1 / 13

CPSC431 Lecture 6

CPSC431 Lecture 6. Safe_Mode.

niyati
Télécharger la présentation

CPSC431 Lecture 6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CPSC431 Lecture 6

  2. Safe_Mode • Use of all input/output functions (fopen(), file(), and require(), for example) is restricted to only files that have the same owner as the script that is calling these functions. Attempts by a user to create a new file will be restricted to creating the file in a directory owned by the user. • Attempts to execute scripts via functions like popen(), system(), or exec() are only possible when the script resides in the directory specified by the safe_mode_exec_dir configuration directive. • HTTP authentication is further strengthened because the UID of the owner of the authentication script is prepended to the authentication realm. • If using the MySQL database server, the username used to connect to a MySQL server must be the same as the username of the owner of the file calling mysql_connect().

  3. Safe mode related directives • safe_mode_gid • safe_mode_include_dir • safe_mode_allowed_env_vars • safe_mode_protected_env_vars • safe_mode_exec_dir • disable_functions = fopen,popen,file • disable_classes = "administrator, janitor“ • doc_root (string) • max_execution_time (integer) • memory_limit (integer) • sql.safe_mode (integer) • user_dir (string)

  4. Data Encryption Functions • md5() <?php $val = "secret"; $hash_val = md5 ($val); // $hash_val = "c1ab6fb9182f16eed935ba19aa830788"; ?>

  5. mhash • Go to http://mhash.sourceforge.net and download the package source. • Extract the contents of the compressed distribution and follow the installation instructions as specified in the INSTALL document. • Compile PHP with the --with-mhash option.

  6. mhash supported hash functions • CRC32 • CRC32B • GOST • HAVAL • MD5 • RIPEMD128 • RIPEMD160 • SHA1 • SNEFRU • TIGER

  7. mhsah example <?php $userpswd = "mysecretpswd"; $pswdhash = mhash(MHASH_SHA1, $userpswd); echo "The hashed password is:<br />” . bin2hex($pswdhash); ?> This returns the following: The hashed password is: 07c45f62d68d6e63a9cc18a5e1871438ba8485c2

  8. mcript • Go to http://mcrypt.sourceforge.net/ and download the package source. • Extract the contents of the compressed distribution and follow the installation instructions as specified in the INSTALL document. • Compile PHP with the --with-mcrypt option.

  9. Regular Expressions • [0–9] matches any decimal digit from 0 through 9. • [a–z] matches any character from lowercase a through lowercase z. • [A–Z] matches any character from uppercase A through uppercase Z. • [A-Za-z] matches any character from uppercase A through lowercase z. • p+ matches any string containing at least one p. • p* matches any string containing zero or more p's. • p? matches any string containing zero or one p. • p{2} matches any string containing a sequence of two p's. • p{2,3} matches any string containing a sequence of two or three p's. • p{2,} matches any string containing a sequence of at least two p's. • p$ matches any string with p at the end of it.

  10. Regular expressions • ^p matches any string with p at the beginning of it. • [^a-zA-Z] matches any string not containing any of the characters ranging from a through z and A through Z. • p.p matches any string containing p, followed by any character, in turn followed by another p. • ^.{2}$ matches any string containing exactly two characters. • <b>(.*)</b> matches any string enclosed within <b> and </b> (presumably HTML bold tags). • p(hp)* matches any string containing a p followed by zero or more instances of the sequence hp.

  11. Regular expression related functions • ereg() <?php $username = "jasoN"; if (ereg("([^a-z])",$username)) echo "Username must be all lowercase!"; ?> • eregi() <?php $pswd = "jasongild"; if (!eregi("^[a-zA-Z0-9]{8,10}$", $pswd)) echo "The password must consist solely of alphanumeric characters, and must be 8–10 characters in length!"; ?>

  12. Sample questions for the midterm • What does sort() do? What is the difference between asort() and sort()? • Which of the following is not a right way to create an array? • $a[0] = 100; • $a[] = 100; • $a = {100, 200}; • $a = array(); • All the above are right ways to create an array.

  13. Sample questions for the midterm • Suppose there is a file students.txt containing student records as follows: Smith, John, jsmith@fullerton.edu McHugh, Mary, mmchugh@fullerton.edu … • Write a PHP script to read the records from the file, sort the records on the last name and then first name, output display the result as a list on a webpage.

More Related