OpenID in PHP

Ted Pennings ted at hostleft.com
Wed Jun 29 22:47:21 PDT 2005


Alright, he's a suggestion so we can get rid of the shell command and  
the insecure /tmp:

  //$tmp_var = "/tmp";
  $tmp_var = "/home/user/tmp/";  //a much safer tmp; customize this line


  //make sure the handle is alphanumeric
  if (eregi("[^a-z0-9]",$_GET['openid_assoc_handle'])) {
         die("Error: Invalid handle. Handle must be alphanumeric");
  } else {
         $file = $tmp_var . "oid-shared_secret-" .  
,$_GET['openid_assoc_handle']. ".secret";
         if (@is_readable($file)) {
                 $secret = file_get_content($file);
         } else {
                 die("Error: Failed to read secrets file");
         }
  }

So yeah, I turned 1 line into 15 lines. Sue me.

-Ted

---------------------------------------------------
Host Left Web Hosting		http://www.hostleft.com
Ted Pennings (.com)	  http://www.tedpennings.com
Mobile Phone:						1.951.640.4092
AOL Instant Messenger:				thesleepyvegan


On Jun 29, 2005, at 10:26 PM, Kristopher Tate wrote:

>      $secret = shell_exec('cat  
> /tmp/oid-shared_secret- 
> '.addcslashes($_GET['openid_assoc_handle'],'\0..\37;.\+*? 
> [<^>]($)#').'.secret');



More information about the yadis mailing list