sKunKbad
-
Posts
1,832 -
Joined
-
Last visited
-
Days Won
3
Posts posted by sKunKbad
-
-
You can tell ssh which ID to use by using the -i parameter. You'll also want to provide the host key through the known hosts file.
So your command would be something like:
ssh -i /path/to/id_rsa -o "UserKnownHostsFile /path/to/known_hosts" -p 2233 -f -L 3307:127.0.0.1:3306 acct@remote-server.com sleep 60 >> ./ssh.logfile 2>&1
Theid_rsafile would contain your user private key and theknown_hostsfile would contain the server's name and public key, for example:remote-server.com ssh-rsa theserverpublickey
Provided the remote server has the user's public key in it'sauthorized_hostsfile then the connection should be successful.On a related note, why are you trying to establish the tunnel via a PHP script rather than just establishing one through a normal ssh session either when needed or persistently?
When I need to open a tunnel for various reasons I ssh into where I need to create the tunnel and use a command like:
ssh -L 3307:127.0.0.1:3306 -fNT -p 2233 acct@remote-server.com
That establishes a persistent tunnel that just runs in the background. It'll remain open until either the process is killed or some network failure occurs.I was thinking that being able to start and stop the ssh tunneling would be nice to do with php, but after investigation I'm just going to use autossh and keep the ssh tunnel open permanently. Since the server will be using the connection at all hours of the day and night, I don't think it could hurt to keep it open.
-
I did figure it out. The user running shell_exec, in my case www-data, needed its own self-created rsa key. I guess when I initially created it I didn't create it as www-data, so it didn't work. All is well now.
-
PC is just a development environment, but production server is also Ubuntu, so figured if it works on dev it should work on production.
I'm supposed to create an application on that production machine that can do mysql queries on that "castrated" server. I cannot make a secure connection with MySQL because that castrated server is not set up for that. I think this might be my only option.
-
I see all over the internet tutorials that are basically saying that setting up the ssh tunnel for mysql is easy, but I get an error, and no joy:
Host key verification failed
This error is in a log file that I created. I am attempting to use PHP's shell_exec on my Ubuntu desktop:
shell_exec('ssh -p 2233 -f -L 3307:127.0.0.1:3306 acct@remote-server.com sleep 60 >> ./ssh.logfile 2>&1');So, pretty standard according to the internet, but it's not working for me.
1) The remote server is a hosted website. It's a "semi-dedicated" plan, and just a glorified shared hosting account.
2) I can already do a passwordless SSH connection to the remote server by using the terminal. So my key based authentication is working for me.
3) I use SQLyog (MySQL tunneling through SSH) to this remote server. It's not key based, but the tunnel is there.
4) The host was not helpful. They were trying (I think), but nothing worked.
5) Yes, the remote server requires SSH connections on port 2233.
Why is this failing? I need somebody to walk me through this. I saw somewhere online that the error message may mean that apache was not able to check a known_hosts file. I created an .ssh directory at /var/www/.ssh, and I put a known hosts file in there. Chowned these to www-data:www-data. Permission set at 600.
Don't know what else to do or check.
-
I have mail sending out of my Raspberry Pi using SSMTP, but going through my gmail account. It was super easy:
root=$smail Debug=yes mailhub=smtp.gmail.com:587 hostname=irrigation AuthUser=example@gmail.com AuthPass=Pas$weRd123 UseTLS=yes useSTARTTLS=YES RewriteDomain=gmail.com
I didn't do anything else, and it just works. So if you can set up a gmail account, your good. Well, I did have to tell google to trust my insecure app, but that's it.
-
Figured it out. Just need to wrap $property in curly braces.
unset( $this->{$property}[$key] ); -
I'm having a problem unsetting an array element when in PHP 5.5, but only when it's a class property. See code:
<?php /** * Works fine as procedural code */ $arr = [23213523, 3634634, 68486468]; $val = 3634634; if( ( $key = array_search( $val, $arr ) ) !== FALSE ) { unset( $arr[$key] ); } echo '<pre>'; print_r($arr); echo '</pre>'; /** * Works fine on PHP7, but not PHP5.5 */ class Foo { public $arr = [23213523, 3634634, 68486468]; public function bar() { $this->_unset_numeric_val('arr', 3634634 ); } private function _unset_numeric_val( $property, $val ) { if( ( $key = array_search( $val, $this->$property ) ) !== FALSE ) { unset( $this->$property[$key] ); } } } $foo = new Foo; $foo->bar(); echo '<pre>'; print_r($foo->arr); echo '</pre>';On PHP7 the results are the same, but on PHP 5.5 unset doesn't work. What's the problem here? What happened between versions? I looked at the docs for unset, but didn't see anything.
-
One last thing: Password policies exist to make corporate bureaucracy happy and provide a legal cop-out for incompetent superiors. A developer should understand that.
The idea that users will make smart decisions if you bombard them with stupid rules and then beat them into submission is just silly. Does any of you function like that? When I encounter one of those security-by-bureaucracy forms, it makes me want to punch the site owners in the face, and I won't do anything but the bare minimum to escape the procedure. In other words, instead of shitty passwords with less than two digits, you now get shitty passwords with at least two digits. Congratulations.
If you want actual security, you have to work with the user. Coming up with arbitary rules and telling people that password security is now their problem doesn't work. You need to provide incentives and realistic solutions. No password policy has ever made me choose better passwords. But a single link to KeePass did convince me.
It's impossible to cover all absurd rules people come up with.
If you use symbols, they aren't permitted. If you don't use symbols, they're required. If you use long passwords, they're too long, If you use short passwords, they're too short. And then of course everybody has their favorite characters and pet theories about password strength.
It's just annoying. It's one of those stupid traditions which never seems to die.
Unless I'm being asked for my opinion, I'm just doing what the customer wants. That's kind of besides the point though, as I'm just learning some more about regular expressions in general. I thought I'd come here to PHP freaks because the site members are usually pretty responsive and knowledgeable. I'm guilty, so shoot me.
-
Forget about passwords. I told ya I'm just learning, and I'm just using passwords because it's Sunday and I'm too lazy to come up with something else on my day off.
So, I found an answer, but while I understand the basics of what a positive lookahead is, I guess my next question would be if I'm not needing a capturing group, does it hurt performance or anything if it is capturing vs non-capturing?
// This /^(?=(?:.*[\d].*){3,}).*$/ // Works the same as this /^(?=(.*[\d].*){3,}).*$/In the end preg_match is going to give me a boolean and I'm not using the matches parameter at all.
PS. While it might seem silly, I've had customers ask me to enforce passwords that were 5 alphas and 3 numbers. It happens.
-
I found this works:
/^(?=(?:.*[\d].*){3,}).*$/I can change the 3 to whatever number I want, and seems to match appropriately.
-
Well, what I was trying to achieve is a config file that has a bunch of rules that are used to dynamically create regex for the validation of password strength, and turning this off completely would be an option. I only got this idea because I've been watching some videos on regex. Even though I've been tinkering with regex for years, it's just not something I'm good at. So, while looking at the existing regex I've been using for password strength, I wondered how I would force somebody to have more than one digit, say 2 or 3 or 50. It was just a thought.
-
I'm playing around with some regex that is used for password strength, and right not it ensures that there is at least one digit:
/^(?=.*\d).*$/
This works great, but I was thinking what if I wanted to say that more than 1 digit was required, so I tried this:
/^(?=.*\d{2,}).*$/This works only if the two digits are next to each other:
exam22ple // match exam2pl2e // does not match
So, what I'd like to know is how to match when the digits are not next to each other.
-
Yeah, I don't think I'd want to dictate for code, but if I could just think it and it was typed, dang that would be awesome.
-
I've been typing for way too long. Took my first typing class in 7th grade, so about 35 years ago. Maybe someday instead of keyboards we can just put on our typing helmets and get to work
-
I was waiting to see if anyone else replied. What you guys said makes sense. Thanks for your input.
-
So, it is here in this forum that I first found help with PHP back in 2006 when I started learning PHP. I worked on my own websites, and slowly learned more and more. In 2009 started using Kohana, and then switched to CodeIgniter because it felt easier and felt like it was faster. Now it seems like as a PHP dev I'm just expected to use Laravel. Being a CodeIgniter dev is like having leprosy.
Laravel seems easy enough, and I've enjoyed learning the basics. I just feel like the ORM, which is a big part of its magic, is not for me. I like writing SQL, and I'm no expert but Laravel ORM (which is the only ORM I've attempted to learn) just isn't something I enjoy. I do love the way pagination is tied in, but that's about it.
I now mostly work for one person, and his website is the largest I've ever worked on. I've been working with him for 4 years or so, and the database has about 170 tables. I'm having a hard time believing that somebody would use Laravel ORM on something with that many tables, having to set up all the models, and deal with the bizarre relationships, migrations, etc.
I know at least the mods and gurus here are way more knowledgeable than me in most areas of dev, and I'm wondering if any of you use Laravel ORM or any ORM for that matter. Do you use Laravel without the ORM?
At one point I was playing around with learning Ruby on Rails, and I can see the similarities, but then remember hearing somebody say that real world websites don't really work like that. What I mean is that they don't fit the cookie cutter examples that are presented in tutorials and training videos. So, I suppose the same could be true with Laravel, yes? If that is true, is the ORM primarily just for basic stuff?
-
You're using the worst possible regex for the input, so it's only natural that your script blows up. Since you're using a greedy quantifier in the middle part, the entire input after “BEGIN DENY LIST” is consumed. Then the regex engine has to go all the way back to “END DENY LIST”, character by character, each time checking the lookahead. If you anaylze the regex with a tool like Regex Buddy, you can actually see the excessive backtracking and the large number of required steps.
If the deny list is very small compared to the part after the “END DENY LIST”, try a nongreedy quantifier (like “*?”). Or simply use strpos() and strrpos(). Regular expressions aren't the solution to everything.
Everything before "END DENY LIST --" ends up getting tossed out and dynamically rebuilt, so I just used explode:
$arr = explode('END DENY LIST --', $string); $string = $new_deny_list . $arr[1];I have a copy of Regex Buddy that's probably almost a decade old, and a book on regex, so I should probably go find them. In the interest of trying to understand what you're suggesting, I just found a site that does online regex analysis, https://regex101.com/
Do I understand correctly that the nongreedy quantifier would simply add a question mark after my asterisk, like this:
(?<=# BEGIN DENY LIST --)(.|\n)*?(?=# END DENY LIST --)
In the interest of learning, what would your regex look like if you had to use regex?
-
I ended up coming up with a solution that uses explode and str_replace, but it relies on the DENY LIST comments being at the top of the file. I thought about using exec and sed, but I took the easy way out for now. Still curious as to what is up with preg_replace. It doesn't seem like it's very reliable if it can't handle a big string.
-
I'm on Ubuntu 16.04 with PHP7, and I have no encountered this problem in other environments. The following script fails (white screen of death) unless I subtract a character from $string. What is going on?
<?php $string = "# MAKE SURE TO LEAVE THE NEXT TWO LINES HERE. # BEGIN DENY LIST -- # END DENY LIST -- asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd fsdfsdfsdfsdf asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd fsdfsdfsdfsdf asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd fsdfsdfsdfsdf asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd asdasdasdasdasd fsdfsdfsdfsdf asdasdasdasdasd asdasdasdasdasd ass"; $insert = 'Whatever'; $pattern = '/(?<=# BEGIN DENY LIST --)(.|\n)*(?=# END DENY LIST --)/'; // Within the string, replace the denial list with the new one $string = preg_replace( $pattern, $insert, $string ); echo $string;
-
Have error_reporting ON in both environments
In development, have display_errors ON
In production, have log_errors ON instead.
I understand that it would be better to allow PHP to log it's own errors, and I could even specify the location of a custom error log, but I like having the extra info in the log, such as request URI, headers, post data, etc.
You suggest to have error_reporting on in both environments, but interestingly the errors are getting logged even when it is set to 0 in production.
-
So, I'd like to log my PHP errors on my production environment, and a cron will send them to me via email. I used to just send them instantly to myself with email, but had a bad experience where a loop sent me about 4000 emails. I can use set_error_handler() returning FALSE so that PHP stops execution when necessary, and I don't have to call die(). In the production environment display_errors is set to 0, and so is error_reporting(). This seems to work fine, but I'm wondering if there are any unseen side effects of what I'm doing. Please take a look:
<?php class Tvsc_error_handler { public $error_count = 0; public $error_limit = 25; public $error_type = ''; // ----------------------------------------------------------------------- public function set_tvsc_error_handler() { if( ENVIRONMENT == 'production' ) { set_error_handler( [ $this, 'production_errors'], E_ALL & ~E_DEPRECATED ); } } // ----------------------------------------------------------------------- public function production_errors( $e_number, $e_message, $e_file, $e_line, $e_vars ) { $this->error_count++; $this->set_error_type( $e_number ); // Start log entry with basic error info $log_entry = '#---' . PHP_EOL . 'PHP ' . $this->error_type . ' #' . $e_number . ' - Date/Time: ' . date('n/j/Y H:i:s') . PHP_EOL . 'File: ' . $e_file . PHP_EOL . 'Line: ' . $e_line . PHP_EOL . 'Message: ' . $e_message . PHP_EOL; // Include post vars in log entry if( isset( $_POST ) && ! empty( $_POST ) ) { $log_entry .= 'POST vars:' . PHP_EOL; foreach( $_POST as $k => $v ) { $log_entry .= "\t" . $k . ' = ' . $v . PHP_EOL; } } // Include request headers in log entry if( $request_headers = apache_request_headers() ) { $log_entry .= 'Request headers:' . PHP_EOL; foreach( $request_headers as $k => $v ) { $log_entry .= "\t" . $k . ' = ' . $v . PHP_EOL; } } // Include request URI in log entry $log_entry .= 'Request URI: ' . $_SERVER['REQUEST_URI'] . PHP_EOL; // Include error count in log entry $log_entry .= 'Error Count: ' . $this->error_count . PHP_EOL; // Finish log entry $log_entry .= '#--' . PHP_EOL; // Second param (3) says to store error in specified log file error_log( $log_entry, 3, APPPATH . 'logs/php_errors/php_errors.log' ); // If too many errors of any type, die() if( $this->error_count > $this->error_limit ) { die( '<span style="color:red;"> A system error occurred. We apologize for the inconvenience. </span><br /> <span style="font-size:50%;"> ERRORS > ' . $this->error_limit . ' </span>'); } // Continue to execute PHP internal error handler return FALSE; } // ----------------------------------------------------------------------- private function set_error_type( $e_number ) { switch( $e_number ) { case E_PARSE: case E_ERROR: case E_CORE_ERROR: case E_COMPILE_ERROR: case E_USER_ERROR: $this->error_type = 'FATAL ERROR'; break; case E_WARNING: case E_USER_WARNING: case E_COMPILE_WARNING: case E_RECOVERABLE_ERROR: $this->error_type = 'WARNING'; break; case E_NOTICE: case E_USER_NOTICE: $this->error_type = 'NOTICE'; break; case E_STRICT: $this->error_type = 'STRICT'; break; case E_DEPRECATED: case E_USER_DEPRECATED: $this->error_type = 'DEPRECATED'; break; default: $this->error_type = 'UNKNOWN ERROR TYPE'; break; } } // ----------------------------------------------------------------------- }Might there be a better way?
-
I suspect doing that will try to interpret existing data as YYYYMMDDHHMMSS strings, not as Unix timestamps.
Will definitely work: add the created_at column, UPDATE it using FROM_UNIXTIME(user_date), then drop user_date. Three statements.
Yep, this is what I ended up doing. I was just curious if there might have been a one liner way.
-
I am changing the name of one of the fields in my table:
ALTER TABLE `users` CHANGE `user_date` `created_at` DATETIME NOT NULL;
The old field, "user_date" is int(10) and storing time in epoch format. The new field is just a datetime field. Is it possible to modify this query so that the time is converted to datetime?
Thanks.
-
Does the new owner have any exciting plans for the site?
CodeIgniter - Blocking access to admin pages
in Frameworks
Posted
Authentication for CodeIgniter can be handled by a few different libraries, depending on what version of CodeIgniter you are using. If you are using 3.X, then you might try Community Auth:
https://community-auth.com
It's probably way over your head, but it works great.
Another popular choice is Ion Auth. I don't have experience with Ion Auth, so I can't tell you about it.