On 03/17/2013 03:48 PM, Thomas Kurian wrote: > Can you please check this hook file configuration with respect to my > radiator configuration file (after the hook file).
> &main::log($main::LOG_DEBUG, "Running PostAuthHook: Using Identifier > $identifier"); It's a good idea to add more plenty of log() calls. > my $username = > $p->getAttrByNum($Radius::Radius::User-Name); use $Radius::Radius::USER_NAME instead > my $sess_handle = Radius::SessGeneric::find($identifier); > > my $query = undef; > > > > > $query = "select username from quotasubscribers where > switched = 0 and type = 'Q' and monthlycounter >= maxquota "; > my $sth = $sess_handle->prepareAndExecute($query); Once you have $sth, use something like this this process just the first result. The query you have looks like it will return multiple results since you are not restricting the search by the username. my @row = $self->getOneRow($sth); $sth->finish; my $db_user_name = $row[0] if @row; > if ( $sth eq $username ) if ($db_user_name eq $username) > { > my $content = get( > URI->new('http://94.187.187.8:8123/changespeed.aspx?uname=' . > uri_escape($username) . > '&password=XXXXX') > ); > } > > } You should always be careful with data submitted by user, such as the User-Name. If you need to use e.g. User-Name in a SQL query, use prepared statements or quote() provided by SqlDb.pm. I would also make sure uri_escape and HTTP server work correctly when passed random or malicious data if User-Name is not sanitized beforehand. Thanks, Heikki -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator