Address Book Security
- Address Book Sort Contacts By Name
- Address Book Sort Contacts By Type
- Address Book Add New Contact
- Address Book Edit a Contact
- Address Book Delete a Contact
- Address Book Security
This page will help you with address book security. There are five apps for administration of your address book, as you can see above: edit, delete, add, view by type, and view by name (sorts by last name). The Address Book Sort Contacts By Name app will be the page to go to for general use of your address book. The address book uses PHP and MySQL and is online, unless you have access to a computer that has both of these installed and you control the security and access. We advise that if your address book is online, have nothing link to it—why temp hackers? Put its files in an inaccessible folder that's password protected. Put your password in a secure place and use Roboform for convenience and security. Then you will have, in their words, "No more passwords to remember, Log into websites automatically, Simple. Secure. Everywhere." Hyperbole aside, we use it and like it. Anyway, in case you don't know how to keep your address book secure, read on:
Password Protect Directories for Address Book Security
Save the code on each of the five app pages above and FTP them into their own private directory online on a website you control. Nothing should refer to or link to this directory. YOU will be able to access it because you know where it is, but no one else will catch any hint it even exists. Go to your cPanel X control panel. You'll need the password and username the host gave you when you signed up. Or if you signed up for a reseller account, you give the passwords and usernames to yourself.
Click Password Protect Directories in the Security section in your cPanel X control panel. Select the directory to protect, where your address book apps are. Check "Password protect this directory" in the Security Settings. Save. Choose to Go Back. Create Username and add a password. (For security's sake, make sure passwords use some special characters like $#@!*^&% as well as letters and numbers.) Username and password will be required of anyone trying to access the chosen directory—in this case, your address book folder. Now click the "Add/modify authorized user" button. Now only authorized users will be let in.
Go to your FTP program (e.g., SmartFTP). Click on your address book folder on the server. Press F5 (or however else your program refreshes) to refresh the directory listing—it may be a menu item. If you did the above protection process correctly, you'll now see an htaccess file, the automatic result of the above process. Select the file, then select to view it and you'll see:
AuthType Basic
AuthName "PHP Addresses"
AuthUserFile "/home/yoursiteINyourFTP/.htpasswds/public_html/sub/Addr/passwd"
require valid-user
If you see that (but with data specific to your site), all is well. Now, to be extra careful, let's control indexing and also access to the config.php file you had to make to access your MySQL database where your addressbook table lives. In our case, this file is in the directory folder that is the parent of addressbook subfolder where addressbook files live, so we used include_once"../config.php"; to get to it. Your configuration file may be in your public_html folder or elsewhere, but make sure it has an htaccess file (easily creatable with a text editor) that has the following:
<Files "config.php">
order deny,allow
deny from all
</Files>
Options -Indexes
This stops anyone from looking through your site's directory from a browser, and allows your config.php file to be used in includes for MySQL access, but not otherwise accessed, even if your PHP processor for your site is temporarily inoperable due to maintenance.
In order to use these address book app files, you need to have a MySQL database installed for you by the host and make sure your host server has PHP 5.2 or higher (PHP added a JavaScript Object Notation—JSON—extension to PHP V5.2, which was previously only available as an add-on; it is enabled by default in PHP, but if your host has it disabled, have him enable it). Most hosting plans include MySQL databases and JSON-enabled PHP 5.2 or better anyway, so you just need to access the cPanel X control panel, go to the utility called MySQL Databases, give your MySQL database a name, enter a user name and password, select maximum permissions for this user name, save it, then—lower down the page—add this user to your newly named MySQL database. Then use the phpMyAdmin utility and access the MySQL database you named. Check it out—the addressbook table in this db is created automatically when you run the Address Book Add New Contact app and enter a contact, as long as your config.php file is right. The phpMyAdmin utility should be in the Databases section of the control panel. It allows easy, intuitive access to enter and edit tables in your database, but with our address book apps, you will never need to do this. All functions are run from the address book program. We suggest guidance from this site and/or this site for using phpMyAdmin to check out how your address book table is doing. But that is optional—our apps run everything.