(08-16-2020, 07:24 AM)jreklund Wrote: First of all, you are subject of SQL Injection, with this code I could grab all your data from your database or drop it. Please see the chapter about query binding.
PHP Code:
$sql = $db->query("SELECT * FROM user WHERE username = '$username'");
No you can not.
You are outside, in the dark evil world behind my '
still quite secure' router, remote access is disabled for mysql or any other services beside NTP and HTTP and if ever, you still needed to upload some code to exploit the query.
However, thanks for the info - I'm working on it but for now it gives me the result I need to test general functionality.
(08-16-2020, 07:24 AM)jreklund Wrote: Is it this part that dies?
Code:
throw new \CodeIgniter\Exceptions\PageNotFoundException($username);
No it is not.
(08-16-2020, 07:24 AM)jreklund Wrote: Or is it this?
Code:
echo view('profiles/'.$username);
Yes, as are redirects I do to the controller responsible for the resolving of this path(s).
(08-16-2020, 07:24 AM)jreklund Wrote: If you manually change the permissions of the files created by PHP, do they then work?
No, it does not. I tried any thinkable possibility (change of user, permissions, sticky bit...)
(08-16-2020, 07:24 AM)jreklund Wrote: If so, you got a permission problem, and that can't be solved with your CodeIgniter code.
Yes, that's what I was going far from/ I'm afraid of.
How can I change the standard settings for the webserver/php configuration to let the php engine inside Apache create files with certain user:group and permission settings?
PS: The 'new user restrictions' are perhaps necessary but quite annoying
