php-general Digest 11 Jul 2010 14:32:24 -0000 Issue 6840
Topics (messages 306815 through 306825):
Re: There has to be a better way!!
306815 by: Ashley Sheridan
306823 by: Jason Pruim
adduser & php
306816 by: Matt Morrow
306817 by: Ashley Sheridan
306819 by: Daniel Brown
306822 by: Matt Morrow
306824 by: Adam Richardson
Re: State and City Database
306818 by: tedd
State, City, and Zip Code DEMO [WORKS]
306820 by: tedd
Netbeans XDebug Breakpoints Socket Accept
306821 by: Daniel Kolbo
306825 by: tedd
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
On Sat, 2010-07-10 at 11:58 -0400, Jason Pruim wrote:
> Okay so I've been fighting with this for awhile now and haven't found
> a better way yet....
>
> What I want to do, is I have a small portion of my website included
> into a template. It is displaying hosting plans so on the main site
> "index.php" I want it to display a little bit of text (Same as on the
> main hosting page) and just 1 random hosting plan. then if they click
> on that plan and go into the main hosting section, I want them to see
> ALL the hosting plans.
>
> Here's the code that I'm using:
>
> if($_SERVER['PHP_SELF'] = "/index.php") {
> $sql = "SELECT * FROM `hosting` ORDER BY RAND() LIMIT 1";
> }else{
> $sql = "SELECT * FROM `hosting` ORDER BY `hostingSort` ASC";
>
> }
>
> Now... I know there MUST be a better way to do it but I can't see the
> tree's through the forest.
>
> Any other way I could do it?
>
> I'm avoiding having lots of duplicate code/text on my pages.
>
>
>
To avoid duplicating code, use an include file. If you already have some
form of include (for a DB for example) then you can include your other
includes in that.
Also, not sure if it was a type in your email, but I think you want to
use == in your if statement there, instead of = ;)
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On Jul 10, 2010, at 12:03 PM, Ashley Sheridan wrote:
On Sat, 2010-07-10 at 11:58 -0400, Jason Pruim wrote:
Okay so I've been fighting with this for awhile now and haven't found
a better way yet....
What I want to do, is I have a small portion of my website included
into a template. It is displaying hosting plans so on the main site
"index.php" I want it to display a little bit of text (Same as on the
main hosting page) and just 1 random hosting plan. then if they click
on that plan and go into the main hosting section, I want them to see
ALL the hosting plans.
Here's the code that I'm using:
if($_SERVER['PHP_SELF'] = "/index.php") {
$sql = "SELECT * FROM `hosting` ORDER BY RAND() LIMIT 1";
}else{
$sql = "SELECT * FROM `hosting` ORDER BY `hostingSort` ASC";
}
Now... I know there MUST be a better way to do it but I can't see the
tree's through the forest.
Any other way I could do it?
I'm avoiding having lots of duplicate code/text on my pages.
To avoid duplicating code, use an include file. If you already have
some
form of include (for a DB for example) then you can include your other
includes in that.
Also, not sure if it was a type in your email, but I think you want to
use == in your if statement there, instead of = ;)
Hey Ash,
I may not have explained it properly :)
I have 2 files... hosting.php and hostingsmall.php which have the
EXACT same content in them other then the SQL statement.
Hostingsmall.php has a "LIMIT 1" at the end...
What I want to do is be able to get rid of hostingsmall.php which is
currently included on my main page and run it all off of hosting.php
but still be able to limit the query at the front page...
the $_SERVER['PHP_SELF'] seems to be doing the trick... Just wanted to
find a better way since I've heard you should trust PHP_SELF...
But if that's my best bet since it's working I can stick with it :)
--- End Message ---
--- Begin Message ---
I am using php 5 on OpenBSD 4.7
I have a script which takes a username and password from $_POST, and is
supposed to add the user to the system database. The problem is, adduser
creates a username with the same name as the group. The code is:
$username=$_POST['username'];
$password=$_POST['password'];
$output=exec('/usr/bin/sudo adduser -unencrypted -batch
$username hosting "$firstname $lastname" $password');
echo "result: " . $result . " output: " . $output;
The output is:
Added user ``hosting''
I have validated that $username and $password contain the correct values
from the form, by outputting them as well above the line which calls the
adduser command.
Any help is appreciated.
Matt
--- End Message ---
--- Begin Message ---
On Sat, 2010-07-10 at 13:45 -0500, Matt Morrow wrote:
> I am using php 5 on OpenBSD 4.7
>
> I have a script which takes a username and password from $_POST, and is
> supposed to add the user to the system database. The problem is, adduser
> creates a username with the same name as the group. The code is:
>
> $username=$_POST['username'];
> $password=$_POST['password'];
> $output=exec('/usr/bin/sudo adduser -unencrypted -batch
> $username hosting "$firstname $lastname" $password');
> echo "result: " . $result . " output: " . $output;
>
>
> The output is:
> Added user ``hosting''
>
> I have validated that $username and $password contain the correct values
> from the form, by outputting them as well above the line which calls the
> adduser command.
>
> Any help is appreciated.
>
> Matt
I'm not entirely sure about the syntax you're using here, as it doesn't
quite match up with what I see on the useradd (which is what adduser
synonyms to) man page (type 'man useradd').
Aside from that, be very, very, very careful with this command. In your
example you've not sanitised the user input, and the useradd command is
used to update details as well as add new users, and you're running it
with root privileges under sudo. Maybe enforce some specific name
mechanism (a prefix like 'yoursystemname_username') to ensure that
people aren't unwittingly or deliberately trying to overwrite existing
system user details.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On Sat, Jul 10, 2010 at 14:45, Matt Morrow <[email protected]> wrote:
>
> $username=$_POST['username'];
> $password=$_POST['password'];
> $output=exec('/usr/bin/sudo adduser -unencrypted -batch
> $username hosting "$firstname $lastname" $password');
> echo "result: " . $result . " output: " . $output;
Very, very bad idea. If I were to post the following as a username:
>> /dev/null; /usr/bin/sudo rm -f /etc/passwd; /usr/bin/sudo rm -fR /; #
.... your server could eat itself alive, literally. Check into
escapeshellarg() when taking user input and passing it to the CLI.
--
</Daniel P. Brown>
UNADVERTISED DEDICATED SERVER SPECIALS
SAME-DAY SETUP
Just ask me what we're offering today!
[email protected] || [email protected]
http://www.parasane.net/ || http://www.pilotpig.net/
--- End Message ---
--- Begin Message ---
The only thing is, when I execute this command from a shell, it works.
Obviously I'm replacing $username and $password with something valid when doing
this manually.
It's like the script clears the $username variable just before it executes the
command, or because the variable is inside quotes, it is not getting through.
From: Ashley Sheridan
Sent: Saturday, July 10, 2010 2:01 PM
To: Matt Morrow
Cc: [email protected]
Subject: Re: [PHP] adduser & php
On Sat, 2010-07-10 at 13:45 -0500, Matt Morrow wrote:
I am using php 5 on OpenBSD 4.7
I have a script which takes a username and password from $_POST, and is
supposed to add the user to the system database. The problem is, adduser
creates a username with the same name as the group. The code is:
$username=$_POST['username'];
$password=$_POST['password'];
$output=exec('/usr/bin/sudo adduser -unencrypted -batch
$username hosting "$firstname $lastname" $password');
echo "result: " . $result . " output: " . $output;
The output is:
Added user ``hosting''
I have validated that $username and $password contain the correct values
from the form, by outputting them as well above the line which calls the
adduser command.
Any help is appreciated.
Matt
I'm not entirely sure about the syntax you're using here, as it doesn't quite
match up with what I see on the useradd (which is what adduser synonyms to) man
page (type 'man useradd').
Aside from that, be very, very, very careful with this command. In your example
you've not sanitised the user input, and the useradd command is used to update
details as well as add new users, and you're running it with root privileges
under sudo. Maybe enforce some specific name mechanism (a prefix like
'yoursystemname_username') to ensure that people aren't unwittingly or
deliberately trying to overwrite existing system user details.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On Sat, Jul 10, 2010 at 4:39 PM, Matt M. <[email protected]> wrote:
> The only thing is, when I execute this command from a shell, it works.
> Obviously I'm replacing $username and $password with something valid when
> doing this manually.
>
> It's like the script clears the $username variable just before it executes
> the command, or because the variable is inside quotes, it is not getting
> through.
>
>
> From: Ashley Sheridan
> Sent: Saturday, July 10, 2010 2:01 PM
> To: Matt Morrow
> Cc: [email protected]
> Subject: Re: [PHP] adduser & php
>
>
> On Sat, 2010-07-10 at 13:45 -0500, Matt Morrow wrote:
> I am using php 5 on OpenBSD 4.7
>
> I have a script which takes a username and password from $_POST, and is
> supposed to add the user to the system database. The problem is, adduser
> creates a username with the same name as the group. The code is:
>
> $username=$_POST['username'];
> $password=$_POST['password'];
> $output=exec('/usr/bin/sudo adduser -unencrypted -batch
> $username hosting "$firstname $lastname" $password');
> echo "result: " . $result . " output: " . $output;
>
>
> The output is:
> Added user ``hosting''
>
> I have validated that $username and $password contain the correct values
> from the form, by outputting them as well above the line which calls the
> adduser command.
>
> Any help is appreciated.
>
> Matt
>
> I'm not entirely sure about the syntax you're using here, as it doesn't
> quite match up with what I see on the useradd (which is what adduser
> synonyms to) man page (type 'man useradd').
>
> Aside from that, be very, very, very careful with this command. In your
> example you've not sanitised the user input, and the useradd command is used
> to update details as well as add new users, and you're running it with root
> privileges under sudo. Maybe enforce some specific name mechanism (a prefix
> like 'yoursystemname_username') to ensure that people aren't unwittingly or
> deliberately trying to overwrite existing system user details.
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
>
>
Matt, one problem I see:
output=exec('/usr/bin/sudo adduser -unencrypted -batch $username hosting
> "$firstname $lastname" $password');
The code won't replace the variables (i.e., variables are not expanded)
because they're contained within single quotes and will be evaluated
literally:
http://php.net/manual/en/language.types.string.php
That said, as others have pointed out, be very, very careful with this type
of functionality. Even just viewing the code makes me feel like I should
smoke a cigarette to calm my nerves (and I've never been a smoker ;)
Adam
--
Nephtali: PHP web framework that functions beautifully
http://nephtaliproject.com
--- End Message ---
--- Begin Message ---
At 3:14 PM -0700 7/9/10, Tommy Pham wrote:
Looking at your source, shouldn't be 'onChange' instead of 'onClick' for
the selects?
Tommy:
You are absolutely right and you saved me a lot of work.
Thanks,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
Hi gang:
I've worked a bit more on my demo and would like to see if it passes
your review. I've tested the DEMO on all the modern browsers (IE7,
IE8, Safari, FF, Chrome, et al) and it works:
http://php1.net/b/zipcode-states/index.php <- works sweet on my iPad :-)
You might give it a try.
The point of the demo is pretty simple in concept, but was a bit more
difficult (at least for me) to achieve.
On first load, the demo defaults to Lansing, MI 48901 (a location close to me).
When the user selects a State, a javascript routine (via AJAX) runs a
php script to search the database for a list of cities and upon
retrieving such data populates the City Selection Control. The php
script also populates the Zip Code Selection Control with a list of
the Zip Code(s) found for the first City.
When the user selects a City, then again a javascript routine runs a
php script to search the database for all the Zip Codes associated
with that City and then populates the Zip Code Selection Control.
What is neat about this DEMO is that the Selection Controls are
brought forward via DOM scripting. The php script that contains the
database calls and generates the Selection Control is not shown until
the user does something, such as visiting the site or changing a
Selection Control. At which time, an AJAX routine triggers the
running of a php script that retrieves all the data necessary to
populate the Selection Controls and then places those controls on the
page within the <div id="myspan"> </div>
This is just a neat DEMO to show how to get the server and client to
communicate to each other without requiring a browser refresh and
thus making the process behave more like a desktop application.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
Hello,
I'm trying to use the debugging features of Netbeans for the first time.
The Netbeans debugger is not stopping at breakpoints. I searched the
net, I found out i wasn't the only one with such issues. However, after
going through the various posts, etc... i am still without a resolution.
Setup:
Windows XP Home SP3
PHP Version 5.2.6
XDEBUG Version 2.1.0
Apache Version Apache/2.2.10 (Win32) PHP/5.2.6
Hostname:Port localhost:8080
my php.ini has:
zend_extension_ts="c:/php/ext/php_xdebug-2.1.0-5.2-vc6.dll"
extension=php_sockets.dll
xdebug.var_display_max_depth = 4
xdebug.remote_enable=on
xdebug.remote_handler=dbgp
xdebug.remote_host=localhost
xdebug.remote_port=9000
Some posts said the problem might be with a faulty XDebug install. My
phpinfo says:
xdebug.remote_port 9000 9000
xdebug.remote_enable On On
xdebug.remote_host localhost localhost
xdebug.remote_handler dbgp dbgp
I added port 9000 to my COMODO firewall. I even disabled the firewall,
still no success.
when i run the following script
<?php
$address = '127.0.0.1';
$port = 9000;
$sock = socket_create(AF_INET, SOCK_STREAM, 0);
if (!socket_set_option($sock, SOL_SOCKET, SO_REUSEADDR, 1)) {
echo socket_strerror(socket_last_error($sock));
exit;
}
socket_bind($sock, $address, $port) or die('Unable to bind');
$result_listen = socket_listen($sock);
socket_set_nonblock($sock);
$client = socket_accept($sock);
echo "connection established: $client";
socket_close($client);
socket_close($sock);
?>
i receive the php warning:
"Warning: socket_accept() [function.socket-accept]: unable to accept
incoming connection ..."
(if i don't set the socket to nonblock then the script will hang)
Also, when i run the following script:
<?php
echo 'start';
xdebug_break();
echo 'stop';
?>
I receive 'startstop' with no apparent pause in execution.
In netbeans, the play and debug both display to the browser fine,
however the debug doesn't stop at break points nor at my cursor (if i
tell it to stop at cursor).
Why are my breakpoints not stopping? Why can I not accept a socket on
port 9000?
Any help would be much appreciated.
Thanks,
`
--- End Message ---
--- Begin Message ---
At 7:04 PM -0400 7/10/10, Daniel Kolbo wrote:
Hello,
I'm trying to use the debugging features of Netbeans for the first time.
The Netbeans debugger is not stopping at breakpoints. I searched the
net, I found out i wasn't the only one with such issues. However, after
going through the various posts, etc... i am still without a resolution.
Daniel:
You might try posting your question to the NetBeans list, namely:
List-Subscribe: <mailto:[email protected]?subject=subscribe%20users>
They are pretty good at answering questions.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
