OpenID in PHP
Ted Pennings
ted at hostleft.com
Wed Jun 29 22:47:21 PDT 2005
Alright, he's a suggestion so we can get rid of the shell command and
the insecure /tmp:
//$tmp_var = "/tmp";
$tmp_var = "/home/user/tmp/"; //a much safer tmp; customize this line
//make sure the handle is alphanumeric
if (eregi("[^a-z0-9]",$_GET['openid_assoc_handle'])) {
die("Error: Invalid handle. Handle must be alphanumeric");
} else {
$file = $tmp_var . "oid-shared_secret-" .
,$_GET['openid_assoc_handle']. ".secret";
if (@is_readable($file)) {
$secret = file_get_content($file);
} else {
die("Error: Failed to read secrets file");
}
}
So yeah, I turned 1 line into 15 lines. Sue me.
-Ted
---------------------------------------------------
Host Left Web Hosting http://www.hostleft.com
Ted Pennings (.com) http://www.tedpennings.com
Mobile Phone: 1.951.640.4092
AOL Instant Messenger: thesleepyvegan
On Jun 29, 2005, at 10:26 PM, Kristopher Tate wrote:
> $secret = shell_exec('cat
> /tmp/oid-shared_secret-
> '.addcslashes($_GET['openid_assoc_handle'],'\0..\37;.\+*?
> [<^>]($)#').'.secret');
More information about the yadis
mailing list