up successfully with PHPMyAdmin)
I want to offer all these service's thru a turnkey based system, and I want to be confident that my clients will only have administrative and power-user access in there set directorys...
In ColdFusion I would setup Sandbox Security to limit the function of CFM tags to work only in the user's home directory, I was curious about whether the same functionallity is available in PHP (and .net for that matter).
Does this help describe my situation?
Posted: Tue Mar 23, 2004 5:55 am
by softsolvers
You can do this by giving privileges to the users,i.e to your registered or free users.Just create a session according to the priviledge and then continue accordingly.
Posted: Tue Mar 23, 2004 7:02 am
by magicrobotmonkey
IIS or apache? or soething else?
Posted: Tue Mar 23, 2004 7:18 am
by benxuk
yeah its iis 6 to be precise, so are we talking standard windows users? what i mean is (sorry i'm new to php) in other markup languages there has never needed to be any permission other than for the user IUSER_MACHINENAME -
should i assign a username with read/write/delete permission to the user home directory and then maybe have them include the relevent user/pass etc in there php documents?
i don't want to worry that users can write script that will have access to any other data on the filesystem

i guess i should learn more about php also

Posted: Tue Mar 23, 2004 7:41 am
by magicrobotmonkey
I dunno, I use apache.
Posted: Tue Mar 23, 2004 7:58 am
by benxuk
magicrobotmonkey wrote:I dunno, I use apache.
would what i'm asking work on apache? is there no "tools" to configure php in a multi user enviroment?
Posted: Tue Mar 23, 2004 8:03 am
by magicrobotmonkey
I dunno, I think it would be better on a linux machine with the stronger and clearer permissions. To me, windows permissions are about as clear as mud! But never having touchesd IIS I can't comment on the setting up of directories and such there, whereas with apache you should be able to do it pretty nicely, what with .htaccess files and stuff. I bet if you look at apaches website, they'll have stuff about what you're trying to do. Its not a matter of configuring php for a multiuser environment, but configuring the server for a multiuser environment.
Posted: Tue Mar 23, 2004 8:08 am
by malcolmboston
ok ill give my ideas on this subject and how i achieved it.
ok you talk about geocities
geocities uses teh format geocities.com/yoursite/
your site is basically a folder
now to actually make administrative changes the user MUST login obviously, ok say we have a form like this
* username
* password
* sitename
obviously in the mysql members table all 3 of these fields would be present and all 3 would be required to authenticate
now after they have been logged in successfuly set a var such as
$_SESSION['domain'];
for eg $_SESSION['domain'] would be equal to evolution
as your site is called
http://www.geocities.com/evolution
now in all sql queries and and such like only run queries using evolution table
so.......
Code: Select all
// just an eg
$query = "SELECT * FROM $_SESSION[domain]";
hopefully this gives you some ideas
mal
Posted: Tue Mar 23, 2004 8:18 am
by magicrobotmonkey
yea exactly - each user has their own folder and you restrict their access to that folder. Cept often there will be a separate cgi-bin folder where is the only place things can be run. you could either have one for each user or have a universal one, with permissions set file to file.
but this part of the discussion is more for some other type of forum.
Posted: Tue Mar 23, 2004 8:20 am
by malcolmboston
simple
if you have knowledge of mkdir (basically directory commands)
at registration after everything is created run SEVERAL creation scripts
such as
mkdir (for the domain)
mysql insert command (to populate mysql tables
then open up your newly created directory
and run another mkdir for
CGI-BIN
pretty simple
Posted: Tue Mar 23, 2004 8:32 am
by McGruff
If php runs under the same ID for all (and it does) it can go anywhere in any user account.
This link might be interesting.