Re: [PHP] Unix passwd file

2002-10-04 Thread Josep R. Raurell 


I found this code in a web (or somthink like this), but can remever 
where to give the credits, sorry.


include_once('/etc/php/bases.php');
function autentifica($user,$pass)
{
global $db1Host, $db1User, $db1Pass;

$auth = false;
mysql_connect($db1Host,$db1User,$db1Pass)
  or die ('Unable to connect to server.');
// Select database on MySQL server
mysql_select_db('mysql')
  or die ('Unable to select database.');
// Formulate the query
$sql = SELECT user FROM user WHERE User='$user'  
password=PASSWORD('$pass');
// Execute the query and put results in $result
$result = mysql_query($sql)
or die ('Unable to execute query.');
// Get number of rows in $result.
$num = mysql_numrows( $result );
if ($num != 0) {
// A matching row was found - the user is authenticated.
$auth = true;
}
return $auth;
}

Josep R. Raurell


En/na Scott ha escrit:

I apologize if this is might be OT.  I have 5,000+ users in a unix passwd 
file that I would like to move to a MySQL table to build a login system 
with php.  I could then use this table for Postfix and Radius.  I know 
about the getpwent in perl, but does anyone know if I populate a MySQL 
table with the login/password can php then use that encrypted password to 
validate users?

TIA


  





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] apache security

2002-06-19 Thread Josep R. Raurell 

Hello. I think nobody had send this warnig to the list. Sorry if you 
already nows.

This text is from the apache web:

SECURITY ADVISORY

Versions of the Apache web server up to and including 1.3.24 and 2.0 up 
to and including 2.0.36 contain a bug in the routines which deal with 
invalid requests which are encoded using chunked encoding. This bug can 
be triggered remotely by sending a carefully crafted invalid request. 
This functionality is enabled by default.

In most cases the outcome of the invalid request is that the child 
process dealing with the request will terminate. At the least, this 
could help a remote attacker launch a denial of service attack as the 
parent process will eventually have to replace the terminated child 
process, and starting new children uses non-trivial amounts of resources.

We were also notified today by ISS that they had published the same 
issue which has forced the early release of this advisory. Please note 
that the patch provided by ISS does not correct this vulnerability.

The Apache Software Foundation has released versions 1.3.26 and 2.0.39 
to address and fix this issue. These version are available for download; 
see below.


Josep R. Raurell



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] help me please! :)

2002-06-10 Thread Josep R. Raurell 

This work for me:

liv_1select name=liv[1]
liv_2select name=liv[2]
liv_3select name=liv[3]

liv_nselect name=liv[n]

To get the value i work in this way...

$liv= $_REQUEST['liv'];

$n = 50;
for ($i=1; $i=$n;i++){
...
echo $liv[$i];


Josep R. Raurell



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: the ?PHPSESSID=spoofme 'bug'

2002-06-07 Thread Josep R. Raurell 

If you destroy the session (for exaple with a logoff button) this dosen 
work.

Josep R. Raurell


Giancarlo Pinerolo wrote:

Giancarlo Pinerolo wrote:

I myself wrote:

Can I tell you more than what the subject says?
proceeding:
Close the browser, clean all your cookies, and open any page with that
?PHPSESSID=spoofme appended.
And see what  happens.


spoofme is not the exact term.

?PHPSESSID=hijackme should be more appropriate, but I avoided it for
well known 'historical' reasons :-|

G




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] pdf with POST

2002-05-31 Thread Josep R. Raurell 

Hello.

I do a pdf with a lot of variables from a form, with a GET method.

After make the pdf (in the same script) I sent the headers and the user 
can see the document in your browser:

   $data = $albara-retorna();
   $len=strlen($data);

   header(Content-Type: application/pdf);
   header(Content-Length: $len);
   header(Content-Disposition: inline; filename=$fileName);
   header(Pragma: no-cache);
   header(Expires: 0);
 
   print $data;
   $albara-deleteDoc();

This work OK.
But I want use POST because there are so much variables in the URL, whit 
post the result is a blank scrren (the pdf never apears).
Somebody nows if is posible (with another headers or with other 
solution) to use a POST method to get a pdf made on the fly ?


Thanks.
Josep. R. Raurell



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php