Security Question

[lady_l]

Good morning,
Recently, I decided to add some information pages to my forum. I set them up in their own directory and put the directory under the second level of the directory where I have SMF:   mywebsite.com/forum/newpages

I added a new button to the menu bar for the new pages.

I've discovered that these pages are not protected by the forum's password system and anyone can view them by choosing the button on the menubar, creating the possibility of a security breach.

Where shall I place my new direcotry so that the new pages are protected by the password system used by SMF?

Thanks in advance,
Lady L.

[Deaks]

really depends on how you mean, you could use the SSI functions to allow users to log in and such.

[lady_l]

really depends on how you mean, you could use the SSI functions to allow users to log in and such.

Don't understand your reply, though I guess I could add some sort of php script to these new pages (currently, they are just xhtml pages containing a few tables with info about the collectibles we collect). I did not think this would be necesary, if I placed this directory inside the board's own directory.

This is a closed forum -- we have the permissions set so guests cannot view anything at all in the forum. You must be registered to use it at all.

Ideally I would like the member to log in to view these pages, just like any other part of our forum. If they would try to access the pages before logging into our group, they ought to get an error message or he login screen.

Some other options I think may work...

1) not displaying the menu bar on the login page

2) not displaying some of the buttons on our menu bar on the login page

I think that #1 would be OK except for the fact that, if someone saves a link to the new pages, they could see it through the saved link without logging in. That, plu te fact I don;t know how to do that 

I hope I have explained myself clearly enough.


Thanks again,
L.

[SlammedDime]

Whether you have the link hidden or not, the pages will still be accessible.

It may be better to simply make all of the pages php pages and add some simple code to the top of them.

Code Select Expand

<?php

require_once('../SSI.php');
if (!$context['user']['is_logged'])
   redirectExit();
?>

your content here

[lady_l]

Thank you SO much! 

This forum is great. Everyone is so friendly and helpful. I will follow up, once I install the script. ILike now! LOL)

Thanks again,
L.

[lady_l]

Finally have the time to sit and work on this.... but I have a question.

Okay... where exactly does the code go?
Before the header (what I think is right), within the header tags with all the style and meta tags (dont see why), just after the body tag / content div tag (Maybe) ?

Thanks...

L.

[SlammedDime]

That should go at the very top of the file, before everything else.

[lady_l]

Thought so... thank you -- I'll report back soon.

Lady L.

[lady_l]

I got this error message when I uploaded the index.php page with the code pasted on the top.


Parse error: parse error, unexpected T_STRING in /h.............nde.com/board/fyi/index.php on line 5


Line 5 says :



What to do?
Thanks in advance,

L.

[SlammedDime]

I don't see the problem with the php code.  I'm not sure why it would throw an error.  What are you using to edit the file?

[lady_l]

It is Text Wrangler.

L.

[SlammedDime]

I'm at a loss, can you email me the file?  [email protected].

[lady_l]

Emailing now.

L.

[lady_l]

For some reason, the very nice person who had responded about my problem last week, has not gotten back to me. It seems he cannot open the file I sent to him several times.

While I wait, is there someone else who would be nice enough to help, as I asm not getting anywhere with this on my own.
Hmm, maybe I have a paid job for someone..  I need my version of SMF updated, too.

Lady L.

[SlammedDime]

I apologize, I forgot to check my sm.org email after I asked for the php file.  I'd suggest using a different editor.  I'm not sure why your editor is doing what's its doing, but when I open your file and try it on my site, I get the same error.  But when i remove the space between if and (, and then put the space back in using any of my editors, it works as it should.  I tried this with Notepad++, Gedit and Bluefish and all gave me the proper result.

[lady_l]

That's weird. So my text editor is inserting some invisible characters in the file?

Aside from TrextWrangler, I have only TextEdit. But I will try it.

L.

[lady_l]

Hi!

Good news, I think I fixed it. I have a little more work to do, but what I did was I noticed a menu item in the Text Wrangler 's Text drop down menu called "Zap Gremlins" I zapped, and it removed non ASCII characters and other things (I am not sure what those are, actually (embarrassed) but it seemed to do the trick. I never heard of this before. But if there is a feature in my text editor to do this, apparently, it must happen all the time.

Well you gave me a great lead there, and I have no idea how you figured that out, but you did and I appreciate it very very much.

Unless I fail to get all 6 pages under the password, you won't hear from me again tonight -- I'll be sleeping soundly.


Lady L.

[lady_l]

Yes, that was it. Weird. All is working now.

Thanks again for your time,
L.

[SlammedDime]

Awesome!

[lady_l]

For the information of someone else who might have a problem like this:

This is what the Text Wrangler manual had to say about gremlins.

This command displays a sheet which allows you to remove or replace various non-
printing characters, often known as "gremlins". Use this command when you have a
file that may contain extraneous control characters, or any non-ASCII characters, which
you wish to identify or remove.
The checkboxes on the left-hand side of the sheet determine which types of characters
the Zap Gremlins command affects, while the radio buttons on the right-hand side
determine what to do with gremlins that are found.
Zap Non-ASCII Characters
When this option is selected, Zap Gremlins zaps all characters in the file that do not fall
in the 7-bit (or ASCII) range. Examples of such characters include special Macintosh
characters such as bullets (•) and typographer's quotes (" and ", ' and '), as well as all
multi-byte characters. In general, such special characters are those that you type by
holding down the Option key.
Zap Control Characters
When this option is selected, Zap Gremlins zaps a specific range of invisible low-ASCII
characters, also known as control characters. Control characters can cause compilers
and other text-processing utilities to malfunction, and are therefore undesirable in
many files.
Zap Null (ASCII 0) Characters
When this option is selected, Zap Gremlins zaps all instances of the null character
(ASCII 0). Like other control characters, nulls can cause many programming tools and
text-processing utilities to malfunction. This specific option is included in case you
want to remove only nulls without affecting other control characters that may be
present in a file.

Thanks again,
L.