| SitePoint Sponsor |
|
|
User Tag List
Results 1 to 4 of 4
Thread: updating .htpasswd file
-
Aug 25, 2004, 13:39 #1SitePoint Member
- Join Date
- Aug 2004
- Location
- UK
- Posts
- 16
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
updating .htpasswd file
Hi
Can anyone spot the obvious mistake in the below??
exec("htpasswd -b ".$_POST['username']." ".$_POST['password_1'])
or die(".htpasswd file update has failed");
The .htpasswd file for the purpose of this test is in the same directory as the script running the above code.
Thanks for your help
Estella
-
Aug 27, 2004, 03:09 #2SitePoint Enthusiast
- Join Date
- Aug 2004
- Location
- around
- Posts
- 72
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
are you allowed to use exec() with your hosting? some have it disabled
-
Sep 5, 2004, 07:08 #3ko pročita magarac :)
- Join Date
- Oct 2003
- Location
- belgrade
- Posts
- 354
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
you didn't specify file name - .htpasswd
exec("htpasswd -b .htpasswd ".$_POST['username']." ".$_POST['password_1'])
or die(".htpasswd file update has failed");Vivvo CMS - Web publishing at your fingertips
Mile voli disko, a ja belo kolumbijsko
-
Sep 6, 2004, 00:24 #4SitePoint Guru
- Join Date
- Mar 2002
- Location
- US
- Posts
- 622
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Actually the obvious mistake is lack of any validation/cleaning done on the _POST variables. Never trust user input untill you implicitly make sure it's safe. Plus making the htpasswd file world writable may not be the best idea either.
Bookmarks