I'm trying to use LDAP user password change code but I have stuck on a step where ldap_modify throwing LDAP error:
1 - Operations error
First I thought that password encryption method is not correct but even code
$rootdn = "cn=ldap_manager,dc=mycompany,dc=local";
$rootpwd = "mysecretkeys";
$r = ldap_bind($con,$rootdn,$rootpwd);
$entry = array();
$entry["givenName"] = "BabaGanush";
if ($r = ldap_modify($con,$user_dn,$entry) === false){
$error = ldap_error($con);
$errno = ldap_errno($con);
$message[] = "E201 - Please contact the administrator.";
$message[] = "$errno - $error";
} else {
$message[] = "Name was changed";
}
is not working (getting the same Error #1).
I have tried all possible combinations for rootDN but cannot get bind when used ldap_manager
$rootdn = "CN=users,DC=mycompany,DC=local";
$username = 'ldap_mamanger';
$domain = 'mycompany';
$rootdn = $username;
$rootdn = $username.'#'.$domain;
$rootdn = $domain.'\\'.$username;
$rootdn = "uid=$username,cn=users,dc=$domain,dc=local";
$rootdn = "uid=$username,dc=$domain,dc=local";
$rootdn = "uid=$username,dc=local";
$rootdn = "uid=$username,dc=$domain";
when $ldaprdn = $domain.'\\'.$username; works fine for regular AD user (can bind)
dsquery user -name ldap* returns
"CN=ldap_manager,CN=Users,DC=mycompany,DC=local"
"CN=ldap_user,CN=Users,DC=mycompany,DC=local"
Any clue what can be wrong?
As far as I see it, you are trying to modify a complete entry. That means, ldap_modify replaces the current content located under the given DN with the new content. And I'm sure there are some fields that are left empty shich are required when you replace the current entry with one that contains only a givenName.
So either fetch the current entry and replace the value in question within that result or you might want to have a look at ldap_mod_replace.
Related
I get this warning in a chunk of instructions PHP 8+ dedicated to the check of the user inside the page:
if ($_POST['go'] ?? null) {
// $_SESSION_VALUES is an array $db, $nick are classes of mine
$_SESSION_VALUES = $nick->get_cookie (COOKIE_NAME); // get the name of the cookie
if ($db->check_user (USERS_TABLE, $_POST['nick'], $db->encode_password($_POST['password']))) {
$_SESSION_VALUES['_USERNAME'] = $db->user_rec['nick']; // get the nickname from the cookie
$_SESSION_VALUES['_PASSWORD'] = $db->user_rec['password']; //get the password
$_SESSION_VALUES['_USER'] = $db->user_type;
if (! $nick->set_cookie (COOKIE_NAME, $_SESSION_VALUES)) die ('Cannot write the cookie'); // record the cookie
header('Location: ./copertina'); }
else $_SESSION_VALUES['_USER'] = -1;
}
The execution of
else $_SESSION_VALUES['_USER'] = -1;
gives "Automatic conversion of false to array is deprecated"
Following a suggestion from stack overflow I tryed this:
$\_SESSION_VALUES = \[\];
if ($\_POST\['go'\] ?? null) {
...
but apparently it doesn't work
any idea?
Thanks
I assume that $nick->get_cookie(COOKIE_NAME); returns false.
Try changing:
else $_SESSION_VALUES['_USER'] = -1;
to:
else $_SESSION_VALUES = ['_USER' => -1];
This will probably get rid of the error message you reported, but I don't know if the rest of your code, which I cannot see, will accept this.
During my create user process I make a few queries to various database's to get the new user setup. This script has been working fine for about a year and a half, but now something is off.
So the first thing I do is I check to see if a user exists with the credentials being submitted. I've thoroughly tested the check and I'm confident my issue isn't there.
If that check comes back false then the script continues to create the user.
public function registerUser() {
parse_str($_SERVER['QUERY_STRING'], $data);
$data = (object) $data;
$check = json_decode($this->checkUserExists($data->email));
if ($check->res) {
$res = new \stdClass();
$res->res = false;
$res->user_status = $check->user_status;
$res->msg = 'User exists.';
echo json_encode($res);
}
if (!$check->res) {
$this->createUser($data);
}
}
The problem arises after all the queries have been completed, the script does not seem to want to run the if statement at the bottom. I marked it with comment characters so it's easier to find, but I included the entire function for clarity, maybe I'm doing something that is causing the issue.
I tried invoking an error manually at various points during the script. And I am able to trigger an error all the way down to the bottom of the script.
private function createUser($data) {
$Crypt = new CryptController();
$AuthSelect = new AuthController();
$Time = new TimeController();
$remote_address = new RemoteAddressController();
$Session = new SessionController();
$AuthInsert = new AuthModel_Insert();
$hashed_password = $Crypt->create_hash($data->password);
$data->password = '';
$AuthData = json_decode($AuthSelect->getAuth());
$system_auth_id = $AuthData->system_auth_id;
$user_id = $Crypt->get_uuid();
$user_auth_id = $Crypt->get_uuid();
$user_createddate = $Time->time();
$user_updateddate = $Time->time();
$user_lastupdateddate = $Time->time();
$agent_ip = $remote_address->getIpAddress();
$userData = $this->createUserObject(
$user_id,
$user_auth_id,
$system_auth_id,
$hashed_password,
$user_createddate,
$user_updateddate,
$user_lastupdateddate,
$data
);
$agentData = $this->createAgentObject(
$user_id,
$agent_ip,
$data
);
//////////////////////////////////////////
$create_user = $AuthInsert->createNewUser(
$userData
);
$create_user_agent = $this->setUserAgent(
$agentData
);
$sessionKeyData = new \stdClass();
$sessionKeyData->user_id = $user_id;
$sessionKeyData->user_auth_id = $user_auth_id;
$sessionKeyData->system_auth_id = $system_auth_id;
$sessionKeyData->agent_id = $create_user_agent->agent->agent_id;
$set_session_key = $Session->setSessionKey(
$sessionKeyData
);
$send_activation_email = $this->createUserActivation(
$userData
);
if (
$create_user &&
$create_user_agent->res &&
$set_session_key->res &&
$send_activation_email->res) {
$res = new \stdClass();
$res->res = true;
$res->msg = 'New user successfully created.';
echo json_encode($res);
} else {
$res = new \stdClass();
$res->res = false;
$res->msg = 'Error: User creation process incomplete.';
echo json_encode($res);
}
//////////////////////////////////////////
trigger_error("Invoked Error: ",E_USER_ERROR);
}
The queries themselves go through just fine, all the tables are populated just fine. The issue is that after that happens the script doesn't finish. It seems to end the createUser() function and return to the registerUser() function at which point the user will exist so it will return false and echo that back to the client.
In my testing it seems my issue might be at the bottom with that if statement. But I've tested each of those queries individually and they do return the desired booleans to get the true condition. But, even the false condition doesn't go through which should return 'Error: User creation process incomplete.'. That doesn't happen either.
I'm hoping someone sees something I'm missing because I've been stuck on this problem for too long. I appreciate any guidance that might lead me to an answer. Thanks in advance.
Just for clarification the message I'm getting back is $res->msg = 'User exists.'; which comes from registeruser(). The message I'm expecting back is $res->msg = 'New user successfully created.'; which should come from createUser().
I was amazed I didn't found answer on Google for this answer.
So basically I have a PHP code which have to be stored in a variable as a string. Unfortunately PHP recognize the opening and ending tag not as a string but a PHP code... I want it as a string :)
$settings_string =
'
<?php
//Locker ID
$userToSearch = '.$_POST["usertosearch"].';
//User Folder
$userFolder = '.$folder.';
//User Link
$userLink = '.$_POST["userlink"].';
// Username and pass
$affiliateuser = '.$_POST["affiliateuser"].';
$affiliatepassword = '.$_POST["affiliatepassword"].';
?>
';
you can use like this.
if u tell your purpose. so i can give you better than this.
$settings_string ='
<?php
//Locker ID
$userToSearch = \'.$_POST["usertosearch"].\';
//User Folder
$userFolder = \'.$folder.\';
//User Link
$userLink = \'.$_POST["userlink"].\';
// Username and pass
$affiliateuser = \'.$_POST["affiliateuser"].\';
$affiliatepassword = \'.$_POST["affiliatepassword"].\';
?>
';
Now you have to use like this
$file = fopen('file_name.php', 'w');
fwrite($file, $settings_string);
If you want the value of the $_POST injected in there you still need to quote it properly in the output.
$settings_string =
'
<?php
//Locker ID
$userToSearch = "'.$_POST["usertosearch"].'"; //add them quotes!!!!
//User Folder
$userFolder = "'.$folder.'";
//User Link
$userLink = "'.$_POST["userlink"].'";
// Username and pass
$affiliateuser = "'.$_POST["affiliateuser"].'";
$affiliatepassword = "'.$_POST["affiliatepassword"].'";
?>
';
I'll assume $_POST["usertosearch"] = 'user' currently in your output would be this.
$userToSearch = user;
When instead you want
$userToSearch = "user";
Above you will see the added double quote, to properly quote the strings in the output file. That file still has to have valid syntax.
As a note, if any of the post values contain " your gonna have issues, unless you do addslashes() for them.
For example
$userLink = "'.$_POST["userlink"].'";
Assume this is $_POST["userlink"] = 'link' OR
$userLink = "link";
See the issue with that. When you'll want this
$userLink = "link";
Your looking for eval
<?php
$settings_string ='
//Locker ID
$userToSearch = '.$_POST["usertosearch"].';
//User Folder
$userFolder = '.$folder.';
//User Link
$userLink = '.$_POST["userlink"].';
// Username and pass
$affiliateuser = '.$_POST["affiliateuser"].';
$affiliatepassword = '.$_POST["affiliatepassword"].';
';
eval($settings_string);
I'm making a website in which I'm trying to create a form that will send the user-input to a google spreadsheet in my google docs/drive... I found a Github project that lets people code the php... It includes 2 other php files which are needed for the script. The code is as follows:
My question is, how can I hide my password from this script under $u = / $p = ??
Anyone viewing the code can see my password.. how can I prevent that?
Link to the script's source is : http://www.farinspace.com/saving-form-data-to-google-spreadsheets/
<?php
// Zend library include path
set_include_path(get_include_path() . PATH_SEPARATOR . "$_SERVER[DOCUMENT_ROOT]/ZendGdata-1.8.1/library");
include_once("Google_Spreadsheet.php");
$u = "username#gmail.com";
$p = "password";
$ss = new Google_Spreadsheet($u,$p);
$ss->useSpreadsheet("My Spreadsheet");
$ss->useWorksheet("wks2");
// important:
// adding a leading alpha char prevents errors, there are issues
// when trying to lookup an identifier in a column where the
// value starts with both alpha and numeric characters, using a
// leading alpha character causes the column and its values to be
// seen as a strictly a strings/text
$id = "z" . md5(microtime(true));
$row = array
(
"id" => $id // used for later lookups
, "name" => "John Doe"
, "email" => "john#example.com"
, "comments" => "Hello world"
);
if ($ss->addRow($row)) echo "Form data successfully stored";
else echo "Error, unable to store data";
$row = array
(
"name" => "John Q Doe"
);
if ($ss->updateRow($row,"id=".$id)) echo "Form data successfully updated";
else echo "Error, unable to update spreadsheet data";
?>
You can attempt to hide if from peering eyes using the code below. It would still be discoverable if you tried, but at least it's away from open text view. All it does is add characters to the text and then subtract them before it uses the password.
Run this script using your original password
<?php
$password = "test";
echo "Original Password In Plain Text = $password\n";
$len=strlen($password);
$NewPassword = "";
for( $i = 0; $i <= $len-1; $i++ ) {
$charcode = ord(substr( $password, $i, 1 ));
$NewChar = $charcode+5; $NewLetter = chr($NewChar);
$NewPassword = $NewPassword . $NewLetter;
} echo "Modified Password to Use in Script = $NewPassword\n";
$OrigPassword = "";
for( $i = 0; $i <= $len-1; $i++ ) {
$charcode = ord(substr( $NewPassword, $i, 1 ));
$OrigChar = $charcode-5; $OrigLetter = chr($OrigChar);
$OrigPassword = $OrigPassword . $OrigLetter;
} echo "Convert the Modified back to the Original = $OrigPassword\n";
?>
Add this part to your script with the new password from the above script
$password = "yjxy";
$OrigPassword = "";
for( $i = 0; $i <= $len-1; $i++ ) {
$charcode = ord(substr( $password, $i, 1 ));
$OrigChar = $charcode-5; $OrigLetter = chr($OrigChar);
$OrigPassword = $OrigPassword . $OrigLetter;
} $password = $OrigPassword;
echo "Script thinks this is the password = $password\n";
The best way to hide the password is to save it in external file and then include it in your php script. Your file with this password let's say 'config.php' should be above DOCUMENT_ROOT to make it unaccesible via browser. It's common aproach and for example you can see it in Zend Framework directory structure where only "public" directory is visible for user. The proper CHMOD should be set to this file as well.
Under this link you have ZF directory structure where you can check location of config files.
This question has been asked and answered lots of times here (but not specifically for Google docs). Short answer is that there is nothing you can do.
Longer answer is that you can mitigate the possibility of the credentials being compromised by:
using credentials supplied the user rather than stored in code
using tokens supplied by the user as a means of decrypting credentials stored in your code (but this gets very complicated with lots of users)
storing the credentials in an include file held outside the document root
well i'm writing a php code to edit tags and data inside those tags but i'm having big trouble getting my head around the thing.
basically i have an xml file similar to this but bigger
<users>
<user1>
<password></password>
</user1>
</users>
and the php code i'm using to try and change the user1 tag is this
function mod_user() {
// Get global Variables
global $access_level;
// Pull the data from the form
$entered_new_username = $_POST['mod_user_new_username'];
$entered_pass = $_POST['mod_user_new_password'];
$entered_confirm_pass = $_POST['mod_user_confirm_new_password'];
$entered_new_roll = $_POST['mod_user_new_roll'];
$entered_new_access_level = $_POST['mod_user_new_access_level'];
// Grab the old username from the last page as well so we know who we are looking for
$current_username = $_POST['mod_user_old_username'];
// !!-------- First thing is first. we need to run checks to make sure that this operation can be completed ----------------!!
// Check to see if the user exist. we just use the normal phaser since we are only reading and it's much easier to make loop through
$xml = simplexml_load_file('../users/users.xml');
// read the xml file find the user to be modified
foreach ($xml->children() as $xml_user_get)
{
$xml_user = ($xml_user_get->getName());
if ($xml_user == $entered_new_username){
// Set array to send data back
//$a = array ("error"=>103, "entered_user"=>$new_user, "entered_roll"=>$new_roll, "entered_access"=>$new_access_level);
// Add to session to be sent back to other page
// $_SESSION['add_error'] = $a;
die("Username Already exist - Pass");
// header('location: ../admin.php?page=usermanage&task=adduser');
}
}
// Check the passwords and make sure they match
if ($entered_pass == $entered_confirm_pass) {
// Encrypt the new password and unset the old password variables so they don't stay in memory un-encrytped
$new_password = hash('sha512', $entered_pass);
unset ($entered_pass, $entered_confirm_pass, $_POST['mod_user_new_password'], $_POST['mod_user_confirm_pass']);
}
else {
die("passwords did not match - Pass");
}
if ($entered_new_access_level != "") {
if ($entered_new_access_level < $access_level){
die("Access level is not sufficiant to grant access - Pass");
}
}
// Now to load up the xml file and commit changes.
$doc = new DOMDocument;
$doc->formatOutput = true;
$doc->perserveWhiteSpace = false;
$doc->load('../users/users.xml');
$old_user = $doc->getElementsByTagName('users')->item(0)->getElementsByTagName($current_username)->item(0);
// For initial debugging - to be deleted
if ($old_user == $current_username)
echo "old username found and matches";
// Check the variables to see if there is something to change in the data.
if ($entered_new_username != "") {
$xml_old_user = $doc->getElementsByTagName('users')->item(0)->getElementsByTagName($current_username)->item(0)->replaceChild($entered_new_username, $old_user);
echo "Username is now: " . $current_username;
}
if ($new_pass != "") {
$current_password = $doc->getElementsByTagName($current_user)->item(0)->getElementsByTagName('password')->item(0)->nodeValue;
//$replace_password = $doc
}
}
when run with just the username entered for change i get this error
Catchable fatal error: Argument 1 passed to DOMNode::replaceChild() must be an instance of DOMNode, string given, called in E:\xampp\htdocs\CGS-Intranet\admin\html\useraction.php on line 252 and defined in E:\xampp\htdocs\CGS-Intranet\admin\html\useraction.php on line 201
could someone explain to me how to do this or show me how they'd do it.. it might make a little sense to me to see how it's done :s
thanks
$entered_new_username is a string so you'll need to wrap it with a DOM object, via something like$doc->createElement()
$xml_old_user = $doc->getElementsByTagName('users')->item(0)->getElementsByTagName($current_username)->item(0)->replaceChild($doc->createElement($entered_new_username), $old_user);
This may not be quite right, but hopefully it points you in the correct direction.
alright got it writing and replacing the node that i want but i have ran into other issues i have to work out (IE: it's replacing the whole tree rather then just changing the node name)
anyway the code i used is
// For initial debugging - to be deleted
if ($old_user == $current_username)
echo "old username found and matches";
// Check the variables to see if there is something to change in the data.
if ($entered_new_username != "") {
try {
$new_node_name = $doc->createElement($entered_new_username);
$old_user->parentNode->replaceChild($new_node_name, $old_user);
}
catch (DOMException $e) {
echo $e;
}
echo "Username is now: " . $current_username;
}
if ($new_pass != "") {
$current_password = $doc->getElementsByTagName($current_user)->item(0)->getElementsByTagName('password')->item(0)->nodeValue;
//$replace_password = $doc
}
$doc->save('../users/users.xml');