I'm trying to convert this PHP to psp(python server pages). I'm at a loss with the php exec function and isset for the session variables.
session_start();
if(isset($_POST["var"])){
//set session username
$username = (string)$_POST["var"];
$username = trim($username);
$_SESSION['username'] = $username; //store $username
}
if(isset($_SESSION['username'])){
$username = $_SESSION['username']; //store session[username] as $username
$cmd = '/var/www/cgi-bin/resolveID.py ' . escapeshellcmd($username);
$fullname = exec($cmd);
$_SESSION['fullname'] = $fullname;
}
else{
echo 'Your session has expired, please click here';
exit;
}
This is what i have
<%
import cgitb, session
cgitb.enable()
user_session = Session.Session()
#post info
if form.getvalue('var'):
varUsername = form.getvalue('var')
user_session['username'] = varUsername
#session set stuff
try:
if user_session['username']:
#is set
varUsername = user_session['username']
varCMD = '/var/www/cgi-bin/resolveID.py ' + varUsername
varFullname = subprocess.check_output(varCMD)
user_session['fullname'] = varFullname
except:
#not set
req.write('Your session has expired, please click here')
%>
I think subprocess.check_output() is the function you are looking for:
fullname = subprocess.check_output(['/var/www/cgi-bin/resolveID.py', username])
Instead of isset($array['key']) you use 'key' in array in python.
Related
function User_CustomValidate(&$usr) {
$appKey = "xxxxx";
$safeurl = 'https://safe.xxxx.com/login/sso/SSOService?app=playbooks';
// first call back after safe login - POST is set
if ($_POST && isset($_POST['digest']))
{
$digest = $_POST["digest"];
// set the session variables ...
$_SESSION['username'] = $_POST["firstname"]." ".$_POST["lastname"];
$_SESSION['firstname'] = $_POST["firstname"];
$_SESSION['lastname'] = $_POST["lastname"];
$_SESSION['email'] = $_POST["email"];
$_SESSION['uid'] = $_POST["uid"];
// Needed for key
$uid = $_POST["uid"];
$time = $_POST["time"];
// Read the property file with the key and URL so this won't go into the main code ...
// this sets $appKey and $safeurl
$mykey = "".$uid.$time.$appKey;
$mydigest = md5($mykey);
}
// session is not initialized as we never got the post above to set session vars
// call now the safe login to get the post to set the session vars ...
if (!isset($_SESSION['uid']) || empty($_SESSION['uid']))
{
// Read the property file with the key and URL so this won't go into the main code ...
// this sets $appKey and $safeurl
header("Location: ".$safeurl);
}
$usr = $_SESSION['uid'];
$this->setCurrentUserName($usr);
return TRUE;
}
I am creating a SSO function that is supposed to carry over the SSO digest data to my applications. I am having an issue with a variable that I cannot figure out. All of my SESSION variables are working and I can clearly see their results on all of my pages. So when I echo $_SESSION['uid'] I can see whatever uid that is passed from our SSO. But I am getting nothing from $usr. I have the statement $usr = $_SESSION['uid'] and it returns nothing. However when I set $usr to '888888' it returns that static uid and everything works. How can I get the session uid passed right?
I am thinking this is a syntax issue but I have tried it a few different ways. PHP 5.4.16 running on IIS 6 (these are not my choices).
I cannot get $usr to be set to $_SESSION['uid']. I ran a dump right after setting it and I see the uid info for the session data but NULL for $usr. Syntax wrong? What do you think is going on?
function User_CustomValidate(&$usr, &$pwd) {
session_start(); // Initialize Session data
ob_start(); // Turn on output buffering
$appKey = "pwssssssssssssss";
$safeurl = 'https://safe.ssssss.com/login/sso/SSOService?app=playbooks';
// first call back after safe login - POST is set
if ($_POST && isset($_POST['digest']))
{
$digest = $_POST["digest"];
// set the session variables ...
$_SESSION['usernames'] = $_POST["firstname"]." ".$_POST["lastname"];
$_SESSION['firstname'] = $_POST["firstname"];
$_SESSION['lastname'] = $_POST["lastname"];
$_SESSION['email'] = $_POST["email"];
$_SESSION['uid'] = $_POST["uid"];
// Needed for key
$uid = $_POST["uid"];
$time = $_POST["time"];
// Read the property file with the key and URL so this won't go into the main code ...
// this sets $appKey and $safeurl
$mykey = "".$uid.$time.$appKey;
$mydigest = md5($mykey);
}
// session is not initialized as we never got the post above to set session vars
// call now the safe login to get the post to set the session vars ...
if (!isset($_SESSION['uid']) || empty($_SESSION['uid']))
{
// Read the property file with the key and URL so this won't go into the main code ...
// this sets $appKey and $safeurl
header("Location: ".$safeurl);
}
$usr = $_SESSION['uid'];
var_dump($usr, $_SESSION['uid']);
$this->setCurrentUserName($usr);
return TRUE;
}
So var_dump shows $usr = NULL and $_SESSION['uid'] with proper employee ID passed by SSO.
Have you verified that your POST data is correct? I think the issue may be, without seeing the surrounding code, that the code inside your if statements are not being executed. You need to confirm that your POST variable "digest" is set. Or for testing if before that if statement you set $_POST['digest'] and $_POST['uid'] then you will find i think that the var_dump will not be null.
function User_CustomValidate($usr, $pwd) {
session_start(); // Initialize Session data
ob_start(); // Turn on output buffering
$appKey = "pwssssssssssssss";
$safeurl = 'https://safe.ssssss.com/login/sso/SSOService?app=playbooks';
// first call back after safe login - POST is set
$_POST['digest'] = 'test';
$_POST['uid'] = 1234;
if ($_POST && isset($_POST['digest'])) {
$digest = $_POST["digest"];
// set the session variables ...
$_SESSION['usernames'] = $_POST["firstname"]." ".$_POST["lastname"];
$_SESSION['firstname'] = $_POST["firstname"];
$_SESSION['lastname'] = $_POST["lastname"];
$_SESSION['email'] = $_POST["email"];
$_SESSION['uid'] = $_POST["uid"];
// Needed for key
$uid = $_POST["uid"];
$time = $_POST["time"];
// Read the property file with the key and URL so this won't go into the main code ...
// this sets $appKey and $safeurl
$mykey = "".$uid.$time.$appKey;
$mydigest = md5($mykey);
}
// session is not initialized as we never got the post above to set session vars
// call now the safe login to get the post to set the session vars ...
if (!isset($_SESSION['uid']) || empty($_SESSION['uid']))
{
// Read the property file with the key and URL so this won't go into the main code ...
// this sets $appKey and $safeurl
header("Location: ".$safeurl);
}
$usr = $_SESSION['uid'];
var_dump($usr, $_SESSION['uid']);
$this->setCurrentUserName($usr);
return TRUE;
}
if(isset($_POST["username"])&& isset($_POST["password"])){
include('config.php'); //this one connects to the database
$username = $_POST["username"];
$password = md5($_POST["password"]);
$sql2=mysql_query("SELECT * FROM clinic_staff WHERE username='$username' AND password='$password'");
$count2 = mysql_num_rows($sql2);
if($count2 == 1){
while($row2 = mysql_fetch_array($sql2)){
$id = $row2["staff_ID"];
$position = $row2["position"];
}
$_SESSION["id"] = $id;
$_SESSION["name"] = $username;
$_SESSION["password"] = $password;
$_SESSION["pos"] = $position;
header("location:index.php");
exit();
}
The problem is I can't echo the username in index.php. I don't know if it is passed successfully. in index.php i used echo $_SESSION["name"];
put session_start(); at the beginning of your document with no white space above it.
You need to look at session_start to start a session. Examples are here
I don't see session_start();. You have to call that function at the top of every page you use session variables. (At least I have to do that on my server, somebody said to me you should actually be able to use Session variables without session_start();, but everything that needed a session variable stopped working after I removed the calls to session_start();)
I have a log in script that currently stores 2 variables a valid variable and a username variable. I am now trying to add in a name variable so I have altered the MySQL query to get the name from the database and have tried to store the name in a session variable but for some reason its just not storing it. Probably best just to show you the script, I have been studying PHP for only 2 months so I really appreciate your help.
<?php
ob_start(); // Start output buffering
session_start(); //must call session_start before using any $_SESSION variables3
$_SESSION['username'] = $username;
function validateUser($username)
{
session_regenerate_id (); //this is a security measure
$_SESSION['valid'] = 1;
$_SESSION['username'] = $username;
$_SESSION['name'] = $userData['name'];
}
$username = isset($_POST['username'])?$_POST['username']:'';
$password = isset($_POST['password'])?$_POST['password']:'';
//connect to the database here
$hostname_Takeaway = "localhost";
$database_Takeaway = "diningtime";
$username_Takeaway = "root";
$password_Takeaway = "root";
$Takeaway = mysql_pconnect($hostname_Takeaway, $username_Takeaway, $password_Takeaway) or trigger_error(mysql_error(),E_USER_ERROR);
mysql_select_db($database_Takeaway, $Takeaway);
$username = mysql_real_escape_string($username);
$query = "SELECT name, password, salt FROM admin_users WHERE username = '$username';";
$result = mysql_query($query) or die(mysql_error());
if(mysql_num_rows($result) < 1) //no such user exists
{
header('Location: http://localhost/diningtime/admin-home.php?login=fail');
die();
}
$userData = mysql_fetch_array($result, MYSQL_ASSOC);
$hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );
if($hash != $userData['password']) //incorrect password
{
header('Location: http://localhost/diningtime/admin-home.php?login=fail');
die();
}
else
{
validateUser($username); //sets the session data for this user
}
//redirect to another page or display "login success" message
header('Location: http://localhost/diningtime/main');
die();
//redirect to another page or display "login success" message
?>
Your validateUser() function does not have a $userData variable in scope, so you're assigning NULL to $_SESSION['name'].
Either make $userData be a global so it becomes visible in the function's scope, or pass it as an argument:
function validateUser($user, $userData) {
^^^^^^^^^-- pass as arg
global $userData;
^^^^^^^^^^^^^^^^^--- bring var in-scope
...
$_SESSION['name'] = $GLOBALS['userData']['name'];
^^^^^^^^^^^^^^^^^^^^^^^^^^^^--- refer to global scope
}
Any one of these 3 options would solve the problem (just don't do all three at the same time)
Your validateUser function doesn't get values from $userData array, you need to have another agument in it, like
function validateUser($username, $name)
and then pass those values from your code, or you could move the mysql authentication inside this function and then it will work. Generally, a function doesn't recognize any variable which you define outside of that function.
P.S. What should the fifth line
$_SESSION['username'] = $username;
do? I'm suspecting it from being utterly useless in that place :-)
Lots of mistakes here.
<?php
ob_start(); // Start output buffering
session_start(); //must call session_start before using any $_SESSION variables3
$_SESSION['username'] = $username;
from where $username came?
$username = isset($_POST['username'])?$_POST['username']:'';
$password = isset($_POST['password'])?$_POST['password']:'';
Now you are checking for its existance.
$Takeaway = mysql_pconnect($hostname_Takeaway, $username_Takeaway, $password_Takeaway) or trigger_error(mysql_error(),E_USER_ERROR);
mysql_select_db($database_Takeaway, $Takeaway);
mysql_* deprecation process has started. not related to your problem but worth to mention
then comes validateUser($username); //sets the session data for this user
Now you are calling the function. Let's take a look into the function.
function validateUser($username)
{
session_regenerate_id (); //this is a security measure
$_SESSION['valid'] = 1;
$_SESSION['username'] = $username;
$_SESSION['name'] = $userData['name'];
}
You passed $username as parameter but from where $userData['name'] will come? (For scope, refer to MarcBs solution)
So yuu have lot to figure out.
session is not woking in my login script. What is wrong with this code. When I echo $_SESSION['userid'] in same file, it shows the userid. But when I echo that another file, there is no any response.
<?php
session_start();
include '../../classes/check.class.php';
include '../../classes/user.class.php';
$check = new Check();
$user = new User();
$email = $_REQUEST['txtEmail'];
$password = $_REQUEST['txtPassword'];
$userid = $check->validateUser($email, $password);
if($userid){
$_SESSION['userid'] = $userid;
$url = '../../index.php';
header("Location: $url");
}else{
header("Location: $url");
}
You need to add Session_start() in every script that uses the session variables for it to work.