I just downloaded DBMan, so forgive me if this is too "newbie" of a question: I'd like to add DBMan to an existing website which consists of 2 "webs". The externally viewable "public web" that anyone can see and a "private web" that is protected through .htaccess. What I want to do is this:
Capture data from the "public web" (product interest, request for more info, etc.), but only have the data viewable/modifiable from the "private web"

I like the idea that the .htaccess login is used by DBMan to login to the database, which is perfect for the "private web"..... but if I put db.cgi in the "private web" then the "public web's" add record form won't be able to see it (without logging on). The only thing I can think of (remember..I'm a newbie) is to have 2 db.cgi's (1 in the private web and 1 in the public), both working with the same database. Is this possible...or better yet...is there a better way to accomplish this?

Thanks in advance...
Wayne

Don't know what version you are using, but this is not available in most, if not all, versions of DBMAN.

I would recommend using built-in AUTHENTICATION permissions found in the default.cfg file...read the permissions tutorials at http://www.jpdeni.com/dbman/.

I would recommend not using .htaccess...use the built-in login features of DBMAN.



Regards,

Eliot Lee

Thanks for the quick reply. This forum rocks! Ok...now I'm really confused. In a reply to the thread "Server authentication passing uid to dbman?", Alex states that:
"If DBMan sees that the user has logged in via server authentication, it assumes the user is valid and tries to look up their permissions in the password file."
If this is the case...it's exactly what I want to happen. The problem remains....how can I allow "public" users who don't have access to the .htaccess protected area of the site to post information to the database???

Can you please provide a link to the thread? I just tried searching all forums using Server authentication passing uid to dbman? and the search returned only your post.

Okay, I found the thread at http://gossamer-threads.com/p/382 however, you left out some key elements of Alex's post ...
Alex does say the scripts will assume a user to be authentic however the scripts would still need to locate that user in the .pass file to determine the authentication level of the user. The .pass file is still going to need to be maintained.

That's ok....we don't have enough users of the .htaccess protected site for it to be a problem to maintain 2 user lists (.htaccess & DBMan). 1/2 my problem solved! Now for the other half....if the db.cgi file is in a protected area of the site....how can I allow "add records" from a "public" form??????? Help!

Because the db.cgi file wouldn't be in a password protected area - only access to certain functions would be limited.

The scripts themselves would have to be accessible from the public web in order for anyone in the public area to access and add entries.

You would grant specific access to various functions to authorized users through the admin functions of dbman. Those users would then be able to access the functions while in the .htaccess shielded areas of the site. Of course, they (authorized users) would probably be able to access from the the public site also in this scenario unless you include some sort of referer conditional statement. As long as the person is authorized to access, shouldn't be a big problem whether or not they figure out how to access via the public site.

Hi Karen,
Thanks for the help.....I'm getting there....but not quite. If I put the db.cgi file in the "public" area of the site, the people who access it from the .htaccess protected site have to login to DBMan even if they've already logged in to the protected site (I'd like to have just the one login (.htaccess) for the protected site). If I put the db.cgi in the protected area, public forms can't access it.

This may be a real newbie solution....but can I have 2 db.cgi's managing one database?? One db.cgi for the protected site....and one for the public site??

Once again....thanks for the help

I got it to work by using 2 dbman.cgi and 2 .cfg files.....is there a better way?

That's the only way I can think of for making it work. Meant to post that as a reply to you the other day, sorry I overlooked making the reply When you had asked about using a second .cgi file, I couldn't imagine it working without also having a second .cfg file.