Hi, all,

This is a refinement of my earlier request for information, honed
after half a week of trying to untangle things.

I've been grubbing through all the code for dialup_admin 1.80 (from
the 20070320 CVS snapshot) and am entirely unconvinced that it works
with version of PHP newer than 4.2.0.  I'm using PHP 4.3.0, since
that's what comes with RedHat Enterprise Linux 4.   I've turned on
register_globals, but I can't get the dialup_admin code to stop
throwing warnings about variable names, etc.

Let's take $login as an example.  In config.php3, there's code to
scrub "bad" characters out of it, and to strip the realm if requested.
 Unfortunately, in my environment, just going to the entry point of
the dialup_admin application results in...

[client] PHP Notice:  Undefined variable:  login in
/usr/local/dialup_admin/conf/config.php3 on line 92, referer:
[client] PHP Notice:  Undefined variable:  login in
/usr/local/dialup_admin/conf/config.php3 on line 95, referer:

(ignore the exact line numbers - they won't match the code in CVS
because I have some debugging stuff further up right now).

I realize that this is a "notice" level message and that messages can
be turned off by twiddling error_reporting, but that's not the point -
the point is not simply that there are hundreds of these 'notices'
getting logged when I bounce around dialup_admin.  The point is that
these notices are caused by PHP trying to "do the right thing" and
getting it wrong because the dialup_admin code is chock-a-block with
$login rather than the now-accepted practice of $_GET['login], and in
any case, because of how the URLs and PHP code interrelate, modules
like config.php3 aren't always called from other modules that were
invoked with a GET method with those exact elements, thus variables
like $login and $find_user and any other variables which appear to be
implicly created under older versions of PHP might or might not be
defined, but the code is written as if they are always defined, albeit
occasionally empty.

I'm entirely willing to accept that I've missed a step in the
installation, but I did try to follow the steps in the TODO file and
don't believe I missed any.  Do people just use the freeRADIUS server
and manipulate the user database manually?  Are there any dialup_admin
users running on operating systems less than a year old?  All I'm
really after is a user management GUI - I don't really care if it's
dialup_admin or not.  If there's something that other people prefer,
I'd love to hear about it.

In terms of getting this all going, I'm about to start forcing
variables to be something useful, as in...

$login = "";
$max_results = "";

if (!empty($_GET)) {
  $login = $_GET['login'];
  $max_results = $_GET['max_results'];

... just to quiet down the logged errors in the code so I can drill
down to why I can't click on "new user" and get a page that lets me
enter a new user.  I'm also open to other suggestions to clean up the
dialup_admin code and get it up to snuff w.r.t. presently-shipping
versions of PHP.  This will be an essential step to getting this code
running under php5, as all of these globalisms have been deprecated
because they lead to massive vulnerabilities.


List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to