O/H Ethan Dicks έγραψε: > Hi, all, > > This is a refinement of my earlier request for information, honed > after half a week of trying to untangle things. > > I've been grubbing through all the code for dialup_admin 1.80 (from > the 20070320 CVS snapshot) and am entirely unconvinced that it works > with version of PHP newer than 4.2.0. I'm using PHP 4.3.0, since > that's what comes with RedHat Enterprise Linux 4. I've turned on > register_globals, but I can't get the dialup_admin code to stop > throwing warnings about variable names, etc. > > Let's take $login as an example. In config.php3, there's code to > scrub "bad" characters out of it, and to strip the realm if requested. > Unfortunately, in my environment, just going to the entry point of > the dialup_admin application results in... > > [client 127.0.0.1] PHP Notice: Undefined variable: login in > /usr/local/dialup_admin/conf/config.php3 on line 92, referer: > http://localhost/dialup/ > [client 127.0.0.1] PHP Notice: Undefined variable: login in > /usr/local/dialup_admin/conf/config.php3 on line 95, referer: > http://localhost/dialup/ >
Well as you probably have seen config.php3 will call import_request_variables('GPC') so you should not normally have problems with variables like $login. I have dialupadmin running on php-5.0.3 without a problem. > (ignore the exact line numbers - they won't match the code in CVS > because I have some debugging stuff further up right now). > > I realize that this is a "notice" level message and that messages can > be turned off by twiddling error_reporting, but that's not the point - > the point is not simply that there are hundreds of these 'notices' > getting logged when I bounce around dialup_admin. The point is that > these notices are caused by PHP trying to "do the right thing" and > getting it wrong because the dialup_admin code is chock-a-block with > $login rather than the now-accepted practice of $_GET['login], and in > any case, because of how the URLs and PHP code interrelate, modules > like config.php3 aren't always called from other modules that were > invoked with a GET method with those exact elements, thus variables > like $login and $find_user and any other variables which appear to be > implicly created under older versions of PHP might or might not be > defined, but the code is written as if they are always defined, albeit > occasionally empty. > > I'm entirely willing to accept that I've missed a step in the > installation, but I did try to follow the steps in the TODO file and > don't believe I missed any. Do people just use the freeRADIUS server > and manipulate the user database manually? Are there any dialup_admin > users running on operating systems less than a year old? All I'm > really after is a user management GUI - I don't really care if it's > dialup_admin or not. If there's something that other people prefer, > I'd love to hear about it. > > In terms of getting this all going, I'm about to start forcing > variables to be something useful, as in... > > $login = ""; > $max_results = ""; > > if (!empty($_GET)) { > $login = $_GET['login']; > $max_results = $_GET['max_results']; > } > > ... just to quiet down the logged errors in the code so I can drill > down to why I can't click on "new user" and get a page that lets me > enter a new user. I'm also open to other suggestions to clean up the > dialup_admin code and get it up to snuff w.r.t. presently-shipping > versions of PHP. This will be an essential step to getting this code > running under php5, as all of these globalisms have been deprecated > because they lead to massive vulnerabilities. > > Thanks, > > -ethan > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html