>I am using PHP-4.1.1, postgresql on Linux.
>I want the following functionality, I dont know how to implement it.
>Each time a new user registeres, I want to create mail account by the name
>he specifies and allocate him some space of the server, say 2mb.
>How this is incorporated ?



If you allow PHP to create a user account with actual login, then *ANYBODY*
else on the same server can upload a PHP file and create some accounts for
themselves.  With a little more work, they might even be able to create a
'root' account.

Do you *really* need this "feature"?

If so, you're going to *HAVE* to understand the Operating System and its
security measures, and do the least INsecure thing you can and still make it

For starters, everything should be in SSL (HTTPS) so that you're not
transmitting their new username/password in the clear.

Then, you've *GOT* to find some way of limiting the circumstances under
which this creation of a new user can happen.

Things to keep in mind:
You want it to happen *ONLY* in response to your PHP script, not just any
old PHP script.

You only want it to happen for users in the database already, right?

I would suggest that the safest way might be to do this:

Use PHP CGI (do ./configure WITHOUT the --with-apxs or --with-apache part)
and then write a command-line PHP script owned/readable/writable/executable
by 'root' and *NOT* readable, and *CERTAINLY* not writable/executable by
anybody else.

Then, you can simply have this script check for "new" users in the database
that don't have email yet.  Just add another column "has_email" and default
it to '0', and set it to '1' after you set up their email in this script.

You can run it as a cron job, and it would look like this:
  $query = 'select username from users where has_email = 0';
  $newbies = mysql_query($query) or die(mysql_error()); # Okay to use or
die() for a root cron job
  while (list($username) = mysql_fetch_row($newbies)){
    # Use http://php.net/exec to create a mailbox.  You are 'root'
    if (...successfully_created_mailbox_for_this_user()...){
      $has_email[] = $username;
  # Note that we *ONLY* update the ones we *ACTUALLY* created mailboxes for
  # If a *NEW* user has been added in the past half-second, we leave them
  if (is_array($has_email)){
    $has_email = implode("', '", $has_email);
    $query = "update users set has_email = 1 where username in
    mysql_query($query) or die(mysql_error());

You *STILL* have the weakness that anybody that can break into your database
can force a shell account to get created.  But at least the HTTP and PHP
side of it are relatively safe...

Like Music?  http://l-i-e.com/artists.htm
I'm looking for a PRO QUALITY two-input sound card supported by Linux (any
major distro).  Need to record live events (mixed already) to stereo
CD-quality.  Soundcard Recommendations?
Software to handle the recording? Don't need fancy mixer stuff.  Zero (0)
post-production time.  Just raw PCM/WAV/AIFF 16+ bit, 44.1KHz, Stereo

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to