php-general Digest 27 Aug 2013 06:45:12 -0000 Issue 8346
php-general Digest 27 Aug 2013 06:45:12 - Issue 8346
Topics (messages 321971 through 321985):
Re: exec and system do not work
321971 by: Jim Giner
321973 by: marco.behnke.biz
321976 by: Tamara Temple
321978 by: Ethan Rosenberg, PhD
321979 by: Tim Streater
321980 by: David Robley
321981 by: Ethan Rosenberg, PhD
321982 by: Jasper Kips
321983 by: David Robley
How to send post-variables in a Location header
321972 by: Ajay Garg
321974 by: marco.behnke.biz
321975 by: Matijn Woudt
321977 by: Tamara Temple
Permissions
321984 by: Ethan Rosenberg, PhD
321985 by: David Robley
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
--
---BeginMessage---
On 8/26/2013 2:41 PM, Ethan Rosenberg wrote:
On 08/26/2013 11:36 AM, ma...@behnke.biz wrote:
Tamara Temple tamouse.li...@gmail.com hat am 26. August 2013 um 08:33
geschrieben:
On Aug 25, 2013, at 10:41 PM, Ethan Rosenberg
erosenb...@hygeiabiomedical.com wrote:
Dear List -
I'm lost on this one -
This works -
$out = system(ls -l ,$retvals);
printf(%s, $out);
This does -
echo exec(ls -l);
Please show the output of the directory listing.
Please us ls -la
This does not -
if( !file_exists(/var/www/orders.txt));
{
$out = system(touch /var/www/orders.txt, $ret);
Maybe you don't have write permissions on the folder?
$out2 = system(chmod 766 /var/www/orders.txt, $ret);
echo 'file2br /';
echo file_exists(/var/www/orders.txt);
}
and this does not -
if( !file_exists(/var/www/orders.txt));
{
exec(touch /var/www/orders.txt);
exec(chmod 766 /var/www/orders.txt);
echo 'file2br /';
echo file_exists(/var/www/orders.txt);
}
Ethan
When you say does not work, can you show what is actually not
working? I
believe the exec and system functions are likely working just fine,
but that
the commands you've passed to them may not be.
--
Marco Behnke
Dipl. Informatiker (FH), SAE Audio Engineer Diploma
Zend Certified Engineer PHP 5.3
Tel.: 0174 / 9722336
e-Mail: ma...@behnke.biz
Softwaretechnik Behnke
Heinrich-Heine-Str. 7D
21218 Seevetal
http://www.behnke.biz
Tamara -
Please show the output of the directory listing.
Please us ls -la
echo exec('ls -la orders.txt');
-rw-rw-rw- 1 ethan ethan 43 Aug 25 23:50 orders.txt
Maybe you don't have write permissions on the folder?
If I perform the touch and chmod from the command line, everything works.
When you say does not work, can you show what is actually not
working? I
believe the exec and system functions are likely working just fine,
but that
the commands you've passed to them may not be.
Here are my commands.
if( !file_exists(/var/www/orders.txt));
{
echo system(touch /var/www/orders.txt, $ret);
echo system(chmod 766 /var/www/orders.txt, $ret);
echo 'file2br /';
echo file_exists(/var/www/orders.txt);
}
If I now try a ls from the command line, the return is
cannot access /var/www/orders.txt: No such file or directory
The ls -la works because the file was created from the command line.
TIA
Ethan
Ethan - YOU'RE DOING IT AGAIN!!!
Either you are not using error checking AGAIN!!
OR
You are showing us re-typed in code that YOU DIDNT ACTUALLY RUN.
I've told you multiple times that you need to do these two things and
you are back at it again.
The sample php above has plain simple syntax errors that would keep it
from running, which error checking would tell you IF YOU RAN IT.
---End Message---
---BeginMessage---
Ethan Rosenberg erosenb...@hygeiabiomedical.com hat am 26. August 2013 um
20:41 geschrieben:
Please show the output of the directory listing.
Please us ls -la
echo exec('ls -la orders.txt');
-rw-rw-rw- 1 ethan ethan 43 Aug 25 23:50 orders.txt
Please supply the complete output. Especially the rights for . and ..
Maybe you don't have write permissions on the folder?
If I perform the touch and chmod from the command line, everything works.
cli and ww are different users.
---End Message---
---BeginMessage---
On Aug 26, 2013, at 1:41 PM, Ethan Rosenberg erosenb...@hygeiabiomedical.com
wrote:
On 08/26/2013 11:36 AM, ma...@behnke.biz wrote:
Tamara Temple tamouse.li...@gmail.com hat am 26. August 2013 um 08:33
geschrieben:
On Aug 25, 2013, at 10:41 PM, Ethan Rosenberg
erosenb...@hygeiabiomedical.com wrote:
Dear List -
I'm lost on this one -
This works -
$out = system(ls -l ,$retvals);
printf(%s, $out);
This does -
echo exec(ls -l);
Please show the output of the directory listing.
Please us ls -la
This does not -
if( !file_exists(/var/www/orders.txt));
{
$out = system(touch
[PHP] Re: Permissions
Ethan Rosenberg wrote: Dear List - Tried to run the program, that we have been discussing, and received a 403 error. rosenberg:/var/www# ls -la StoreInventory.php -rwxrwxrw- 1 ethan ethan 4188 Aug 26 20:26 StoreInventory.php rosenberg:/var# ls -ld www drwxrwxrw- 37 ethan ethan 20480 Aug 26 20:26 www I had set the S bit [probably a nasty mistake] and I thought I was able to remove the bit. [it doesn't show above] How do I extricate myself from the hole into which I have planted myself? TIA Ethan This is in no way a php question, as the same result will happen no matter what you ask apache to serve from that directory. You have the directory permissions set to 776 not 777. -- Cheers David Robley Steal this tagline and I'll tie-dye your cat! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Permissions
On Tue, 2013-08-27 at 16:16 +0930, David Robley wrote: Ethan Rosenberg wrote: Dear List - Tried to run the program, that we have been discussing, and received a 403 error. rosenberg:/var/www# ls -la StoreInventory.php -rwxrwxrw- 1 ethan ethan 4188 Aug 26 20:26 StoreInventory.php rosenberg:/var# ls -ld www drwxrwxrw- 37 ethan ethan 20480 Aug 26 20:26 www I had set the S bit [probably a nasty mistake] and I thought I was able to remove the bit. [it doesn't show above] How do I extricate myself from the hole into which I have planted myself? TIA Ethan This is in no way a php question, as the same result will happen no matter what you ask apache to serve from that directory. You have the directory permissions set to 776 not 777. -- Cheers David Robley Steal this tagline and I'll tie-dye your cat! 776 won't matter in the case of a directory, as the last bit is for the eXecute permissions, which aren't applicable to a directory. What It's possible that this is an SELinux issue, which adds an extra layer of permissions over files. To see what those permissions are, use the -Z flag for ls. Also, check the SELinux logs (assuming that it's running and it is causing a problem) to see if it brings up anything. It's typically found on RedHat-based distros. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Re: Permissions
Ashley Sheridan wrote: On Tue, 2013-08-27 at 16:16 +0930, David Robley wrote: Ethan Rosenberg wrote: Dear List - Tried to run the program, that we have been discussing, and received a 403 error. rosenberg:/var/www# ls -la StoreInventory.php -rwxrwxrw- 1 ethan ethan 4188 Aug 26 20:26 StoreInventory.php rosenberg:/var# ls -ld www drwxrwxrw- 37 ethan ethan 20480 Aug 26 20:26 www I had set the S bit [probably a nasty mistake] and I thought I was able to remove the bit. [it doesn't show above] How do I extricate myself from the hole into which I have planted myself? TIA Ethan This is in no way a php question, as the same result will happen no matter what you ask apache to serve from that directory. You have the directory permissions set to 776 not 777. -- Cheers David Robley Steal this tagline and I'll tie-dye your cat! 776 won't matter in the case of a directory, as the last bit is for the eXecute permissions, which aren't applicable to a directory. What I beg to differ here. If the x bit isn't set on a directory, that will prevent scanning of the directory; in this case apache will be prevented from scanning the directory and will return a 403. It's possible that this is an SELinux issue, which adds an extra layer of permissions over files. To see what those permissions are, use the -Z flag for ls. Also, check the SELinux logs (assuming that it's running and it is causing a problem) to see if it brings up anything. It's typically found on RedHat-based distros. Thanks, Ash http://www.ashleysheridan.co.uk -- Cheers David Robley Artificial Intelligence is no match for natural stupidity. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How to do PHP build test
Hi, Can anybody help me answering my doubt. I wanted to check if there are any errors with the php compilation and build. I have ran make, make test. make test didnt give any errors to me. Is there any other method or command to run through which we can see if there are any errors in building the php source code. Thanks, Shahina Rabbani
Re: [PHP] exec and system do not work
On 8/26/2013 5:01 PM, Ethan Rosenberg, PhD wrote:
On 08/26/2013 03:28 PM, Jim Giner wrote:
On 8/26/2013 2:41 PM, Ethan Rosenberg wrote:
On 08/26/2013 11:36 AM, ma...@behnke.biz wrote:
Tamara Temple tamouse.li...@gmail.com hat am 26. August 2013 um
08:33
geschrieben:
On Aug 25, 2013, at 10:41 PM, Ethan Rosenberg
erosenb...@hygeiabiomedical.com wrote:
Dear List -
I'm lost on this one -
This works -
$out = system(ls -l ,$retvals);
printf(%s, $out);
This does -
echo exec(ls -l);
Please show the output of the directory listing.
Please us ls -la
This does not -
if( !file_exists(/var/www/orders.txt));
{
$out = system(touch /var/www/orders.txt, $ret);
Maybe you don't have write permissions on the folder?
$out2 = system(chmod 766 /var/www/orders.txt, $ret);
echo 'file2br /';
echo file_exists(/var/www/orders.txt);
}
and this does not -
if( !file_exists(/var/www/orders.txt));
{
exec(touch /var/www/orders.txt);
exec(chmod 766 /var/www/orders.txt);
echo 'file2br /';
echo file_exists(/var/www/orders.txt);
}
Ethan
When you say does not work, can you show what is actually not
working? I
believe the exec and system functions are likely working just fine,
but that
the commands you've passed to them may not be.
--
Marco Behnke
Dipl. Informatiker (FH), SAE Audio Engineer Diploma
Zend Certified Engineer PHP 5.3
Tel.: 0174 / 9722336
e-Mail: ma...@behnke.biz
Softwaretechnik Behnke
Heinrich-Heine-Str. 7D
21218 Seevetal
http://www.behnke.biz
Tamara -
Please show the output of the directory listing.
Please us ls -la
echo exec('ls -la orders.txt');
-rw-rw-rw- 1 ethan ethan 43 Aug 25 23:50 orders.txt
Maybe you don't have write permissions on the folder?
If I perform the touch and chmod from the command line, everything
works.
When you say does not work, can you show what is actually not
working? I
believe the exec and system functions are likely working just fine,
but that
the commands you've passed to them may not be.
Here are my commands.
if( !file_exists(/var/www/orders.txt));
{
echo system(touch /var/www/orders.txt, $ret);
echo system(chmod 766 /var/www/orders.txt, $ret);
echo 'file2br /';
echo file_exists(/var/www/orders.txt);
}
If I now try a ls from the command line, the return is
cannot access /var/www/orders.txt: No such file or directory
The ls -la works because the file was created from the command line.
TIA
Ethan
Ethan - YOU'RE DOING IT AGAIN!!!
Either you are not using error checking AGAIN!!
OR
You are showing us re-typed in code that YOU DIDNT ACTUALLY RUN.
I've told you multiple times that you need to do these two things and
you are back at it again.
The sample php above has plain simple syntax errors that would keep it
from running, which error checking would tell you IF YOU RAN IT.
Jim -
Thank you.
I don't totally understand your reply ...
but I will try to answer
The code is taken from an operating program. My error checking is set
to maximum sensitivity.
If you would point out my syntax errors, I will fix them.
TIA
Ethan
you have semis after your if lines - therefore no logic gets executed.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Basic Auth
Im using basic auth for a few of my pages that I want to limit access to - nothing of a sensitive nature, but simply want to limit access to. Want to implement a signoff process, but can't figure it out. From the comments in the manual I take it one can't do this by simply unsetting the PHP_AUTH_USER and _PW vars. Can someone explain to me why this doesn't suffice? The signon process expects them to be there, so when they are not (after the 'unset'), how come my signon process still detects them and their values? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Auth
On 27 Aug 2013, at 14:37, Jim Giner jim.gi...@albanyhandball.com wrote: Im using basic auth for a few of my pages that I want to limit access to - nothing of a sensitive nature, but simply want to limit access to. Want to implement a signoff process, but can't figure it out. From the comments in the manual I take it one can't do this by simply unsetting the PHP_AUTH_USER and _PW vars. Can someone explain to me why this doesn't suffice? The signon process expects them to be there, so when they are not (after the 'unset'), how come my signon process still detects them and their values? The global variables you're referring to are just that, global variables; changing them will have no effect on the browser. Basic Auth was not designed to allow users to log out, but you can make it happen with some Javascript. Have your log out link call a Javascript function which sends an XMLHttpRequest with an invalid username and password. The server will return a 401 which you ignore and then take the user to whatever URL you want them to see after they log off. Not pretty, but it works. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Auth
On 8/27/2013 9:46 AM, Stuart Dallas wrote: On 27 Aug 2013, at 14:37, Jim Giner jim.gi...@albanyhandball.com wrote: Im using basic auth for a few of my pages that I want to limit access to - nothing of a sensitive nature, but simply want to limit access to. Want to implement a signoff process, but can't figure it out. From the comments in the manual I take it one can't do this by simply unsetting the PHP_AUTH_USER and _PW vars. Can someone explain to me why this doesn't suffice? The signon process expects them to be there, so when they are not (after the 'unset'), how come my signon process still detects them and their values? The global variables you're referring to are just that, global variables; changing them will have no effect on the browser. Basic Auth was not designed to allow users to log out, but you can make it happen with some Javascript. Have your log out link call a Javascript function which sends an XMLHttpRequest with an invalid username and password. The server will return a 401 which you ignore and then take the user to whatever URL you want them to see after they log off. Not pretty, but it works. -Stuart Thanks for the timely response! Before I try your suggestion - one question. Since when is a global variable not changeable? Doesn't the fact that it reflects a modified value when I do change it tell me it worked? I change the value to 'xxx' and show it having that value, but when the script is called again the old value appears. Very confusing! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Auth
On 27 Aug 2013, at 15:06, Jim Giner jim.gi...@albanyhandball.com wrote: On 8/27/2013 9:46 AM, Stuart Dallas wrote: On 27 Aug 2013, at 14:37, Jim Giner jim.gi...@albanyhandball.com wrote: Im using basic auth for a few of my pages that I want to limit access to - nothing of a sensitive nature, but simply want to limit access to. Want to implement a signoff process, but can't figure it out. From the comments in the manual I take it one can't do this by simply unsetting the PHP_AUTH_USER and _PW vars. Can someone explain to me why this doesn't suffice? The signon process expects them to be there, so when they are not (after the 'unset'), how come my signon process still detects them and their values? The global variables you're referring to are just that, global variables; changing them will have no effect on the browser. Basic Auth was not designed to allow users to log out, but you can make it happen with some Javascript. Have your log out link call a Javascript function which sends an XMLHttpRequest with an invalid username and password. The server will return a 401 which you ignore and then take the user to whatever URL you want them to see after they log off. Not pretty, but it works. -Stuart Thanks for the timely response! Before I try your suggestion - one question. Since when is a global variable not changeable? Doesn't the fact that it reflects a modified value when I do change it tell me it worked? I change the value to 'xxx' and show it having that value, but when the script is called again the old value appears. Very confusing! I didn't say you couldn't change it, I said doing so will have no effect on the browser. It's not really confusing so long as you understand how PHP works. Each request is brand new - nothing is retained from previous requests. The two variable you're changing are set by PHP when the request comes in from the browser. The fact you changed them in a previous request is irrelevant because 1) that change was not communicated to the browser in any way, and 2) PHP doesn't retain any data between requests [1]. If you've been coding assuming that changes you make to global variables are retained between requests you must have been having some pretty frustrating times! -Stuart [1] The one exception to this is $_SESSION, but it's important to know how that works. The $_SESSION array is populated when you call session_start(). It's loaded from some form of storage (files by default) and unserialised in to $_SESSION. When the session is closed, either implicitly by the request ending or by a call to one of the methods that explicitly do it, the contents are serialised to the storage system. Once closed, any changes to $_SESSION will not be stored; it becomes just another superglobal (not that it was ever anything else). -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Auth
On 8/27/2013 10:14 AM, Stuart Dallas wrote: It's not really confusing so long as you understand how PHP works. Each request is brand new - nothing is retained from previous requests. The two variable you're changing are set by PHP when the request comes in from the browser. The fact you changed them in a previous request is irrelevant because 1) that change was not communicated to the browser in any way, and 2) PHP doesn't retain any data between requests [1]. If you've been coding assuming that changes you make to global variables are retained between requests you must have been having some pretty frustrating times! -Stuart Not really - this is the first time I've had something not work as expected. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Auth
On 27 Aug 2013, at 15:18, Jim Giner jim.gi...@albanyhandball.com wrote: On 8/27/2013 10:14 AM, Stuart Dallas wrote: It's not really confusing so long as you understand how PHP works. Each request is brand new - nothing is retained from previous requests. The two variable you're changing are set by PHP when the request comes in from the browser. The fact you changed them in a previous request is irrelevant because 1) that change was not communicated to the browser in any way, and 2) PHP doesn't retain any data between requests [1]. If you've been coding assuming that changes you make to global variables are retained between requests you must have been having some pretty frustrating times! -Stuart Not really - this is the first time I've had something not work as expected. That was said with my tongue very much firmly in my cheek, and so is this: I've been playing with dynamite since I was 4 - hey, it must be a safe, proper thing to do! Just because nothing has blown up in your face yet doesn't mean it won't, and I'm concerned that you might not actually see how important it is to make sure you're using the tool correctly. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Auth
On 8/27/2013 10:39 AM, Stuart Dallas wrote:
On 27 Aug 2013, at 15:18, Jim Giner jim.gi...@albanyhandball.com wrote:
On 8/27/2013 10:14 AM, Stuart Dallas wrote:
It's not really confusing so long as you understand how PHP works. Each request
is brand new - nothing is retained from previous requests. The two variable
you're changing are set by PHP when the request comes in from the browser. The
fact you changed them in a previous request is irrelevant because 1) that
change was not communicated to the browser in any way, and 2) PHP doesn't
retain any data between requests [1].
If you've been coding assuming that changes you make to global variables are
retained between requests you must have been having some pretty frustrating
times!
-Stuart
Not really - this is the first time I've had something not work as expected.
That was said with my tongue very much firmly in my cheek, and so is this:
I've been playing with dynamite since I was 4 - hey, it must be a safe,
proper thing to do!
Just because nothing has blown up in your face yet doesn't mean it won't, and
I'm concerned that you might not actually see how important it is to make sure
you're using the tool correctly.
-Stuart
This may very well be the first time with this problem because I haven't
tried anything like this before.
That said - can you give me some pointers on how to do the JS solution?
I'm calling a script that is similar to the one I used to signon. It
sends out something like:
header(WWW-Authenticate: Basic realm=$realm);
header('HTTP/1.0 401 Unauthorized');
echo h3You have entered invalid credentialsbr;
echo Click a href='$return_url' here /a to return to the
menu.;
exit();
when it doesn't detect the PHP_AUTH_USER or it is an invalid value.
So - to effect a signoff, what does one do? You said to use an invalid
value, but what do I do with that? How do I ignore the 401? Now I'm
getting the signin dialog and I'm stuck.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Auth
On 27 Aug 2013, at 15:51, Jim Giner jim.gi...@albanyhandball.com wrote:
On 8/27/2013 10:39 AM, Stuart Dallas wrote:
On 27 Aug 2013, at 15:18, Jim Giner jim.gi...@albanyhandball.com wrote:
On 8/27/2013 10:14 AM, Stuart Dallas wrote:
It's not really confusing so long as you understand how PHP works. Each
request is brand new - nothing is retained from previous requests. The two
variable you're changing are set by PHP when the request comes in from the
browser. The fact you changed them in a previous request is irrelevant
because 1) that change was not communicated to the browser in any way, and
2) PHP doesn't retain any data between requests [1].
If you've been coding assuming that changes you make to global variables
are retained between requests you must have been having some pretty
frustrating times!
-Stuart
Not really - this is the first time I've had something not work as expected.
That was said with my tongue very much firmly in my cheek, and so is this:
I've been playing with dynamite since I was 4 - hey, it must be a safe,
proper thing to do!
Just because nothing has blown up in your face yet doesn't mean it won't,
and I'm concerned that you might not actually see how important it is to
make sure you're using the tool correctly.
-Stuart
This may very well be the first time with this problem because I haven't
tried anything like this before.
That said - can you give me some pointers on how to do the JS solution? I'm
calling a script that is similar to the one I used to signon. It sends out
something like:
header(WWW-Authenticate: Basic realm=$realm);
header('HTTP/1.0 401 Unauthorized');
echo h3You have entered invalid credentialsbr;
echo Click a href='$return_url' here /a to return to the menu.;
exit();
when it doesn't detect the PHP_AUTH_USER or it is an invalid value.
So - to effect a signoff, what does one do? You said to use an invalid
value, but what do I do with that? How do I ignore the 401? Now I'm
getting the signin dialog and I'm stuck.
You don't need to do anything on the server-side. You simply need a JS function
that sends a request to a URL that requires basic auth, with an Authenticate
header that contains an invalid username and password. Then, when your server
responds with a 401 Authentication required (which it should already do for an
invalid request) you can set location.href to whatever URL you want the logged
out user to see.
If you don't know how to make a request from Javascript -- commonly known as an
AJAX request -- then google for it. I'd recommend the jquery library if you
want a very easy way to do it.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Auth
On 8/27/2013 10:55 AM, Stuart Dallas wrote:
On 27 Aug 2013, at 15:51, Jim Giner jim.gi...@albanyhandball.com wrote:
On 8/27/2013 10:39 AM, Stuart Dallas wrote:
On 27 Aug 2013, at 15:18, Jim Giner jim.gi...@albanyhandball.com wrote:
On 8/27/2013 10:14 AM, Stuart Dallas wrote:
It's not really confusing so long as you understand how PHP works. Each request
is brand new - nothing is retained from previous requests. The two variable
you're changing are set by PHP when the request comes in from the browser. The
fact you changed them in a previous request is irrelevant because 1) that
change was not communicated to the browser in any way, and 2) PHP doesn't
retain any data between requests [1].
If you've been coding assuming that changes you make to global variables are
retained between requests you must have been having some pretty frustrating
times!
-Stuart
Not really - this is the first time I've had something not work as expected.
That was said with my tongue very much firmly in my cheek, and so is this:
I've been playing with dynamite since I was 4 - hey, it must be a safe,
proper thing to do!
Just because nothing has blown up in your face yet doesn't mean it won't, and
I'm concerned that you might not actually see how important it is to make sure
you're using the tool correctly.
-Stuart
This may very well be the first time with this problem because I haven't tried
anything like this before.
That said - can you give me some pointers on how to do the JS solution? I'm
calling a script that is similar to the one I used to signon. It sends out
something like:
header(WWW-Authenticate: Basic realm=$realm);
header('HTTP/1.0 401 Unauthorized');
echo h3You have entered invalid credentialsbr;
echo Click a href='$return_url' here /a to return to the menu.;
exit();
when it doesn't detect the PHP_AUTH_USER or it is an invalid value.
So - to effect a signoff, what does one do? You said to use an invalid value,
but what do I do with that? How do I ignore the 401? Now I'm getting the
signin dialog and I'm stuck.
You don't need to do anything on the server-side. You simply need a JS function
that sends a request to a URL that requires basic auth, with an Authenticate
header that contains an invalid username and password. Then, when your server
responds with a 401 Authentication required (which it should already do for an
invalid request) you can set location.href to whatever URL you want the logged
out user to see.
If you don't know how to make a request from Javascript -- commonly known as an
AJAX request -- then google for it. I'd recommend the jquery library if you
want a very easy way to do it.
-Stuart
I am familiar with an ajax request (xmlhttprequest) and I have a
function ready to call a script to effect this signoff. I just don't
know what to put in that php script I'm calling. From what you just
wrote I'm guessing that my headers as shown previously may be close -
Im confused about your mention of contains an invalid username
As you can see from my sample I don't include such a thing.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Off the wall - sub-domain question
On Wed, Aug 21, 2013 at 5:16 PM, Jim Giner jim.gi...@albanyhandball.com wrote: I have a main domain (of course) and a sub domain. I'm really trying to steer my personal stuff away from the main one and have focused all of my php development to the sub-domain. Lately I noticed that google catalogs my sub-domain site stuff under the main domain name and the links that come up lead to that domain name with the path that takes the user to the sub-domain's home folder and beyond. Is there something that php (apache??) can do to control either google's robots or the user's view (url) so that it appears as a page of my sub-domain? I'm really new at this stuff and know nothing. I'm lucky that google is even finding my site! You'd probably want to do some 301 redirects with mod_rewrite to force the domain over to the subdomain if under that directory. In so doing, Google (and other search engines) will drop the /subdomain folder, and index only the destination. -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Fwd: [PHP] Basic Auth
Oops, sent this message from the wrong email address, so the list rejected it.
Begin forwarded message:
From: Stuart Dallas stu...@3ft9.com
Subject: Re: [PHP] Basic Auth
Date: 27 August 2013 16:36:27 BST
To: jim.gi...@albanyhandball.com
Cc: php-general@lists.php.net
On 27 Aug 2013, at 15:59, Jim Giner jim.gi...@albanyhandball.com wrote:
On 8/27/2013 10:55 AM, Stuart Dallas wrote:
On 27 Aug 2013, at 15:51, Jim Giner jim.gi...@albanyhandball.com wrote:
On 8/27/2013 10:39 AM, Stuart Dallas wrote:
On 27 Aug 2013, at 15:18, Jim Giner jim.gi...@albanyhandball.com wrote:
On 8/27/2013 10:14 AM, Stuart Dallas wrote:
It's not really confusing so long as you understand how PHP works. Each
request is brand new - nothing is retained from previous requests. The
two variable you're changing are set by PHP when the request comes in
from the browser. The fact you changed them in a previous request is
irrelevant because 1) that change was not communicated to the browser
in any way, and 2) PHP doesn't retain any data between requests [1].
If you've been coding assuming that changes you make to global
variables are retained between requests you must have been having some
pretty frustrating times!
-Stuart
Not really - this is the first time I've had something not work as
expected.
That was said with my tongue very much firmly in my cheek, and so is this:
I've been playing with dynamite since I was 4 - hey, it must be a safe,
proper thing to do!
Just because nothing has blown up in your face yet doesn't mean it won't,
and I'm concerned that you might not actually see how important it is to
make sure you're using the tool correctly.
-Stuart
This may very well be the first time with this problem because I haven't
tried anything like this before.
That said - can you give me some pointers on how to do the JS solution?
I'm calling a script that is similar to the one I used to signon. It
sends out something like:
header(WWW-Authenticate: Basic realm=$realm);
header('HTTP/1.0 401 Unauthorized');
echo h3You have entered invalid credentialsbr;
echo Click a href='$return_url' here /a to return to the menu.;
exit();
when it doesn't detect the PHP_AUTH_USER or it is an invalid value.
So - to effect a signoff, what does one do? You said to use an invalid
value, but what do I do with that? How do I ignore the 401? Now I'm
getting the signin dialog and I'm stuck.
You don't need to do anything on the server-side. You simply need a JS
function that sends a request to a URL that requires basic auth, with an
Authenticate header that contains an invalid username and password. Then,
when your server responds with a 401 Authentication required (which it
should already do for an invalid request) you can set location.href to
whatever URL you want the logged out user to see.
If you don't know how to make a request from Javascript -- commonly known
as an AJAX request -- then google for it. I'd recommend the jquery library
if you want a very easy way to do it.
-Stuart
I am familiar with an ajax request (xmlhttprequest) and I have a function
ready to call a script to effect this signoff. I just don't know what to
put in that php script I'm calling. From what you just wrote I'm guessing
that my headers as shown previously may be close - Im confused about your
mention of contains an invalid username As you can see from my sample
I don't include such a thing.
For the last time: YOU DO NOT NEED TO MAKE ANY CHANGES SERVER-SIDE.
From the Javascript, request any URL that requires authentication - it
doesn't matter. When you make the AJAX request, pass an Authentication header
that contains an invalid username and password. If you don't know what I mean
by that, please google how HTTP Basic Auth works.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Permissions
On Tue, Aug 27, 2013 at 3:07 AM, David Robley robl...@zoho.com wrote: I beg to differ here. If the x bit isn't set on a directory, that will prevent scanning of the directory; in this case apache will be prevented from scanning the directory and will return a 403. Well, that's partially correct. If a directory is owned by someone other than the current user (for example, root) and is 0776, you can list the directory content from outside of the directory to get a basic file listing. What you won't get by doing that, however, is anything other than the file name and type, because the kernel is forbidden from executing mtime, ctime, and owner/group queries on the files. In addition, you won't be able to enter the directory (cd). That said, if Ethan is running his Apache server as the user 'ethan' (which isn't mentioned) then it would be fine regardless. As for the 's' notation, that's either a bitmask of 0400 or 0200, which are for setuid and setgid, respectively. -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Fwd: [PHP] Basic Auth
On 8/27/2013 11:56 AM, Stuart Dallas wrote:
Oops, sent this message from the wrong email address, so the list rejected it.
Begin forwarded message:
From: Stuart Dallas stu...@3ft9.com
Subject: Re: [PHP] Basic Auth
Date: 27 August 2013 16:36:27 BST
To: jim.gi...@albanyhandball.com
Cc: php-general@lists.php.net
On 27 Aug 2013, at 15:59, Jim Giner jim.gi...@albanyhandball.com wrote:
On 8/27/2013 10:55 AM, Stuart Dallas wrote:
On 27 Aug 2013, at 15:51, Jim Giner jim.gi...@albanyhandball.com wrote:
On 8/27/2013 10:39 AM, Stuart Dallas wrote:
On 27 Aug 2013, at 15:18, Jim Giner jim.gi...@albanyhandball.com wrote:
On 8/27/2013 10:14 AM, Stuart Dallas wrote:
It's not really confusing so long as you understand how PHP works. Each request
is brand new - nothing is retained from previous requests. The two variable
you're changing are set by PHP when the request comes in from the browser. The
fact you changed them in a previous request is irrelevant because 1) that
change was not communicated to the browser in any way, and 2) PHP doesn't
retain any data between requests [1].
If you've been coding assuming that changes you make to global variables are
retained between requests you must have been having some pretty frustrating
times!
-Stuart
Not really - this is the first time I've had something not work as expected.
That was said with my tongue very much firmly in my cheek, and so is this:
I've been playing with dynamite since I was 4 - hey, it must be a safe,
proper thing to do!
Just because nothing has blown up in your face yet doesn't mean it won't, and
I'm concerned that you might not actually see how important it is to make sure
you're using the tool correctly.
-Stuart
This may very well be the first time with this problem because I haven't tried
anything like this before.
That said - can you give me some pointers on how to do the JS solution? I'm
calling a script that is similar to the one I used to signon. It sends out
something like:
header(WWW-Authenticate: Basic realm=$realm);
header('HTTP/1.0 401 Unauthorized');
echo h3You have entered invalid credentialsbr;
echo Click a href='$return_url' here /a to return to the menu.;
exit();
when it doesn't detect the PHP_AUTH_USER or it is an invalid value.
So - to effect a signoff, what does one do? You said to use an invalid value,
but what do I do with that? How do I ignore the 401? Now I'm getting the
signin dialog and I'm stuck.
You don't need to do anything on the server-side. You simply need a JS function
that sends a request to a URL that requires basic auth, with an Authenticate
header that contains an invalid username and password. Then, when your server
responds with a 401 Authentication required (which it should already do for an
invalid request) you can set location.href to whatever URL you want the logged
out user to see.
If you don't know how to make a request from Javascript -- commonly known as an
AJAX request -- then google for it. I'd recommend the jquery library if you
want a very easy way to do it.
-Stuart
I am familiar with an ajax request (xmlhttprequest) and I have a function ready to call a
script to effect this signoff. I just don't know what to put in that php script I'm calling.
From what you just wrote I'm guessing that my headers as shown previously may be close -
Im confused about your mention of contains an invalid username As you
can see from my sample I don't include such a thing.
For the last time: YOU DO NOT NEED TO MAKE ANY CHANGES SERVER-SIDE.
From the Javascript, request any URL that requires authentication - it doesn't
matter. When you make the AJAX request, pass an Authentication header that
contains an invalid username and password. If you don't know what I mean by
that, please google how HTTP Basic Auth works.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
It's not the basic auth that I'm having the issue with - it's the
'header' thing and understanding what a 401 is doing and how I'm to
ignore it. Never had to play with these things before and this part is
all new. Let's face it - I'm an applications guy, not a systems guy.
All this talk of headers and such is greek to me.
I have spent the last hour googling away on this topic - still no
understanding.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to send post-variables in a Location header
On Mon, Aug 26, 2013 at 3:48 PM, Ajay Garg ajaygargn...@gmail.com wrote:
Hi all.
I have a scenario, wherein I need to do something like this ::
###
$original_url = /autologin.php;
$username = ajay;
$password = garg;
header('Location: ' . $original_url);
###
As can be seen, I wish to redirect to the URL autologin.php.
Additionally, I wish to pass two POST key-value pairs :: user=ajay and
password=garg (I understand that passing GET key-value pairs is trivial).
Is it even possible?
If yes, I will be grateful if someone could let me know how to redirect to
a URL, passing the POST key-value pairs as necessary.
No. Sending a 'Location:' header issues an HTTP 301 by default,
which means the browser will follow it using a GET request. If you
can't pass the information from one location to another using sessions
or (less ideally) cookies, you might consider doing a cURL POST
request in the background and passing the session ID back to the
browser, and having it handle it appropriately (read: session
hijack).
--
/Daniel P. Brown
Network Infrastructure Manager
http://www.php.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Basic Auth
On 27/08/13 15:37, Jim Giner wrote: Im using basic auth for a few of my pages that I want to limit access to - nothing of a sensitive nature, but simply want to limit access to. Want to implement a signoff process, but can't figure it out. From the comments in the manual I take it one can't do this by simply unsetting the PHP_AUTH_USER and _PW vars. Can someone explain to me why this doesn't suffice? The signon process expects them to be there, so when they are not (after the 'unset'), how come my signon process still detects them and their values? Hello Jim, at the risk of under-estimating your knowledge (and over-estimating mine) of HTTP-requests in PHP - but here it goes. I see two options of bypassing the JavaScript option. The first one is to use the default authorization, and error pages of your HTTP server. (For example, in Apache: http://httpd.apache.org/docs/2.2/custom-error.html) This is for a login with invalid credentials. For some-one to leave the protected site, a HTTP-request without credentials, and to a URI outside the protected domain, should do (as every HTTP request into the protected domain should repeat the Authorisation header). The second one is to leave header(), and go down one level, to the likes of fsockopen() or stream_socket_server() - though personally, I've only limited knowledge of a bit of client-side programming. Unless I've completely misunderstood your question, Hope this helps, Bert -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] exec and system do not work
On Sun, Aug 25, 2013 at 11:41 PM, Ethan Rosenberg
erosenb...@hygeiabiomedical.com wrote:
Dear List -
I'm lost on this one -
This works -
$out = system(ls -l ,$retvals);
printf(%s, $out);
This does -
echo exec(ls -l);
This does not -
if( !file_exists(/var/www/orders.txt));
{
$out = system(touch /var/www/orders.txt, $ret);
$out2 = system(chmod 766 /var/www/orders.txt, $ret);
echo 'file2br /';
echo file_exists(/var/www/orders.txt);
}
?php echo `whoami`; ?
--
/Daniel P. Brown
Network Infrastructure Manager
http://www.php.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Auth
On 27 Aug 2013, at 17:28, Jim Giner jim.gi...@albanyhandball.com wrote:
On 8/27/2013 11:56 AM, Stuart Dallas wrote:
Oops, sent this message from the wrong email address, so the list rejected
it.
Begin forwarded message:
From: Stuart Dallas stu...@3ft9.com
Subject: Re: [PHP] Basic Auth
Date: 27 August 2013 16:36:27 BST
To: jim.gi...@albanyhandball.com
Cc: php-general@lists.php.net
On 27 Aug 2013, at 15:59, Jim Giner jim.gi...@albanyhandball.com wrote:
On 8/27/2013 10:55 AM, Stuart Dallas wrote:
On 27 Aug 2013, at 15:51, Jim Giner jim.gi...@albanyhandball.com wrote:
On 8/27/2013 10:39 AM, Stuart Dallas wrote:
On 27 Aug 2013, at 15:18, Jim Giner jim.gi...@albanyhandball.com
wrote:
On 8/27/2013 10:14 AM, Stuart Dallas wrote:
It's not really confusing so long as you understand how PHP works.
Each request is brand new - nothing is retained from previous
requests. The two variable you're changing are set by PHP when the
request comes in from the browser. The fact you changed them in a
previous request is irrelevant because 1) that change was not
communicated to the browser in any way, and 2) PHP doesn't retain any
data between requests [1].
If you've been coding assuming that changes you make to global
variables are retained between requests you must have been having
some pretty frustrating times!
-Stuart
Not really - this is the first time I've had something not work as
expected.
That was said with my tongue very much firmly in my cheek, and so is
this:
I've been playing with dynamite since I was 4 - hey, it must be a
safe, proper thing to do!
Just because nothing has blown up in your face yet doesn't mean it
won't, and I'm concerned that you might not actually see how important
it is to make sure you're using the tool correctly.
-Stuart
This may very well be the first time with this problem because I haven't
tried anything like this before.
That said - can you give me some pointers on how to do the JS solution?
I'm calling a script that is similar to the one I used to signon. It
sends out something like:
header(WWW-Authenticate: Basic realm=$realm);
header('HTTP/1.0 401 Unauthorized');
echo h3You have entered invalid credentialsbr;
echo Click a href='$return_url' here /a to return to the
menu.;
exit();
when it doesn't detect the PHP_AUTH_USER or it is an invalid value.
So - to effect a signoff, what does one do? You said to use an invalid
value, but what do I do with that? How do I ignore the 401? Now I'm
getting the signin dialog and I'm stuck.
You don't need to do anything on the server-side. You simply need a JS
function that sends a request to a URL that requires basic auth, with an
Authenticate header that contains an invalid username and password. Then,
when your server responds with a 401 Authentication required (which it
should already do for an invalid request) you can set location.href to
whatever URL you want the logged out user to see.
If you don't know how to make a request from Javascript -- commonly known
as an AJAX request -- then google for it. I'd recommend the jquery
library if you want a very easy way to do it.
-Stuart
I am familiar with an ajax request (xmlhttprequest) and I have a function
ready to call a script to effect this signoff. I just don't know what to
put in that php script I'm calling. From what you just wrote I'm guessing
that my headers as shown previously may be close - Im confused about
your mention of contains an invalid username As you can see from my
sample I don't include such a thing.
For the last time: YOU DO NOT NEED TO MAKE ANY CHANGES SERVER-SIDE.
From the Javascript, request any URL that requires authentication - it
doesn't matter. When you make the AJAX request, pass an Authentication
header that contains an invalid username and password. If you don't know
what I mean by that, please google how HTTP Basic Auth works.
-Stuart
It's not the basic auth that I'm having the issue with - it's the 'header'
thing and understanding what a 401 is doing and how I'm to ignore it. Never
had to play with these things before and this part is all new. Let's face it
- I'm an applications guy, not a systems guy. All this talk of headers and
such is greek to me.
HTTP headers are as important for application guys as they are for systems
guys. I appreciate that this may be new to you, but it's pretty basic knowledge
about how HTTP works.
Basic auth is simple, and you need to understand how it works to understand
what I've been trying to say. Here's how HTTP auth works:
1) Browser hits page.
2) The PHP script knows this page requires HTTP Auth, checks the
PHP_AUTH_[USER|PW] variables but doesn't find anything, so it responds with an
HTTP status of 401 Unauthorised.
3) The browser gets the 401 response and displays the login box.
4) User enters username and password.
Re: [PHP] Basic Auth
On 8/27/2013 12:53 PM, Stuart Dallas wrote:
On 27 Aug 2013, at 17:28, Jim Giner jim.gi...@albanyhandball.com wrote:
On 8/27/2013 11:56 AM, Stuart Dallas wrote:
Oops, sent this message from the wrong email address, so the list rejected it.
Begin forwarded message:
From: Stuart Dallas stu...@3ft9.com
Subject: Re: [PHP] Basic Auth
Date: 27 August 2013 16:36:27 BST
To: jim.gi...@albanyhandball.com
Cc: php-general@lists.php.net
On 27 Aug 2013, at 15:59, Jim Giner jim.gi...@albanyhandball.com wrote:
On 8/27/2013 10:55 AM, Stuart Dallas wrote:
On 27 Aug 2013, at 15:51, Jim Giner jim.gi...@albanyhandball.com wrote:
On 8/27/2013 10:39 AM, Stuart Dallas wrote:
On 27 Aug 2013, at 15:18, Jim Giner jim.gi...@albanyhandball.com wrote:
On 8/27/2013 10:14 AM, Stuart Dallas wrote:
It's not really confusing so long as you understand how PHP works. Each request
is brand new - nothing is retained from previous requests. The two variable
you're changing are set by PHP when the request comes in from the browser. The
fact you changed them in a previous request is irrelevant because 1) that
change was not communicated to the browser in any way, and 2) PHP doesn't
retain any data between requests [1].
If you've been coding assuming that changes you make to global variables are
retained between requests you must have been having some pretty frustrating
times!
-Stuart
Not really - this is the first time I've had something not work as expected.
That was said with my tongue very much firmly in my cheek, and so is this:
I've been playing with dynamite since I was 4 - hey, it must be a safe,
proper thing to do!
Just because nothing has blown up in your face yet doesn't mean it won't, and
I'm concerned that you might not actually see how important it is to make sure
you're using the tool correctly.
-Stuart
This may very well be the first time with this problem because I haven't tried
anything like this before.
That said - can you give me some pointers on how to do the JS solution? I'm
calling a script that is similar to the one I used to signon. It sends out
something like:
header(WWW-Authenticate: Basic realm=$realm);
header('HTTP/1.0 401 Unauthorized');
echo h3You have entered invalid credentialsbr;
echo Click a href='$return_url' here /a to return to the menu.;
exit();
when it doesn't detect the PHP_AUTH_USER or it is an invalid value.
So - to effect a signoff, what does one do? You said to use an invalid value,
but what do I do with that? How do I ignore the 401? Now I'm getting the
signin dialog and I'm stuck.
You don't need to do anything on the server-side. You simply need a JS function
that sends a request to a URL that requires basic auth, with an Authenticate
header that contains an invalid username and password. Then, when your server
responds with a 401 Authentication required (which it should already do for an
invalid request) you can set location.href to whatever URL you want the logged
out user to see.
If you don't know how to make a request from Javascript -- commonly known as an
AJAX request -- then google for it. I'd recommend the jquery library if you
want a very easy way to do it.
-Stuart
I am familiar with an ajax request (xmlhttprequest) and I have a function ready to call a
script to effect this signoff. I just don't know what to put in that php script I'm calling.
From what you just wrote I'm guessing that my headers as shown previously may be close -
Im confused about your mention of contains an invalid username As you
can see from my sample I don't include such a thing.
For the last time: YOU DO NOT NEED TO MAKE ANY CHANGES SERVER-SIDE.
From the Javascript, request any URL that requires authentication - it doesn't
matter. When you make the AJAX request, pass an Authentication header that
contains an invalid username and password. If you don't know what I mean by
that, please google how HTTP Basic Auth works.
-Stuart
It's not the basic auth that I'm having the issue with - it's the 'header'
thing and understanding what a 401 is doing and how I'm to ignore it. Never
had to play with these things before and this part is all new. Let's face it -
I'm an applications guy, not a systems guy. All this talk of headers and such
is greek to me.
HTTP headers are as important for application guys as they are for systems
guys. I appreciate that this may be new to you, but it's pretty basic knowledge
about how HTTP works.
Basic auth is simple, and you need to understand how it works to understand
what I've been trying to say. Here's how HTTP auth works:
1) Browser hits page.
2) The PHP script knows this page requires HTTP Auth, checks the
PHP_AUTH_[USER|PW] variables but doesn't find anything, so it responds with an
HTTP status of 401 Unauthorised.
3) The browser gets the 401 response and displays the login box.
4) User enters username and password.
5) Browser sends the request again, but
Re: [PHP] Re: Permissions
On 08/27/2013 03:07 AM, David Robley wrote: Ashley Sheridan wrote: On Tue, 2013-08-27 at 16:16 +0930, David Robley wrote: Ethan Rosenberg wrote: Dear List - Tried to run the program, that we have been discussing, and received a 403 error. rosenberg:/var/www# ls -la StoreInventory.php -rwxrwxrw- 1 ethan ethan 4188 Aug 26 20:26 StoreInventory.php rosenberg:/var# ls -ld www drwxrwxrw- 37 ethan ethan 20480 Aug 26 20:26 www I had set the S bit [probably a nasty mistake] and I thought I was able to remove the bit. [it doesn't show above] How do I extricate myself from the hole into which I have planted myself? TIA Ethan This is in no way a php question, as the same result will happen no matter what you ask apache to serve from that directory. You have the directory permissions set to 776 not 777. -- Cheers David Robley Steal this tagline and I'll tie-dye your cat! 776 won't matter in the case of a directory, as the last bit is for the eXecute permissions, which aren't applicable to a directory. What I beg to differ here. If the x bit isn't set on a directory, that will prevent scanning of the directory; in this case apache will be prevented from scanning the directory and will return a 403. It's possible that this is an SELinux issue, which adds an extra layer of permissions over files. To see what those permissions are, use the -Z flag for ls. Also, check the SELinux logs (assuming that it's running and it is causing a problem) to see if it brings up anything. It's typically found on RedHat-based distros. Thanks, Ash http://www.ashleysheridan.co.uk I checked with the -Z option ethan@rosenberg:/var/www$ ls -lZ StoreInventory.php -rwxrwsr-t 1 ethan ethan ? 4232 Aug 27 00:18 StoreInventory.php Ethan PS David- I promise that I will not steal your tag line. My short hair American tabby cat [Gingy Feline Rosenberg]is too nice to have anything done to her. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Permissions
On 08/27/2013 01:52 PM, Ethan Rosenberg wrote: On 08/27/2013 03:07 AM, David Robley wrote: Ashley Sheridan wrote: On Tue, 2013-08-27 at 16:16 +0930, David Robley wrote: Ethan Rosenberg wrote: Dear List - Tried to run the program, that we have been discussing, and received a 403 error. rosenberg:/var/www# ls -la StoreInventory.php -rwxrwxrw- 1 ethan ethan 4188 Aug 26 20:26 StoreInventory.php rosenberg:/var# ls -ld www drwxrwxrw- 37 ethan ethan 20480 Aug 26 20:26 www I had set the S bit [probably a nasty mistake] and I thought I was able to remove the bit. [it doesn't show above] How do I extricate myself from the hole into which I have planted myself? TIA Ethan This is in no way a php question, as the same result will happen no matter what you ask apache to serve from that directory. You have the directory permissions set to 776 not 777. -- Cheers David Robley Steal this tagline and I'll tie-dye your cat! 776 won't matter in the case of a directory, as the last bit is for the eXecute permissions, which aren't applicable to a directory. What I beg to differ here. If the x bit isn't set on a directory, that will prevent scanning of the directory; in this case apache will be prevented from scanning the directory and will return a 403. It's possible that this is an SELinux issue, which adds an extra layer of permissions over files. To see what those permissions are, use the -Z flag for ls. Also, check the SELinux logs (assuming that it's running and it is causing a problem) to see if it brings up anything. It's typically found on RedHat-based distros. Thanks, Ash http://www.ashleysheridan.co.uk I checked with the -Z option ethan@rosenberg:/var/www$ ls -lZ StoreInventory.php -rwxrwsr-t 1 ethan ethan ? 4232 Aug 27 00:18 StoreInventory.php Ethan PS David- I promise that I will not steal your tag line. My short hair American tabby cat [Gingy Feline Rosenberg]is too nice to have anything done to her. This has really morphed into a Debian issue. I have sent it to the Debian list. I will keep you informed. Ethan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Permissions
On 08/27/2013 03:31 PM, Steven Post wrote:
On Tue, 2013-08-27 at 13:43 -0400, Ethan Rosenberg wrote:
Dear List -
I apologize for this needle in a haystack but...
This was originally posted on the PHP list, but has changed into a
Debian question...
Tried to run the program, that we have been discussing,{on the PHP list}
and received a 403 error.
rosenberg:/var/www# ls -la StoreInventory.php
-rwxrwxrw- 1 ethan ethan 4188 Aug 26 20:26 StoreInventory.php
rosenberg:/var# ls -ld www
drwxrwxrw- 37 ethan ethan 20480 Aug 26 20:26 www
I had set the S bit [probably a nasty mistake] and I thought I was able
to remove the bit. [it doesn't show above]
I made the following stupid mistakes...
note commands from the root prompt have a su appended
467 chown -R ethan:www-data wwwsu
469 chown -R ethan:www-data wwwsu
470 chmod -R g+s www su
471 chgrp -R www su
477 chgrp -R ethan www su
480 chmod -R 766 www su
482 chmod g-S www su
485 chmod -S www su
486 chmod g S www su
487 chmod gS www su
488 chmod S wwwsu
489 chmod 776 www su
492 chmod 776 -R www su
494 chmod -s -R wwwsu
504 chmod 666 StoreInventory.php
512 chmod 3775 StoreInventory.php
I now have
ethan@rosenberg:/var/www$ ls -la StoreInventory.php
-rwxrwsr-t 1 ethan ethan 4232 Aug 27 00:18 StoreInventory.php
ethan@rosenberg:/var$ ls -ld www
drwxrwxrw- 37 ethan ethan 20480 Aug 26 20:26 www
and still have the 403 error.
How do I extricate myself from the hole into which I have planted myself?
The problem appears to be that Apache does not have access to the file.
Looking at the permissions of the file it should work, however, apache
is not able to go into your /var/www folder. Either you need to set
www-data as the owner of the directory, or as the group owner, or,
possibility number 3, give execute rights to 'others' on that folder.
Pick one (you might need to be root for the first 2 in your situation):
1) chown www-data /var/www
2) chgrp www-data /var/www
3) chmod -R o+X /var/www
Note the capital 'X' on option 3, this gives execute permissions on
folders only, not files, as the -R means all files and subdirectories as
well.
The 't' is known as the sticky bit if I recall correctly, set with 1 on
the first number in a 4 number chmod command, for details see [1].
I guess in your case you can use 0664 for the files and 0775 for
directories (or 0640 and 0750 if you set owner or group back to
www-data)
Best regards,
Steven
you wrote about a 403 error, so I assume you invoke the script by
calling a webserver via browser.
In that case the webserver needs the permission to access /var/www and
to read StoreInventory.php.
By default the webserver runs as user/group www-data (it can be changed
in the webservers config-file(s)).
Try this:
#chown -R ethan:www-data /var/www
#chmod 775 /var/www
#chmod 640 /var/www/StoreInventory.php
Your ls should return something like this:
$ls -hal /var/www
drwxr-x--- 1 ethan www-data 4.0K Jun 3 20:35 .
-rw-r- 1 ethan www-data 623 Jun 3 20:35 StoreInventory.php
If that does not work you might check the configuration- and log-files
of your webserver.
Dear List -
I had to go to a meeting but before I left I tried one last thing -
chmod 000 www
chmod 0777 www
rosenberg:/var# ls -ld www
drwxrwxrwx 37 ethan ethan 20480 Aug 27 17:30 www
chown ethan StoreInventory.php
chgrp ethan StoreInventory.php
chmod 000 StoreInventory.php
chmod 777 StoreInventory.php
ethan@rosenberg:/var/www$ ls -la StoreInventory.php
-rwxrwxrwx 1 ethan ethan 4232 Aug 27 17:25 StoreInventory.php
when I returned...
IT WORKS!!!
Thanks to all.
Ethan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
