search

sentora / sentora-core

Sentora is a web hosting control panel written in PHP for *NIX
GNU General Public License v3.0
653 stars 444 forks source link

setzadmin and special characters #109

Closed TGates71 closed 9 years ago

TGates71 commented 9 years ago

used setzadmin to make an easier test password, alpha-numeric works, but used special characters like $ did not work.

allebb commented 9 years ago

Special characters like '$' won't work as they are seen by the CLI as variables, not really sure how we can combat this but we can look into it I guess.

Thanks or posting Tom - I can however confirm that this is definitely NOT due to us switching to UTF8,

TGates71 commented 9 years ago

Makes total sense. Maybe use a protected server-side PHP file to do it or some sort of escaping or set the passed password in a variable it's self? Just some thoughts to kick around.

allebb commented 9 years ago

No, what I'm saying is, that the Linux console interprets the '$' character and others as special characters on the CLI, escaping them in PHP will not help at all as the special characters will be intercepted at the CLI and will never make it to the PHP script behind to get escaped ;)

On 2 February 2015 at 15:50, TGates notifications@github.com wrote:

Makes total sense. Maybe use a protected server-side PHP file to do it or some sort of escaping or set the passed password in a variable it's self? Just some thoughts to kick around.

— Reply to this email directly or view it on GitHub https://github.com/sentora/sentora-core/issues/109#issuecomment-72479845 .

TGates71 commented 9 years ago

I completely see now... well, it's good to use if you can't login and need to reset pw, then make a better password once logged in. I guess this can be closed then. no need to try and hash it out.

trojanspike commented 9 years ago

Only when it's wrapped in double quotes will the variable be used

#!/usr/bin/env bash
PARAM='pas$word'

echo "param value will show : $PARAM"

echo 'param value will not show - $PARAM'
allebb commented 9 years ago

Try it from the CLI then Lee, I think you'll be surprised... the CLI is still trying to use strange characters and will need an escape char!

On 2 February 2015 at 20:16, Lee Mc Kay notifications@github.com wrote:

Only when it's wrapped in double quotes will the variable be used

PARAM=password echo "param value will show : $PARAM" echo 'param value will not show - $PARAM'

— Reply to this email directly or view it on GitHub https://github.com/sentora/sentora-core/issues/109#issuecomment-72529286 .

trojanspike commented 9 years ago

oh right - PHP not BASH. : got cha

allebb commented 9 years ago

Closing this as not much we can do - except i guess wrap the parameter values in double quotes " which may work - this is however a limitation with using the CLI tools.