Is anyone using dialup_admin with a PHP version newer than 4.2.0?

Kostas Kalevras kkalev at noc.ntua.gr
Thu Mar 22 02:23:26 CET 2007


O/H Ethan Dicks έγραψε:
> Hi, all,
>
> This is a refinement of my earlier request for information, honed
> after half a week of trying to untangle things.
>
> I've been grubbing through all the code for dialup_admin 1.80 (from
> the 20070320 CVS snapshot) and am entirely unconvinced that it works
> with version of PHP newer than 4.2.0.  I'm using PHP 4.3.0, since
> that's what comes with RedHat Enterprise Linux 4.   I've turned on
> register_globals, but I can't get the dialup_admin code to stop
> throwing warnings about variable names, etc.
>
> Let's take $login as an example.  In config.php3, there's code to
> scrub "bad" characters out of it, and to strip the realm if requested.
>  Unfortunately, in my environment, just going to the entry point of
> the dialup_admin application results in...
>
> [client 127.0.0.1] PHP Notice:  Undefined variable:  login in
> /usr/local/dialup_admin/conf/config.php3 on line 92, referer:
> http://localhost/dialup/
> [client 127.0.0.1] PHP Notice:  Undefined variable:  login in
> /usr/local/dialup_admin/conf/config.php3 on line 95, referer:
> http://localhost/dialup/
>   

Well as you probably have seen config.php3 will call 
import_request_variables('GPC') so you should not normally have problems 
with variables like $login.
I have dialupadmin running on php-5.0.3 without a problem.

> (ignore the exact line numbers - they won't match the code in CVS
> because I have some debugging stuff further up right now).
>
> I realize that this is a "notice" level message and that messages can
> be turned off by twiddling error_reporting, but that's not the point -
> the point is not simply that there are hundreds of these 'notices'
> getting logged when I bounce around dialup_admin.  The point is that
> these notices are caused by PHP trying to "do the right thing" and
> getting it wrong because the dialup_admin code is chock-a-block with
> $login rather than the now-accepted practice of $_GET['login], and in
> any case, because of how the URLs and PHP code interrelate, modules
> like config.php3 aren't always called from other modules that were
> invoked with a GET method with those exact elements, thus variables
> like $login and $find_user and any other variables which appear to be
> implicly created under older versions of PHP might or might not be
> defined, but the code is written as if they are always defined, albeit
> occasionally empty.
>
> I'm entirely willing to accept that I've missed a step in the
> installation, but I did try to follow the steps in the TODO file and
> don't believe I missed any.  Do people just use the freeRADIUS server
> and manipulate the user database manually?  Are there any dialup_admin
> users running on operating systems less than a year old?  All I'm
> really after is a user management GUI - I don't really care if it's
> dialup_admin or not.  If there's something that other people prefer,
> I'd love to hear about it.
>
> In terms of getting this all going, I'm about to start forcing
> variables to be something useful, as in...
>
> $login = "";
> $max_results = "";
>
> if (!empty($_GET)) {
>   $login = $_GET['login'];
>   $max_results = $_GET['max_results'];
> }
>
> ... just to quiet down the logged errors in the code so I can drill
> down to why I can't click on "new user" and get a page that lets me
> enter a new user.  I'm also open to other suggestions to clean up the
> dialup_admin code and get it up to snuff w.r.t. presently-shipping
> versions of PHP.  This will be an essential step to getting this code
> running under php5, as all of these globalisms have been deprecated
> because they lead to massive vulnerabilities.
>
> Thanks,
>
> -ethan
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>   




More information about the Freeradius-Users mailing list