Newbie here with a great education started. Ive finally gotten the admin up and excepting users. Now the implementation has me lost. I cant find the Connection.class.php file. I do basically understand what each file does by its description.
My trouble is coding the include path and its placement along with the other 5 files.
PLease help!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2003-07-21
I have the same proplem, i have the admin set up fine but useing it in the site I can't work out wot to do, and the example dosn't work.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
1) place the file authenticator.php in any directory you intend to use this on. The default authenticator.php is set to use the Uma "service" so make sure in the admin section you have a login that is permission 99 to the Uma service. If the concept of services confuses you then just leave the default alone. Advantage = less configuration and tweaking, all accounts would have the same permissions. Disadvantage = you cannot set up multiple accounts with different levels of access.
2) you will need to place the login.php, logout.php, loginerr.php files in any directory you intend to secure. You can customise these files to suit your needs. You may be able to place these in a central location but you will need to go through the files and grep around for references to them and make sure you make these relative references absolute. I just move them around.
3) most of the files in the classes, conf, tools directory would be placed in the root of your include directory. The uma template directory would need to be copied as a directory off of your include directory.
4) place the uma_logo in some centralized directory (does not matter where) and then in the login.html.php file in the template directory you will need to find the reference to the relative location of the logo and make it absolute...i.e. it is <img src="uma_logo_sm.gif"> you should make it <img src="http://www.yourserver.com/images/logo.gif"> or you could copy the logo into every directory you use.
5)ALMOST EVERY .php file you want to secure should have the following added at the tippy-top:
<?php
include("UMA-mysql.inc.php");
include("authenticator.php");
?>
The UMA file is in your include directory and the authenticator should be in the protected directory. Although if you never intend to add or modify services you could probable put authenticator.php in the include directory as well and avoid needing to copy this file around...up to you
Initially you can just put this into the index.php files to see it function and give you a bare minimum level of protection but eventually for proper protection you will want to place this in more files (particularly ones that can be opened by themselves) so that when someone types a deep-link into your system they will be pushed to the login. Theres no point in just securing index.php when a crafty cracker can type www.yourserver.com/sensitivedata/accounts.php and bypass index.php altogether.
Critical key to success is getting the admin section running (www.yourserver.com/uma/mysql/ once this works then you CAN get it to run all over your site you just need to put files in locations that PHP can find them) and reading through all the information that is included with the software.
At least, this is how I got it all to work ;)
J
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Newbie here with a great education started. Ive finally gotten the admin up and excepting users. Now the implementation has me lost. I cant find the Connection.class.php file. I do basically understand what each file does by its description.
My trouble is coding the include path and its placement along with the other 5 files.
PLease help!
I have the same proplem, i have the admin set up fine but useing it in the site I can't work out wot to do, and the example dosn't work.
lucky guys, I can't even set up the admin. I get Error 404 when i click login (i'm using version 1.04)
OK in a nutshell you would:
1) place the file authenticator.php in any directory you intend to use this on. The default authenticator.php is set to use the Uma "service" so make sure in the admin section you have a login that is permission 99 to the Uma service. If the concept of services confuses you then just leave the default alone. Advantage = less configuration and tweaking, all accounts would have the same permissions. Disadvantage = you cannot set up multiple accounts with different levels of access.
2) you will need to place the login.php, logout.php, loginerr.php files in any directory you intend to secure. You can customise these files to suit your needs. You may be able to place these in a central location but you will need to go through the files and grep around for references to them and make sure you make these relative references absolute. I just move them around.
3) most of the files in the classes, conf, tools directory would be placed in the root of your include directory. The uma template directory would need to be copied as a directory off of your include directory.
4) place the uma_logo in some centralized directory (does not matter where) and then in the login.html.php file in the template directory you will need to find the reference to the relative location of the logo and make it absolute...i.e. it is <img src="uma_logo_sm.gif"> you should make it <img src="http://www.yourserver.com/images/logo.gif"> or you could copy the logo into every directory you use.
5)ALMOST EVERY .php file you want to secure should have the following added at the tippy-top:
<?php
include("UMA-mysql.inc.php");
include("authenticator.php");
?>
The UMA file is in your include directory and the authenticator should be in the protected directory. Although if you never intend to add or modify services you could probable put authenticator.php in the include directory as well and avoid needing to copy this file around...up to you
Initially you can just put this into the index.php files to see it function and give you a bare minimum level of protection but eventually for proper protection you will want to place this in more files (particularly ones that can be opened by themselves) so that when someone types a deep-link into your system they will be pushed to the login. Theres no point in just securing index.php when a crafty cracker can type www.yourserver.com/sensitivedata/accounts.php and bypass index.php altogether.
Critical key to success is getting the admin section running (www.yourserver.com/uma/mysql/ once this works then you CAN get it to run all over your site you just need to put files in locations that PHP can find them) and reading through all the information that is included with the software.
At least, this is how I got it all to work ;)
J