SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Member
    Join Date
    Aug 2004
    Location
    UK
    Posts
    16
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    updating .htpasswd file

    Hi

    Can anyone spot the obvious mistake in the below??

    exec("htpasswd -b ".$_POST['username']." ".$_POST['password_1'])
    or die(".htpasswd file update has failed");

    The .htpasswd file for the purpose of this test is in the same directory as the script running the above code.

    Thanks for your help

    Estella

  2. #2
    SitePoint Enthusiast
    Join Date
    Aug 2004
    Location
    around
    Posts
    72
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    are you allowed to use exec() with your hosting? some have it disabled

  3. #3
    ko pročita magarac :) boccio's Avatar
    Join Date
    Oct 2003
    Location
    belgrade
    Posts
    354
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    you didn't specify file name - .htpasswd

    exec("htpasswd -b .htpasswd ".$_POST['username']." ".$_POST['password_1'])
    or die(".htpasswd file update has failed");
    Vivvo CMS - Web publishing at your fingertips
    Mile voli disko, a ja belo kolumbijsko

  4. #4
    SitePoint Guru okrogius's Avatar
    Join Date
    Mar 2002
    Location
    US
    Posts
    622
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Actually the obvious mistake is lack of any validation/cleaning done on the _POST variables. Never trust user input untill you implicitly make sure it's safe. Plus making the htpasswd file world writable may not be the best idea either.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •