mirror/php-ifm
1
0
Fork 0
mirror of https://github.com/misterunknown/ifm.git synced 2025-08-11 18:43:58 +02:00
Code Issues Releases Wiki Activity

misterunknown: documented authentication feature

Browse Source
This commit is contained in:
Marco Dickert
2016-02-26 16:47:11 +01:00
parent b362c4db0f
commit ef5586b2b6
1 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
README.md
View File

@@ -19,11 +19,27 @@ Just copy this ifm.php to your webspace - thats all :)
## configuration
The configuration array is located at the top of the script, so you can customize it as you like. The directives in the array are commented and named laconically. If you have questions anyway [write me an email](mailto:marco@misterunknown.de).
### authentication
Meanwhile I added a super simple authentication feature using the configuration keys `auth` and `auth_source`. You can configure it like this:
```php
"auth" => 1,
"auth_source" => 'inline;admin:<password_hash>',
```
In the example above the user and password are declared inline. You can also use a file (which should lie out of the $DocumentRoot of the webserver):
```php
"auth_source" => 'file;/path/to/file',
```
The file should contain ONLY ONE LINE:
```
admin:<password_hash>
```
The password hash has to be a hash generated by PHPs `password_hash()` function.
## security information
The IFM was developed with the assumption that the highest level of operation is the scripts base location. So it is neither possible to nagivate nor to use any API function in a level above the script root.
IT IS HIGHLY RECOMMENDED TO RESTRICT ACCESS TO THE SCRIPT E.G. USING THE APACHE BASIC AUTHENTICATION.
It is highly recommended to restrict access to the script e.g. using the apache basic authentication.
## references
I used some nice free icons in my script which I want to mention here: