Hi, In the past I have created a system where a user can build there own page. This is done by writing code and creating a new php file. The only way I could achieve this was to allow full access to everyone. This is a security risk and cannot allow this any longer. Does anyone know how I can make this secure with still offering this functionality Kind Regards Jay
I think we would need to a little bit more about your system. You could auto create a htaccess script which limits access to that user or you could create an ftp account for each user and use some sort of auto CHMOD script to assign access rights.
If you have your own server then install suPHP http://suphp.org/ once configured it causes the PHP scripts to run as the account owner which means PHP can write to the account without making it world writable. cPanel has a build option for this when you build Apache/PHP. Another option is to store the page data in the database, then build and return the pages by using PHP to query the database and return the page, mod_rewrite can be used to route requests to a single PHP file which builds the pages. The final option I can think of is to make the page builder system upload the page to the users account via FTP, but then you'd have to store the account password somewhere which wouldn't be such a good idea.