PHP auto comment Nightmare...

[nuskope]

HI all,

 

ok, so i had been using this API for about a year with no problems. Recently i have updated my servers and now the API no longer works.

 

I have trouble shooted the issue, and its not a issue with the API itself, put perhaps php.

 

the issue is as follows,

 

when i send the command: /interface pppoe-server remove <pppoe-workshop@nuskope.com.au>

now when i look at the output of the API file, it shows only this: interface pppoe-server remove/

 

the Issie is with <text> getting commented out, if i look in the source of html website it has the full line, its just not displaying in html.

aka anything between, including the <> php no longer displays.

 

if i edit the code, to put a space < pppoe- it displays but i get a error because its obviously incorrect command....

 

if i use & lt; pppoe-xxxx & gt; it displays correctly on output but is sending incorrect values to the telnet, and error.

the raw output MUST be <pppoe-  xxxxxx>  without useing htmlspecialchars

 

Is there a known way to fix the <text> issue so php does not comment it out. a command/line i can run at the start of the script... or is there something i can do in my php.ini file?

 

 

the following displays nothing....

$hello ='<vvvvv>';

echo "$hello";

 

my script worked along side Free-radius with Mikrotic to disconnect / shape / Un-shape users from our web-admin interface page.

 

As Follows:

 

/*
* RouterOS API
* Based on the code of SpectatorCN at http://forum.mikrotik.com/viewtopic.php?f=9&t=32957
* Modified by Ali Damji http://forum.mikrotik.com/viewtopic.php?f=9&t=33690
* Modified by Tim Haak
* Modified by Michael Blake
*Free to modify, distribute, do whatever.
*
*   
*
*/


class phpMikrotikTelnet
{
   //You may be able to lower this for single commands but needs to be high when running lots of commands
   var $TimeOut=200;
   var $fp;
   var $echo=true;

   function phpMikrotikTelnet($host, $username, $password,$echo=true)
   {
      $this->routeros_connect($host, $username, $password);
   }

   function routeros_connect($host, $username, $password)
   {
      $header1=chr(0xFF).chr(0xFB).chr(0x1F).chr(0xFF).chr(0xFB).chr(0x20).chr(0xFF).chr(0xFB).chr(0x18).chr(0xFF).chr(0xFB).chr(0x27).chr(0xFF).chr(0xFD).chr(0x01).chr(0xFF).chr(0xFB).chr(0x03).chr(0xFF).chr(0xFD).chr(0x03).chr(0xFF).chr(0xFC).chr(0x23).chr(0xFF).chr(0xFC).chr(0x24).chr(0xFF).chr(0xFA).chr(0x1F).chr(0x00).chr(0x50).chr(0x00).chr(0x18).chr(0xFF).chr(0xF0).chr(0xFF).chr(0xFA).chr(0x20).chr(0x00).chr(0x33).chr(0x38).chr(0x34).chr(0x30).chr(0x30).chr(0x2C).chr(0x33).chr(0x38).chr(0x34).chr(0x30).chr(0x30).chr(0xFF).chr(0xF0).chr(0xFF).chr(0xFA).chr(0x27).chr(0x00).chr(0xFF).chr(0xF0).chr(0xFF).chr(0xFA).chr(0x18).chr(0x00).chr(0x41).chr(0x4E).chr(0x53).chr(0x49).chr(0xFF).chr(0xF0);
      $header2=chr(0xFF).chr(0xFC).chr(0x01).chr(0xFF).chr(0xFC).chr(0x22).chr(0xFF).chr(0xFE).chr(0x05).chr(0xFF).chr(0xFC).chr(0x21);
      $this->fp=fsockopen($host,23);
      fputs($this->fp,$header1);
      usleep(125000);
      fputs($this->fp,$header2);
      usleep(125000);
      $this->write_to_telnet($username."+ct");
      usleep(125000);
      $this->write_to_telnet($password);
        //$this->read_from_telnet();
   }

   function routeros_cmd($command)
   {
      //$command = str_replace(";\n",';',$command);
      //echo $command."\n";
      $commands = explode("\n",$command);
      reset($commands);
      foreach ($commands as $cmd)
      {
         if ($this->echo)
            echo $cmd."\n";
         flush();
          $this->write_to_telnet(trim($cmd));
          //   $read = $this->read_from_telnet()."\n";
          //   if ($this->echo)
         //   echo $read;
            //$this->read_from_telnet()."\n";
            flush();
      }
       return $rez;
   }

   # Telnet Related
   function write_to_telnet($text)
   {
       fputs($this->fp,$text."\r\n");
       usleep($this->TimeOut);
         return true;
   }

   function read_from_telnet()
   {
       $output = "";
       $count = 0;
       $count2 = 0;
       do{
           $char =fread($this->fp, 1);
           $output .= $char;
           if($char==">") $count++;
           if($count==1) break;
           if($char==".") $count2++;
           if($count2==3) break;
       } while(1==1);
       $output=preg_replace("/^.*?\n(.*)\n[^\n]*$/","$1",$output);
       $o=explode("\n",$output);
       for($i=1;$i<=count($o)-2;$i++) $op.=$o[$i]."\n";
        echo"$op";
       return $op;
   }

   function close()
   {
      fclose($this->fp);
   }

}


function first_words($string, $num, $tail='')
{
        /** words into an array **/
        $words = explode(' ', $string);

        /*** get the first $num words ***/
        $firstwords = array_slice( $words, 0, $num);

        /** return words in a string **/
        return  implode(' ', $firstwords).$tail;
}


/***EDITS BELOW Michale blake***/



$val = $_REQUEST['d'];  //customer username
$ip = $_REQUEST['i'];   // LNS ip address
$form = $_REQUEST['f']; //operation

if($form=='disconnect'){
   $username= '<pppoe-' . "$val" . '>';
   $cmd = "
   /interface pppoe-server remove $username
   ";
}

if($form=='shape'){
   $username= '<pppoe-' . "$val" . '>';
   $cmd = "
   /queue simple set $username limit-at=64K/64K max-limit=64K/64K
   ";

   $query = mysql_query("SELECT UserName,Value FROM radreply WHERE UserName='$val' AND  Attribute='Mikrotik-Rate-Limit'");
   $radreplyCheck = mysql_fetch_array($query);

   if($radreplyCheck[Value] !="64k"){

       mysql_query("DELETE FROM radreply WHERE Attribute='Mikrotik-Rate-Limit' AND UserName='$val'");;

       mysql_query("INSERT INTO radreply (UserName , Attribute , op , Value )
                  VALUES ('$val', 'Mikrotik-Rate-Limit', '=', '64k') ");
    }

}


if($form=='unshape'){
    $query = mysql_query("SELECT GroupName FROM usergroup WHERE UserName='$val'");
   $GroupQuery = mysql_fetch_array($query);

    $query = mysql_query("SELECT Value FROM radgroupreply WHERE GroupName='$GroupQuery[GroupName]' AND Attribute='Mikrotik-Rate-Limit'");
   $SpeedQuery = mysql_fetch_array($query);
    $SpeedQuery = $SpeedQuery[Value];

   /*** get the first 1 word ***/
   $SpeedQuery= first_words( $SpeedQuery, 1);

    $username= '<pppoe-' . "$val" . '>';
    $cmd = "
    /queue simple set $username limit-at=$SpeedQuery max-limit=$SpeedQuery
    ";

    mysql_query("DELETE FROM radreply WHERE Attribute='Mikrotik-Rate-Limit' AND UserName='$val'");;


}



$ServerList [] = "$ip";
$Username    = 'username';
$Pass       = 'password';

foreach ($ServerList as $Server)
{
   $mk = &new phpMikrotikTelnet($Server, $Username, $Pass);
   $mk->routeros_cmd($cmd);
   $mk->close();

}

 

[Adam]

This is not an issue with PHP. If you look at the source of the web page you'll see the browser is simply reading the <text> as a HTML tag, and it's actually there but with no visible output on the web page. Why can't you use htmlspecialchars() exactly? Don't apply it to the string before you run the command, but as you output it to the web-page:

 

$hello ='<vvvvv>';

echo htmlspecialchars($hello);

[WebStyles]

if > is displaying correctly, simply convert the values of the variable before displaying them, but leave the original variable intact so it gets posted correctly. Something like:

 

$hello ='<vvvvv>';
echo htmlentities($hello);

 

EDIT:

* Opppss. Seems MrAdam beat me to it.

 

There you have it, 2 people saying the same thing, means it will work.

[nuskope]

thanks for the quick replies guys.

 

unfortanalty, as its basically a script sending text in a telnet connection the telnet connection doesent understand > ect.. :'(

 

It worked fine with older php/apache installations..  Is there a way I can disable the comment functions in apache.conf?

 

 

PS: i tried the follwowing for good measure..

 

   	$mk = &new phpMikrotikTelnet($Server, $Username, $Pass);
   	$mk->routeros_cmd(htmlentities($cmd));
   	$mk->close();

and

   	$mk = &new phpMikrotikTelnet($Server, $Username, $Pass);
   	$mk->routeros_cmd(htmlspecialchars($cmd));
   	$mk->close();

 

both display correclty in the webpage, but dont give the required result.

It could also be my old cruddy API and telnet getting thigns wrong,

 

Basically i need to send /interface pppoe-server remove <pppoe-workshop@nuskope.com.au> to a telnet connection via php..

 

As stated before the ANNOYING thing is it worked fine for years untill we had to upgrade the servers, and then the OS, and ofc packages...

 

[Adam]

Modify the class so that you only escape the string as you output it to the web-page:

 

      foreach ($commands as $cmd)

      {

        if ($this->echo)

            echo htmlspecialchars($cmd)."\n";

        flush();

          $this->write_to_telnet(trim($cmd));

          //  $read = $this->read_from_telnet()."\n";

          //  if ($this->echo)

        //  echo $read;

            //$this->read_from_telnet()."\n";

            flush();

      }

[nuskope]

 

      foreach ($commands as $cmd)

      {

        if ($this->echo)

            echo htmlspecialchars($cmd)."\n";

        flush();

          $this->write_to_telnet(trim($cmd));

            $read = $this->read_from_telnet()."\n";

            if ($this->echo)

            echo $read;

            $this->read_from_telnet()."\n";

            flush();

      }

 

worked like a charm

 

Ty.