Help with PHP is needed...

dragoneye_xp

New Member
Messages
330
Reaction score
0
Points
0
I am trying to fix my LIST (and several other "command modules") for Pyro OS Command Shell so that users cannot go back any further than their user directories.

I've tried this...

PHP:
Code:
function inhome($path){
    global $passwd,$userhome,$userperms; //Password, user's home directory, and user's permission data in home directory.
    if(strpos($userhome.$path,$userhome)===false){ //If the path the user specified is NOT in the user's home directory...
        SendLn("//c:ff0000:Access is denied to //c//c:ffff00:".$path."//c"); //Output an error to the console.
        return false; //Tell the caller that the path the user specified was not found in his or her user directory.
    }
    return true; //Otherwise, tell the caller that the path was found in the user's directory.
}
...but that's not working.

Can anyone help me?
 

careerbridge

New Member
Messages
252
Reaction score
0
Points
0
Give the values of $userhome.$path & $userhome... just echo all the variables and test if all r available in the function!!
 

Bryon

I Fix Things
Messages
8,149
Reaction score
101
Points
48
Do like he said above me, and echo, or even print_r() the variables.

Also, one thing I notice is:
PHP:
if(strpos($userhome.$path,$userhome)

You're adding $path onto the end of $userhome, then checking for that in $userhome? Seems to me like it would also "never find it" and return a false value..

Not sure though what they contain.
 

dragoneye_xp

New Member
Messages
330
Reaction score
0
Points
0
Never mind - I figured it out.
Code:
function inhome($path){
    global $passwd,$userhome,$userperms;
    SendLn($userhome.$path);
    if(strpos([B]realpath[/B]($userhome.$path),[B]realpath[/B]($userhome))===false){
        SendLn("//c:ff0000:Access is denied to //c//c:ffff00:".$path."//c");
        return false;
    }
    return true;
}

That way if a users tries to do the ../../ thing, it won't go back no further than their user directory.
 
Top