php-install Digest 18 Jul 2003 23:24:34 -0000 Issue 1466
Topics (messages 11302 through 11306):
Re: New User Creation.
11302 by: Thomas
11304 by: Rajendra Kumar
11305 by: Stratsimir Kolchevski
Debug Assertion deep inside php_execute_script() on an SAPI.
11303 by: twitch
Re: Movie
11306 by: Spock
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Try checking out the exec() function
http://us4.php.net/manual/en/function.exec.php
Should start out with 3 input boxes.
USERNAME
PASSWORD
VERIFYPASSWORD
IF ($_POST/GET[PASSWORD] == $_POST/GET[VERIFYPASSWORD]){
exec("/path/to/useradd -p $_POST/GET[PASSWORD]
$_POST/GET[USERNAME]");
}
The above is assuming you are executing exec() functions as a PRIVILEGED
user. It also assumes that no one is able to view the processes taking
place on the machine as the password will show up in clear text when
ps'n (reporting process status). This also assumes you are not running
IIS on a windows platform.
The above is just an example (and a crappy one at that), I am not
responsible for ANYTHING you do with this.
These "assumptions" may help. Read below.
_________________
MOST IMPORTANTLY
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
1. READ POSTING RULES
2. hmm, it's in the posting rules.
3. http://us4.php.net/mailing-lists.php
4. Do not reply to my email address.
-----Original Message-----
From: Rajendra Kumar [mailto:[EMAIL PROTECTED]
Sent: Friday, July 18, 2003 3:02 AM
To: [EMAIL PROTECTED]
Subject: [PHP-INST] New User Creation.
Hello List,
i am new to php programming. can anyone help me to create a linux
user using php program and also i want to assign passwd to the new
created user. just like New User Sign Up form for an email. i use
squirrel mail they din't provided the new user sign up.
any help will be appreciated.
thank,
Kumar.
Catch all the cricket action. Download Yahoo! Score tracker
--- End Message ---
--- Begin Message ---
hello Mr. Thomas,
thanks for the quick reply. i implimented your code. let me know what's wrong with my
code.
newuser.htm:
html
head
body
form action = "signup.php" method = post
Username: input type = text size = 30 name = "USERNAME"
Password: input type = password size = 30 name = "PASSWORD"
Confirm: input type = password size = 30 name = "VERIFYPASSWORD"
input type = submit value = "Sign Up"
/form
/body
/html
signup.php
<?php
IF ($_POST[PASSWORD] == $_POST[VERIFYPASSWORD]){
exec("/usr/sbin/useradd -p $_POST[PASSWORD] $_POST[USERNAME]");
}
else
{
Print("<b> Passwords did not match");
}
?>
can u suggest me.?
thanks,
Kumar.
Thomas <[EMAIL PROTECTED]> wrote:
Try checking out the exec() function
http://us4.php.net/manual/en/function.exec.php
Should start out with 3 input boxes.
USERNAME
PASSWORD
VERIFYPASSWORD
IF ($_POST/GET[PASSWORD] == $_POST/GET[VERIFYPASSWORD]){
exec("/path/to/useradd -p $_POST/GET[PASSWORD]
$_POST/GET[USERNAME]");
}
The above is assuming you are executing exec() functions as a PRIVILEGED
user. It also assumes that no one is able to view the processes taking
place on the machine as the password will show up in clear text when
ps'n (reporting process status). This also assumes you are not running
IIS on a windows platform.
The above is just an example (and a crappy one at that), I am not
responsible for ANYTHING you do with this.
These "assumptions" may help. Read below.
_________________
MOST IMPORTANTLY
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
1. READ POSTING RULES
2. hmm, it's in the posting rules.
3. http://us4.php.net/mailing-lists.php
4. Do not reply to my email address.
-----Original Message-----
From: Rajendra Kumar [mailto:[EMAIL PROTECTED]
Sent: Friday, July 18, 2003 3:02 AM
To: [EMAIL PROTECTED]
Subject: [PHP-INST] New User Creation.
Hello List,
i am new to php programming. can anyone help me to create a linux
user using php program and also i want to assign passwd to the new
created user. just like New User Sign Up form for an email. i use
squirrel mail they din't provided the new user sign up.
any help will be appreciated.
thank,
Kumar.
Catch all the cricket action. Download Yahoo! Score tracker
--
PHP Install Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Catch all the cricket action. Download Yahoo! Score tracker
--- End Message ---
--- Begin Message ---
I suppose that your web server is running with non-privileged user.
In this case you have to use sudo (man sudo). Also you have to make some
checks like
if (ereg("[|;,:`'\\\"]", $_POST[PASSWORD]) || ereg("[|;,:`'\\\"]",
$_POST{USERNAME])) {
die "<B>Invalid username or password.<br>";
}
Remember that it's very important to check for "|" and ";" in the
username/password otherwise some nasty user could inject code after
the useradd command.
Stratsimir
Rajendra Kumar wrote:
hello Mr. Thomas,
thanks for the quick reply. i implimented your code. let me know what's wrong with my code.
newuser.htm:
html
head
body
form action = "signup.php" method = post
Username: input type = text size = 30 name = "USERNAME"
Password: input type = password size = 30 name = "PASSWORD"
Confirm: input type = password size = 30 name = "VERIFYPASSWORD"
input type = submit value = "Sign Up"
/form
/body
/html
signup.php
<?php
IF ($_POST[PASSWORD] == $_POST[VERIFYPASSWORD]){
exec("/usr/sbin/useradd -p $_POST[PASSWORD] $_POST[USERNAME]");
}
else
{
Print("<b> Passwords did not match");
}
?>
can u suggest me.?
--- End Message ---
--- Begin Message ---
Hi,
I am trying to get a PHP 4.3.2 SAPI working on Windows.
I am using Visual Studio 6.0 and am using the Debug Release
(php4ts_debug.dll).
I can successfully get the CLI (phpCLI.c) version of PHP working just fine
using the same linking instructions as I do for my SAPI program.
My SAPI is heavily based off the thttpd sample SAPI.
Right now I am getting a "Microsoft Visual C++ Debug Library" assertion:
--- Begin Dialog Contents ---
Debug Assertion Failed!
Program: c:\work\out\bin\phpServerHarness.exe
File: fdopen.c
Line: 54
Expression: _osfile(filedes) & FOPEN
For information on how your program can cause an asserion
failure, see the Visual C++ documentation on asserts.
(Press Retry to debug the application).
--- End Dialog Contents ---
Here is the code from fdopen.c:
--- Begin Code ---
FILE * __cdecl _tfdopen (
int filedes,
REG2 const _TSCHAR *mode
)
{
REG1 FILE *stream;
int whileflag, tbflag, cnflag;
_ASSERTE(mode != NULL);
#if defined (_WIN32)
_ASSERTE((unsigned)filedes < (unsigned)_nhandle);
_ASSERTE(_osfile(filedes) & FOPEN); // <------------ THIS ASSERT
if ( ((unsigned)filedes >= (unsigned)_nhandle) ||
!(_osfile(filedes) & FOPEN) )
return(NULL);
#else /* defined (_WIN32) */
--- End Code ---
This is the stack at the time of the assert:
--- Begin Stack ---
> MSVCRTD.DLL!_fdopen(int filedes=3, const char * mode=0x010d545c) Line
54 + 0x3f C
php4ts_debug.dll!php_stdiop_cast(_php_stream * stream=0x010d5438, int
castas=0, void * * ret=0x010ce738, void * * * tsrm_ls=0x00e39b90) Line
1580 + 0x16 C
php4ts_debug.dll!_php_stream_cast(_php_stream * stream=0x010d5438, int
castas=0, void * * ret=0x010ce738, int show_err=8, void * * *
tsrm_ls=0x00e39b90) Line 2172 + 0x39 C
php4ts_debug.dll!_php_stream_open_wrapper_as_file(char *
path=0x00e87830, char * mode=0x102adfd4, int options=141, char * *
opened_path=0x010ceb60, int __php_stream_call_depth=0, char *
__zend_filename=0x102ae704, unsigned int __zend_lineno=762, char *
__zend_orig_filename=0x00000000, unsigned int __zend_orig_lineno=0, void
* * * tsrm_ls=0x00e39b90) Line 2718 + 0x18 C
php4ts_debug.dll!php_fopen_wrapper_for_zend(const char *
filename=0x00e87830, char * * opened_path=0x010ceb60) Line 762 + 0x31 C
php4ts_debug.dll!open_file_for_scanning(_zend_file_handle *
file_handle=0x010ceb58, void * * * tsrm_ls=0x00e39b90) Line 2982 +
0x16 C
php4ts_debug.dll!compile_file(_zend_file_handle *
file_handle=0x010ceb58, int type=2, void * * * tsrm_ls=0x00e39b90) Line
3081 + 0xd C
php4ts_debug.dll!zend_execute_scripts(int type=8, void * * *
tsrm_ls=0x00e39b90, _zval_struct * * retval=0x00000000, int
file_count=3, ...) Line 865 + 0x12 C
php4ts_debug.dll!php_execute_script(_zend_file_handle *
primary_file=0x010ceb58, void * * * tsrm_ls=0x00e39b90) Line 1671 +
0x1b C
phpServerHarness.exe!thttpd_module_main(int show_source=0, void * * *
tsrm_ls=0x00e39b90) Line 534 + 0xe C
phpServerHarness.exe!thttpd_real_php_request(void * * hc=0x00e38750, int
show_source=0, void * * * tsrm_ls=0x00e39b90) Line 923 + 0xd C
phpServerHarness.exe!phpcinterface_php_request(void * hc=0x00e38750, int
show_source=0) Line 978 + 0x11 C
phpServerHarness.exe!HTTPConnectionDataSourcePHP::primePump() Line 31 +
0xe C++
phpServerHarness.exe!HTTPConnection::handleCompleteRequest() Line 283 C++
phpServerHarness.exe!HTTPConnection::inspectIncoming() Line 363 C++
phpServerHarness.exe!SocketConnection::readAvailable() Line 72 C++
phpServerHarness.exe!SocketWatcher::run() Line 172 C++
phpServerHarness.exe!threadLaunchFunc(void * userArg=0x00d918f0) Line
25 C++
MSVCRTD.DLL!_threadstart(void * ptd=0x00e388f0) Line 173 + 0xd C
KERNEL32.DLL!77e8758a()
-- End Stack ---
The place where I "lose track" (in terms of understanding) of what's
happening is in:
_php_open_wrapper_as_file()
where it takes a phpstream returned from:
php_stream_open_wrapper_rel()
and does:
if (php_stream_cast(stream,
PHP_STREAM_AS_STDIO|PHP_STREAM_CAST_TRY_HARD|PHP_STREAM_CAST_RELEASE,
(void**)&fp, REPORT_ERRORS) == FAILURE)
to it. I don't really know "what" they're trying to do from then on, but
it goes through a few functions (see stack) and ends up at that assert.
The arguments to php_open_wrapper_as_file look correct (valid paths).
I know this is a long shot, but if anyone can help me -- give me some kind
of pointer on where or what to look for -- libraries, languages,
ThreadSafe versus not ThreadSafe -- I'd really appreciate it. I've been
stumped for days. I don't really know how to get more information on the
code I'm looking at.
thanks!
twitch
--- End Message ---
--- Begin Message ---
I got an email from you back on 12 July that looked suspicious, so I filed it under
"viruses" until I could check it out.
It contains a file called Your_Details.zip and I have recently been informed that the
zip file contains the W32/Sobig-E virus.
Thought I should let you know in case you hadn't already been informed. I have deleted
my copy. I have also, long ago, set my email so it will never automatically send
emails. That way, if something unknown shows up in the out box, I can delete it before
I unintentionally further distribute any viruses.
Best wishes,
Spock
http://pctalk.info/
--- End Message ---
