NYCPHP Meetup

[nycphp-talk] Single-Logon User Authentication, PHP and viewingnon-ASCII

Phil Powell soazine at erols.com
Tue Aug 19 01:17:55 EDT 2003


Dan, out of fairness I completely DID give up on PHP using as CGI and
decided on TCL instead as CGI.  The results are quite positive, except now I
have no way of knowing exactly how to view non-ASCII (binary) files with
permissions of 0700.

So, more reserach until dawn!

Everything is working on the CGI scripts, turns out they were the
inevitable: SYNTAX ERRORS.  Some hacker I'll make :(  After quick fixing I
am able now to list all files, upload a file and delete a file.  I could not
do it in PHP and did not think I would ever come up with a timely solution
using PHP, whereas using TCL as CGI I was able to do so with few problems
(except, of course, the inability to view non-ASCII files at this time).

Phil

BTW I
----- Original Message ----- 
From: "Analysis & Solutions" <danielc at analysisandsolutions.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Tuesday, August 19, 2003 1:05 AM
Subject: Re: [nycphp-talk] Single-Logon User Authentication,PHP and
viewingnon-ASCII


> Phil:
>
> On Mon, Aug 18, 2003 at 11:48:39PM -0400, Phil Powell wrote:
> > CGI just failed.  My script produces TCL-level errors that state.. guess
> > what.. Permission DENIED!
> >
> > Yes, cgi-bin does not even have permissions to the /content folder!
> >
> > I'm out of ideas
>
> Don't give up so easlily.  You've got to be a hacker to get things done!
>
> First off, you're saying that the PHP script ran as CGI and produced a PHP
> Warning saying something like "Permission denied ... on line x?"  So,
> please copy and paste the error message here.  It includes the path, which
> we'll need to diagnose the problem.
>
> I bet the ownership, permissions and/or path of the dirs/files in
> question is not set up correctly.
>
> In your shell terminal do an "ls -la /path/to/secure/dir" of the directory
> where those secured files are.  Also, do an "ls -la /path/to/web/dir"
> where the script you're running is.  Send us the results for ., .. and the
> script/file in question, including the exact command you typed in.
>
> Hmmm...  You're just reading files, right?  Try this in your shell and let
> us know what happens:  "whoami" and then
> "cat /path/to/secue/dir/testfile.txt"
>
> Also, some servers have path mappings that are different from the shell
> than from a CGI executing on the web host.  Ask the system administrator
> if there's something like that going on here.
>
> --Dan
>
> -- 
>      FREE scripts that make web and database programming easier
>            http://www.analysisandsolutions.com/software/
>  T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
>  4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk




More information about the talk mailing list