php-general Digest 27 Aug 2013 06:45:12 -0000 Issue 8346
php-general Digest 27 Aug 2013 06:45:12 - Issue 8346 Topics (messages 321971 through 321985): Re: exec and system do not work 321971 by: Jim Giner 321973 by: marco.behnke.biz 321976 by: Tamara Temple 321978 by: Ethan Rosenberg, PhD 321979 by: Tim Streater 321980 by: David Robley 321981 by: Ethan Rosenberg, PhD 321982 by: Jasper Kips 321983 by: David Robley How to send post-variables in a Location header 321972 by: Ajay Garg 321974 by: marco.behnke.biz 321975 by: Matijn Woudt 321977 by: Tamara Temple Permissions 321984 by: Ethan Rosenberg, PhD 321985 by: David Robley Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- On 8/26/2013 2:41 PM, Ethan Rosenberg wrote: On 08/26/2013 11:36 AM, ma...@behnke.biz wrote: Tamara Temple tamouse.li...@gmail.com hat am 26. August 2013 um 08:33 geschrieben: On Aug 25, 2013, at 10:41 PM, Ethan Rosenberg erosenb...@hygeiabiomedical.com wrote: Dear List - I'm lost on this one - This works - $out = system(ls -l ,$retvals); printf(%s, $out); This does - echo exec(ls -l); Please show the output of the directory listing. Please us ls -la This does not - if( !file_exists(/var/www/orders.txt)); { $out = system(touch /var/www/orders.txt, $ret); Maybe you don't have write permissions on the folder? $out2 = system(chmod 766 /var/www/orders.txt, $ret); echo 'file2br /'; echo file_exists(/var/www/orders.txt); } and this does not - if( !file_exists(/var/www/orders.txt)); { exec(touch /var/www/orders.txt); exec(chmod 766 /var/www/orders.txt); echo 'file2br /'; echo file_exists(/var/www/orders.txt); } Ethan When you say does not work, can you show what is actually not working? I believe the exec and system functions are likely working just fine, but that the commands you've passed to them may not be. -- Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: ma...@behnke.biz Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz Tamara - Please show the output of the directory listing. Please us ls -la echo exec('ls -la orders.txt'); -rw-rw-rw- 1 ethan ethan 43 Aug 25 23:50 orders.txt Maybe you don't have write permissions on the folder? If I perform the touch and chmod from the command line, everything works. When you say does not work, can you show what is actually not working? I believe the exec and system functions are likely working just fine, but that the commands you've passed to them may not be. Here are my commands. if( !file_exists(/var/www/orders.txt)); { echo system(touch /var/www/orders.txt, $ret); echo system(chmod 766 /var/www/orders.txt, $ret); echo 'file2br /'; echo file_exists(/var/www/orders.txt); } If I now try a ls from the command line, the return is cannot access /var/www/orders.txt: No such file or directory The ls -la works because the file was created from the command line. TIA Ethan Ethan - YOU'RE DOING IT AGAIN!!! Either you are not using error checking AGAIN!! OR You are showing us re-typed in code that YOU DIDNT ACTUALLY RUN. I've told you multiple times that you need to do these two things and you are back at it again. The sample php above has plain simple syntax errors that would keep it from running, which error checking would tell you IF YOU RAN IT. ---End Message--- ---BeginMessage--- Ethan Rosenberg erosenb...@hygeiabiomedical.com hat am 26. August 2013 um 20:41 geschrieben: Please show the output of the directory listing. Please us ls -la echo exec('ls -la orders.txt'); -rw-rw-rw- 1 ethan ethan 43 Aug 25 23:50 orders.txt Please supply the complete output. Especially the rights for . and .. Maybe you don't have write permissions on the folder? If I perform the touch and chmod from the command line, everything works. cli and ww are different users. ---End Message--- ---BeginMessage--- On Aug 26, 2013, at 1:41 PM, Ethan Rosenberg erosenb...@hygeiabiomedical.com wrote: On 08/26/2013 11:36 AM, ma...@behnke.biz wrote: Tamara Temple tamouse.li...@gmail.com hat am 26. August 2013 um 08:33 geschrieben: On Aug 25, 2013, at 10:41 PM, Ethan Rosenberg erosenb...@hygeiabiomedical.com wrote: Dear List - I'm lost on this one - This works - $out = system(ls -l ,$retvals); printf(%s, $out); This does - echo exec(ls -l); Please show the output of the directory listing. Please us ls -la This does not - if( !file_exists(/var/www/orders.txt)); { $out = system(touch
[PHP] Re: Permissions
Ethan Rosenberg wrote: Dear List - Tried to run the program, that we have been discussing, and received a 403 error. rosenberg:/var/www# ls -la StoreInventory.php -rwxrwxrw- 1 ethan ethan 4188 Aug 26 20:26 StoreInventory.php rosenberg:/var# ls -ld www drwxrwxrw- 37 ethan ethan 20480 Aug 26 20:26 www I had set the S bit [probably a nasty mistake] and I thought I was able to remove the bit. [it doesn't show above] How do I extricate myself from the hole into which I have planted myself? TIA Ethan This is in no way a php question, as the same result will happen no matter what you ask apache to serve from that directory. You have the directory permissions set to 776 not 777. -- Cheers David Robley Steal this tagline and I'll tie-dye your cat! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Permissions
On Tue, 2013-08-27 at 16:16 +0930, David Robley wrote: Ethan Rosenberg wrote: Dear List - Tried to run the program, that we have been discussing, and received a 403 error. rosenberg:/var/www# ls -la StoreInventory.php -rwxrwxrw- 1 ethan ethan 4188 Aug 26 20:26 StoreInventory.php rosenberg:/var# ls -ld www drwxrwxrw- 37 ethan ethan 20480 Aug 26 20:26 www I had set the S bit [probably a nasty mistake] and I thought I was able to remove the bit. [it doesn't show above] How do I extricate myself from the hole into which I have planted myself? TIA Ethan This is in no way a php question, as the same result will happen no matter what you ask apache to serve from that directory. You have the directory permissions set to 776 not 777. -- Cheers David Robley Steal this tagline and I'll tie-dye your cat! 776 won't matter in the case of a directory, as the last bit is for the eXecute permissions, which aren't applicable to a directory. What It's possible that this is an SELinux issue, which adds an extra layer of permissions over files. To see what those permissions are, use the -Z flag for ls. Also, check the SELinux logs (assuming that it's running and it is causing a problem) to see if it brings up anything. It's typically found on RedHat-based distros. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Re: Permissions
Ashley Sheridan wrote: On Tue, 2013-08-27 at 16:16 +0930, David Robley wrote: Ethan Rosenberg wrote: Dear List - Tried to run the program, that we have been discussing, and received a 403 error. rosenberg:/var/www# ls -la StoreInventory.php -rwxrwxrw- 1 ethan ethan 4188 Aug 26 20:26 StoreInventory.php rosenberg:/var# ls -ld www drwxrwxrw- 37 ethan ethan 20480 Aug 26 20:26 www I had set the S bit [probably a nasty mistake] and I thought I was able to remove the bit. [it doesn't show above] How do I extricate myself from the hole into which I have planted myself? TIA Ethan This is in no way a php question, as the same result will happen no matter what you ask apache to serve from that directory. You have the directory permissions set to 776 not 777. -- Cheers David Robley Steal this tagline and I'll tie-dye your cat! 776 won't matter in the case of a directory, as the last bit is for the eXecute permissions, which aren't applicable to a directory. What I beg to differ here. If the x bit isn't set on a directory, that will prevent scanning of the directory; in this case apache will be prevented from scanning the directory and will return a 403. It's possible that this is an SELinux issue, which adds an extra layer of permissions over files. To see what those permissions are, use the -Z flag for ls. Also, check the SELinux logs (assuming that it's running and it is causing a problem) to see if it brings up anything. It's typically found on RedHat-based distros. Thanks, Ash http://www.ashleysheridan.co.uk -- Cheers David Robley Artificial Intelligence is no match for natural stupidity. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How to do PHP build test
Hi, Can anybody help me answering my doubt. I wanted to check if there are any errors with the php compilation and build. I have ran make, make test. make test didnt give any errors to me. Is there any other method or command to run through which we can see if there are any errors in building the php source code. Thanks, Shahina Rabbani
Re: [PHP] exec and system do not work
On 8/26/2013 5:01 PM, Ethan Rosenberg, PhD wrote: On 08/26/2013 03:28 PM, Jim Giner wrote: On 8/26/2013 2:41 PM, Ethan Rosenberg wrote: On 08/26/2013 11:36 AM, ma...@behnke.biz wrote: Tamara Temple tamouse.li...@gmail.com hat am 26. August 2013 um 08:33 geschrieben: On Aug 25, 2013, at 10:41 PM, Ethan Rosenberg erosenb...@hygeiabiomedical.com wrote: Dear List - I'm lost on this one - This works - $out = system(ls -l ,$retvals); printf(%s, $out); This does - echo exec(ls -l); Please show the output of the directory listing. Please us ls -la This does not - if( !file_exists(/var/www/orders.txt)); { $out = system(touch /var/www/orders.txt, $ret); Maybe you don't have write permissions on the folder? $out2 = system(chmod 766 /var/www/orders.txt, $ret); echo 'file2br /'; echo file_exists(/var/www/orders.txt); } and this does not - if( !file_exists(/var/www/orders.txt)); { exec(touch /var/www/orders.txt); exec(chmod 766 /var/www/orders.txt); echo 'file2br /'; echo file_exists(/var/www/orders.txt); } Ethan When you say does not work, can you show what is actually not working? I believe the exec and system functions are likely working just fine, but that the commands you've passed to them may not be. -- Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: ma...@behnke.biz Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz Tamara - Please show the output of the directory listing. Please us ls -la echo exec('ls -la orders.txt'); -rw-rw-rw- 1 ethan ethan 43 Aug 25 23:50 orders.txt Maybe you don't have write permissions on the folder? If I perform the touch and chmod from the command line, everything works. When you say does not work, can you show what is actually not working? I believe the exec and system functions are likely working just fine, but that the commands you've passed to them may not be. Here are my commands. if( !file_exists(/var/www/orders.txt)); { echo system(touch /var/www/orders.txt, $ret); echo system(chmod 766 /var/www/orders.txt, $ret); echo 'file2br /'; echo file_exists(/var/www/orders.txt); } If I now try a ls from the command line, the return is cannot access /var/www/orders.txt: No such file or directory The ls -la works because the file was created from the command line. TIA Ethan Ethan - YOU'RE DOING IT AGAIN!!! Either you are not using error checking AGAIN!! OR You are showing us re-typed in code that YOU DIDNT ACTUALLY RUN. I've told you multiple times that you need to do these two things and you are back at it again. The sample php above has plain simple syntax errors that would keep it from running, which error checking would tell you IF YOU RAN IT. Jim - Thank you. I don't totally understand your reply ... but I will try to answer The code is taken from an operating program. My error checking is set to maximum sensitivity. If you would point out my syntax errors, I will fix them. TIA Ethan you have semis after your if lines - therefore no logic gets executed. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Basic Auth
Im using basic auth for a few of my pages that I want to limit access to - nothing of a sensitive nature, but simply want to limit access to. Want to implement a signoff process, but can't figure it out. From the comments in the manual I take it one can't do this by simply unsetting the PHP_AUTH_USER and _PW vars. Can someone explain to me why this doesn't suffice? The signon process expects them to be there, so when they are not (after the 'unset'), how come my signon process still detects them and their values? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Auth
On 27 Aug 2013, at 14:37, Jim Giner jim.gi...@albanyhandball.com wrote: Im using basic auth for a few of my pages that I want to limit access to - nothing of a sensitive nature, but simply want to limit access to. Want to implement a signoff process, but can't figure it out. From the comments in the manual I take it one can't do this by simply unsetting the PHP_AUTH_USER and _PW vars. Can someone explain to me why this doesn't suffice? The signon process expects them to be there, so when they are not (after the 'unset'), how come my signon process still detects them and their values? The global variables you're referring to are just that, global variables; changing them will have no effect on the browser. Basic Auth was not designed to allow users to log out, but you can make it happen with some Javascript. Have your log out link call a Javascript function which sends an XMLHttpRequest with an invalid username and password. The server will return a 401 which you ignore and then take the user to whatever URL you want them to see after they log off. Not pretty, but it works. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Auth
On 8/27/2013 9:46 AM, Stuart Dallas wrote: On 27 Aug 2013, at 14:37, Jim Giner jim.gi...@albanyhandball.com wrote: Im using basic auth for a few of my pages that I want to limit access to - nothing of a sensitive nature, but simply want to limit access to. Want to implement a signoff process, but can't figure it out. From the comments in the manual I take it one can't do this by simply unsetting the PHP_AUTH_USER and _PW vars. Can someone explain to me why this doesn't suffice? The signon process expects them to be there, so when they are not (after the 'unset'), how come my signon process still detects them and their values? The global variables you're referring to are just that, global variables; changing them will have no effect on the browser. Basic Auth was not designed to allow users to log out, but you can make it happen with some Javascript. Have your log out link call a Javascript function which sends an XMLHttpRequest with an invalid username and password. The server will return a 401 which you ignore and then take the user to whatever URL you want them to see after they log off. Not pretty, but it works. -Stuart Thanks for the timely response! Before I try your suggestion - one question. Since when is a global variable not changeable? Doesn't the fact that it reflects a modified value when I do change it tell me it worked? I change the value to 'xxx' and show it having that value, but when the script is called again the old value appears. Very confusing! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Auth
On 27 Aug 2013, at 15:06, Jim Giner jim.gi...@albanyhandball.com wrote: On 8/27/2013 9:46 AM, Stuart Dallas wrote: On 27 Aug 2013, at 14:37, Jim Giner jim.gi...@albanyhandball.com wrote: Im using basic auth for a few of my pages that I want to limit access to - nothing of a sensitive nature, but simply want to limit access to. Want to implement a signoff process, but can't figure it out. From the comments in the manual I take it one can't do this by simply unsetting the PHP_AUTH_USER and _PW vars. Can someone explain to me why this doesn't suffice? The signon process expects them to be there, so when they are not (after the 'unset'), how come my signon process still detects them and their values? The global variables you're referring to are just that, global variables; changing them will have no effect on the browser. Basic Auth was not designed to allow users to log out, but you can make it happen with some Javascript. Have your log out link call a Javascript function which sends an XMLHttpRequest with an invalid username and password. The server will return a 401 which you ignore and then take the user to whatever URL you want them to see after they log off. Not pretty, but it works. -Stuart Thanks for the timely response! Before I try your suggestion - one question. Since when is a global variable not changeable? Doesn't the fact that it reflects a modified value when I do change it tell me it worked? I change the value to 'xxx' and show it having that value, but when the script is called again the old value appears. Very confusing! I didn't say you couldn't change it, I said doing so will have no effect on the browser. It's not really confusing so long as you understand how PHP works. Each request is brand new - nothing is retained from previous requests. The two variable you're changing are set by PHP when the request comes in from the browser. The fact you changed them in a previous request is irrelevant because 1) that change was not communicated to the browser in any way, and 2) PHP doesn't retain any data between requests [1]. If you've been coding assuming that changes you make to global variables are retained between requests you must have been having some pretty frustrating times! -Stuart [1] The one exception to this is $_SESSION, but it's important to know how that works. The $_SESSION array is populated when you call session_start(). It's loaded from some form of storage (files by default) and unserialised in to $_SESSION. When the session is closed, either implicitly by the request ending or by a call to one of the methods that explicitly do it, the contents are serialised to the storage system. Once closed, any changes to $_SESSION will not be stored; it becomes just another superglobal (not that it was ever anything else). -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Auth
On 8/27/2013 10:14 AM, Stuart Dallas wrote: It's not really confusing so long as you understand how PHP works. Each request is brand new - nothing is retained from previous requests. The two variable you're changing are set by PHP when the request comes in from the browser. The fact you changed them in a previous request is irrelevant because 1) that change was not communicated to the browser in any way, and 2) PHP doesn't retain any data between requests [1]. If you've been coding assuming that changes you make to global variables are retained between requests you must have been having some pretty frustrating times! -Stuart Not really - this is the first time I've had something not work as expected. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Auth
On 27 Aug 2013, at 15:18, Jim Giner jim.gi...@albanyhandball.com wrote: On 8/27/2013 10:14 AM, Stuart Dallas wrote: It's not really confusing so long as you understand how PHP works. Each request is brand new - nothing is retained from previous requests. The two variable you're changing are set by PHP when the request comes in from the browser. The fact you changed them in a previous request is irrelevant because 1) that change was not communicated to the browser in any way, and 2) PHP doesn't retain any data between requests [1]. If you've been coding assuming that changes you make to global variables are retained between requests you must have been having some pretty frustrating times! -Stuart Not really - this is the first time I've had something not work as expected. That was said with my tongue very much firmly in my cheek, and so is this: I've been playing with dynamite since I was 4 - hey, it must be a safe, proper thing to do! Just because nothing has blown up in your face yet doesn't mean it won't, and I'm concerned that you might not actually see how important it is to make sure you're using the tool correctly. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Auth
On 8/27/2013 10:39 AM, Stuart Dallas wrote: On 27 Aug 2013, at 15:18, Jim Giner jim.gi...@albanyhandball.com wrote: On 8/27/2013 10:14 AM, Stuart Dallas wrote: It's not really confusing so long as you understand how PHP works. Each request is brand new - nothing is retained from previous requests. The two variable you're changing are set by PHP when the request comes in from the browser. The fact you changed them in a previous request is irrelevant because 1) that change was not communicated to the browser in any way, and 2) PHP doesn't retain any data between requests [1]. If you've been coding assuming that changes you make to global variables are retained between requests you must have been having some pretty frustrating times! -Stuart Not really - this is the first time I've had something not work as expected. That was said with my tongue very much firmly in my cheek, and so is this: I've been playing with dynamite since I was 4 - hey, it must be a safe, proper thing to do! Just because nothing has blown up in your face yet doesn't mean it won't, and I'm concerned that you might not actually see how important it is to make sure you're using the tool correctly. -Stuart This may very well be the first time with this problem because I haven't tried anything like this before. That said - can you give me some pointers on how to do the JS solution? I'm calling a script that is similar to the one I used to signon. It sends out something like: header(WWW-Authenticate: Basic realm=$realm); header('HTTP/1.0 401 Unauthorized'); echo h3You have entered invalid credentialsbr; echo Click a href='$return_url' here /a to return to the menu.; exit(); when it doesn't detect the PHP_AUTH_USER or it is an invalid value. So - to effect a signoff, what does one do? You said to use an invalid value, but what do I do with that? How do I ignore the 401? Now I'm getting the signin dialog and I'm stuck. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Auth
On 27 Aug 2013, at 15:51, Jim Giner jim.gi...@albanyhandball.com wrote: On 8/27/2013 10:39 AM, Stuart Dallas wrote: On 27 Aug 2013, at 15:18, Jim Giner jim.gi...@albanyhandball.com wrote: On 8/27/2013 10:14 AM, Stuart Dallas wrote: It's not really confusing so long as you understand how PHP works. Each request is brand new - nothing is retained from previous requests. The two variable you're changing are set by PHP when the request comes in from the browser. The fact you changed them in a previous request is irrelevant because 1) that change was not communicated to the browser in any way, and 2) PHP doesn't retain any data between requests [1]. If you've been coding assuming that changes you make to global variables are retained between requests you must have been having some pretty frustrating times! -Stuart Not really - this is the first time I've had something not work as expected. That was said with my tongue very much firmly in my cheek, and so is this: I've been playing with dynamite since I was 4 - hey, it must be a safe, proper thing to do! Just because nothing has blown up in your face yet doesn't mean it won't, and I'm concerned that you might not actually see how important it is to make sure you're using the tool correctly. -Stuart This may very well be the first time with this problem because I haven't tried anything like this before. That said - can you give me some pointers on how to do the JS solution? I'm calling a script that is similar to the one I used to signon. It sends out something like: header(WWW-Authenticate: Basic realm=$realm); header('HTTP/1.0 401 Unauthorized'); echo h3You have entered invalid credentialsbr; echo Click a href='$return_url' here /a to return to the menu.; exit(); when it doesn't detect the PHP_AUTH_USER or it is an invalid value. So - to effect a signoff, what does one do? You said to use an invalid value, but what do I do with that? How do I ignore the 401? Now I'm getting the signin dialog and I'm stuck. You don't need to do anything on the server-side. You simply need a JS function that sends a request to a URL that requires basic auth, with an Authenticate header that contains an invalid username and password. Then, when your server responds with a 401 Authentication required (which it should already do for an invalid request) you can set location.href to whatever URL you want the logged out user to see. If you don't know how to make a request from Javascript -- commonly known as an AJAX request -- then google for it. I'd recommend the jquery library if you want a very easy way to do it. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Auth
On 8/27/2013 10:55 AM, Stuart Dallas wrote: On 27 Aug 2013, at 15:51, Jim Giner jim.gi...@albanyhandball.com wrote: On 8/27/2013 10:39 AM, Stuart Dallas wrote: On 27 Aug 2013, at 15:18, Jim Giner jim.gi...@albanyhandball.com wrote: On 8/27/2013 10:14 AM, Stuart Dallas wrote: It's not really confusing so long as you understand how PHP works. Each request is brand new - nothing is retained from previous requests. The two variable you're changing are set by PHP when the request comes in from the browser. The fact you changed them in a previous request is irrelevant because 1) that change was not communicated to the browser in any way, and 2) PHP doesn't retain any data between requests [1]. If you've been coding assuming that changes you make to global variables are retained between requests you must have been having some pretty frustrating times! -Stuart Not really - this is the first time I've had something not work as expected. That was said with my tongue very much firmly in my cheek, and so is this: I've been playing with dynamite since I was 4 - hey, it must be a safe, proper thing to do! Just because nothing has blown up in your face yet doesn't mean it won't, and I'm concerned that you might not actually see how important it is to make sure you're using the tool correctly. -Stuart This may very well be the first time with this problem because I haven't tried anything like this before. That said - can you give me some pointers on how to do the JS solution? I'm calling a script that is similar to the one I used to signon. It sends out something like: header(WWW-Authenticate: Basic realm=$realm); header('HTTP/1.0 401 Unauthorized'); echo h3You have entered invalid credentialsbr; echo Click a href='$return_url' here /a to return to the menu.; exit(); when it doesn't detect the PHP_AUTH_USER or it is an invalid value. So - to effect a signoff, what does one do? You said to use an invalid value, but what do I do with that? How do I ignore the 401? Now I'm getting the signin dialog and I'm stuck. You don't need to do anything on the server-side. You simply need a JS function that sends a request to a URL that requires basic auth, with an Authenticate header that contains an invalid username and password. Then, when your server responds with a 401 Authentication required (which it should already do for an invalid request) you can set location.href to whatever URL you want the logged out user to see. If you don't know how to make a request from Javascript -- commonly known as an AJAX request -- then google for it. I'd recommend the jquery library if you want a very easy way to do it. -Stuart I am familiar with an ajax request (xmlhttprequest) and I have a function ready to call a script to effect this signoff. I just don't know what to put in that php script I'm calling. From what you just wrote I'm guessing that my headers as shown previously may be close - Im confused about your mention of contains an invalid username As you can see from my sample I don't include such a thing. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Off the wall - sub-domain question
On Wed, Aug 21, 2013 at 5:16 PM, Jim Giner jim.gi...@albanyhandball.com wrote: I have a main domain (of course) and a sub domain. I'm really trying to steer my personal stuff away from the main one and have focused all of my php development to the sub-domain. Lately I noticed that google catalogs my sub-domain site stuff under the main domain name and the links that come up lead to that domain name with the path that takes the user to the sub-domain's home folder and beyond. Is there something that php (apache??) can do to control either google's robots or the user's view (url) so that it appears as a page of my sub-domain? I'm really new at this stuff and know nothing. I'm lucky that google is even finding my site! You'd probably want to do some 301 redirects with mod_rewrite to force the domain over to the subdomain if under that directory. In so doing, Google (and other search engines) will drop the /subdomain folder, and index only the destination. -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Fwd: [PHP] Basic Auth
Oops, sent this message from the wrong email address, so the list rejected it. Begin forwarded message: From: Stuart Dallas stu...@3ft9.com Subject: Re: [PHP] Basic Auth Date: 27 August 2013 16:36:27 BST To: jim.gi...@albanyhandball.com Cc: php-general@lists.php.net On 27 Aug 2013, at 15:59, Jim Giner jim.gi...@albanyhandball.com wrote: On 8/27/2013 10:55 AM, Stuart Dallas wrote: On 27 Aug 2013, at 15:51, Jim Giner jim.gi...@albanyhandball.com wrote: On 8/27/2013 10:39 AM, Stuart Dallas wrote: On 27 Aug 2013, at 15:18, Jim Giner jim.gi...@albanyhandball.com wrote: On 8/27/2013 10:14 AM, Stuart Dallas wrote: It's not really confusing so long as you understand how PHP works. Each request is brand new - nothing is retained from previous requests. The two variable you're changing are set by PHP when the request comes in from the browser. The fact you changed them in a previous request is irrelevant because 1) that change was not communicated to the browser in any way, and 2) PHP doesn't retain any data between requests [1]. If you've been coding assuming that changes you make to global variables are retained between requests you must have been having some pretty frustrating times! -Stuart Not really - this is the first time I've had something not work as expected. That was said with my tongue very much firmly in my cheek, and so is this: I've been playing with dynamite since I was 4 - hey, it must be a safe, proper thing to do! Just because nothing has blown up in your face yet doesn't mean it won't, and I'm concerned that you might not actually see how important it is to make sure you're using the tool correctly. -Stuart This may very well be the first time with this problem because I haven't tried anything like this before. That said - can you give me some pointers on how to do the JS solution? I'm calling a script that is similar to the one I used to signon. It sends out something like: header(WWW-Authenticate: Basic realm=$realm); header('HTTP/1.0 401 Unauthorized'); echo h3You have entered invalid credentialsbr; echo Click a href='$return_url' here /a to return to the menu.; exit(); when it doesn't detect the PHP_AUTH_USER or it is an invalid value. So - to effect a signoff, what does one do? You said to use an invalid value, but what do I do with that? How do I ignore the 401? Now I'm getting the signin dialog and I'm stuck. You don't need to do anything on the server-side. You simply need a JS function that sends a request to a URL that requires basic auth, with an Authenticate header that contains an invalid username and password. Then, when your server responds with a 401 Authentication required (which it should already do for an invalid request) you can set location.href to whatever URL you want the logged out user to see. If you don't know how to make a request from Javascript -- commonly known as an AJAX request -- then google for it. I'd recommend the jquery library if you want a very easy way to do it. -Stuart I am familiar with an ajax request (xmlhttprequest) and I have a function ready to call a script to effect this signoff. I just don't know what to put in that php script I'm calling. From what you just wrote I'm guessing that my headers as shown previously may be close - Im confused about your mention of contains an invalid username As you can see from my sample I don't include such a thing. For the last time: YOU DO NOT NEED TO MAKE ANY CHANGES SERVER-SIDE. From the Javascript, request any URL that requires authentication - it doesn't matter. When you make the AJAX request, pass an Authentication header that contains an invalid username and password. If you don't know what I mean by that, please google how HTTP Basic Auth works. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Permissions
On Tue, Aug 27, 2013 at 3:07 AM, David Robley robl...@zoho.com wrote: I beg to differ here. If the x bit isn't set on a directory, that will prevent scanning of the directory; in this case apache will be prevented from scanning the directory and will return a 403. Well, that's partially correct. If a directory is owned by someone other than the current user (for example, root) and is 0776, you can list the directory content from outside of the directory to get a basic file listing. What you won't get by doing that, however, is anything other than the file name and type, because the kernel is forbidden from executing mtime, ctime, and owner/group queries on the files. In addition, you won't be able to enter the directory (cd). That said, if Ethan is running his Apache server as the user 'ethan' (which isn't mentioned) then it would be fine regardless. As for the 's' notation, that's either a bitmask of 0400 or 0200, which are for setuid and setgid, respectively. -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Fwd: [PHP] Basic Auth
On 8/27/2013 11:56 AM, Stuart Dallas wrote: Oops, sent this message from the wrong email address, so the list rejected it. Begin forwarded message: From: Stuart Dallas stu...@3ft9.com Subject: Re: [PHP] Basic Auth Date: 27 August 2013 16:36:27 BST To: jim.gi...@albanyhandball.com Cc: php-general@lists.php.net On 27 Aug 2013, at 15:59, Jim Giner jim.gi...@albanyhandball.com wrote: On 8/27/2013 10:55 AM, Stuart Dallas wrote: On 27 Aug 2013, at 15:51, Jim Giner jim.gi...@albanyhandball.com wrote: On 8/27/2013 10:39 AM, Stuart Dallas wrote: On 27 Aug 2013, at 15:18, Jim Giner jim.gi...@albanyhandball.com wrote: On 8/27/2013 10:14 AM, Stuart Dallas wrote: It's not really confusing so long as you understand how PHP works. Each request is brand new - nothing is retained from previous requests. The two variable you're changing are set by PHP when the request comes in from the browser. The fact you changed them in a previous request is irrelevant because 1) that change was not communicated to the browser in any way, and 2) PHP doesn't retain any data between requests [1]. If you've been coding assuming that changes you make to global variables are retained between requests you must have been having some pretty frustrating times! -Stuart Not really - this is the first time I've had something not work as expected. That was said with my tongue very much firmly in my cheek, and so is this: I've been playing with dynamite since I was 4 - hey, it must be a safe, proper thing to do! Just because nothing has blown up in your face yet doesn't mean it won't, and I'm concerned that you might not actually see how important it is to make sure you're using the tool correctly. -Stuart This may very well be the first time with this problem because I haven't tried anything like this before. That said - can you give me some pointers on how to do the JS solution? I'm calling a script that is similar to the one I used to signon. It sends out something like: header(WWW-Authenticate: Basic realm=$realm); header('HTTP/1.0 401 Unauthorized'); echo h3You have entered invalid credentialsbr; echo Click a href='$return_url' here /a to return to the menu.; exit(); when it doesn't detect the PHP_AUTH_USER or it is an invalid value. So - to effect a signoff, what does one do? You said to use an invalid value, but what do I do with that? How do I ignore the 401? Now I'm getting the signin dialog and I'm stuck. You don't need to do anything on the server-side. You simply need a JS function that sends a request to a URL that requires basic auth, with an Authenticate header that contains an invalid username and password. Then, when your server responds with a 401 Authentication required (which it should already do for an invalid request) you can set location.href to whatever URL you want the logged out user to see. If you don't know how to make a request from Javascript -- commonly known as an AJAX request -- then google for it. I'd recommend the jquery library if you want a very easy way to do it. -Stuart I am familiar with an ajax request (xmlhttprequest) and I have a function ready to call a script to effect this signoff. I just don't know what to put in that php script I'm calling. From what you just wrote I'm guessing that my headers as shown previously may be close - Im confused about your mention of contains an invalid username As you can see from my sample I don't include such a thing. For the last time: YOU DO NOT NEED TO MAKE ANY CHANGES SERVER-SIDE. From the Javascript, request any URL that requires authentication - it doesn't matter. When you make the AJAX request, pass an Authentication header that contains an invalid username and password. If you don't know what I mean by that, please google how HTTP Basic Auth works. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ It's not the basic auth that I'm having the issue with - it's the 'header' thing and understanding what a 401 is doing and how I'm to ignore it. Never had to play with these things before and this part is all new. Let's face it - I'm an applications guy, not a systems guy. All this talk of headers and such is greek to me. I have spent the last hour googling away on this topic - still no understanding. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to send post-variables in a Location header
On Mon, Aug 26, 2013 at 3:48 PM, Ajay Garg ajaygargn...@gmail.com wrote: Hi all. I have a scenario, wherein I need to do something like this :: ### $original_url = /autologin.php; $username = ajay; $password = garg; header('Location: ' . $original_url); ### As can be seen, I wish to redirect to the URL autologin.php. Additionally, I wish to pass two POST key-value pairs :: user=ajay and password=garg (I understand that passing GET key-value pairs is trivial). Is it even possible? If yes, I will be grateful if someone could let me know how to redirect to a URL, passing the POST key-value pairs as necessary. No. Sending a 'Location:' header issues an HTTP 301 by default, which means the browser will follow it using a GET request. If you can't pass the information from one location to another using sessions or (less ideally) cookies, you might consider doing a cURL POST request in the background and passing the session ID back to the browser, and having it handle it appropriately (read: session hijack). -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Basic Auth
On 27/08/13 15:37, Jim Giner wrote: Im using basic auth for a few of my pages that I want to limit access to - nothing of a sensitive nature, but simply want to limit access to. Want to implement a signoff process, but can't figure it out. From the comments in the manual I take it one can't do this by simply unsetting the PHP_AUTH_USER and _PW vars. Can someone explain to me why this doesn't suffice? The signon process expects them to be there, so when they are not (after the 'unset'), how come my signon process still detects them and their values? Hello Jim, at the risk of under-estimating your knowledge (and over-estimating mine) of HTTP-requests in PHP - but here it goes. I see two options of bypassing the JavaScript option. The first one is to use the default authorization, and error pages of your HTTP server. (For example, in Apache: http://httpd.apache.org/docs/2.2/custom-error.html) This is for a login with invalid credentials. For some-one to leave the protected site, a HTTP-request without credentials, and to a URI outside the protected domain, should do (as every HTTP request into the protected domain should repeat the Authorisation header). The second one is to leave header(), and go down one level, to the likes of fsockopen() or stream_socket_server() - though personally, I've only limited knowledge of a bit of client-side programming. Unless I've completely misunderstood your question, Hope this helps, Bert -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] exec and system do not work
On Sun, Aug 25, 2013 at 11:41 PM, Ethan Rosenberg erosenb...@hygeiabiomedical.com wrote: Dear List - I'm lost on this one - This works - $out = system(ls -l ,$retvals); printf(%s, $out); This does - echo exec(ls -l); This does not - if( !file_exists(/var/www/orders.txt)); { $out = system(touch /var/www/orders.txt, $ret); $out2 = system(chmod 766 /var/www/orders.txt, $ret); echo 'file2br /'; echo file_exists(/var/www/orders.txt); } ?php echo `whoami`; ? -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Auth
On 27 Aug 2013, at 17:28, Jim Giner jim.gi...@albanyhandball.com wrote: On 8/27/2013 11:56 AM, Stuart Dallas wrote: Oops, sent this message from the wrong email address, so the list rejected it. Begin forwarded message: From: Stuart Dallas stu...@3ft9.com Subject: Re: [PHP] Basic Auth Date: 27 August 2013 16:36:27 BST To: jim.gi...@albanyhandball.com Cc: php-general@lists.php.net On 27 Aug 2013, at 15:59, Jim Giner jim.gi...@albanyhandball.com wrote: On 8/27/2013 10:55 AM, Stuart Dallas wrote: On 27 Aug 2013, at 15:51, Jim Giner jim.gi...@albanyhandball.com wrote: On 8/27/2013 10:39 AM, Stuart Dallas wrote: On 27 Aug 2013, at 15:18, Jim Giner jim.gi...@albanyhandball.com wrote: On 8/27/2013 10:14 AM, Stuart Dallas wrote: It's not really confusing so long as you understand how PHP works. Each request is brand new - nothing is retained from previous requests. The two variable you're changing are set by PHP when the request comes in from the browser. The fact you changed them in a previous request is irrelevant because 1) that change was not communicated to the browser in any way, and 2) PHP doesn't retain any data between requests [1]. If you've been coding assuming that changes you make to global variables are retained between requests you must have been having some pretty frustrating times! -Stuart Not really - this is the first time I've had something not work as expected. That was said with my tongue very much firmly in my cheek, and so is this: I've been playing with dynamite since I was 4 - hey, it must be a safe, proper thing to do! Just because nothing has blown up in your face yet doesn't mean it won't, and I'm concerned that you might not actually see how important it is to make sure you're using the tool correctly. -Stuart This may very well be the first time with this problem because I haven't tried anything like this before. That said - can you give me some pointers on how to do the JS solution? I'm calling a script that is similar to the one I used to signon. It sends out something like: header(WWW-Authenticate: Basic realm=$realm); header('HTTP/1.0 401 Unauthorized'); echo h3You have entered invalid credentialsbr; echo Click a href='$return_url' here /a to return to the menu.; exit(); when it doesn't detect the PHP_AUTH_USER or it is an invalid value. So - to effect a signoff, what does one do? You said to use an invalid value, but what do I do with that? How do I ignore the 401? Now I'm getting the signin dialog and I'm stuck. You don't need to do anything on the server-side. You simply need a JS function that sends a request to a URL that requires basic auth, with an Authenticate header that contains an invalid username and password. Then, when your server responds with a 401 Authentication required (which it should already do for an invalid request) you can set location.href to whatever URL you want the logged out user to see. If you don't know how to make a request from Javascript -- commonly known as an AJAX request -- then google for it. I'd recommend the jquery library if you want a very easy way to do it. -Stuart I am familiar with an ajax request (xmlhttprequest) and I have a function ready to call a script to effect this signoff. I just don't know what to put in that php script I'm calling. From what you just wrote I'm guessing that my headers as shown previously may be close - Im confused about your mention of contains an invalid username As you can see from my sample I don't include such a thing. For the last time: YOU DO NOT NEED TO MAKE ANY CHANGES SERVER-SIDE. From the Javascript, request any URL that requires authentication - it doesn't matter. When you make the AJAX request, pass an Authentication header that contains an invalid username and password. If you don't know what I mean by that, please google how HTTP Basic Auth works. -Stuart It's not the basic auth that I'm having the issue with - it's the 'header' thing and understanding what a 401 is doing and how I'm to ignore it. Never had to play with these things before and this part is all new. Let's face it - I'm an applications guy, not a systems guy. All this talk of headers and such is greek to me. HTTP headers are as important for application guys as they are for systems guys. I appreciate that this may be new to you, but it's pretty basic knowledge about how HTTP works. Basic auth is simple, and you need to understand how it works to understand what I've been trying to say. Here's how HTTP auth works: 1) Browser hits page. 2) The PHP script knows this page requires HTTP Auth, checks the PHP_AUTH_[USER|PW] variables but doesn't find anything, so it responds with an HTTP status of 401 Unauthorised. 3) The browser gets the 401 response and displays the login box. 4) User enters username and password.
Re: [PHP] Basic Auth
On 8/27/2013 12:53 PM, Stuart Dallas wrote: On 27 Aug 2013, at 17:28, Jim Giner jim.gi...@albanyhandball.com wrote: On 8/27/2013 11:56 AM, Stuart Dallas wrote: Oops, sent this message from the wrong email address, so the list rejected it. Begin forwarded message: From: Stuart Dallas stu...@3ft9.com Subject: Re: [PHP] Basic Auth Date: 27 August 2013 16:36:27 BST To: jim.gi...@albanyhandball.com Cc: php-general@lists.php.net On 27 Aug 2013, at 15:59, Jim Giner jim.gi...@albanyhandball.com wrote: On 8/27/2013 10:55 AM, Stuart Dallas wrote: On 27 Aug 2013, at 15:51, Jim Giner jim.gi...@albanyhandball.com wrote: On 8/27/2013 10:39 AM, Stuart Dallas wrote: On 27 Aug 2013, at 15:18, Jim Giner jim.gi...@albanyhandball.com wrote: On 8/27/2013 10:14 AM, Stuart Dallas wrote: It's not really confusing so long as you understand how PHP works. Each request is brand new - nothing is retained from previous requests. The two variable you're changing are set by PHP when the request comes in from the browser. The fact you changed them in a previous request is irrelevant because 1) that change was not communicated to the browser in any way, and 2) PHP doesn't retain any data between requests [1]. If you've been coding assuming that changes you make to global variables are retained between requests you must have been having some pretty frustrating times! -Stuart Not really - this is the first time I've had something not work as expected. That was said with my tongue very much firmly in my cheek, and so is this: I've been playing with dynamite since I was 4 - hey, it must be a safe, proper thing to do! Just because nothing has blown up in your face yet doesn't mean it won't, and I'm concerned that you might not actually see how important it is to make sure you're using the tool correctly. -Stuart This may very well be the first time with this problem because I haven't tried anything like this before. That said - can you give me some pointers on how to do the JS solution? I'm calling a script that is similar to the one I used to signon. It sends out something like: header(WWW-Authenticate: Basic realm=$realm); header('HTTP/1.0 401 Unauthorized'); echo h3You have entered invalid credentialsbr; echo Click a href='$return_url' here /a to return to the menu.; exit(); when it doesn't detect the PHP_AUTH_USER or it is an invalid value. So - to effect a signoff, what does one do? You said to use an invalid value, but what do I do with that? How do I ignore the 401? Now I'm getting the signin dialog and I'm stuck. You don't need to do anything on the server-side. You simply need a JS function that sends a request to a URL that requires basic auth, with an Authenticate header that contains an invalid username and password. Then, when your server responds with a 401 Authentication required (which it should already do for an invalid request) you can set location.href to whatever URL you want the logged out user to see. If you don't know how to make a request from Javascript -- commonly known as an AJAX request -- then google for it. I'd recommend the jquery library if you want a very easy way to do it. -Stuart I am familiar with an ajax request (xmlhttprequest) and I have a function ready to call a script to effect this signoff. I just don't know what to put in that php script I'm calling. From what you just wrote I'm guessing that my headers as shown previously may be close - Im confused about your mention of contains an invalid username As you can see from my sample I don't include such a thing. For the last time: YOU DO NOT NEED TO MAKE ANY CHANGES SERVER-SIDE. From the Javascript, request any URL that requires authentication - it doesn't matter. When you make the AJAX request, pass an Authentication header that contains an invalid username and password. If you don't know what I mean by that, please google how HTTP Basic Auth works. -Stuart It's not the basic auth that I'm having the issue with - it's the 'header' thing and understanding what a 401 is doing and how I'm to ignore it. Never had to play with these things before and this part is all new. Let's face it - I'm an applications guy, not a systems guy. All this talk of headers and such is greek to me. HTTP headers are as important for application guys as they are for systems guys. I appreciate that this may be new to you, but it's pretty basic knowledge about how HTTP works. Basic auth is simple, and you need to understand how it works to understand what I've been trying to say. Here's how HTTP auth works: 1) Browser hits page. 2) The PHP script knows this page requires HTTP Auth, checks the PHP_AUTH_[USER|PW] variables but doesn't find anything, so it responds with an HTTP status of 401 Unauthorised. 3) The browser gets the 401 response and displays the login box. 4) User enters username and password. 5) Browser sends the request again, but
Re: [PHP] Re: Permissions
On 08/27/2013 03:07 AM, David Robley wrote: Ashley Sheridan wrote: On Tue, 2013-08-27 at 16:16 +0930, David Robley wrote: Ethan Rosenberg wrote: Dear List - Tried to run the program, that we have been discussing, and received a 403 error. rosenberg:/var/www# ls -la StoreInventory.php -rwxrwxrw- 1 ethan ethan 4188 Aug 26 20:26 StoreInventory.php rosenberg:/var# ls -ld www drwxrwxrw- 37 ethan ethan 20480 Aug 26 20:26 www I had set the S bit [probably a nasty mistake] and I thought I was able to remove the bit. [it doesn't show above] How do I extricate myself from the hole into which I have planted myself? TIA Ethan This is in no way a php question, as the same result will happen no matter what you ask apache to serve from that directory. You have the directory permissions set to 776 not 777. -- Cheers David Robley Steal this tagline and I'll tie-dye your cat! 776 won't matter in the case of a directory, as the last bit is for the eXecute permissions, which aren't applicable to a directory. What I beg to differ here. If the x bit isn't set on a directory, that will prevent scanning of the directory; in this case apache will be prevented from scanning the directory and will return a 403. It's possible that this is an SELinux issue, which adds an extra layer of permissions over files. To see what those permissions are, use the -Z flag for ls. Also, check the SELinux logs (assuming that it's running and it is causing a problem) to see if it brings up anything. It's typically found on RedHat-based distros. Thanks, Ash http://www.ashleysheridan.co.uk I checked with the -Z option ethan@rosenberg:/var/www$ ls -lZ StoreInventory.php -rwxrwsr-t 1 ethan ethan ? 4232 Aug 27 00:18 StoreInventory.php Ethan PS David- I promise that I will not steal your tag line. My short hair American tabby cat [Gingy Feline Rosenberg]is too nice to have anything done to her. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Permissions
On 08/27/2013 01:52 PM, Ethan Rosenberg wrote: On 08/27/2013 03:07 AM, David Robley wrote: Ashley Sheridan wrote: On Tue, 2013-08-27 at 16:16 +0930, David Robley wrote: Ethan Rosenberg wrote: Dear List - Tried to run the program, that we have been discussing, and received a 403 error. rosenberg:/var/www# ls -la StoreInventory.php -rwxrwxrw- 1 ethan ethan 4188 Aug 26 20:26 StoreInventory.php rosenberg:/var# ls -ld www drwxrwxrw- 37 ethan ethan 20480 Aug 26 20:26 www I had set the S bit [probably a nasty mistake] and I thought I was able to remove the bit. [it doesn't show above] How do I extricate myself from the hole into which I have planted myself? TIA Ethan This is in no way a php question, as the same result will happen no matter what you ask apache to serve from that directory. You have the directory permissions set to 776 not 777. -- Cheers David Robley Steal this tagline and I'll tie-dye your cat! 776 won't matter in the case of a directory, as the last bit is for the eXecute permissions, which aren't applicable to a directory. What I beg to differ here. If the x bit isn't set on a directory, that will prevent scanning of the directory; in this case apache will be prevented from scanning the directory and will return a 403. It's possible that this is an SELinux issue, which adds an extra layer of permissions over files. To see what those permissions are, use the -Z flag for ls. Also, check the SELinux logs (assuming that it's running and it is causing a problem) to see if it brings up anything. It's typically found on RedHat-based distros. Thanks, Ash http://www.ashleysheridan.co.uk I checked with the -Z option ethan@rosenberg:/var/www$ ls -lZ StoreInventory.php -rwxrwsr-t 1 ethan ethan ? 4232 Aug 27 00:18 StoreInventory.php Ethan PS David- I promise that I will not steal your tag line. My short hair American tabby cat [Gingy Feline Rosenberg]is too nice to have anything done to her. This has really morphed into a Debian issue. I have sent it to the Debian list. I will keep you informed. Ethan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Permissions
On 08/27/2013 03:31 PM, Steven Post wrote: On Tue, 2013-08-27 at 13:43 -0400, Ethan Rosenberg wrote: Dear List - I apologize for this needle in a haystack but... This was originally posted on the PHP list, but has changed into a Debian question... Tried to run the program, that we have been discussing,{on the PHP list} and received a 403 error. rosenberg:/var/www# ls -la StoreInventory.php -rwxrwxrw- 1 ethan ethan 4188 Aug 26 20:26 StoreInventory.php rosenberg:/var# ls -ld www drwxrwxrw- 37 ethan ethan 20480 Aug 26 20:26 www I had set the S bit [probably a nasty mistake] and I thought I was able to remove the bit. [it doesn't show above] I made the following stupid mistakes... note commands from the root prompt have a su appended 467 chown -R ethan:www-data wwwsu 469 chown -R ethan:www-data wwwsu 470 chmod -R g+s www su 471 chgrp -R www su 477 chgrp -R ethan www su 480 chmod -R 766 www su 482 chmod g-S www su 485 chmod -S www su 486 chmod g S www su 487 chmod gS www su 488 chmod S wwwsu 489 chmod 776 www su 492 chmod 776 -R www su 494 chmod -s -R wwwsu 504 chmod 666 StoreInventory.php 512 chmod 3775 StoreInventory.php I now have ethan@rosenberg:/var/www$ ls -la StoreInventory.php -rwxrwsr-t 1 ethan ethan 4232 Aug 27 00:18 StoreInventory.php ethan@rosenberg:/var$ ls -ld www drwxrwxrw- 37 ethan ethan 20480 Aug 26 20:26 www and still have the 403 error. How do I extricate myself from the hole into which I have planted myself? The problem appears to be that Apache does not have access to the file. Looking at the permissions of the file it should work, however, apache is not able to go into your /var/www folder. Either you need to set www-data as the owner of the directory, or as the group owner, or, possibility number 3, give execute rights to 'others' on that folder. Pick one (you might need to be root for the first 2 in your situation): 1) chown www-data /var/www 2) chgrp www-data /var/www 3) chmod -R o+X /var/www Note the capital 'X' on option 3, this gives execute permissions on folders only, not files, as the -R means all files and subdirectories as well. The 't' is known as the sticky bit if I recall correctly, set with 1 on the first number in a 4 number chmod command, for details see [1]. I guess in your case you can use 0664 for the files and 0775 for directories (or 0640 and 0750 if you set owner or group back to www-data) Best regards, Steven you wrote about a 403 error, so I assume you invoke the script by calling a webserver via browser. In that case the webserver needs the permission to access /var/www and to read StoreInventory.php. By default the webserver runs as user/group www-data (it can be changed in the webservers config-file(s)). Try this: #chown -R ethan:www-data /var/www #chmod 775 /var/www #chmod 640 /var/www/StoreInventory.php Your ls should return something like this: $ls -hal /var/www drwxr-x--- 1 ethan www-data 4.0K Jun 3 20:35 . -rw-r- 1 ethan www-data 623 Jun 3 20:35 StoreInventory.php If that does not work you might check the configuration- and log-files of your webserver. Dear List - I had to go to a meeting but before I left I tried one last thing - chmod 000 www chmod 0777 www rosenberg:/var# ls -ld www drwxrwxrwx 37 ethan ethan 20480 Aug 27 17:30 www chown ethan StoreInventory.php chgrp ethan StoreInventory.php chmod 000 StoreInventory.php chmod 777 StoreInventory.php ethan@rosenberg:/var/www$ ls -la StoreInventory.php -rwxrwxrwx 1 ethan ethan 4232 Aug 27 17:25 StoreInventory.php when I returned... IT WORKS!!! Thanks to all. Ethan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php