php-general Digest 16 Jul 2010 15:42:52 -0000 Issue 6849
php-general Digest 16 Jul 2010 15:42:52 - Issue 6849
Topics (messages 306936 through 306947):
PHP - MOODLE - WORK IN AUSTRALIA
306936 by: Gary Crouch
Re: adduser php
306937 by: Gautam Bhatia
306938 by: Ashley Sheridan
Re: Recent Influx of Unrelated Discussions
306939 by: Arno Kuhl
306945 by: Paul M Foster
Re: Determining the similarity between a user supplied short piece of text
(between 5 and 15 characters) and a list of similar length text items.
306940 by: Richard Quadling
306943 by: Daniel P. Brown
306944 by: Richard Quadling
Re: Weird behavior of exec()
306941 by: Richard Quadling
306942 by: Bob McConnell
306946 by: Jim Lucas
306947 by: Leonardo
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
--
---BeginMessage---
Hi
We are looking for some one who knows Moodle well and can write for us, web
service's so that we can integrate our application with Moodle.
Expressions of interest are sought from persons or companies who can work on
a project in Australia, pref Brisbane.
Please email me on:-
crouc...@gmail.com
THX|GC
Gary Crouch
---End Message---
---BeginMessage---
hi ,
Since the adduser command demans input from the shell from the
user, i would be tempted to use the useradd command to do what you are
planning to do , give that shot . Thank you
On Sat, 2010-07-10 at 23:02 -0400, Adam Richardson wrote:
On Sat, Jul 10, 2010 at 4:39 PM, Matt M. cmorrow...@gmail.com wrote:
The only thing is, when I execute this command from a shell, it works.
Obviously I'm replacing $username and $password with something valid when
doing this manually.
It's like the script clears the $username variable just before it executes
the command, or because the variable is inside quotes, it is not getting
through.
From: Ashley Sheridan
Sent: Saturday, July 10, 2010 2:01 PM
To: Matt Morrow
Cc: php-gene...@lists.php.net
Subject: Re: [PHP] adduser php
On Sat, 2010-07-10 at 13:45 -0500, Matt Morrow wrote:
I am using php 5 on OpenBSD 4.7
I have a script which takes a username and password from $_POST, and is
supposed to add the user to the system database. The problem is, adduser
creates a username with the same name as the group. The code is:
$username=$_POST['username'];
$password=$_POST['password'];
$output=exec('/usr/bin/sudo adduser -unencrypted -batch
$username hosting $firstname $lastname $password');
echo result: . $result . output: . $output;
The output is:
Added user ``hosting''
I have validated that $username and $password contain the correct values
from the form, by outputting them as well above the line which calls the
adduser command.
Any help is appreciated.
Matt
I'm not entirely sure about the syntax you're using here, as it doesn't
quite match up with what I see on the useradd (which is what adduser
synonyms to) man page (type 'man useradd').
Aside from that, be very, very, very careful with this command. In your
example you've not sanitised the user input, and the useradd command is used
to update details as well as add new users, and you're running it with root
privileges under sudo. Maybe enforce some specific name mechanism (a prefix
like 'yoursystemname_username') to ensure that people aren't unwittingly or
deliberately trying to overwrite existing system user details.
Thanks,
Ash
http://www.ashleysheridan.co.uk
Matt, one problem I see:
output=exec('/usr/bin/sudo adduser -unencrypted -batch $username hosting
$firstname $lastname $password');
The code won't replace the variables (i.e., variables are not expanded)
because they're contained within single quotes and will be evaluated
literally:
http://php.net/manual/en/language.types.string.php
That said, as others have pointed out, be very, very careful with this type
of functionality. Even just viewing the code makes me feel like I should
smoke a cigarette to calm my nerves (and I've never been a smoker ;)
Adam
Regards, br
Gautam Bhatia br
mail2gautambha...@gmail.com
---End Message---
---BeginMessage---
On Fri, 2010-07-16 at 11:59 +0530, Gautam Bhatia wrote:
hi ,
Since the adduser command demans input from the shell from the
user, i would be tempted to use the useradd command to do what you are
planning to do , give that shot . Thank you
On Sat, 2010-07-10 at 23:02 -0400, Adam Richardson wrote:
On Sat, Jul 10, 2010 at 4:39 PM, Matt M. cmorrow...@gmail.com wrote:
The only thing is, when I execute this command
[PHP] PHP - MOODLE - WORK IN AUSTRALIA
Hi We are looking for some one who knows Moodle well and can write for us, web service's so that we can integrate our application with Moodle. Expressions of interest are sought from persons or companies who can work on a project in Australia, pref Brisbane. Please email me on:- crouc...@gmail.com THX|GC Gary Crouch
Re: [PHP] adduser php
hi ,
Since the adduser command demans input from the shell from the
user, i would be tempted to use the useradd command to do what you are
planning to do , give that shot . Thank you
On Sat, 2010-07-10 at 23:02 -0400, Adam Richardson wrote:
On Sat, Jul 10, 2010 at 4:39 PM, Matt M. cmorrow...@gmail.com wrote:
The only thing is, when I execute this command from a shell, it works.
Obviously I'm replacing $username and $password with something valid when
doing this manually.
It's like the script clears the $username variable just before it executes
the command, or because the variable is inside quotes, it is not getting
through.
From: Ashley Sheridan
Sent: Saturday, July 10, 2010 2:01 PM
To: Matt Morrow
Cc: php-general@lists.php.net
Subject: Re: [PHP] adduser php
On Sat, 2010-07-10 at 13:45 -0500, Matt Morrow wrote:
I am using php 5 on OpenBSD 4.7
I have a script which takes a username and password from $_POST, and is
supposed to add the user to the system database. The problem is, adduser
creates a username with the same name as the group. The code is:
$username=$_POST['username'];
$password=$_POST['password'];
$output=exec('/usr/bin/sudo adduser -unencrypted -batch
$username hosting $firstname $lastname $password');
echo result: . $result . output: . $output;
The output is:
Added user ``hosting''
I have validated that $username and $password contain the correct values
from the form, by outputting them as well above the line which calls the
adduser command.
Any help is appreciated.
Matt
I'm not entirely sure about the syntax you're using here, as it doesn't
quite match up with what I see on the useradd (which is what adduser
synonyms to) man page (type 'man useradd').
Aside from that, be very, very, very careful with this command. In your
example you've not sanitised the user input, and the useradd command is used
to update details as well as add new users, and you're running it with root
privileges under sudo. Maybe enforce some specific name mechanism (a prefix
like 'yoursystemname_username') to ensure that people aren't unwittingly or
deliberately trying to overwrite existing system user details.
Thanks,
Ash
http://www.ashleysheridan.co.uk
Matt, one problem I see:
output=exec('/usr/bin/sudo adduser -unencrypted -batch $username hosting
$firstname $lastname $password');
The code won't replace the variables (i.e., variables are not expanded)
because they're contained within single quotes and will be evaluated
literally:
http://php.net/manual/en/language.types.string.php
That said, as others have pointed out, be very, very careful with this type
of functionality. Even just viewing the code makes me feel like I should
smoke a cigarette to calm my nerves (and I've never been a smoker ;)
Adam
Regards, br
Gautam Bhatia br
mail2gautambha...@gmail.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] adduser php
On Fri, 2010-07-16 at 11:59 +0530, Gautam Bhatia wrote:
hi ,
Since the adduser command demans input from the shell from the
user, i would be tempted to use the useradd command to do what you are
planning to do , give that shot . Thank you
On Sat, 2010-07-10 at 23:02 -0400, Adam Richardson wrote:
On Sat, Jul 10, 2010 at 4:39 PM, Matt M. cmorrow...@gmail.com wrote:
The only thing is, when I execute this command from a shell, it works.
Obviously I'm replacing $username and $password with something valid when
doing this manually.
It's like the script clears the $username variable just before it executes
the command, or because the variable is inside quotes, it is not getting
through.
From: Ashley Sheridan
Sent: Saturday, July 10, 2010 2:01 PM
To: Matt Morrow
Cc: php-general@lists.php.net
Subject: Re: [PHP] adduser php
On Sat, 2010-07-10 at 13:45 -0500, Matt Morrow wrote:
I am using php 5 on OpenBSD 4.7
I have a script which takes a username and password from $_POST, and is
supposed to add the user to the system database. The problem is, adduser
creates a username with the same name as the group. The code is:
$username=$_POST['username'];
$password=$_POST['password'];
$output=exec('/usr/bin/sudo adduser -unencrypted -batch
$username hosting $firstname $lastname $password');
echo result: . $result . output: . $output;
The output is:
Added user ``hosting''
I have validated that $username and $password contain the correct values
from the form, by outputting them as well above the line which calls the
adduser command.
Any help is appreciated.
Matt
I'm not entirely sure about the syntax you're using here, as it doesn't
quite match up with what I see on the useradd (which is what adduser
synonyms to) man page (type 'man useradd').
Aside from that, be very, very, very careful with this command. In your
example you've not sanitised the user input, and the useradd command is
used
to update details as well as add new users, and you're running it with
root
privileges under sudo. Maybe enforce some specific name mechanism (a
prefix
like 'yoursystemname_username') to ensure that people aren't unwittingly
or
deliberately trying to overwrite existing system user details.
Thanks,
Ash
http://www.ashleysheridan.co.uk
Matt, one problem I see:
output=exec('/usr/bin/sudo adduser -unencrypted -batch $username hosting
$firstname $lastname $password');
The code won't replace the variables (i.e., variables are not expanded)
because they're contained within single quotes and will be evaluated
literally:
http://php.net/manual/en/language.types.string.php
That said, as others have pointed out, be very, very careful with this type
of functionality. Even just viewing the code makes me feel like I should
smoke a cigarette to calm my nerves (and I've never been a smoker ;)
Adam
Regards, br
Gautam Bhatia br
mail2gautambha...@gmail.com
There is no useradd command in PHP, and useradd is just a synonym for
adduser in Linux (type man adduser if you don't believe me) The shell
command can be made to run fine without any extra input by piping the
input to it and setting the pipe switch.
Thanks,
Ash
http://www.ashleysheridan.co.uk
RE: [PHP] Recent Influx of Unrelated Discussions
-Original Message- From: paras...@gmail.com [mailto:paras...@gmail.com] On Behalf Of Daniel Brown Sent: 15 July 2010 05:11 PM To: PHP General Subject: [PHP] Recent Influx of Unrelated Discussions Also known as off-topic posts. We're all guilty of them, but has anyone recently noticed that there is a significant number (about 35% of all traffic) that is off-topic? There have been questions on databases, JavaScript, WordPress, Apache directives, and more none of which were even related to PHP. Unfortunately, this is how dilution occurs, which often causes communities to dwindle into a defunct or otherwise low-quality state. As those of you who have been around for at least a couple of years know, we have continued to thrive here because we're not strict on the topics of discussion, and frequently [d]evolve into off-topic banter (particularly on Fridays, as it used to be). However, have you noticed the influx of extremely low-quality and/or low-class posts to the list? Couple that with the ominous silence from the formerly-frequent contributors of high-quality material, code examples, and community assistance. It is not a coincidence. This is an open list, and we don't moderate or censor any of the discussions, but before it gets out of hand, I'd like to suggest a moratorium on all off-topic posts through the end of this month --- with the exception, again, of Fridays. Which would mean that those in agreement would participate in the hiatus by not only not posting off-topic threads, but also not replying to those that are off the general topic. This isn't to say that threads can't still eventually decay into a friendly discussion, as has always been welcome, but that it shouldn't be the intent of a thread to seek assistance on topics unrelated to PHP and PHP programming in general. -- /Daniel P. Brown UNADVERTISED DEDICATED SERVER SPECIALS SAME-DAY SETUP Just ask me what we're offering today! daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ -- It's Friday so I suppose I can respond... ;) I belong to a couple of mailing lists and always found the PHP list particularly active, focused, mature, and a tremendously helpful resource, even just following issues others raise and resolve. And Daniel, your own gentle prods to keep things on track I think sets some of the professional tone of the list. However, the subject of the list can be broad and fuzzy and can lead to some semi off-topic posts like Apache directives that affect PHP apps, JavaScript/Ajax interaction with PHP code, open-source PHP apps, etc. And even some non-PHP issues that most PHP developers will deal with at some time or another. Of course there are degrees of just how far off-topic one can go, but the fact that you can tap into a huge resource of skills and experience to find answers that can be difficult to find elsewhere is obviously very tempting. I'm sure I'm not the only one who finds some of the responses to these off-topic issues quite edifying, considering they're almost always within the broad realm of PHP-related web development (though I agree low-quality posts are useless to everyone whether on-topic or not). At the same time I can see it's a difficult balancing act to cater for everyone from total beginners to highly skilled professionals and still keep everyone on board, especially if some of the more experienced and busy users feel they're being flooded with hundreds of mostly irrelevant posts (like this one) every day. But I also think those same users have the skills and filters to quickly scan and find the posts that are useful/interesting/relevant. Personally I think this list is great, even with some of the off-topic discussion. And your own involvement has always been very professional, and of course very focused, thanks. Cheers Arno -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Determining the similarity between a user supplied short piece of text (between 5 and 15 characters) and a list of similar length text items.
On 15 July 2010 17:09, Daniel P. Brown daniel.br...@parasane.net wrote: Look into the following functions and families: levenshtein() similar_text() Having just found a levenshtein() UDF for MS SQL [1] I'm very impressed. Thank you for the suggestion. Regards, Richard. [1] http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=51540whichpage=2#425160 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Weird behavior of exec()
On 15 July 2010 16:51, Leonardo leobasi...@oi.com.br wrote:
Hi everybody. I need to use exec() to run a background php script, but it's
not working properly. Take a look at this sample:
a.php
?
echo ' File A (1) ';
exec('php b.php output.txt ');
echo ' File A (2) ';
?
b.php
?
echo 'File B';
?
output.txt (begins with 64 null bytes before the following)
File A (2)
I would expect the output's content to be File B, but it's not happening.
I came across this problem because I have a mailing application which
stopped working after being moved to a new host. The messages were sent by a
background script launched on user's demand. Like this:
SendMessages.php
?
...
exec('php Daemon.php -x ' . $USERID . ' /dev/null ');
...
?
Now it won't work, and I got no clue about what's going on. What now?
Thank you.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
I'm on Windows XP SP3 and using
PHP 5.3.3RC3 (cli) (built: Jul 15 2010 02:00:11)
Copyright (c) 1997-2010 The PHP Group
All seems to work as expected.
?php
// TestA.php
echo ' File A (1) ';
exec('C:\\php5\\php.exe -f Z:\\TestB.php Z:\\output.txt');
echo ' File A (2) ';
?
?php
// TestB.php
echo 'File B';
?
And because of my setup matching the docs at [1], I can actually use ...
?php
echo ' File A (1) ';
exec('TestB output.txt');
echo ' File A (2) ';
?
as long as TestA.php and TestB.php are in the same directory.
So, initially, this looks like a non win32 issue (windows works - see !!!)
Regards,
Richard Quadling.
[1] http://docs.php.net/manual/en/install.windows.commandline.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Weird behavior of exec()
From: Leonardo Em 15/07/2010 18:54, Shawn McKenzie escreveu: On 07/15/2010 04:40 PM, Leonardo wrote: Bad habit. I know. Did it fix it? Not really. The server allows short open tags. So, nothing changed. You are running b.php as an external command, so it is running as a CLI, not in the httpd server. You need to check to see how your PHP command line is configured, it may need the full tag no matter how the server is set up. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Determining the similarity between a user supplied short piece of text (between 5 and 15 characters) and a list of similar length text items.
On Fri, Jul 16, 2010 at 07:09, Richard Quadling rquadl...@gmail.com wrote: Having just found a levenshtein() UDF for MS SQL [1] I'm very impressed. Thank you for the suggestion. Regards, Richard. [1] http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=51540whichpage=2#425160 Dear dearest sir; Thank you for your formal reply. Your email is important to me. Please contact me at your convenience to discuss this reply to your reply. Sincerely, Bozo. -- /Daniel P. Brown UNADVERTISED DEDICATED SERVER SPECIALS SAME-DAY SETUP Just ask me what we're offering today! daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Determining the similarity between a user supplied short piece of text (between 5 and 15 characters) and a list of similar length text items.
On 16 July 2010 13:47, Daniel P. Brown daniel.br...@parasane.net wrote: On Fri, Jul 16, 2010 at 07:09, Richard Quadling rquadl...@gmail.com wrote: Having just found a levenshtein() UDF for MS SQL [1] I'm very impressed. Thank you for the suggestion. Regards, Richard. [1] http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=51540whichpage=2#425160 Dear dearest sir; Thank you for your formal reply. Your email is important to me. Please contact me at your convenience to discuss this reply to your reply. Sincerely, Bozo. -- /Daniel P. Brown UNADVERTISED DEDICATED SERVER SPECIALS SAME-DAY SETUP Just ask me what we're offering today! daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Oh. It must be Friday! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recent Influx of Unrelated Discussions
On Fri, Jul 16, 2010 at 11:59:49AM +0200, Arno Kuhl wrote: And Daniel, your own gentle prods to keep things on track I think sets some of the professional tone of the list. This is very true. I've administered various lists for almost ten years, and I know for a fact that the list administrator plays a tremendous role in the tone of a list. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Weird behavior of exec()
Leonardo wrote:
Hi everybody. I need to use exec() to run a background php script, but
it's not working properly. Take a look at this sample:
a.php
?
echo ' File A (1) ';
exec('php b.php output.txt ');
echo ' File A (2) ';
?
b.php
?
echo 'File B';
?
output.txt (begins with 64 null bytes before the following)
File A (2)
I would expect the output's content to be File B, but it's not
happening. I came across this problem because I have a mailing
application which stopped working after being moved to a new host. The
messages were sent by a background script launched on user's demand.
Like this:
SendMessages.php
?
...
exec('php Daemon.php -x ' . $USERID . ' /dev/null ');
...
?
Now it won't work, and I got no clue about what's going on. What now?
Thank you.
I tried running the same script, and found that the php binary is not in my
path.
run this
echo passthru('which php');
Also, modify your existing exec() command to the following and it will capture
errors too.
exec('php b.php output.txt 21 ');
After running this is when I noticed it say sh: php: not found
--
Jim Lucas
A: Maybe because some people are too annoyed by top-posting.
Q: Why do I not get an answer to my question(s)?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Weird behavior of exec()
Em 16/07/2010 09:09, Richard Quadling escreveu:
I'm on Windows XP SP3 and using
PHP 5.3.3RC3 (cli) (built: Jul 15 2010 02:00:11)
Copyright (c) 1997-2010 The PHP Group
All seems to work as expected.
?php
// TestA.php
echo ' File A (1) ';
exec('C:\\php5\\php.exe -f Z:\\TestB.php Z:\\output.txt');
echo ' File A (2) ';
?
?php
// TestB.php
echo 'File B';
?
And because of my setup matching the docs at [1], I can actually use ...
?php
echo ' File A (1) ';
exec('TestB output.txt');
echo ' File A (2) ';
?
as long as TestA.php and TestB.php are in the same directory.
So, initially, this looks like a non win32 issue (windows works - see !!!)
Regards,
Richard Quadling.
[1] http://docs.php.net/manual/en/install.windows.commandline.php
Thanks for testing the code. I got it working now, as explained in my
reply to Bob's post.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] ldap_search filter filter?
Any Best Practice suggestions for potentially hostile user input being sent to ldap_search($ldap, (username=$_POST[username])); Something like an ldap_escape? Please cc me on replies. Thanks. -- Some people ask for gifts here. I just want you to buy an Indie CD for yourself: http://cdbaby.com/search/from/lynch -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Weird behavior of exec()
Em 16/07/2010 12:18, Jim Lucas escreveu:
I tried running the same script, and found that the php binary is not in my
path.
run this
echo passthru('which php');
Also, modify your existing exec() command to the following and it will capture
errors too.
exec('php b.php output.txt 21');
After running this is when I noticed it say sh: php: not found
You're right about the path role in the issue. My code is working now,
and the solution is described in my reply to Bob's post.
Thank you.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Weird behavior of exec()
Em 16/07/2010 09:23, Bob McConnell escreveu:
You are running b.php as an external command, so it is running as a CLI,
not in the httpd server. You need to check to see how your PHP command
line is configured, it may need the full tag no matter how the server is
set up.
Bob McConnell
While reading your post, I thought about using the script and binary
full paths. Now it works.
exec('/usr/local/bin/php /full_path_here/a.php output.txt ');
The weirdest to me thing is this:
passthru('pwd'); // shows the current directory correctly
passthru('php -h'); // shows php help output correctly
So, if my current working directory is correct, and if php -h is
enough for help message, why should I use full path in my sample?
Anyway, it's working and my application is back on-line.
Thank you.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ldap_search filter filter?
On Fri, Jul 16, 2010 at 11:42 AM, Richard Lynch c...@l-i-e.com wrote: Any Best Practice suggestions for potentially hostile user input being sent to ldap_search($ldap, (username=$_POST[username])); Something like an ldap_escape? Please cc me on replies. Thanks. Long time no see, Richard. There are a couple ldap_escape() functions in the comments here. I don't know enough about ldap to know how robust they are. I have used one of them, but only on a few intranet sites where the probability of malicious activity is fairly low. http://www.php.net/manual/en/function.ldap-search.php Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] user login and access + headers already sent
At 4:56 PM +0100 7/15/10, Ashley Sheridan wrote:
On Thu, 2010-07-15 at 15:38 +, Carlos Sura wrote:
So, I'm wondering, is there any other way to avoid put code in
every page? or... another way to avoid that kind of error.
Common logic for a login is to use an include file that does this:
1. Is user logged in? Yes: goto 5. No: goto 2
2. Have login details been submitted through form or other? Yes:
goto 3. No: goto 4
3. Are login details correct? Yes: goto 5, No: goto 4
4. Show login form stop
5. Show/redirect to app page
(apologies for the hard to follow list, but I just realised I don't know
a good way to show a flowchart in plain text!)
Flowchart? How about:
1. Is user logged-in?
No, go to logon.php
Nothing else needs to be done to protect any page.
This is accomplished by simply placing at the top of each protected page:
?php session_start();
require(auth.php);
Of course this requires the OP to place this code on each page he
wants to protect, but that's a small price to pay for security and
ease of implementation.
The auth.php script only checks IF the user logged-in via a security
variable. For example:
if ($_SESSION['security'] != TRUE)
{
header('location:logon.php'); // redirect to login script.
exit();
}
// else user is permitted to pass
If the user is logged in, then the user is permitted to travel to
whatever scripts that contain the require(auth.php); statement.
The login script in turn simply asks for the user ID and PASSWORD. If
these are correct (via a db or file lookup), then the login script
sets the security session variable to TRUE else it defaults to FALSE.
Keep in mind that the only job of the login script is to set the
security session variable to TRUE -- it is loosely coupled. Likewise,
the authorization script is only concerned with the setting of the
security session variable -- it is also loosely coupled. Both of
these provide a good security solution.
EOP (End of Problem).
Cheers,
tedd
--
---
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recent Influx of Unrelated Discussions
On Jul 16, 2010, at 10:47 AM, Paul M Foster wrote: On Fri, Jul 16, 2010 at 11:59:49AM +0200, Arno Kuhl wrote: And Daniel, your own gentle prods to keep things on track I think sets some of the professional tone of the list. This is very true. I've administered various lists for almost ten years, and I know for a fact that the list administrator plays a tremendous role in the tone of a list. So... By replying to this thread... Are we helping the problem or making it worse by adding to the off topic posts? :P Happy Friday yall! :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
