Background Information
I'm trying to figure out how to query our active directory server for information about users / groups via a php web application. (let's call it the "widget app". Ultimately, I'm going to use this information to try to "see" what fields / data is available in AD to check / use as a part of authentication besides just username and password. For example, I only want to allow people in specific AD groups ... etc.
I'm using this as an example:http://php.net/manual/en/ldap.examples-basic.php
Problem
Unfortunately, I'm getting zero results... even when I use my AD username as the filter.
this is what my results look like:
Connecting ...connect result is Resource id #26
Binding ...Bind result is 1
Searching for (sn=myusername*) ...Search result is Resource id #27
Getting entries ...
Data for 0 items returned:
What I've tried so far:
We have another web application that's running on the same web server as the widget app. This other application is set up so that apache will prompt for AD credentials. I know it works because when I try to authenticate myself on this secondary application, my AD credentials are authenticated and i'm given the authorization I need to use the application.
So I started to poke around the apache conf and tried to make sure my PHP code is using the same values.
The Code
Here's the PHP code that's currently failing:
public function ldap_test() {
echo "<h3>LDAP query test</h3>";
echo "Connecting ...";
$ds=ldap_connect("10.11.11.1111"); // must be a valid LDAP server!
echo "connect result is " . $ds . "<br />";
if ($ds) {
echo "Binding ...";
//$r=ldap_bind($ds);
$r=ldap_bind($ds,"CN=testvalue1,OU=Services,OU=Accounts,DC=td,DC=ab,DC=org", "somepasswordvalue");
// read-only access
echo "Bind result is " . $r . "<br />";
echo "Searching for (sn=myusername*) ...";
// Search surname entry
$sr=ldap_search($ds, "CN=testvalue1,OU=Services,OU=Accounts,DC=td,DC=ab,DC=org", "somepasswordvalue", "(sAMAccountName=myusername*)");
echo "Search result is " . $sr . "<br />";
echo "Number of entries returned is " . ldap_count_entries($ds, $sr) . "<br />";
echo "Getting entries ...<p>";
$info = ldap_get_entries($ds, $sr);
echo "Data for " . $info["count"] . " items returned:<p>";
for ($i=0; $i<$info["count"]; $i++) {
echo "dn is: " . $info[$i]["dn"] . "<br />";
echo "first cn entry is: " . $info[$i]["cn"][0] . "<br />";
echo "first email entry is: " . $info[$i]["mail"][0] . "<br /><hr />";
}
echo "Closing connection";
ldap_close($ds);
} else {
echo "<h4>Unable to connect to LDAP server</h4>";
}
}
Apache configuration that I used to build my PHP code: (this config works and properly prompts me for my AD credentials and authenticates properly)
<AuthnProviderAlias ldap ldap-test>
AuthLDAPBindDN "CN=testvalue1,OU=Services,OU=Accounts,DC=td,DC=ab,DC=org"
AuthLDAPBindPassword somepasswordvalue
AuthLDAPURL "ldap://10.11.11.111/ou=Accounts,dc=td,dc=ab,dc=org?sAMAccountName?sub?(objectClass=*)"
AuthLDAPMaxSubGroupDepth 5
</AuthnProviderAlias>
This is the first time I've tried to do AD authentication in PHP and I'm not the one who manages our AD implementations so I'm fairly green.
If you have any suggestions for me please feel free.
Thanks
The problem was that I was filtering by a common name. Notice this:
AuthLDAPBindDN "CN=testvalue1,OU=Services,OU=Accounts,DC=td,DC=ab,DC=org"
So to fix it , i just had to remove this from the filter and it worked.
AuthLDAPBindDN "OU=Services,OU=Accounts,DC=td,DC=ab,DC=org"
Related
I'm trying to get all clients database id, but I've been unable to using foreach etc as it always returns the value as NULL.
I need to get a foreach with the database ids and put it in an array
$userchannel = $clients->cid->clientList["client_database_id"];
After some fiddling i managed to get this to work, please verifiy. If you have questions regarding the code. Feel free to ask them.
What i've done in basic is modifing the existed code from the examples shown in the teamspeak php framework site. I used the Android user list for the most code. From there on its just trying and debugging ;)
this code will print the database id of the user together with the username. (Ofcourse from this point you can do everything you want with it.)
Also, maybe take a quick look at the api documentation for the php framework. It has alot of useful coding tips and tricks.
https://docs.planetteamspeak.com/ts3/php/framework/
edit (07-01-17)
Something I also noticed, make sure the query user has enough rights, for ease I made mine server admin query (grants access to all options, Please be aware that this could be insecure in a active site!)
<?php
// load framework files
require_once("libraries/TeamSpeak3/TeamSpeak3.php");
try {
// connect to local server, authenticate and spawn an object for the virtual server on port 9988
$ts3_ServerInstance = TeamSpeak3::factory("serverquery://###:#######:##/?server_port=9987");
$selected_sid = $ts3_ServerInstance->serverList();
$ts3_VirtualServer = $ts3_ServerInstance->serverGetById($selected_sid);
/* walk through list of clients */
echo "<table class=\"list\">\n";
echo "<tr>\n" .
" <th>DB id</th>\n" .
" <th>Nickname</th>\n" .
"</tr>\n";
foreach($ts3_VirtualServer->clientList() as $client) {
echo "<tr>\n" .
" <td>" . $client['client_database_id'] . "</td>" .
" <td>" . htmlspecialchars($client) . "</td>" .
"</tr>\n";
}
echo "</table>\n";
}
catch(Exception $e) {
/* catch exceptions and display error message if anything went wrong */
echo "<span class='error'><b>Error " . $e->getCode() . ":</b> " . $e->getMessage() . "</span>\n";
}
I managed to fix it.
$ts3_VirtualServer->channelGetById(152) // 152 is the channel ID
I'm looking to create a formatted product list from an SQL database. My aim is to have a store on my website with a series of small boxes containing some shorthand information about each product, that when clicked will open a pop-up containing detailed information. (I have a working Javascript/JQuery code to create the pop-ups.)
Here is the PHP code so far, simply to get the information from the database and display it on a webpage...
(I've been using XAMPP to provide an environment for me to test the code in)
<?php
mysql_connect("localhost", "root", "") or die (mysql_error ());
mysql_select_db("Database1") or die(mysql_error());
$strSQL = "SELECT * FROM Products";
$rs = mysql_query($strSQL);
while($row = mysql_fetch_array($rs)) {
echo $row['Brand'] . " " . $row['ProductName'] . " " . $row['Image'] . "<br />";
}
mysql_close();
?>
I want the echoed line to be displayed in a divider, with a divider generated for each record in the SQL database (say I have 10 products available, there would be ten dividers, and 10 different boxes on the webpage). The divider's class is "ProductBox".
echo "<div class=\"ProductBox\">"; $row['Brand'] . " " . $row['ProductName'] . " " . $row['Image'] . "</div>";
This was the closest I have come to a solution, which was simply managing to write a code with no syntax errors - alas, nothing actually displays on the webpage.
If I'm going about this entirely the wrong way please tell me - I'm fairly sure I need to use a SQL database to dynamically update stock on a live website, but if I need to implement a different programming language or whatever then just tell me what you think would work and help me with a solution.
You have an extra semicolon in your code
echo "<div class=\"ProductBox\">"; $row['Brand'] . " " . $row['ProductName'] . " " . $row['Image'] . "</div>";
Replace with
echo "<div class=\"ProductBox\">". $row['Brand'] . " " . $row['ProductName'] . " " . $row['Image'] . "</div>";
mysql_fetch_array needs to be used like this (see PHP Doc):
while($row = mysql_fetch_array($rs, MYSQL_ASSOC)) {
}
or you could just use "mysql_fetch_assoc" instead.
HOWEVER, if you're new to PHP, I HIGHLY RECOMMEND that you get started on the right foot. mysql_query functions are soon to be deprecated. DON'T USE THEM. Most recommend using "PDO" for querying your database. Here's a great tutorial to teach you: http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers
Also, as mentioned, you have an extra semi-colon.
Dont forget these basics markups :
`<HTML>
<HEAD>
</HEAD>
<BODY> put in here your divs
</BODY>
</HTML>`
I have parts website that I need to update the search script for. I have an Excel sheet with 3 columns, Part No, Part Name, and Page Number. I just want to create a simple search box and when an entry is made and you click submit it searches through the txt list and displays/echos/prints on the web page any lines of the txt file that correspond, be it part number or description name. It is to help people locate a part and then link them to the page of a catalog it can be found on - so the page number is a link to the page.
This search script below does exactly what I need it to do, I did not write it, it was written by a former employee - it connects to a mySQL db - BUT I cannot do that anymore, the mySQL is on a shared hosting service and the minimum character search is set to 4 and cannot be modified. I need to be able to search 3 character words such as 'oil', 'brm', 'rod'.
I've been trying for a few days to find an alternative method. I would like to be able to connect or search the txt or Excel file that contains the list of part numbers and the page they can be found on and NOT have it connect to the mySQL db.
I don't know how to modify this to have it connect to a txt file instead of the mySQL db.
Is that even possible? Do I need to use a different kind of script?
I appreciate any guidance. Thank you!
<?php
if ($_POST['action'] =="search") {
function make_page_url($pageno) {
return "../vwcatalog/2013/" . $pageno . ".html";
}
echo "<tr><td>Search Results : (HINT-If Nothing Is Listed Below, Try the Table of Contents at the Bottom of the Page<br>
Search Hint: If necessary, try using singular words, instead of plural, i.e.; 'seat' - instead of 'seats'.)</td></tr>\n";
$dbsearchlink=mysql_connect($db["host"],$db["user"],$db["pass"])
or die("Failed to make database connection: " . mysql_error());
mysql_select_db($db["used"])
or die("Failed to select database: " . mysql_error());
$query=sprintf("select partno,description,pageno from part_to_page where year=2013 and match(partno,description) against ('%s')",
mysql_real_escape_string($_POST['searchfor']));
$result=mysql_query($query) or die("Query failed: " . mysql_error());
echo "<tr><td><table>\n";
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
$url=make_page_url($row['pageno']);
echo "\t<tr>";
echo "<td>" . $row['partno'] . "</td>";
echo "<td><a href=$url>" . $row['description'] . "</a></td>";
echo "</tr>\n";
}
echo "</table></td></tr>\n";
mysql_free_result($result);
mysql_close($dbsearchlink);
}
?>
Why not just switch the query
if(strlen($_POST['searchfor']) < 4){
$query=sprintf("select partno,description,pageno from part_to_page where year=2013 and ( partno LIKE '\%%s\%' OR description LIKE '\%%s\%')",
mysql_real_escape_string($_POST['searchfor']),
mysql_real_escape_string($_POST['searchfor']));
} else {
$query=sprintf("select partno,description,pageno from part_to_page where year=2013 and match(partno,description) against ('%s')",
mysql_real_escape_string($_POST['searchfor']));
}
So I just got started with LDAP, and was reading this tutorial on LDAP with PHP.
http://www.devshed.com/c/a/PHP/Using-PHP-With-LDAP-part-1/4/
There, once the result set is obtained. There were two commands/functions I came across...
<?php // print number of entries found
echo "Number of entries found: " . ldap_count_entries($conn, $result) . "<p>"; ?>
and
<?php // get entry data as array
$info = ldap_get_entries($conn, $result);
// iterate over array and print data for each entry
for ($i=0; $i<$info["count"]; $i++) { echo "dn is: ". $info[$i]["dn"] ."<br>";
echo "first cn is: ". $info[$i]["cn"][0] ."<br>";
echo "first email address is: ". $info[$i]["mail"][0] ."<p>";
} ?>
So, in what ways do ldap_count_entries and $info["count"] differ?
Thanks in advance!
As far as I know, the difference is mainly between whether you have to retrieve the results from the server or not.
To get $info['count'] you have to retrieve the complete result from the server via ldap_get_entries which might be a lengthy thing depending on the size of the result and the connection to your LDAP-Server.
To check whether it's worth the effort you can get the size of the resultset with ldap_count entries and depending on that result your application can decide what to do.
I have a table with about 500,000 rows, and need to query it to retrieve results. Basically the user just inputs a case number, and then I want to execute the following query and display the results using a while loop
if (!empty($_POST["casenum"])) {
$result2 = mysql_query("SELECT Box_Content.case_number, Transfer.number, Transfer.location, Box.number FROM Box_Content, Transfer, Box WHERE Box_Content.box_id = Box.id and Box.transfer_id = Transfer.id and Box_Content.case_number = '".$_POST['casenum']."'");
while ($row = mysql_fetch_array($result2)) {
echo "Case number: ".$casenum." text ";
echo "<br />";
}
} else {
echo "<h4>WARNING!!! Search criteria entered not valid. Please search again.</h4>";
}
What am I doing wrong here?
EDIT:
It works now if only one row is returned, but for two rows, it seems to be trying to print the entire table...
$casenum = $_POST["casenum"];
echo "<br />The case number entered is: $casenum<br />";
if (!empty($_POST["casenum"]))
{
$result2 = mysql_query("SELECT Box_Content.case_number, Transfer.number as transfer_number, Transfer.location as transfer_location, Box.number as box_number FROM Box_Content, Transfer, Box WHERE Box_Content.box_id = Box.id and Box.transfer_id = Transfer.id and Box_Content.case_number = '" . $_POST['casenum'] . "'");
while($row = mysql_fetch_array($result2))
{
print_r ($row);
echo "<br />";
echo "<b>Case number: </b>" . $row['case_number'] ."<br />";
echo "<b>Transfer number: </b>" . $row['transfer_number'] ."<br />";
echo "<b>Transfer location: </b>" . $row['transfer_location'] ."<br />";
echo "<b>Box number: </b>" .$row['box_number'] ."<br />";
}
}
else
{
echo "<h4>WARNING!!! Search criteria entered not valid. Please search again.</h4>";
}
var_dump($_POST);
Try:
while ($row = mysql_fetch_array($result2)) {
echo "Case number: ". $row['Box_Content.case_number'] ." text ";
echo "<br />";
}
$row['case_number'] will output the case_number retrieved for each row in your resultset.
However, you should look into doing one of two things:
Start using best practices.
Start using a non-deprecated SQL library (mysqli, PDO).
This query is susceptible to SQL injection:
"SELECT Box_Content.case_number, Transfer.number, Transfer.location, Box.number
FROM Box_Content, Transfer, Box
WHERE Box_Content.box_id = Box.id and Box.transfer_id = Transfer.id
and Box_Content.case_number = '".$_POST['casenum']."'"
Use mysql_real_escape_string($_POST['casenum']) to patch this.
Reference: http://php.net/manual/en/function.mysql-real-escape-string.php
The mysql_* functions have long been deprecated due to unprepared statement operations. Look into either mysqli or PDO for your project instead.
What am I doing wrong here?
1) $casenum isn't set in your code... (Please tell me it is nothing and you don't have register superglobals turned on?!) You would probably want $row['case_number']
2) But anyway, that's not really what you are doing wrong... Your biggest mistake is using user input without any kind of validation or sanitization...
Imagine if $_POST["casenum"] was equal to...
' or 1=2 union select user,password,email,salt from users
You seem to be using $casenum from nowhere.
Try:
while($row = mysql_fetch_assoc($result2))
echo "Case number: ".$row['number']." text <br />";
When using the mysql_fetch functions assoc will bring back named indexed data, num will bring back numberic indexed data and array will bring back both, so try to use one or the other.
Then when you do $row = mysql_fetch_assoc($result2) your essentially saying for each row of data returned store it as a (in this case associative) array in $row, so you can then access your data via the standard array commands ($row['foo']).