On Friday 12 April 2002 14:36, gaukia 345 wrote:
> Hi,
> I'm using PHP 4.1.2 to write a webmail. I'm using Procmail along with
> Sendmail. PHP runs as user nobody or user apache. Note that I have the user
> id and password in my PHP script from using HTTP authentication. FYI I'm
> running Mandrake Linux 8.1.
>
> The problem is:
> I want to write to some files (procmail recipe files) that'll reside in
> /home/userid. I tested running su using the below code
> $fp=popen("su userid","w");
> fputs($fp,"userpassword");
> fputs($fp,"cd /home/db/");
> fputs($fp,"mkdir THIS_IS_GOOD"); //just testing if I can write to dir
> fclose($fp);
> exit(done);
>
> 1) Even when I enter the wrong password, my PHP code doesn't complain. It
> dutifully echoes done. Why?
There's nothing in your script to check whether the "su" operation was
successful or not. You will see "done" regardless.
--
Jason Wong -> Gremlins Associates -> www.gremlins.com.hk
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
/*
Finally, Zippy drives his 1958 RAMBLER METROPOLITAN into the faculty
dining room.
*/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
