There are a couple problems with your proposed method, first the .php file by default will get parsed by their server before it is sent to you so you will not be able to include it because you will get the evaulated resulte. Second even if including this file over the Internet worked it would be very insecure, you are passing the file over unencrypted HTTP which means the database password and login could easilly be sniffed. Even if you were to use SSL you would still need to restrict access to the script because someone could simply access the same page and get their database information. Third you should use an SSL encrypted database link if you are reaching out over the Internet also to prevent the database password and login from being sniffed (MySQL and PostgreSQL support SSL, you could also use SSH or stunnel to create a tunnel).
My control panels are generally local to the site that way there is no reaching out. Perhaps you should create a method in your application for an "update user" that is allowed to update other user's websites, now this user is assigned a pasword when you want to update a user you connect over SSL with the update user's login and password and the user login and new password you want to update it to.
Another method is to use a hash technique on the user's current password and send the hash along with the user's login name and new hashed password, you could assume that if the current password matched the current password hash the password and information was a valid update request and could be updated. Basically you shift the updating onto the client's site and you send a push to initiaite the update.
Jason
[ PAUL FERRIE ] wrote:
Hi guys, I am have created several websites(flash) with admin areas so that the clients can update sections of there site.
I have created a little admin section on my own site(yet to be published). there is a client login area for client who's site's i have built. Here they have the option to change the login details for ther on DB's, follow? So far i have go it working. Details get updated on my server DB. Now it gets tricky for me. I am trying to figure out the best way of updating the clients db(Diffrent server) with the new login details.
I thought i would do something like
php:// Updates clients details on my DB server <?php //Select wich common file to include // this will be sent by flash $common1="http://www.server1.com/php/common.php";; $common2="http://www.server2.com/php/common.php";; $common3="http://www.server3.com/php/common.php";; $common4="http://www.server4.com/php/common.php";; // include('$common1');//one of the four above $link = dbConnect(); // Attempt to authorise user with database $userID = auth($username, $password); // If authorisation failed... if ($userID == -1) { // Inform Flash and quit fail("Invalid username and/or password"); } //set new username and password $crypt2 = md5($password2); $query = "UPDATE admin SET username = '$username2', password = '$crypt2' WHERE userID = '$userID'"; if(!mysql_query($query)) { fail("Error updating admin"); }
print "retval=1"; ?> Can the common.php file and the variables in this code be sent across the server? One other thing The Db's on the four severs are identical I hope i have explained what i am trying to do.
cheers
Paul
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
