php-general Digest 30 Jul 2013 07:22:16 -0000 Issue 8314
Topics (messages 321740 through 321742):
OpenLDAP password policy response
321740 by: Andrius Kulbis
Re: POST action
321741 by: Paul M Foster
php 5.3.15 and exception for disabled_functions
321742 by: Josef Karliak
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
Hello,
I'm trying to pull the password policy response message from ldap_bind()
method: password is expiring, password expired etc.
While checking the packet content from OpenLDAP after ldap_bind()
request, with Wireshark, there is a control hooked to the ldap_bind()
response, were the message code and message text about password
expiration is, but I can't manage to parse that message from response.
I set the password policy request server control before the bind with
ldap_set_option().
Any workaround or what am I doing wrong?
<pre>
<?php
$address = 'x.x.x.x';
$dn = 'eduPersonPrincipalName=ex@ex,ou=People,ou=Users,dc=exa,dc=com';
$password = 'secret';
if($link = ldap_connect($address))
{
ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, 3);
$ppolicy_control = array("oid" =>
"1.3.6.1.4.1.42.2.27.8.5.1","iscritical" => true);
if(!ldap_set_option($link,LDAP_OPT_SERVER_CONTROLS,array($ppolicy_control)))
{
echo "SERVER_CONTROLS not set\n";
}
if(ldap_bind($link, $dn, $password))
{
if($result = ldap_search($link, $dn, '(|(uid=ex))'))
{
$return = ldap_parse_result($link, $result, $errcode,
$matcheddn, $errormsg, $ldapreferrals);
var_dump($return);
var_dump($errcode);
var_dump($matcheddn);
var_dump($errormsg);
var_dump($ldapreferrals);
}
}
else
{
echo 'Not Bound';
}
}
ldap_unbind($link);
?>
</pre>
------
REGARDS,
Andrius Kulbis
--- End Message ---
--- Begin Message ---
On Mon, Jul 29, 2013 at 11:50:01AM -0500, Larry Garfield wrote:
> On 7/28/13 9:23 PM, Paul M Foster wrote:
> >On Sun, Jul 28, 2013 at 08:46:06PM -0500, Larry Garfield wrote:
[snip]
> >
> >Except as noted above. This is all home-grown, using native PHP
> >functions designed to do these things, and classes I've written. I
> >carefully examine each field when writing the POST-handling code with
> >the idea in mind that no matter what the HTML says, the return value
> >must conform to what *I* think it should be. No MVC framework written by
> >others (though I do conform to MVC paradigm).
> >
> >Paul
>
> Then you're not writing your own form tags from the sound of it;
> you're writing your own Form API. Still an improvements. :-)
No, I'm writing the form tags as well. I write the whole thing, soup to
nuts. But as I'm writing the back end validation stuff, I realize that
what I wrote in the HTML doesn't matter when it comes to hackers and
script kiddies. So I use my bless and validation libraries to tackle
form responses. That's the point I'm making. I understand what you're
saying about using someone else's framework so you can make sure that
tested code is being used to ensure against hacking attempts. But your
pronouncement was so thunderous that I had to provide the exception. If
you hang around here and read a book or two on security, you can write
your own code that handles this stuff. Particularly if you have an
example like CodeIgniter to use, to see how it's done.
(There are times when I *don't* write the HTML. My wife the designer
does. But I still go in and modify it to provide the validation bits
which she can't do. She uses Dreamweaver, so a lot of the time, she
doesn't even know what the raw HTML looks like.)
Paul
--
Paul M. Foster
http://noferblatz.com
http://quillandmouse.com
--- End Message ---
--- Begin Message ---
Hi there,
in the php.ini file I've disabled some functions (exec and
similar). In the php script we must use binary execution - so I had to
enable function "exec" again. And here is a question - does php have
an option, that I could set : this binary file could use this disabled
function ? Like :
disable_functions_binary_exception = /usr/local/bin/compute_doomsday
disable_functions_function_exception = exec
:)
Thanks and best regards
J.Karliak
--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu,
zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and check. If you've problem with sending emails to me, start
using email origin methods mentioned above. Thank you.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
--- End Message ---