Help make my webpage safe
by Pedroski from LinuxQuestions.org on (#4ZAZ4)
I have a little webpage. I use it to give homework to my students and now, because of this virus in China, also to run online classes until school starts again.
I've been reading a book: PHP & MySQL: Novice to Ninja by Kevin Yank. The book is great for beginners.
As I see it, I have 2 problems that need addressing.
1. A folder called admin which, at the moment, is in the webpage root www.mywebpage.com
admin contains 2 files: createtable.html and insertcsv.html which do just what they say from the webbrowser, create a mysql table and populate it with a .csv file.
I am mysql user peter. I only have access to allstudentsdb. Within that db I have all privileges.
2. A folder called includes which, at the moment, is also in the webpage root www.mywebpage.com
includes contains a few PHP helpers and login.html for students to login to class.
includes also contains studentdb.inc.php This has my db name and password. It logs me in to mysql when I run createtable.html or insertcsv.html
Code:<?php
try
{
$pdo = new PDO('mysql:host=localhost;dbname=allstudentsdb', 'peter', 'mypassword', array(PDO::MYSQL_ATTR_LOCAL_INFILE => true,));
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$pdo->exec('SET NAMES "utf8"');
}
catch (PDOException $e)
{
$error = 'Unable to connect to the database server' . $e ;
include 'error.html.php';
exit();
}
?>includes and admin both have permissions 755 at the moment. If I change that, I think they will not be accessible for visitors to my page, so students could not log in, or I could not add a mysql table from Firefox.
All this php and mysql is very new to me and confusing. My little brain is about at its limit.
How should I deal with includes and admin? Neither of them contain an index.html or index.php
I've been reading a book: PHP & MySQL: Novice to Ninja by Kevin Yank. The book is great for beginners.
As I see it, I have 2 problems that need addressing.
1. A folder called admin which, at the moment, is in the webpage root www.mywebpage.com
admin contains 2 files: createtable.html and insertcsv.html which do just what they say from the webbrowser, create a mysql table and populate it with a .csv file.
I am mysql user peter. I only have access to allstudentsdb. Within that db I have all privileges.
2. A folder called includes which, at the moment, is also in the webpage root www.mywebpage.com
includes contains a few PHP helpers and login.html for students to login to class.
includes also contains studentdb.inc.php This has my db name and password. It logs me in to mysql when I run createtable.html or insertcsv.html
Code:<?php
try
{
$pdo = new PDO('mysql:host=localhost;dbname=allstudentsdb', 'peter', 'mypassword', array(PDO::MYSQL_ATTR_LOCAL_INFILE => true,));
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$pdo->exec('SET NAMES "utf8"');
}
catch (PDOException $e)
{
$error = 'Unable to connect to the database server' . $e ;
include 'error.html.php';
exit();
}
?>includes and admin both have permissions 755 at the moment. If I change that, I think they will not be accessible for visitors to my page, so students could not log in, or I could not add a mysql table from Firefox.
All this php and mysql is very new to me and confusing. My little brain is about at its limit.
How should I deal with includes and admin? Neither of them contain an index.html or index.php