PHP Would like some help understanding website management

[aheight]

Hi guys,

I am very much a novice at website management and have set up a website which accesses my SQL database and I'm not using WordPress or other site building software, and I don't understand really the mechanics of private and public access to the site file system and was wondering if someone could explain it a bit to me?

Ok, on my site, I use CPanel and have a subdirectory named public_html and I assume that is the one accessed when the website is referenced right? And then I assume when the domain name is entered as a web address, it goes to this directory and runs index.html right? And that's what I want for public viewing. However, I would also like to run a database update script using the same domain name but a different file in the subdirectory but don't want public access to it obviously. So say my domain name is "mydomain.net". So then when the public enters mydomain.net it runs the index.html file and that is fine. However, I would like the option of running a different file privately so I type:

mydomain.net/updateDatabase.html.

And that file has a php script which then updates the database. However I can just run this file publicly by typing it in at the http prompt and I don't want just anyone running it or other files on my site. Should I not keep private files in public_html? Is that a dumb question? But if I store them in another subdirectory, how do I then run them privately? I would like to have private access to this file so just me could run it. Is there a way to do this? Perhaps I could use a password in the php file since as i understand it, the php script is not viewable by the browser? I do not know if I can just log into CPanel on my site and run the updateDatabase. html file directly. Is that what is usually done it this situation?
Thanks for reading,

 

[jtbell]

I would like to have private access to this file so just me could run it. Is there a way to do this?

Create a subdirectory in public_html, e.g. public_html/db. Put updateDatabase.html in that subdirectory. Password-protect the subdirectory by putting in it a file named .htaccess with suitable directives, and a file named .htpasswd that contains username/password information. You can find lots of pages describing the setup by Googling for "htaccess password" or something similar.

Then when someone tries to access anything in that subdirectory, e.g. http://mydomain.net/db/updateDatabase.html, their browser will prompt them to enter a valid username and password.

 

[jtbell]

Aha! I just remembered that cPanel has an option to do this, at least mine does. It may vary from one web-hosting provider to another. On mine, it looks like this:

https://www.namecheap.com/support/k...how-to-password-protect-files-and-directories

I've never tried it myself. When I experimented with protecting directories a long time ago, I created the .htaccess and .htpasswd files by hand.

According to that page, you can also password-protect individual files, but cPanel won't do it, so you have to create the .htaccess and .htpasswd by hand.

 

[aheight]

Thanks a bunch jtbell! I am just now seeing "directory protection" in cpanel and am experimenting with it. I am such a neophyte with all this. Really could not have gotten this far with my website without you guys here helping me. :)

aheight

 

[jedishrfu]

Don't forget to read about sql injection attacks where someone enters sql into one of your fields to be inserted into the database and gets access to the whole database.

Personally I would use something like rails or grails for web database access as they will protect your code from sql injection by quoting user input to make it non executable and can be extended and scaled up as your needs increase.

 

[newjerseyrunner]

I've never heard of Cpanel, why not just use apache? It's used by millions of people and has an extremely active community. Using that you can set very advanced permissions.

 

[QuantumQuest]

Also, about sql injection attacks that jedishrfu points out, I would recommend - as you're learning PHP, to study and learn how to prevent them, by using prepared statements either through PDO (PHP Data Objects) or MySQLi (MySQL Improved Extension).

 

[jack action]

I've never heard of Cpanel, why not just use apache? It's used by millions of people and has an extremely active community. Using that you can set very advanced permissions.

cPanel is a web hosting control panel (probably the most popular one), i.e. it manages programs like apache, php, MySQL, etc.

You can access cPanel via port 2083 on any website that uses it, like it is the case for https://www.physicsforums.com:2083/ .

 

[aheight]

Thanks guys. The 2083 trick is neat. Would you guys mind briefly looking at my site? I've only been doing this a little over 3 months and I am sure it's lacking but I just don't know by how. Right now I have a blog (first domain name) which has a menu item "AFRender" which links to my shared account (second domain name) with my host provider. This runs my index.html which then runs a javascript to query (via AJAX and PDO) my database, get function names from it, and then populates a menu of function names. The user selects a name. Then another query is run to retrieve either the real or imaginary blob from the database which contains all the WebGL data. The javascript then renders the function in native WebGL. That's it. Basically I barely understand what I'm doing. Here is the front end (blog) if you have time. The "AFRender" option is all the WebGL work you guys have helped me with. :) : jujusdiaries.com

I'd appreciate comments.

 

[QuantumQuest]

I'd appreciate comments

Taking a look using my laptop, with the four most used browsers, it looks being in the path of a good work. Rendering is fast and nice. Now, I would definitely recommend to do some front - end work (basically design work using some CSS and some tools-of-the-trade in HTML5), in order to give it a more fancy or "catchy" look and to turn it to responsive in "the sooner the better" fashion.

 

[jedishrfu]

Looks pretty nice so far. I'd move the HOME to the beginning of the menubar before Section 1

 

[aheight]

Thanks guys. I moved the Home to the front of the menu. Looks better I think too.

Also, I'm afraid I do not understand what you meant by this Quantum:

Now, I would definitely recommend to do some front - end work (basically design work using some CSS and some tools-of-the-trade in HTML5), in order to give it a more fancy or "catchy" look and to turn it to responsive in "the sooner the better" fashion.

I do have a nice bit of CSS code for the menu drop-downs. What are "tools in the trade in HTML5?"
Could you give me an idea or two or perhaps a reference or a website I can take a look at to give me some ideas ?

 

[QuantumQuest]

Also, I'm afraid I do not understand what you meant by this Quantum:
I do have a nice bit of CSS code for the menu drop-downs. What are "tools in the trade in HTML5?"
Could you give me an idea or two or perhaps a reference or a website I can take a look at to give me some ideas ?

It is just my opinion for something more attractive, regarding the look of the site. It is already in a good path but I think it is better to be responsive and with some more involved CSS work regarding columns, fonts, colors etc. With "tools-of-the-trade", I meant some of the new features of HTML5 - as per needed of course, regarding sections, navbars etc. in tandem with CSS. You can even use tools like SASS (Syntactically Awesome Style Sheets) which is a CSS extension language, to define and compile to CSS your own styles or just use some premade CSS code.

Now, it is a matter of personal taste how you want your site to look and I am not a web designer either, but I have done it professionally just because I like it, in parallel with web development.

Now, for resources, besides the standard references for HTML5 and CSS at W3C (currently CSS3), I would recommend for responsive web design the book by Jonathan Fielding Beginning Responsive Web Design with HTML5 and CSS3. A very useful tool for HTML5 is HTML5 Boilerplate.