php-windows Digest 10 Feb 2003 05:08:35 -0000 Issue 1580
Topics (messages 18413 through 18423):
LDAP Group Membership - Primary Group not appearing
18413 by: Craig Roberts
LDAP Question
18414 by: Craig Roberts
Confirmation e-mail
18415 by: Davy Obdam
18416 by: Kyle Williamson
18418 by: Matt Hillebrand
18419 by: Ruprecht Helms
Re: [PHP-DB] Confirmation e-mail
18417 by: Ruprecht Helms
How does PHP handles multiple db transaction?
18420 by: Apollo
Re: opendir
18421 by: Dash McElroy
If statement inside of for statement
18422 by: Stan McCowan
18423 by: Matt Hillebrand
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Hey,
I'm trying to find out what groups a user is a member of. I have written
the following code, which returns the DN of some of the groups:
$ldap = ldap_connect("curric-srv");
ldap_bind($ldap, "willik@domain", "(password)");
$sr = ldap_search($ldap, "DC=domain", "cn=98ROBERC");
$data = ldap_get_entries($ldap, $sr); foreach($data[0]["memberof"] as
$group) {
echo("$group <br>");
}
This produces the following:
2
CN=Students,CN=Users,DC=domain
CN=98,CN=Users,DC=domain
This identifies two of the three groups this user belongs to. It's
missing the primary group, and I can't see any why to find out what that
group is. If I change the primary group using the AD Users and Computers
Applet, then the group that disapears changes to the group I set as
primary, and the group that was primary is then included in the array.
I know there is also returned from the search a value of
$data[0]["primarygroupid"][0], which contains a number. However when I
select data on the group I know to be the user's primary, there is no
mention of this number.
How will I find out the user's primary group - is it possible?
Set up: Apache 1.3.27, PHP 4.3.0, Windows 2000 Server
The script is connecting to the PDC, which is also running Windows 2000
server...
Thanks for your time,
Craig Roberts
MSN/E-mail: [EMAIL PROTECTED]
URL: http://cjrobs.net
--- End Message ---
--- Begin Message ---
Hey,
I'm trying to find out what groups a user is a member of. I have written
the following code, which returns the DN of some of the groups:
$ldap = ldap_connect("curric-srv");
ldap_bind($ldap, "willik@domain", "(password)");
$sr = ldap_search($ldap, "DC=domain", "cn=98ROBERC");
$data = ldap_get_entries($ldap, $sr);
foreach($data[0]["memberof"] as $group) {
echo("$group <br>");
}
This produces the following:
2
CN=Students,CN=Users,DC=domain
CN=98,CN=Users,DC=domain
This identifies two of the three groups this user belongs to. It's
missing the primary group, and I can't see any why to find out what that
group is. If I change the primary group using the AD Users and Computers
Applet, then the group that disapears changes to the group I set as
primary, and the group that was primary is then included in the array.
I know there is also returned from the search a value of
$data[0]["primarygroupid"][0], which contains a number. However when I
select data on the group I know to be the user's primary, there is no
mention of this number.
How will I find out the user's primary group - is it possible?
Set up: Apache 1.3.27, PHP 4.3.0, Windows 2000 Server
The script is connecting to the PDC, which is also running Windows 2000
server...
Thanks for your time,
Craig Roberts
MSN/E-mail: [EMAIL PROTECTED]
URL: http://cjrobs.net
--- End Message ---
--- Begin Message ---
Hello people.,
I am developing a website with a user login system, i would like to send
an confirmation e-mail to the user when he/she registers for the site,
asking for confirmation...for instance click on a link to activate thier
account.
My question is what would be the best approach to achieve this? How is
this usualy done? Any thoughts and help is appreciated.
Best regards,
Davy Obdam
--
--------------------------------------------------------------------
Davy Obdam - Obdam webdesignŠ
mailto:[EMAIL PROTECTED] web: www.davyobdam.com
--------------------------------------------------------------------
--- End Message ---
--- Begin Message ---
The best way to do this, afaik is to generate a unique md5 hash, say a hash
of "username-password" or a hash of a random number, and store..
that way, you can send the user (using mail())..
http://<your-site>/confirm.php?s=<md5hash>
==
Kind Regards,
Kyle Williamson
Solent Educational Limited
Tel: (023) 80 843189 Fax: (023) 80 848715
http://www.solented.co.uk/
-----Original Message-----
From: Davy Obdam [mailto:[EMAIL PROTECTED]]
Sent: 09 February 2003 19:04
To: PHP; PHP-WIN; PHP-DB
Subject: [PHP-WIN] Confirmation e-mail
Hello people.,
I am developing a website with a user login system, i would like to send
an confirmation e-mail to the user when he/she registers for the site,
asking for confirmation...for instance click on a link to activate thier
account.
My question is what would be the best approach to achieve this? How is
this usualy done? Any thoughts and help is appreciated.
Best regards,
Davy Obdam
--
--------------------------------------------------------------------
Davy Obdam - Obdam webdesignŠ
mailto:[EMAIL PROTECTED] web: www.davyobdam.com
--------------------------------------------------------------------
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
That sounds mighty secure, but I think he's trying to verify that the
email address does indeed belong to the person creating an account.
I use the following two functions to create a random number, and then I
insert it into the DB. Then I send a URL inside the confirmation email
that points to a script for verification of the random number. (The
parameters of the URL are the random number and username for that
particular account.)
function seed() {
list($usec,$sec)=explode(' ',microtime());
mt_srand($sec * $usec);
}
function mk_random($size) {
// $size is the number of digits in $num
$num = '';
seed();
for($i=0; $i<$size; $i++) {
$num .= mt_rand(0, 9);
}
return $num;
}
Matt
|-----Original Message-----
|From: rhelms@linux [mailto:rhelms@linux] On Behalf Of Ruprecht Helms
|Sent: Sunday, February 09, 2003 1:51 PM
|To: Davy Obdam
|Cc: PHP-DB; PHP-WIN; PHP
|Subject: [PHP-WIN] RE: [PHP-DB] Confirmation e-mail
|
|
|Hi Davy Obdam,
|
|>[...]
|> My question is what would be the best approach to achieve
|this? How is
|> this usualy done?
|
|Storing the password in encrypted form in a database. The
|confirmationmail you can write with the normal mailcommand
|using addslashes. The securest way if the password was
|randomly generated is to presend the resultpage via a
|ssl-connection and without sending a mail or the mail must be
|protected. So a hacker can't sniff the password.
|
|Regards,
|Ruprecht
|
|----------------------------------
|Ruprecht Helms IT-Service und Softwareentwicklung
|
|Tel/Fax.: +49[0]7621 16 99 16
|Homepage: http://www.rheyn.de
|email: [EMAIL PROTECTED]
|----------------------------------
|
|--
|PHP Windows Mailing List (http://www.php.net/)
|To unsubscribe, visit: http://www.php.net/unsub.php
|
|
|
--- End Message ---
--- Begin Message ---
Hi Matt Hillebrand,
> That sounds mighty secure, but I think he's trying to verify that the
> email address does indeed belong to the person creating an account.
I don't think so. Normaly you identify you by typing username and password
into the textfields. Sometimes the username is identical with your email.
I suggested the way via ssl because of the password-problem. I've heart
that for epayment and transactions with onlinebanking it is based on law
that the connection must be encrypted/ssl.
> I use the following two functions to create a random number, and then I
> insert it into the DB. Then I send a URL inside the confirmation email
> that points to a script for verification of the random number. (The
> parameters of the URL are the random number and username for that
> particular account.)
>
> function seed() {
> list($usec,$sec)=explode(' ',microtime());
> mt_srand($sec * $usec);
> }
>
> function mk_random($size) {
> // $size is the number of digits in $num
> $num = '';
> seed();
> for($i=0; $i<$size; $i++) {
> $num .= mt_rand(0, 9);
> }
> return $num;
> }
>
> Matt
Regards,
Ruprecht
----------------------------------
Ruprecht Helms IT-Service und Softwareentwicklung
Tel/Fax.: +49[0]7621 16 99 16
Homepage: http://www.rheyn.de
email: [EMAIL PROTECTED]
----------------------------------
--- End Message ---
--- Begin Message ---
Hi Davy Obdam,
>[...]
> My question is what would be the best approach to achieve this? How is
> this usualy done?
Storing the password in encrypted form in a database. The confirmationmail
you can write with the normal mailcommand using addslashes. The securest way
if the password was randomly generated is to presend the resultpage via a
ssl-connection and without sending a mail or the mail must be protected.
So a hacker can't sniff the password.
Regards,
Ruprecht
----------------------------------
Ruprecht Helms IT-Service und Softwareentwicklung
Tel/Fax.: +49[0]7621 16 99 16
Homepage: http://www.rheyn.de
email: [EMAIL PROTECTED]
----------------------------------
--- End Message ---
--- Begin Message ---
Hi,
Can anyone enlighten me how does PHP handles multiple database transaction.
Do the odbc_* functions suffice?
Thanks,
Apollo
--- End Message ---
--- Begin Message ---
Evan,
Here is a super simple function I wrote to help things out with
directories.
function dir_list($input) {
$dir = @opendir($input) or die ("Invalid Directory");
$dirlist = array();
while ($dirlist = readdir($dir)) {
$file[] = $dirlist;
}
closedir($dir);
sort($file);
return $file;
}
You would use it like this:
<?php
include("include.inc");
if(isset($_GET['dir'])) {
$array = dir_list($_GET['dir']);
//processing here
foreach ($array as $file) {
if (is_dir($file)) {
echo "$file is a directory<br>\n";
}
else {
echo "$file is a file<br>\n";
}
}
}
?>
Obviously, you could do whatever you wanted after getting the list in the
array. You should be aware of security risks with this approach, though.
If the user inputs ../../winnt/ or something, they would be able to see
what is in those directories. The simple way around this (that solves some
of the problem) is to turn on open_basedir (see php.net for how to set
this). Then the directory reading will be restricted to whatever is under
those directories.
You may want to look into the getcwd(), dirname(), basename() and
realpath() functions.
Good luck.
-Dash
"I don't believe in astrology. But then I'm an Aquarius, and Aquarians
don't believe in astrology."
-- James R. F. Quirk
On Sun, 9 Feb 2003, Evan wrote:
> Working with PHP 4.2.3==> IIS5.1, WinXP Pro, NTFS
>
> I made this simple page to be able to brouse throught folders and files, but
> it seems that it doesn't recognize folders when I go outside the directory
> in which is contained the .php file.
> Any Ideas?
> Thanks
>
> *************************+++
> <?php
> $nome_dir = "";
> if( isset($_GET['folder']))
> $nome_dir = $_GET['folder']."/";
> if ($handle = opendir($nome_dir)) {
> echo "Directory handle: $handle<br>";
> $i=0;
> $j=0;
> while (false !== ($file = readdir($handle))) {
> if(is_dir($file)){
> echo "<b>$file</b><br>";
> $directory[$j]=$file;
> $j++;
> }else{
> echo "$file<br>";
> $elenco_file[$i]=$file;
> $i++;
> }
> }
> //Ordinamento per nome delle directory e dei file:
> if(is_array($directory))
> sort($directory);
> if(is_array($elenco_file))
> sort($elenco_file);
>
> //Stampa i valori
> //print_r($directory);
> //print_r($elenco_file);
>
>
> echo "<br><br><br>";
>
> for($i=0;$i<count($directory);$i++){
> echo "<b><a href =
> \"dir_list.php?folder=".$nome_dir.$directory[$i]."\">".$directory[$i]."</a><
> /b><br>";
> }
> for($i=0;$i<count($elenco_file);$i++){
> echo $elenco_file[$i]."<br>";
> }
>
> closedir($handle);
> }
> ?>
>
>
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
I'm having a problem with the if statement not working inside of a for
statement.
Is there something I'm missing.
<?php
$auth = 'NO';
$user=$_POST['user'];
$pass=$_POST['pass'];
$move=($user.":".$pass);
$filename = 'ADMIN/file.txt';
$fp = fopen( $filename, 'r' );
$file_contents = fread( $fp, filesize( $filename ) );
fclose( $fp );
$lines = explode ( "\n", $file_contents );
foreach ( $lines as $line ) {
echo $line;
echo " - ";
echo $move;
if ($move==$line)
{
echo "This is MOVE = ";
$auth = 'YES';
break;
}
}
?>
--- End Message ---
--- Begin Message ---
Stan,
It might be because of the "\r\n" (carriage-return AND newline)
characters that Windows filesystems use. Try calling trim() on your
values before comparing them.
Matt
|-----Original Message-----
|From: Stan McCowan [mailto:[EMAIL PROTECTED]]
|Sent: Sunday, February 09, 2003 11:06 PM
|To: Matt Hillebrand
|Subject: RE: [PHP-WIN] If statement inside of for statement
|
|
|Matt,
|I'm pasting a couple of values from a form page.
|I'm check against a flat file database.
|After the for each statement display the string $line and
|$move. the value are equal, but the if statement is not executed.
|
|Stan
|-----Original Message-----
|From: Matt Hillebrand [mailto:[EMAIL PROTECTED]]
|Sent: Sunday, February 09, 2003 7:59 PM
|To: 'Stan McCowan'
|Subject: RE: [PHP-WIN] If statement inside of for statement
|
|
|You'll have to be more descriptive than that. There's nothing
|wrong with your syntax... Although, I would add some <BR> tags
|in your output if I were you.
|
|Matt
|
||-----Original Message-----
||From: Stan McCowan [mailto:[EMAIL PROTECTED]]
||Sent: Sunday, February 09, 2003 9:04 PM
||To: [EMAIL PROTECTED]
||Subject: [PHP-WIN] If statement inside of for statement
||
||
||I'm having a problem with the if statement not working inside
||of a for statement.
||
||Is there something I'm missing.
||
||<?php
||
||$auth = 'NO';
||$user=$_POST['user'];
||$pass=$_POST['pass'];
||$move=($user.":".$pass);
||
||$filename = 'ADMIN/file.txt';
||$fp = fopen( $filename, 'r' );
||$file_contents = fread( $fp, filesize( $filename ) );
||fclose( $fp );
||$lines = explode ( "\n", $file_contents );
||
|| foreach ( $lines as $line ) {
|| echo $line;
|| echo " - ";
|| echo $move;
||
|| if ($move==$line)
|| {
|| echo "This is MOVE = ";
|| $auth = 'YES';
|| break;
|| }
|| }
||?>
||
||
||
||--
||PHP Windows Mailing List (http://www.php.net/)
||To unsubscribe, visit: http://www.php.net/unsub.php
||
||
||
|
|
|
|
--- End Message ---
