php-general Digest 19 Jan 2011 03:30:07 -0000 Issue 7140

Tue, 18 Jan 2011 19:33:39 -0800 

php-general Digest 19 Jan 2011 03:30:07 -0000 Issue 7140

Topics (messages 310837 through 310848):

Re: permission problem www-data
        310837 by: Jim Lucas
        310838 by: Jim Lucas
        310839 by: Daniel Brown

2nd Pair of eyes
        310840 by: Donovan Brooke
        310841 by: Daniel Brown
        310842 by: Richard Quadling
        310843 by: Simon J Welsh
        310844 by: Donovan Brooke
        310845 by: Donovan Brooke

Re: PHP Error logging
        310846 by: Carlos Medina

Re: : permission problem www-data
        310847 by: Al

switch case madness
        310848 by: Donovan Brooke

Administrivia:

To subscribe to the digest, e-mail:
        [email protected]

To unsubscribe from the digest, e-mail:
        [email protected]

To post to the list, e-mail:
        [email protected]


----------------------------------------------------------------------
--- Begin Message --- 
On 1/18/2011 1:44 AM, Moses wrote:
> Hi Everyone,
> 
> I am creating a file in PHP script which takes a value from a form and
> writes it
> to a file. However, i don't have the mode permission for the file instead it
> is owned
> by www-data.What can i do to ensure that the file is owned by me.
> 
> 
> drwxr-xr-x 2 www-data www-data 4096 2011-01-17 22:01 18757170111.0
> -rw-r--r-- 1 www-data www-data   40 2011-01-17 23:39 32238.hydro
> 
> Thanks.
> 

Have the PHP process run as your user.

--- End Message ---
--- Begin Message --- 
On 1/18/2011 2:19 AM, [email protected] wrote:
> Because the web server is what runs php as a module, and the web server has 
> its own user for security reasons. You could try chmod but that is generally 
> a last resort.
> 
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
> 
> ----- Reply message -----
> From: "Moses" <[email protected]>
> Date: Tue, Jan 18, 2011 10:17
> Subject: [PHP] [PHP]: permission problem www-data
> To: "[email protected]" <[email protected]>
> Cc: <[email protected]>
> 
> 

You could run PHP in FastCGI mode and start it as your user.  Then have your web
server use that PHP instance for your web site to process all PHP requests.

This is how we have our servers at the office setup.  Works great.

Jim Lucas

--- End Message ---
--- Begin Message --- 
On Tue, Jan 18, 2011 at 10:55, Jim Lucas <[email protected]> wrote:
>
> You could run PHP in FastCGI mode and start it as your user.  Then have your 
> web
> server use that PHP instance for your web site to process all PHP requests.
>
> This is how we have our servers at the office setup.  Works great.

    My guess from the copy-and-paste and his understanding of the
situation is that he's on a shared host, not a dedicated box or a
local system.

-- 
</Daniel P. Brown>
Network Infrastructure Manager
Documentation, Webmaster Teams
http://www.php.net/

--- End Message ---
--- Begin Message --- 
Hello,

I warned the list that I may have questions! ;-)

...building a simple cookie-based log-in system, and have
narrowed an error to this below: (sorry for email line breaks, if any)

---Start---
if ($_post['f_action']=='login') {

  // connect to database (custom function)
  $r = dbconnect();

  // success?
  if ($r['a_success']) {
$query = "SELECT u_id FROM cms_users WHERE u_name = $_post['f_user'] AND u_pass = $_post['f_pass']"; 
                
    if ($r = @mysql_query($query))
    {
      // test
      print "<!-- userID: $r -->";
    }
                
    mysql_close();
  } else {

  // Not connected to db
  $t_mssg = mysql_error();
  }
        
}
---End---

No info is given in PHP error reporting because it
returns no source to the page. Can you see where this n00b went wrong?

Thanks!

Donovan


--
D Brooke

--- End Message ---
--- Begin Message --- 
On Tue, Jan 18, 2011 at 12:49, Donovan Brooke <[email protected]> wrote:
> Hello,
>
> I warned the list that I may have questions! ;-)
>
> ...building a simple cookie-based log-in system, and have
> narrowed an error to this below: (sorry for email line breaks, if any)
>
> ---Start---
> if ($_post['f_action']=='login') {

    $_POST is cAsE-SeNsItIvE, like all variables.

>  // connect to database (custom function)
>  $r = dbconnect();

    Did you define this function?

-- 
</Daniel P. Brown>
Network Infrastructure Manager
Documentation, Webmaster Teams
http://www.php.net/

--- End Message ---
--- Begin Message --- 
On 18 January 2011 17:49, Donovan Brooke <[email protected]> wrote:
>    $query = "SELECT u_id FROM cms_users WHERE u_name = $_post['f_user'] AND
> u_pass = $_post['f_pass']";

Make sure you clean the inputs before using them.

If the username entered was ...

'' OR 1 --

you may have problems with security.


-- 
Richard Quadling
Twitter : EE : Zend
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY

--- End Message ---
--- Begin Message --- 
On 19/01/2011, at 6:49 AM, Donovan Brooke wrote:

> Hello,
> 
> I warned the list that I may have questions! ;-)
> 
> ...building a simple cookie-based log-in system, and have
> narrowed an error to this below: (sorry for email line breaks, if any)
> 
> ---Start---
>    $query = "SELECT u_id FROM cms_users WHERE u_name = $_post['f_user'] AND 
> u_pass = $_post['f_pass']";

Array indices either need to be accessed without quotes for the key, or by 
enclosing the variable in curly braces.
---
Simon Welsh
Admin of http://simon.geek.nz/

Who said Microsoft never created a bug-free program? The blue screen never, 
ever crashes!

http://www.thinkgeek.com/brain/gimme.cgi?wid=81d520e5e

--- End Message ---
--- Begin Message --- 
Simon J Welsh wrote:
[snip]

---Start---
    $query = "SELECT u_id FROM cms_users WHERE u_name = $_post['f_user'] AND u_pass 
= $_post['f_pass']";


Array indices either need to be accessed without quotes for the key, or by 
enclosing the variable in curly braces.
---
Simon Welsh
Admin of http://simon.geek.nz/



Excellent Simon, that did it.  Thanks!

Donovan



--
D Brooke

--- End Message ---
--- Begin Message --- 
Daniel Brown wrote:

On Tue, Jan 18, 2011 at 12:49, Donovan Brooke<[email protected]>  wrote:

Hello,

I warned the list that I may have questions! ;-)

...building a simple cookie-based log-in system, and have
narrowed an error to this below: (sorry for email line breaks, if any)

---Start---
if ($_post['f_action']=='login') {


     $_POST is cAsE-SeNsItIvE, like all variables.


  // connect to database (custom function)
  $r = dbconnect();


     Did you define this function?



Hi Daniel, good point (that I'm sure I would have caught ;-) ) about
the $_POST... and yes, dbconnect(); is defined.

Looks like it was the array indices syntax that was the culprit.

Also for others, yes, I'll be adding the var cleaning and checkers.

Thanks again.

Donovan




--
D Brooke

--- End Message ---
--- Begin Message --- 
Am 18.01.2011 01:33, schrieb Jimmy Stewpot:

Hello,

I currently have a strange issue where we are seeing 'random errors' being 
displayed to end users. What I find most interesting is that in the php.ini 
file we have the following error settings.

error_reporting  =  E_ALL&  ~E_NOTICE
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
track_errors = Off

I thought that if we had dislay_errors = Off then end users should never see 
errors displayed on the web page. However at apparently random times we do 
still see errors being reported, its not consistent at all. To give a better 
idea of the problem we have 8 web servers, they all run an identical copy of 
the site which is stored on a common netapp nfs filer. At apparently random 
times we see that 1 out of 8 servers will reported strange errors like 'use of 
undefined constant' or 'Undefined variable'. What's most strange about these 
errors is that if the code was faulty wouldn't we expect to see the errors on 
all web servers? and secondly wouldn't we expect to see the errors constantly 
rather than at apparently random intervals?

The php.ini files have a modify time of mid 2010 and yet this problem has only 
started in the last few weeks. Has anyone else experienced similar problems in 
the past and if so what was the root cause?

Regards,

Jimmy

Hi,
i think some developer has setting the display_errors with ini_set('display_errors', true); 
this is why your become the problems now. Maybe this is a idea?

regards

Carlos

--- End Message ---
--- Begin Message --- 


On 1/18/2011 4:44 AM, Moses wrote:

Hi Everyone,

I am creating a file in PHP script which takes a value from a form and
writes it
to a file. However, i don't have the mode permission for the file instead it
is owned
by www-data.What can i do to ensure that the file is owned by me.


drwxr-xr-x 2 www-data www-data 4096 2011-01-17 22:01 18757170111.0
-rw-r--r-- 1 www-data www-data   40 2011-01-17 23:39 32238.hydro

Thanks.



Either have a PHP script create the directory, OR
Using FTP access, set the dir perms to 757, or 777. The xx7 makes the dir world writable. 

For protection, put a .htaccess file in the dir like:

# Prevent Direct Access to Files from outside world
<Files *>
Order Deny,Allow
Deny from all
</Files>

Or put your dir above the webspace, [DOCUMENT_ROOT}

--- End Message ---
--- Begin Message --- 
Hello,

I must not understand PHP's switch/case..
The case '0' below fires when $t_mssg = "" apparently.
Is this how it's suppose to work? I would think
it would only fire if it equaled "0".

----------
print "-$t_mssg- <br />";
                
if (isset($t_mssg)) {
  switch ($t_mssg) {
    case 0:
      echo '<p><span style="color:red;">Log In Successful</span></p>';
      break;
  }
}
----------

TIA,
Donovan

--
D Brooke

--- End Message ---

Reply via email to