0

So I have an issue. I have a server, lets call it (testserver.net). Right now, to change the database, from my application, my app runs "testserver.net\add.php". The problem is anyone can run that and change things in my database. How do I make it that needs some sort of verification before running the code in add.php so no one can just have access to my server? (Like a password or something).

Ron Arel
  • 371
  • 1
  • 5
  • 14
  • Let your application access the add.php with some secret tokens(make it a long string). if the token is not present with the request, deny access to the script file. – Shan Jul 02 '18 at 05:45

3 Answers3

1

create a token : 1MBASFDFACAUYTUG^%(!@UUIASNSR*_-+LASQWFVSA4QWYUI12670 ,save this token safely with in your application.

Whenever you want to call the add.php pass the token like :

testserver.net?token=1MBASFDFACAUYTUG^%(!@UUIASNSR*_-+LASQWFVSA4QWYUI12670

add.php

$secret = $_POST['secret']; //use post or get
if($secret != $mySavedSecret){
    die('intruder!!')
}
Shan
  • 1,081
  • 1
  • 12
  • 35
0

Place you add.php file in separate folder and password protect it, or you may use Password protect a specific URL solution

Lixas
  • 6,938
  • 2
  • 25
  • 42
  • Can I use this if I call the url from my app? – Ron Arel Jul 02 '18 at 05:42
  • i'm not sure about that, but you may try to pass authentication data (username and password) via your app. Or you think of some more sophisticated solution to authenticate your app... try to search around – Lixas Jul 02 '18 at 05:45
0

You need to perform Authentication followed by Authorization. In PHP there are many frameworks which support this.

pls check this for basic authentication

https://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html

or you can use popular frameworks and follow their tutorials to perform this.

check this php micro framework Slim

Akhil Surapuram
  • 654
  • 1
  • 8
  • 22