|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
php-general Digest 8 Sep 2006 17:09:51 -0000 Issue 4336
php-general-digest-help
lists.php.net
Date: Fri Sep 08 2006 - 12:09:51 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
php-general Digest 8 Sep 2006 17:09:51 -0000 Issue 4336
Topics (messages 241472 through 241495):
IE session problem on one server only
241472 by: Larry Garfield
241481 by: Alex Turner
Directory Structure
241473 by: Manoj Singh
241476 by: Larry Garfield
241477 by: Robert Cummings
241479 by: Frank Arensmeier
Re: Strange server crash problem
241474 by: Robert Cummings
241475 by: Larry Garfield
241478 by: Robert Cummings
241487 by: Larry Garfield
readdir filenames with accents issue
241480 by: All U Want
How do I call an class?
241482 by: Sr. Paulo Ricardo
241483 by: Rafael Mora
241485 by: Satyam
241486 by: Satyam
PHP5 Session length changed
241484 by: Jens Kisters
241489 by: Ford, Mike
Execution time
241488 by: André Medeiros
241492 by: M. Sokolewicz
Testing PHP sites with JMeter
241490 by: Alex Turner
addFormat with Spreadsheet Excel Writer
241491 by: Jef Sullivan
Re: How to add user to linux using php
241493 by: Michelle Konzack
241495 by: Jon Anderson
Re: Quotes?
241494 by: Michelle Konzack
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net
To post to the list, e-mail:
php-generallists.php.net
----------------------------------------------------------------------
attached mail follows:
Another issue. :-) I've another site I've built that uses PHP sessions for
user authentication. When the user logs in with a user/pass, that is matched
against a record in the database and, if found, that user object is stored in
the session along with various other tracking data like the IP address, and
the session key is stored in the user table. Then when viewing a page, the
systems compares the session key against the user table and the IP address of
the request against the saved IP address. If anything doesn't match up
properly, the user is kicked out.
OK, all fine and dandy. It works correctly in both IE and Firefox on our test
server. On the live site, however, it works only in Firefox. In IE, it
accepts the initial login and displays the first page, but then the next time
the user clicks a link they are asked to login again, as if the session is
not being sent or saved properly. Both servers are running Linux and PHP
4.3.x.
We had issues before with the session not working correctly in IE, but I fixed
those with info from the php.net manual user comments. I'm at a loss as to
why it's only happening on the one server and not the other now. If it were
the other way around I wouldn't care, but the live site shouldn't break. :-)
Any idea what could be the problem?
--
Larry Garfield AIM: LOLG42
larrygarfieldtech.com ICQ: 6817012
"If nature has made any one thing less susceptible than all others of
exclusive property, it is the action of the thinking power called an idea,
which an individual may exclusively possess as long as he keeps it to
himself; but the moment it is divulged, it forces itself into the possession
of every one, and the receiver cannot dispossess himself of it." -- Thomas
Jefferson
attached mail follows:
Larry Garfield wrote:
> Another issue. :-) I've another site I've built that uses PHP sessions for
> user authentication. When the user logs in with a user/pass, that is matched
> against a record in the database and, if found, that user object is stored in
> the session along with various other tracking data like the IP address, and
> the session key is stored in the user table. Then when viewing a page, the
> systems compares the session key against the user table and the IP address of
> the request against the saved IP address. If anything doesn't match up
> properly, the user is kicked out.
>
> OK, all fine and dandy. It works correctly in both IE and Firefox on our test
> server. On the live site, however, it works only in Firefox. In IE, it
> accepts the initial login and displays the first page, but then the next time
> the user clicks a link they are asked to login again, as if the session is
> not being sent or saved properly. Both servers are running Linux and PHP
> 4.3.x.
>
> We had issues before with the session not working correctly in IE, but I fixed
> those with info from the php.net manual user comments. I'm at a loss as to
> why it's only happening on the one server and not the other now. If it were
> the other way around I wouldn't care, but the live site shouldn't break. :-)
>
> Any idea what could be the problem?
>
It sounds like the IE is putting different security/cookie settings for
your local and remote site.
AJ
--
www.deployview.com
www.nerds-central.com
www.project-network.com
attached mail follows:
Hello all,
I am developing a site in which i have to show the directory structure of
any server i.e the admin will enter any site name and i have to show the dir
structure of that site name.
Please help me to fix this.
Thanks & Regards
Manoj
attached mail follows:
On Friday 08 September 2006 00:12, Manoj Singh wrote:
> Hello all,
>
> I am developing a site in which i have to show the directory structure of
> any server i.e the admin will enter any site name and i have to show the
> dir structure of that site name.
>
> Please help me to fix this.
The following may prove useful:
http://us2.php.net/scandir
http://us2.php.net/manual/en/function.readdir.php
http://us2.php.net/manual/en/class.dir.php
http://us2.php.net/manual/en/spl (for very new PHP 5)
--
Larry Garfield AIM: LOLG42
larrygarfieldtech.com ICQ: 6817012
"If nature has made any one thing less susceptible than all others of
exclusive property, it is the action of the thinking power called an idea,
which an individual may exclusively possess as long as he keeps it to
himself; but the moment it is divulged, it forces itself into the possession
of every one, and the receiver cannot dispossess himself of it." -- Thomas
Jefferson
attached mail follows:
On Fri, 2006-09-08 at 10:42 +0530, Manoj Singh wrote:
> Hello all,
>
> I am developing a site in which i have to show the directory structure of
> any server i.e the admin will enter any site name and i have to show the dir
> structure of that site name.
Crawl baby, crawl! You need to load a page, grab the link references,
and then crawl each of those links. You will want to make sure you stay
on the same server (don't jump to URLs not matching the initial domain).
So that you don't bog down in recursion hell, I'd maintain a queue of
URLs still to be processed. And as you finish a page, grab the next
page. You are going to run into the problem of loops, in which case you
need a game plan for handling looped links. My suggestion is if the
target link already exists in your queue or processed list, then skip
it. So once you have all the links, just go ahead and split up the paths
into their respective parts and build the directory tree.
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
attached mail follows:
I think that these kind of questions are very annoying - it is almost
rude to post this to a list.
Why don't you
a) show that you have done some thinking
b) have at least scanned the manual
c) have asked Google.
/frank
8 sep 2006 kl. 07.12 skrev Manoj Singh:
> Hello all,
>
> I am developing a site in which i have to show the directory
> structure of
> any server i.e the admin will enter any site name and i have to
> show the dir
> structure of that site name.
>
> Please help me to fix this.
>
> Thanks & Regards
> Manoj
attached mail follows:
On Fri, 2006-09-08 at 00:05 -0500, Larry Garfield wrote:
> I'm not certain if this is a PHP problem per se, but as the problem manifests
> itself in PHP I'll give it a go.
>
> I've a PHP-based CMS for a site that I am maintaining. It's a large site with
> a few thousand pages. Most of them work fine. However, twice now we've run
> into a problem where a specific page will exhibit very odd behavior.
>
> When building the page, the script will seemingly terminate after it outputs
> about 4 KB of data. It's not exactly 4 KB, but it's always about 4 KB of
> data. If I add debugging information to the page, it will still stop at
> about 4 KB of data, which is then less "real" output.
>
> The damned thing is, the 4KB mark is reached while outputting the left-side
> navigation bar. The way the CMS is structured (I didn't write it), that
> happens before any page-specific content is even loaded. There shouldn't be
> anything different about the code there yet.
>
> I've been unable to figure out why it happens. Any idea what to check? I'm
> stumped.
>
> The server itself is (get this) a Windows/IIS box running PHP 4.0.6 (yes,
> really) and MS SQL server via ODBC. I unfortunately do not have direct
> access to the box, so I can't check server logs myself.
Binary search using error_log() and __LINE__ output to track down where
the thing dies.
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
attached mail follows:
On Friday 08 September 2006 00:35, Robert Cummings wrote:
> > The damned thing is, the 4KB mark is reached while outputting the
> > left-side navigation bar. The way the CMS is structured (I didn't write
> > it), that happens before any page-specific content is even loaded. There
> > shouldn't be anything different about the code there yet.
> >
> > I've been unable to figure out why it happens. Any idea what to check?
> > I'm stumped.
> >
> > The server itself is (get this) a Windows/IIS box running PHP 4.0.6 (yes,
> > really) and MS SQL server via ODBC. I unfortunately do not have direct
> > access to the box, so I can't check server logs myself.
>
> Binary search using error_log() and __LINE__ output to track down where
> the thing dies.
Binary search? I must be using a different definition than you are, since I
don't know what a binary search would do for me when trying to track down a
problem with output. :-)
I suppose it is possible that it's dying at some point other than where the
output is stopping. I've localized where the output stops; it's always at
the end of a given loop iteration in the code that generates the sidebar; at
the end of the loop that passes the 4 KB mark, it seems.
--
Larry Garfield AIM: LOLG42
larrygarfieldtech.com ICQ: 6817012
"If nature has made any one thing less susceptible than all others of
exclusive property, it is the action of the thinking power called an idea,
which an individual may exclusively possess as long as he keeps it to
himself; but the moment it is divulged, it forces itself into the possession
of every one, and the receiver cannot dispossess himself of it." -- Thomas
Jefferson
attached mail follows:
On Fri, 2006-09-08 at 00:44 -0500, Larry Garfield wrote:
> On Friday 08 September 2006 00:35, Robert Cummings wrote:
>
> > > The damned thing is, the 4KB mark is reached while outputting the
> > > left-side navigation bar. The way the CMS is structured (I didn't write
> > > it), that happens before any page-specific content is even loaded. There
> > > shouldn't be anything different about the code there yet.
> > >
> > > I've been unable to figure out why it happens. Any idea what to check?
> > > I'm stumped.
> > >
> > > The server itself is (get this) a Windows/IIS box running PHP 4.0.6 (yes,
> > > really) and MS SQL server via ODBC. I unfortunately do not have direct
> > > access to the box, so I can't check server logs myself.
> >
> > Binary search using error_log() and __LINE__ output to track down where
> > the thing dies.
>
> Binary search? I must be using a different definition than you are, since I
> don't know what a binary search would do for me when trying to track down a
> problem with output. :-)
Binary search to track down a problem with output means you place log
info at three points in the code, 2 that you are certain lie outside the
error condition, and the 3rd to cut the problem space in two. Then
depending on what gets output you know in which half of the problem
space the error exists. Then you take again divide the problem space
until you find the exact location of the bug.
> I suppose it is possible that it's dying at some point other than where the
> output is stopping. I've localized where the output stops; it's always at
> the end of a given loop iteration in the code that generates the sidebar; at
> the end of the loop that passes the 4 KB mark, it seems.
I didn't realize you had already tracked down the location. Have you
tried displaying errors? If you're worried about a production site you
could install a custom error handler that displays the error based on
the REMOTE_ADDR value. That won't help you though if a segfault is
occurring. Are the PHP versions the same between machines?
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
attached mail follows:
On Friday 08 September 2006 01:22, Robert Cummings wrote:
> > > Binary search using error_log() and __LINE__ output to track down where
> > > the thing dies.
> >
> > Binary search? I must be using a different definition than you are,
> > since I don't know what a binary search would do for me when trying to
> > track down a problem with output. :-)
>
> Binary search to track down a problem with output means you place log
> info at three points in the code, 2 that you are certain lie outside the
> error condition, and the 3rd to cut the problem space in two. Then
> depending on what gets output you know in which half of the problem
> space the error exists. Then you take again divide the problem space
> until you find the exact location of the bug.
>
> > I suppose it is possible that it's dying at some point other than where
> > the output is stopping. I've localized where the output stops; it's
> > always at the end of a given loop iteration in the code that generates
> > the sidebar; at the end of the loop that passes the 4 KB mark, it seems.
>
> I didn't realize you had already tracked down the location. Have you
> tried displaying errors? If you're worried about a production site you
> could install a custom error handler that displays the error based on
> the REMOTE_ADDR value. That won't help you though if a segfault is
> occurring. Are the PHP versions the same between machines?
What I did was along the lines of:
print "<pre style='display:none">Got here</pre>\n";
That way I could see it by looking at the code, but normal people visiting any
other page on the site wouldn't notice a difference. That's how I was able
to determine that it was output size-based. The more of those lines I added,
the sooner in the code it died; always somewhere around the 4 KB mark.
I'll see about error logging to the database instead to see if it's dying
completely or just the output it crashing.
Our development server is an IIS/PHP 4.3 environment. The live server is a
4.0.6 box sitting behind a proxy server as well, which could be part of the
problem. The whole thing is a mess, I agree. :-)
--
Larry Garfield AIM: LOLG42
larrygarfieldtech.com ICQ: 6817012
"If nature has made any one thing less susceptible than all others of
exclusive property, it is the action of the thinking power called an idea,
which an individual may exclusively possess as long as he keeps it to
himself; but the moment it is divulged, it forces itself into the possession
of every one, and the receiver cannot dispossess himself of it." -- Thomas
Jefferson
attached mail follows:
Hi,
I'm creating a file browsing site but don't know how to list properly
filenames containing accents (french, spanish, etc). I've been
browsing the archives but couldn't find a fix.
foreach ($files as $file) {
echo $file;
}
For example:
Filename: sábado-1.mov
Link: saÌbado-1.mov
I would appreciate any help.
Regards,
Luis.
PS - If it helps I'm working on OS X and PHP 4.4.1
attached mail follows:
Good morning.
How do I call an class?
It’s correct?
$Class = new Class();
or
$class = new Class();
Att,
'É um orgulho ter você como nosso cliente'
____________________________
Paulo Ricardo
Programador (Desenvolvedor)
ArgoHost.net
Hospedagem Web com Facilidade
<http://www.argohost.net/> http://www.argohost.net
Suporte Telefônico: (85) 3264-9944 / (11) 4063-4844
E-mail: <mailto:suporteargohost.net> suporteargohost.net
attached mail follows:
Hi!
I think u are confused, the variable name doesnt have anything to do with
the Class name...
So you can have something like this:
$myvar = new shuttle();
$jjj = new ISS();
u just need to be sure that u are using the exact name of the class, it
doesnt matter the variable name,
hope u get clear!
bye, from Venezuela
Rafa
On 9/8/06, Sr. Paulo Ricardo <ricardoargohost.net> wrote:
>
> Good morning.
>
>
>
>
>
> How do I call an class?
>
>
>
>
>
> It's correct?
>
>
>
> $Class = new Class();
>
>
>
> or
>
>
>
> $class = new Class();
>
>
>
>
>
> Att,
>
> 'É um orgulho ter você como nosso cliente'
>
> ____________________________
> Paulo Ricardo
> Programador (Desenvolvedor)
>
> ArgoHost.net
> Hospedagem Web com Facilidade
> <http://www.argohost.net/> http://www.argohost.net
> Suporte Telefônico: (85) 3264-9944 / (11) 4063-4844
> E-mail: <mailto:suporteargohost.net> suporteargohost.net
>
>
>
>
>
attached mail follows:
I find that politeness is always good, nevertheless using 'o senhor' to
refer to Class1 is a little too much.
Now, I am not sure what your question actually is. Are you wondering about
naming conventions? Your example seems to indicate so.
The most frequent is to have class names with the first letter in uppercase
while variables are all lowercase with words separated by underscores or
what is called camelcase, the first word all lowercase and then you use
uppercase for the first letter of each word with no undescores. An object,
that is, the instance of a class, is a variable, thus it follows the
conventions for variables. Thus:
$my_class = new Class(); using traditional PHP conventions or
$myClass = new Class(); using camel case.
If that was not your question and you find it hard to state it in English,
feel free to contact me privately, though I can answer you only in Spanish,
my Portuguese being too primitive.
Satyam
----- Original Message -----
From: "Sr. Paulo Ricardo" <ricardoargohost.net>
To: <php-generallists.php.net>
Sent: Friday, September 08, 2006 3:14 PM
Subject: [PHP] How do I call an class?
Good morning.
How do I call an class?
It's correct?
$Class = new Class();
or
$class = new Class();
Att,
'É um orgulho ter você como nosso cliente'
____________________________
Paulo Ricardo
Programador (Desenvolvedor)
ArgoHost.net
Hospedagem Web com Facilidade
<http://www.argohost.net/> http://www.argohost.net
Suporte Telefônico: (85) 3264-9944 / (11) 4063-4844
E-mail: <mailto:suporteargohost.net> suporteargohost.net
attached mail follows:
I find that politeness is always good, nevertheless using 'o senhor' to
refer to Class1 is a little too much.
Now, I am not sure what your question actually is. Are you wondering about
naming conventions? Your example seems to indicate so.
The most frequent is to have class names with the first letter in uppercase
while variables are all lowercase with words separated by underscores or
what is called camelcase, the first word all lowercase and then you use
uppercase for the first letter of each word with no undescores. An object,
that is, the instance of a class, is a variable, thus it follows the
conventions for variables. Thus:
$my_class = new Class(); using traditional PHP conventions or
$myClass = new Class(); using camel case.
If that was not your question and you find it hard to state it in English,
feel free to contact me privately, though I can answer you only in Spanish,
my Portuguese being too primitive.
Satyam
----- Original Message -----
From: "Sr. Paulo Ricardo" <ricardoargohost.net>
To: <php-generallists.php.net>
Sent: Friday, September 08, 2006 3:14 PM
Subject: [PHP] How do I call an class?
Good morning.
How do I call an class?
It's correct?
$Class = new Class();
or
$class = new Class();
Att,
'É um orgulho ter você como nosso cliente'
____________________________
Paulo Ricardo
Programador (Desenvolvedor)
ArgoHost.net
Hospedagem Web com Facilidade
<http://www.argohost.net/> http://www.argohost.net
Suporte Telefônico: (85) 3264-9944 / (11) 4063-4844
E-mail: <mailto:suporteargohost.net> suporteargohost.net
attached mail follows:
Hi,
we validate all incoming parameters and that includes checking if the
phpsession ID is only numbers and letters and is 32 Bytes long.
This worked for some PHP5 Servers but we just encountered an 5.1.2 that
issued sessionIDs that were 26 Bytes long.
I cant find any note about that in either of the PHP5 changelogs.
Question : What lengths are valid for PHP Sesssions is it possible to
encounter valid sessions with a length other than 26 and 32?
PHPinfo :
http://neu.karnevalservice.de/dbcTrade/phpinfo.php
thanks
Jens
attached mail follows:
> -----Original Message-----
> From: Jens Kisters [mailto:jk-tempgmx.de]
> Sent: 08 September 2006 14:53
>
> we validate all incoming parameters and that includes checking if the
> phpsession ID is only numbers and letters and is 32 Bytes long.
> This worked for some PHP5 Servers but we just encountered an
> 5.1.2 that
> issued sessionIDs that were 26 Bytes long.
> I cant find any note about that in either of the PHP5 changelogs.
>
> Question : What lengths are valid for PHP Sesssions is it possible to
> encounter valid sessions with a length other than 26 and 32?
Yes.
Originally, session IDs were MD5 hashes 128 bits long, encoded 4-bits-per-character to give a 32-character session id.
PHP 5 introduced the settings session.hash_function and session.hash_bits_per_character; with these, you can have an MD5 (128 bits) or SHA-1 (160 bits) hash, encoded 4, 5 or 6 bits per character. There are 6 possible combinations of these settings, giving 5 possible session id lengths of 40, 32, 27, 26 and 22 characters.
Cheers!
Mike
---------------------------------------------------------------------
Mike Ford, Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Headingley Campus, LEEDS, LS6 3QS, United Kingdom
Email: m.fordleedsmet.ac.uk
Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211
To view the terms under which this email is distributed, please go to http://disclaimer.leedsmet.ac.uk/email.htm
attached mail follows:
Hello everyone.
This may seem as a silly question, but I went through the
documentation and it wasn't explicit on this issue, at least for me.
Let's say that I'm on an 128kb/s upload. I need to upload an 100mb
file through a POST. PHP has, by default, 90 seconds execution limit
time.
So, the question is, when I hit the submit button, does it start
timing? Or does it start timing when the PHP gets the FULL POST
headers?
Thanks in advance,
André
attached mail follows:
André Medeiros wrote:
> Hello everyone.
>
> This may seem as a silly question, but I went through the
> documentation and it wasn't explicit on this issue, at least for me.
>
> Let's say that I'm on an 128kb/s upload. I need to upload an 100mb
> file through a POST. PHP has, by default, 90 seconds execution limit
> time.
>
> So, the question is, when I hit the submit button, does it start
> timing? Or does it start timing when the PHP gets the FULL POST
> headers?
>
> Thanks in advance,
> André
>
It doesn't start timing until the request has been fully recieved and
control handed over to PHP. So, until your file has been fully uploaded,
PHP won't even have started to do anything, and as such the execution
times hasn't started ticking either.
- tul
attached mail follows:
All,
Sorry if this is a little off topic. I have been writing tutorials on
load and regression testing web applications with JMeter. I have just
posted the first. These are being do to help people in TPN, but I am
able to make them public.
As the testing is all being done on PHP based web apps, I thought it
might be of interest.
Cheers
AJ
The first is here, there will be more as time goes on:
http://nerds-central.blogspot.com/2006/08/pushing-envelope-with-jmeter.html
--
www.deployview.com
www.nerds-central.com
www.project-network.com
attached mail follows:
Greetings all,
Thanks for the help with the Spreadsheet Excel Writer yesterday.
I was wondering if anyone knew of problems with the addFormat()
within the writer and PHP 5.0. I have followed the examples for
setting up a specific format but it is not being recognized.
Here is what I have tried...
$format_bold =& $workbook->addFormat();
$format_bold->SetBold();
And
$title_format =& $workbook->addFormat(array('fontfamily' => 'Arial',
'size' => 13,
'color' => 'black',
'bgcolor' => '#C0C0C0',
'bold' => 1)
);
Neither have worked. The error I get is pointing to the
Writer/Worksheet.php
file, line 1242 indicating that it cannot be converted. Yet, this same
code
was used in another application that is running PHP 4.2
Jef Sullivan
Programmer
Progrexion
work (801) 828-1745
moble (801) 682-9727
jsullivanprogrexion.com
Research | Marketing | Sales Generation
This email and its contents are confidential. If you are not the
intended recipient, delete this email and, do not use or
disclose the information contained within or its attachments.
Thank you.
attached mail follows:
Am 2006-09-05 08:36:21, schrieb Jon Anderson:
> Or create a simple shell/perl/php/whatever wrapper for adduser, and
> allow sudo for that wrapper by the web server user only.
>
> For example, you could create a wrapper that only allows one
> alphanumeric argument for the username, and another for the password.
That would not be POSIX compliant...
A USERNAME must be:
^[A-Za-z_][-_.A-Za-z0-9]*
So the allowed chars should at least:
-_.A-Za-z0-9
But his can be easily checked in PHP.
And ONLY after this passed to your wraper script.
Note: I do this too on a public server and I asume, you know
I have hackattemts, even if you can not know it.
Greetings
Michelle Konzack
Systemadministrator
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
50, rue de Soultz MSM LinuxMichi
0033/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
attached mail follows:
Michelle Konzack wrote:
> Am 2006-09-05 08:36:21, schrieb Jon Anderson:
>
>
>> Or create a simple shell/perl/php/whatever wrapper for adduser, and
>> allow sudo for that wrapper by the web server user only.
>>
>> For example, you could create a wrapper that only allows one
>> alphanumeric argument for the username, and another for the password.
>>
>
> That would not be POSIX compliant...
>
> A USERNAME must be:
>
> ^[A-Za-z_][-_.A-Za-z0-9]*
>
> So the allowed chars should at least:
>
> -_.A-Za-z0-9
>
IMO, what characters you allow in usernames on your systems is unrelated
to POSIX. It's a policy decision. POSIX merely defines what compliant
operating systems (and components) must support.
I only allow usernames with 5-8 alphabetic characters on systems that I
manage - as a human, I'm not POSIX compliant? ;-)
> But his can be easily checked in PHP.
> And ONLY after this passed to your wraper script.
>
They can also be easily checked from your wrapper with sed, wc, grep,
etc. - if your web server is compromised, you don't want to allow the
person to execute a script that doesn't properly check it's input
parameters. (That's my paranoia talking. :-)
jon
attached mail follows:
Am 2006-09-05 23:12:43, schrieb Gustav Wiberg:
> I want to save this to a string...
>
> <script language="javascript">
> var uri = 'http://impse.tradedoubler.com/imp/img/16352388/1122503?' + new
^^^^^^^^^^^^^^^^^^^^^^
> String (Math.random()).substring (2, 11);
> document.write('<a
> href="http://clk.tradedoubler.com/click?p=48859&a=1122503&g=16352388"
^^^^^^^^^^^^^^^^^^^^
Is this YOUR Domain? Keep in mind, if I find you, you are dead!
I will give you bach those around 26.000 Spams you have
sent to my Servers and my accout I use for writing here.
> Best regards
> /Gustav Wiberg
> Stammis Internet
^^^^^^^
Spelling error? - Maybe: "Spaming Internet"
Greetings
Michelle Konzack
Systemadministrator
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
50, rue de Soultz MSM LinuxMichi
0033/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]