[i3Design]

now i'm not the most experience php coder, in fact when it comes to writing my own php im pretty useless (im a designer more than a coder :P). A client has requested a section of his photography portfolio have limited access for clients wishing to view their photoshoots/weddings etc.

he was quoted around £2700 from another designer, and i have quoted the same job for £900 without the php database. I have heard of using .htaccess and .htpasswd files, to simulate a database, forcing firefox/ie to bring up a login box, which fetches usernames and passwords from the .htaccess file.

has anybody used this in the past?

i know its not the most secure method, but his site wont be openly public, he will simply give it out to clients and at photography shows etc, so security isn't a major concern.

[Dusteh]

So you quoted on the job, and then worry about if its feasible or not? I like your style.

[Agricola]

what do you mean by not openly public? Any web address is open to the public and vulnerable to an attack or hack.

So lets see then, This client obviously wants to be able to create customer accounts with a password assigned to various folders or photos, . When the customer has logged on they are then presented with their own portfolio of photos, and you want to do all this without the use of PHP and Mysql. Oh dear.

just how are you expecting the client to create new accounts and passwords? Have him modify htaccess and mess around creating new folders and password protecting them? Thats not worth £900 to be honest, £9 solution maybe.

If you going to rip him off then your best bet is to rip him off by just installing a CMS

[i3Design]

sorry maybe i left myself open to that, maybe i should explain a little further where £900 comes from. £250 is my actual quote for a unique design not to be resold, the rest of the money is actually for 6 months work editing his actual photographs, its my mistake including that under my quote price in my first post.

the need for this login etc is simply so his clients can look at their photos before buying, without the photos been made public. the only reason i am looking at this as a solution is his 'friend' that was going to do php after my design has gone awol, so he wants something that will allow the site to go live. This hasnt affected the price etc, its simply something im trying to help with if i can, was just wondering if there was any better way.

I have access to a mysql database with my host, so maybe even if there is walkthroughs to setting up a simple database? i did some of it in college etc, but never in any great detail.

sorry for my first post, i dont think i covered things quite right.

[LukeV]

I suck at PHP and I could probably do that. It's not very hard to do. You just need to create an admin area for your client (using htaccess would be best here since it's only one account). where he will be able to create accounts for his clients using a mysql databases. Once again this is incredibly simple to do.

Then you create a client area with a PHP condition checking whether the user is logged on, if (isset($_SESSION['user'] , if that's true, display client area, if not, display login box.

Oh and to answer your initial question, I guess it could be done, but it's not the ideal way to do things. Incorporating Databases into the system will allow you to hold crucial information about your client. Email Address, Number of purchases, you name it. You can't do this with an htaccess file.

[i3Design]

thanks i'll look into doing it that way, im sure there must be a walkthrough somewhere

[freelancr]

If you just need to password protect a directory from "public" access, then .htaccess password protection is simple and secure. Plenty of tutorials on google, your hosting control panel may even have an option to password protect a directory. Takes a few minutes at the most.

[LukeV]

Quote:

Originally Posted by freelancr

If you just need to password protect a directory from "public" access, then .htaccess password protection is simple and secure. Plenty of tutorials on google, your hosting control panel may even have an option to password protect a directory. Takes a few minutes at the most.

It's ok for one account. But you can't just have one account and then share that one account with many people. It would be impossible to detect abusers that way. On the other hand giving each client a single account is much more secure. Clients would be less likely to share the account since they can easily be detected and if they do abuse the system, they can simply be taken off the database.

[freelancr]

Make a folder for each client, stick their photos in it, password it, done. Why overcomplicate things? Sure it would be nice to have some kind of login feature with user manager and be able to upload photos for each user, but for £900 you ain't gonna get that.

[pgo]

There are no walkthroughs. Either learn PHP and MySQL or hire someone who knows them.

Quote:

Originally Posted by freelancr

Make a folder for each client, stick their photos in it, password it, done. Why overcomplicate things?

You're joking, right? No average user is going to go for that.

The .htaccess/.htpasswd thing is not going to cut it. Unless this photographer wants a site that's vastly inferior to every other professional photographer's site out there.

[Vebut]

Ok, so I didn't read all the replys but the whole idea with databases is to gather information ready to use on your site. With a database your able to hide information giving the exact position of your images on your FTP. So by just locking the specific urls or a subdomain is just stupid as there are lots of bypasses.

If you want security, use a database - it's actually not hard to get a grip of the SQL. Give it an hour or two and youll be able to build your own database. You will also be able to restrict certain users to areas and folders this way.
Good luck!

[LukeV]

Well it all depends. Ask your client what he is looking for and give him what he wants. He might be satisfied with a simple password protected directory. He might not want what i suggested above, and now that I think of it, he probably doesn't.

Let's say your client is at a gallery, and is talking to someone who would like to see more of his work. He needs to refer him to his website and if he doesn't know the password to the client area right then it would be a hassle having to wait for someone to create an account for you. So maybe that is the best solution.

[i3Design]

the website has a public gallery, where anyone and everyone can see his 'public' work so the above isnt an issue. The client areas are simply for customers chosing their prints, depending on what his clients pay (if they buy the copyright or just prints), the photos are either added to the public gallery, or left on a client-only area just for them.

i have spoken to my friend and for now he is happy to have the .htaccess as a temporary measure, at the end of the day im only being paid for design and photo editing so anything is better than nothing for the sake of his site going live for the summer.

he mentioned an old friend that can do php that he may bring onboard at a later date, but if for whatever reason that doesnt materialise, i have had a few great offers from people on here, so thankyou, you may hear from me/us in the near future

[seen.to]

900 for six months work? That's ridiculous (ly low).

Take a look at Gallery 2. Opensource (free) and will do everything that your client is looking for (and then some). Earn your 900 quid by installing the software and some customization (look and feel, using the admin interface to set things up as required).

DON'T take on 6 months work for a paltry 900.

[i3Design]

i dont mind the 6 months photo editing, he is afterall a personal friend, for any other client i of course wouldnt do that much. as of our meeting this morning, he is going to be doing our wedding photography (in 4 months time ) and giving us the negatives (bonus!), so it all works out.

however, thanks for the suggestion, i'll have a little play with it and see what i can do