| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
Comments:
<0> Artnez: meh.
<1> hi
<2> Artnez: the engine you wrote has a very similar syntax to smarty
<1> how can I return two variables via the return function?
<3> hah
<2> return array(1,2)
<4> [itrebal_work], meh yourself. a nicely established library of code is how to solve problems.
<0> Artnez: i agree, but i think its a good idea to seperate logic & presentation, where, that doesnt
<1> Myconid, so I have to create an array?
<4> Myconid, I looked at smarty. I achieved everything i need in one cl*** file as opposed to making a template engine seem like a big app like the dev of smarty had done.
<4> [itrebal_work], what? that does exactly that
<0> Artnez: no, you are creating logical syntax for your templating engine, therefor mixing logic and presentation
<4> i never, ever, use a single piece of HTML anywhere in my code, aside from the error handler but i can't avoid that
<4> [itrebal_work], and what is the alternative?
<1> uh, just one other question that has no link with my first one: What is the following "notice" caused by:
<1> Notice: Uninitialized string offset: 0
<2> Artnez: uhg.. please mention that to my coworker.
<1> ?
<3> wow
<3> hey theboywhogotlost it souldn't let me send it
<2> Artnez: the guy I work with will cehck $_POST variables in a cl*** method
<4> Myconid: echo Form :: validatePostValue( UneededCl***File :: getPostValue( "username" ) );
<0> Myconid: hes not fired yet?
<2> [itrebal_work]: hes my boss :(
<2> Artnez: im well aware..
<4> [itrebal_work], what you're talking about is completely seperating logic from presentation... to the point where they can't mix
<0> Myconid: you havnt quit yet?
<0> :P
<2> [itrebal_work]: lol..
<5> DrewMew|home: Just create a page that will let them edit there addy if nessasary
<5> DrewMew|home: If you addy is not correct click here
<0> http://images.itrebal.com/various/ipod/1.jpg thats my hand-crafted ipod-case
<3> let me just past the code in a past bin for you
<2> [itrebal_work]: nice
<5> ok
<0> yay for calendars with scantily clad women
<4> [itrebal_work], do you take that to church
<0> Artnez: why, of course
<4> [itrebal_work], put a picture of it in the collection plate
<0> heh
<6> itrebal, permission to priv?
<0> no
<4> Jackpot! http://pong.flash-gear.com/
<6> okey
<6> im back for food, now whatsup.. still cant get it to work
<3> http://cpp.enisoc.com/pastebin/6767
<5> DrewMew|Home: Can you paste it on the forums here? thephpguy.com
<7> dogwater I can't get this to work: <?php $sys=system('sudo -u root ethtool eth0');echo $sys; ?> <-- I don't think NOBODY can su as root. That would be a major security issue
<8> what is the easiest way to get the value of the last element in an array?
<8> if you don't know hte length of the array?
<8> $array[count($arra)] seems kinda long
<8> $value = $array[count($array)]
<0> thats the only way, IIRC
<2> aldug: thats how
<2> xavierk: jesus dont do that
<0> its not a security issue there, unless ethtool will give sensative information
<0> there is no way that can be injected
<2> [itrebal_work]: right.. but nobody can su to root.
<9> in regards to mail() there doesnt need to be a mail server running on that server to be able to send emails out, right?
<2> thats not a good thing
<8> Myconid: what is thebest way to have a php script that can do root tasks?
<4> xavier: you cannot do sudo with PHP unless you connect via SSH
<7> I figured as much
<4> sudo sends back a request for the p***word
<4> and PHP does not wait for a response
<9> sudo doesnt always...
<2> aldug: VERY VERY carefully.
<4> the only way to send a command is to send it all at once
<8> Myconid: IE, I have a php script running on a webserver and I want to be able to setup and delete users from it
<9> you can configure it not to.
<2> aldug: I would drop them into a config file of some kind..
<2> aldug: and have a seperate process handle it
<7> is there anyway to display the port speed?
<8> Myconid: I have a central server with a form for username, p***word and server and I want those to be created on another server
<2> aldug: so drop them into mysql..
<4> xavier: although i have just connected to the server view SSH and done everything i needed to that way
<4> *server via
<2> and have clients on the machines poll the database
<0> Myconid: hes doing hosting, IIRC
<3> sure... just let everyone look at it?
<2> DrewMew|Home: ?
<8> Myconid: but the client still needs root privilages to make the changes
<9> in regards to mail() there doesnt need to be a mail server running on that server to be able to send emails out, right?
<6> itrebal, im getting this feeling that im ignored :p
<2> aldug: thats fine.. but having your webserver execute the commands itself is a BAD BAD idea
<2> aldug: atleast with the db you would have a log of what happened as well
<2> SkramX: google phpmailer
<10> hi there
<0> _chillyD: nope, i just cant help
<6> why not?
<0> notice the _work part, and if you look up for a while i've only been saying 'thats dumb' or 'thats ok'
<10> ive got an include path defined in .htaccess like -> php_value include_path ".:/var/www/localhost/htdocs/bal"
<10> but it doesnt get included ....
<8> Myconid: here's another thing I need to do, in my central server, I want a readout of how much diskspace each user is using, that's a command that needs to be run as root on the indivdual server, how do I securely get that?
<10> what could be a possible problem the same works on the other server ....
<2> aldug: run the script from cron, and have it dump its results into mysql
<6> ye but i did what you told me to do
<0> coca__: it doesnt get included, that just adds to the include_path, you can then do include('file_that_is_in_/var/www/localost/htocs/bal');
<8> Myconid: I would like real time results, what other options do I have?
<0> _chillyD: i know, i had to go to work
<6> oh, okey then
<2> aldug: i would have it update every 15 minutes..
<6> i sorted it
<10> [itrebal_work]: but it should be like that cause it works on the other one ...
<6> whee (:
<6> thx dude
<10> Fatal error: main(): Failed opening required 'conf/la.php' (include_path='.:/usr/lib/php')
<5> DrewMew|Home: at least post the parts that you need help with.
<8> Myconid: that won't work for this application, I need to have somethings done immediately as root on another server. What other options do I have to do it securely?
<2> aldug: you have a process of some kind that the server can request information from.. and that other process does it
<10> [itrebal_work]: ?
<11> is there anyway to use a pear package that isnt installed on a shared hosting environment?
<12> is "SELECT * FROM membres WHERE username = '" . addslashes($username) . "' AND p***word ='" . md5($p***word) . "'" secure?
<2> DogWater: sure
<11> includes? or anything like that
<2> just install it and change your include path
<13> endorphine, mysql_escape_string
<11> Er; I dont have access to install it; as it is a shared hosting environment
<2> DogWater: if you cant put the pear files on the server, naturally you cant use them
<12> anything else is wrong?
<2> endorphine: addslashes is not sufficient
<0> endorphine: whats your RDBMS?
<12> what is a RDBMS?
<8> Myconid: I'm not exacly sure what you mean, can you be a little bit more specific? It's very important that these happen real time.
<0> database
<12> mysql
<0> use mysql_real_escape_string instead of addslashes
<12> k
<2> aldug: make a daemon that listens on like port 999 or what not.. have it take simple queries.. like SMTP ..
<2> aldug: and have your script connect to it and issue the command
<2> and have that daemon do the commands you need executed
<3> hey theboywhogotlost http://thephpguy.com/forum/viewtopic.php?p=74#74
<8> Myconid: ok, how is that safer than the sudo approach with a p***word?
<2> aldug: because your *WEBSERVER* doesnt have root access.
<2> aldug: if your script can run a program as root, and i can upload a file, i have root access to your server
<2> aldug: if you are connecting to a daemon.. t here is a very limited set of features it provides..
<0> Myconid: meh, *minor* security issue, hehe
<2> aldug: if i hack your server, all I can do is issue the commands supported..
<2> aldug: even adding or deleting users is bad.. but atleast im not root..
<2> and the daemon can log all commands it receives.. etc..
<8> Myconid: is there a way to write a standalone daemon in php?
<14> Anyone got any tutorial on how to do ldap authentication with php ?
<8> or do In eed perl or python for that?
<0> or you could just log the requests, and do it manually
<2> Pir8: its cake.. like 4 lines of code
<5> DrewMew|Home have you tried include?
<0> aldug: you should use perl or python
<0> aldug: or write a simple script to handel requests, and use netcat as the actual server part
<2> aldug: you can do it in any language you want
<14> im trying to test php ldap auth and use it with our proprietary system sort of like single sign-on
<3> yes... just include ('file');
Return to
#php
or
Go to some related
logs:
#fedora
#perl
ubuntu cross-compiling pbuilder
#perl
#perl
proftpd rewrite
select first row first row join mysql
file::temp perl unlink0
#math
#linux
|
|
