Re: [PHP] Unix passwd file
I found this code in a web (or somthink like this), but can remever
where to give the credits, sorry.
include_once('/etc/php/bases.php');
function autentifica($user,$pass)
{
global $db1Host, $db1User, $db1Pass;
$auth = false;
mysql_connect($db1Host,$db1User,$db1Pass)
or die ('Unable to connect to server.');
// Select database on MySQL server
mysql_select_db('mysql')
or die ('Unable to select database.');
// Formulate the query
$sql = "SELECT user FROM user WHERE User='$user' &&
password=PASSWORD('$pass')";
// Execute the query and put results in $result
$result = mysql_query($sql)
or die ('Unable to execute query.');
// Get number of rows in $result.
$num = mysql_numrows( $result );
if ($num != 0) {
// A matching row was found - the user is authenticated.
$auth = true;
}
return $auth;
}
Josep R. Raurell
En/na Scott ha escrit:
>I apologize if this is might be OT. I have 5,000+ users in a unix passwd
>file that I would like to move to a MySQL table to build a login system
>with php. I could then use this table for Postfix and Radius. I know
>about the getpwent in perl, but does anyone know if I populate a MySQL
>table with the login/password can php then use that encrypted password to
>validate users?
>
>TIA
>
>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: the ?PHPSESSID=spoofme 'bug'
If you destroy the session (for exaple with a logoff button) this dosen work. Josep R. Raurell Giancarlo Pinerolo wrote: >Giancarlo Pinerolo wrote: > >>I myself wrote: >> >>>Can I tell you more than what the subject says? >>>proceeding: >>>Close the browser, clean all your cookies, and open any page with that >>>?PHPSESSID=spoofme appended. >>>And see what happens. >>> > >spoofme is not the exact term. > >?PHPSESSID=hijackme should be more appropriate, but I avoided it for >well known 'historical' reasons :-| > >G > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] help me please! :)
This work for me:
liv_1
liv_2
liv_3
liv_n
To get the value i work in this way...
$liv= $_REQUEST['liv'];
$n = 50;
for ($i=1; $i<=$n;i++){
...
echo $liv[$i];
Josep R. Raurell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] apache security
Hello. I think nobody had send this warnig to the list. Sorry if you already nows. This text is from the apache web: SECURITY ADVISORY Versions of the Apache web server up to and including 1.3.24 and 2.0 up to and including 2.0.36 contain a bug in the routines which deal with invalid requests which are encoded using chunked encoding. This bug can be triggered remotely by sending a carefully crafted invalid request. This functionality is enabled by default. In most cases the outcome of the invalid request is that the child process dealing with the request will terminate. At the least, this could help a remote attacker launch a denial of service attack as the parent process will eventually have to replace the terminated child process, and starting new children uses non-trivial amounts of resources. We were also notified today by ISS that they had published the same issue which has forced the early release of this advisory. Please note that the patch provided by ISS does not correct this vulnerability. The Apache Software Foundation has released versions 1.3.26 and 2.0.39 to address and fix this issue. These version are available for download; see below. Josep R. Raurell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] pdf with POST
Hello.
I do a pdf with a lot of variables from a form, with a GET method.
After make the pdf (in the same script) I sent the headers and the user
can see the document in your browser:
$data = $albara->retorna();
$len=strlen($data);
header("Content-Type: application/pdf");
header("Content-Length: $len");
header("Content-Disposition: inline; filename=$fileName");
header("Pragma: no-cache");
header("Expires: 0");
print $data;
$albara->deleteDoc();
This work OK.
But I want use POST because there are so much variables in the URL, whit
post the result is a blank scrren (the pdf never apears).
Somebody nows if is posible (with another headers or with other
solution) to use a POST method to get a pdf made on the fly ?
Thanks.
Josep. R. Raurell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
