Features for file-manager?

[Rick Bull]

Just wondering if anyone can suggest extra features for the file-manager I'm writting. It's not quite finished yet (but it's getting close now) so don't expect the actual file actions to work.

[Robert Wellock]

Yes, don't give me Administration Rights so I can trash everything .

Is it for yourself or are you going to package it for distribution?

[Rick Bull]

Heh I'm not planning to give out the admin password once I've coded the deletion routines and that

I'll probably put it up for download on my site once I've finished, but I'll have to make sure it's nice and secure first. The only thing I'm worried about really is that I've put the user-names into an array in a seperate file, rather than using a database (don't know how ), but I'm not sure whether that makes it unsecure or not.

[pyro]

Why not encrypt your usernames/passwords with md5 encryption? It is quite easy, and since it is oneway encryption, it is quite secure. Also, what kind of file do you have your usernames/passwords in? If it is a .txt file, someone could happen upon it and download it, but, if it is a PHP file, even if they do, they won't be able to view it. Let me know if you want more info on the md5 encryption...

EDIT--

Just took another look at your script. It looks like you are already using md5 encryption for the password, huh? It looks like you used GET rather than POST for the username/password form, so the username/password were visible in the location bar. You may want to switch to post...

[Rick Bull]

Thanks for the tips. You're right I am using MD5 encryption, and I have the passwords in an associative array in a PHP file. As for the post thing I actually had it like that, using buttons to change directory, but IE has a bug where it submits the last button rather than the one pressed so I had to change to GET Maybe I'll figure a way around it somehow. Although it's not too big a deal as for any file operation you have to submit the form via POST, so the only thing the user can do via get it read

[pyro]

What I did (I'm working on something similar) was had a separate page that was my login page, then set a cookie, and also set all other pages so they couldn't be called directly from the web. It seems to work, and I can use POST.

[Rick Bull]

Oh right I see. I was thinking about a cookie, but some users don't have them enabled, so that's a bit of a pain. Although I was reading about sessions, but I haven't really got a clue how to use them, or what exactly they do. Have you got any idea about them?

[pyro]

No, I don't really know anything about sessions. You may want to head over to http://www.phpbuilder.com/board/ That's where I hang out for my PHP needs. I should probably look into them as well...

[Rick Bull]

OK, thanks for all the input.