php-general Digest 17 Jul 2010 11:47:56 -0000 Issue 6850
Topics (messages 306948 through 306954):
ldap_search filter filter?
306948 by: Richard Lynch
306951 by: Andrew Ballard
Re: Weird behavior of exec()
306949 by: Leonardo
306950 by: Leonardo
Re: user login and access + headers already sent
306952 by: tedd
Re: Recent Influx of Unrelated Discussions
306953 by: Jason Pruim
Convert excel time to date time
306954 by: Mohd Shakir bin Zakaria
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
Any Best Practice suggestions for potentially hostile user input being
sent to ldap_search($ldap, "(username=$_POST[username])");
Something like an ldap_escape?
Please cc me on replies. Thanks.
--
Some people ask for gifts here.
I just want you to buy an Indie CD for yourself:
http://cdbaby.com/search/from/lynch
--- End Message ---
--- Begin Message ---
On Fri, Jul 16, 2010 at 11:42 AM, Richard Lynch <[email protected]> wrote:
> Any Best Practice suggestions for potentially hostile user input being
> sent to ldap_search($ldap, "(username=$_POST[username])");
>
> Something like an ldap_escape?
>
> Please cc me on replies. Thanks.
>
Long time no see, Richard. There are a couple ldap_escape() functions
in the comments here. I don't know enough about ldap to know how
robust they are. I have used one of them, but only on a few intranet
sites where the probability of malicious activity is fairly low.
http://www.php.net/manual/en/function.ldap-search.php
Andrew
--- End Message ---
--- Begin Message ---
Em 16/07/2010 12:18, Jim Lucas escreveu:
I tried running the same script, and found that the php binary is not in my
path.
run this
echo passthru('which php');
Also, modify your existing exec() command to the following and it will capture
errors too.
exec('php b.php> output.txt 2>&1&');
After running this is when I noticed it say "sh: php: not found"
You're right about the path role in the issue. My code is working now,
and the solution is described in my reply to Bob's post.
Thank you.
--- End Message ---
--- Begin Message ---
Em 16/07/2010 09:23, Bob McConnell escreveu:
You are running b.php as an external command, so it is running as a CLI,
not in the httpd server. You need to check to see how your PHP command
line is configured, it may need the full tag no matter how the server is
set up.
Bob McConnell
While reading your post, I thought about using the script and binary
full paths. Now it works.
exec('/usr/local/bin/php /full_path_here/a.php > output.txt &');
The weirdest to me thing is this:
passthru('pwd'); // shows the current directory correctly
passthru('php -h'); // shows php help output correctly
So, if my current working directory is correct, and if "php -h" is
enough for help message, why should I use full path in my sample?
Anyway, it's working and my application is back on-line.
Thank you.
--- End Message ---
--- Begin Message ---
At 4:56 PM +0100 7/15/10, Ashley Sheridan wrote:
On Thu, 2010-07-15 at 15:38 +0000, Carlos Sura wrote:
> So, I'm wondering, is there any other way to avoid put code in
every page? or... another way to avoid that kind of error.
Common logic for a login is to use an include file that does this:
1. Is user logged in? Yes: goto 5. No: goto 2
2. Have login details been submitted through form or other? Yes:
goto 3. No: goto 4
3. Are login details correct? Yes: goto 5, No: goto 4
4. Show login form & stop
5. Show/redirect to app page
(apologies for the hard to follow list, but I just realised I don't know
a good way to show a flowchart in plain text!)
Flowchart? How about:
1. Is user logged-in?
No, go to logon.php
Nothing else needs to be done to protect any page.
This is accomplished by simply placing at the top of each protected page:
<?php session_start();
require(auth.php);
Of course this requires the OP to place this code on each page he
wants to protect, but that's a small price to pay for security and
ease of implementation.
The auth.php script only checks IF the user logged-in via a security
variable. For example:
if ($_SESSION['security'] != TRUE)
{
header('location:logon.php'); // redirect to login script.
exit();
}
// else user is permitted to pass
If the user is logged in, then the user is permitted to travel to
whatever scripts that contain the require(auth.php); statement.
The login script in turn simply asks for the user ID and PASSWORD. If
these are correct (via a db or file lookup), then the login script
sets the security session variable to TRUE else it defaults to FALSE.
Keep in mind that the only job of the login script is to set the
security session variable to TRUE -- it is loosely coupled. Likewise,
the authorization script is only concerned with the setting of the
security session variable -- it is also loosely coupled. Both of
these provide a good security solution.
EOP (End of Problem).
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
On Jul 16, 2010, at 10:47 AM, Paul M Foster wrote:
On Fri, Jul 16, 2010 at 11:59:49AM +0200, Arno Kuhl wrote:
And Daniel, your own
gentle prods to keep things on track I think sets some of the
professional
tone of the list.
This is very true. I've administered various lists for almost ten
years,
and I know for a fact that the list administrator plays a tremendous
role in the tone of a list.
So... By replying to this thread... Are we helping the problem or
making it worse by adding to the off topic posts? :P
Happy Friday yall! :)
--- End Message ---
--- Begin Message ---
Hi,
I've been trying to convert this excel date to the date time format,
but only managed to get it up to the seconds;
The following code;
#########
$data=39604.62164;
date("Y-m-d",mktime(0,0,0,1,$data-1,1900));
#########
will give this output
2008-06-05
changing it to
########
date("H-i-s",mktime(0,0,0,1,$data-1,1900));
########
will only give
00-00-00
The output I'm looking for is like this one;
2008-06-05 14:55:09
Any idea?
--- End Message ---
