From 4c6772d5afa978c07285b4d3174913b776400db3 Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Wed, 25 Feb 2004 19:49:41 +0000 Subject: [PATCH] added correct file endings, updated documentation --- lam-0.4/docs/README.fpdf.htm | 286 ++++++++++++++++++++++++++++++ lam-0.4/docs/README.hosts.txt | 28 +++ lam-0.4/docs/README.lamdaemon.txt | 56 ++++++ lam-0.4/docs/README.openldap.txt | 21 +++ lam-0.4/docs/README.security.txt | 36 ++++ lam/docs/README.fpdf.htm | 286 ++++++++++++++++++++++++++++++ lam/docs/README.hosts.txt | 28 +++ lam/docs/README.lamdaemon.txt | 56 ++++++ lam/docs/README.openldap.txt | 21 +++ lam/docs/README.security.txt | 36 ++++ 10 files changed, 854 insertions(+) create mode 100755 lam-0.4/docs/README.fpdf.htm create mode 100644 lam-0.4/docs/README.hosts.txt create mode 100644 lam-0.4/docs/README.lamdaemon.txt create mode 100644 lam-0.4/docs/README.openldap.txt create mode 100644 lam-0.4/docs/README.security.txt create mode 100755 lam/docs/README.fpdf.htm create mode 100644 lam/docs/README.hosts.txt create mode 100644 lam/docs/README.lamdaemon.txt create mode 100644 lam/docs/README.openldap.txt create mode 100644 lam/docs/README.security.txt diff --git a/lam-0.4/docs/README.fpdf.htm b/lam-0.4/docs/README.fpdf.htm new file mode 100755 index 00000000..f556c9cd --- /dev/null +++ b/lam-0.4/docs/README.fpdf.htm @@ -0,0 +1,286 @@ + + + +FAQ + + + +

FAQ

+1. What's exactly the license of FPDF? Are there any usage restrictions?
+2. When I try to create a PDF, a lot of weird characters show on the screen. Why?
+3. I try to generate a PDF and IE displays a blank page. What happens?
+4. I send parameters using the POST method and the values don't appear in the PDF.
+5. When I use a PHP session, IE doesn't display my PDF any more but asks me to download it.
+6. When I'm on SSL, IE can't open the PDF.
+7. When I execute a script I get the message "FPDF error: Don't alter the locale before including class file".
+8. I try to put a PNG and Acrobat says "There was an error processing a page. A drawing error occurred".
+9. I encounter the following error when I try to generate a PDF: Warning: Cannot add header information - headers already sent by (output started at script.php:X)
+10. I try to display a variable in the Header method but nothing prints.
+11. I defined the Header and Footer methods in my PDF class but nothing appears.
+12. I can't make line breaks work. I put \n in the string printed by MultiCell but it doesn't work.
+13. I try to put the euro symbol but it doesn't work.
+14. I draw a frame with very precise dimensions, but when printed I notice some differences.
+15. I'd like to use the whole surface of the page, but when printed I always have some margins. How can I get rid of them?
+16. What's the limit of the file sizes I can generate with FPDF?
+17. Can I modify a PDF with FPDF?
+18. I'd like to make a search engine in PHP and index PDF files. Can I do it with FPDF?
+19. Can I convert an HTML page to PDF with FPDF?
+20. Can I concatenate PDF files with FPDF?
+

+

1. What's exactly the license of FPDF? Are there any usage restrictions?

+FPDF is Freeware (it is stated at the beginning of the source file). There is no usage +restriction. You may embed it freely in your application (commercial or not), with or +without modification. You may redistribute it, too. +

2. When I try to create a PDF, a lot of weird characters show on the screen. Why?

+These "weird" characters are in fact the actual content of your PDF. This behaviour is a bug of +IE. When it first receives an HTML page, then a PDF from the same URL, it displays it directly +without launching Acrobat. This happens frequently during the development stage: on the least +script error, an HTML page is sent, and after correction, the PDF arrives. +
+To solve the problem, simply quit and restart IE. You can also go to another URL and come +back. +
+To avoid this kind of inconvenience during the development, you can generate the PDF directly +to a file and open it through the explorer. +

3. I try to generate a PDF and IE displays a blank page. What happens?

+First of all, check that you send nothing to the browser after the PDF (not even a space or a +carriage return). You can put an exit statement just after the call to the Output() method to +be sure. +
+If it still doesn't work, it means you're a victim of the "blank page syndrome". IE used in +conjunction with the Acrobat plug-in suffers from numerous bugs, in all versions. You should +test your application with as many IE versions as possible (at least if you're on the Internet). +The problem occurs mostly with the POST method, so it is strongly advised to avoid it (all the +more that it causes other problems, see the next question). The GET works better but may fail +when the URL becomes too long: don't use a query string with more than 45 characters. However, a +tip exists to exceed this limit: end the URL with .pdf, which tricks IE. If you use a form, you +can add a hidden field at the last position: +
+
+
+ +<INPUT TYPE="HIDDEN" NAME="ext" VALUE=".pdf"> + +

+The usage of PHP sessions also often causes trouble (avoid using HTTP headers preventing caching). +See question 5 for a workaround. +
+
+To avoid all these problems in a reliable manner, two main techniques exist: +
+
+- Disable the plug-in and use Acrobat as a helper application. To do this, launch Acrobat; in +the File menu, Preferences, General, uncheck the option "Web Browser Integration" (for Acrobat +5: Edit, Preferences, Options, "Display PDF in Browser"). Then, the next time you load a PDF in +IE, it displays the dialog box "Open it" or "Save it to disk". Uncheck the option "Always ask +before opening this type of file" and choose Open. From now on, PDF files will open +automatically in an external Acrobat window. +
+The drawback of the method is that you need to alter the client configuration, which you can do +in an intranet environment but not for the Internet. +
+
+- Use a redirection technique. It consists in generating the PDF in a temporary file on the +server and redirect the client on it (by using JavaScript, not the Location HTTP header which +also causes trouble). For instance, at the end of the script, you can put the following: +
+
+
+ +//Determine a temporary file name in the current directory
+$file=basename(tempnam(getcwd(),'tmp'));
+//Save PDF to file
+$pdf->Output($file);
+//JavaScript redirection
+echo "<HTML><SCRIPT>document.location='getpdf.php?f=$file';</SCRIPT></HTML>"; + +

+Then create the getpdf.php file with this: +
+
+
+ +<?php
+$f=$HTTP_GET_VARS['f'];
+//Check file (don't skip it!)
+if(substr($f,0,3)!='tmp' or strpos($f,'/') or strpos($f,'\\'))
+    die('Incorrect file name');
+if(!file_exists($f))
+    die('File does not exist');
+//Handle special IE request if needed
+if($HTTP_SERVER_VARS['HTTP_USER_AGENT']=='contype')
+{
+    Header('Content-Type: application/pdf');
+    exit;
+}
+//Output PDF
+Header('Content-Type: application/pdf');
+Header('Content-Length: '.filesize($f));
+readfile($f);
+//Remove file
+unlink($f);
+exit;
+?> + +

+This method works in most cases but IE6 can still experience trouble. The "ultimate" method +consists in redirecting directly to the temporary file. The file name must therefore end with .pdf: +
+
+
+ +//Determine a temporary file name in the current directory
+$file=basename(tempnam(getcwd(),'tmp'));
+rename($file,$file.'.pdf');
+$file.='.pdf';
+//Save PDF to file
+$pdf->Output($file);
+//JavaScript redirection
+echo "<HTML><SCRIPT>document.location='$file';</SCRIPT></HTML>"; + +

+This method turns the dynamic PDF into a static one and avoids all troubles. But you have to do +some cleaning in order to delete the temporary files. For instance: +
+
+
+ +function CleanFiles($dir)
+{
+    //Delete temporary files
+    $t=time();
+    $h=opendir($dir);
+    while($file=readdir($h))
+    {
+        if(substr($file,0,3)=='tmp' and substr($file,-4)=='.pdf')
+        {
+            $path=$dir.'/'.$file;
+            if($t-filemtime($path)>3600)
+                @unlink($path);
+        }
+    }
+    closedir($h);
+} + +

+This function deletes all files of the form tmp*.pdf older than an hour in the specified +directory. You may call it where you want, for instance in the script which generates the PDF. +
+
+Remark: it is necessary to open the PDF in a new window, as you can't go backwards due to the +redirection. +

4. I send parameters using the POST method and the values don't appear in the PDF.

+It's a problem affecting some versions of IE (especially the first 5.5). See the previous +question for the ways to work around it. +

5. When I use a PHP session, IE doesn't display my PDF any more but asks me to download it.

+It's a problem affecting some versions of IE. To work around it, add the following line before +session_start(): +
+
+
+ +session_cache_limiter('private'); + +

+or do a redirection as explained in question 3. +

6. When I'm on SSL, IE can't open the PDF.

+The problem may be fixed by adding this line:
+
+
+ +Header('Pragma: public'); + +

+ +

7. When I execute a script I get the message "FPDF error: Don't alter the locale before including class file".

+When the decimal separator is configured as a comma before including a file, there is a +bug in some PHP versions and decimal +numbers get truncated. Therefore you shouldn't make a call to setlocale() before including the class. +On Unix, you shouldn't set the LC_ALL environment variable neither, for it is equivalent to a +setlocale() call. +

8. I try to put a PNG and Acrobat says "There was an error processing a page. A drawing error occurred".

+Acrobat 5 has a bug and is unable to display transparent monochrome images (i.e. with 1 bit per +pixel). Remove transparency or save your image in 16 colors (4 bits per pixel) or more. +

9. I encounter the following error when I try to generate a PDF: Warning: Cannot add header information - headers already sent by (output started at script.php:X)

+You must send nothing to the browser except the PDF itself: no HTML, no space, no carriage return, +neither before nor after. The script outputs something at line X. +

10. I try to display a variable in the Header method but nothing prints.

+You have to use the global keyword, for instance: +
+
+
+ +function Header()
+{
+    global $title;
+
+    $this->SetFont('Arial','B',15);
+    $this->Cell(0,10,$title,1,1,'C');
+} + +

+ +

11. I defined the Header and Footer methods in my PDF class but nothing appears.

+You have to create an object from the PDF class, not FPDF:
+
+
+ +$pdf=new PDF(); + +

+ +

12. I can't make line breaks work. I put \n in the string printed by MultiCell but it doesn't work.

+You have to enclose your string with double quotes, not single ones. +

13. I try to put the euro symbol but it doesn't work.

+The standard fonts have the euro character at position 128. You can define a constant like this +for convenience: +
+
+
+ +define('EURO',chr(128)); + +

+Note: Acrobat 4 or higher is required to display euro. +

14. I draw a frame with very precise dimensions, but when printed I notice some differences.

+To respect dimensions, you have to uncheck the option "Fit to page" in the print dialog box. +

15. I'd like to use the whole surface of the page, but when printed I always have some margins. How can I get rid of them?

+All printers have physical margins (different depending on the model), it is therefore impossible +to remove them and print on the totality of the paper. +

16. What's the limit of the file sizes I can generate with FPDF?

+There is no particular limit. There are some constraints however: +
+
+- The maximum memory size allocated to PHP scripts defaults to 8MB. For very big documents, +especially with images, this limit may be reached (the file being built into memory). The +parameter is configured in the php.ini file. +
+
+- The maximum execution time allocated defaults to 30 seconds. This limit can of course be easily +reached. It is configured in php.ini and may be altered dynamically with set_time_limit(). +
+
+- Browsers generally have a 5 minute time-out. If you send the PDF directly to the browser and +reach the limit, it will be lost. It is therefore advised for very big documents to +generate them in a file, and to send some data to the browser from time to time (for instance +page 1, page 2... with flush() to force the output). When the document is finished, you can send +a redirection on it with JavaScript or create a link. +
+Remark: even when the browser goes in time-out, the script may continue to run on the server. +

17. Can I modify a PDF with FPDF?

+No. +

18. I'd like to make a search engine in PHP and index PDF files. Can I do it with FPDF?

+No. But a GPL C utility does exist, pdftotext, which is able to extract the textual content from +a PDF. It is provided with the Xpdf package:
+
+http://www.foolabs.com/xpdf/ +

19. Can I convert an HTML page to PDF with FPDF?

+No. But a GPL C utility does exist, htmldoc, which allows to do it and gives good results:
+
+http://www.easysw.com/htmldoc/ +

20. Can I concatenate PDF files with FPDF?

+No. But a free C utility exists to perform this task:
+
+http://thierry.schmit.free.fr/dev/mbtPdfAsm/enMbtPdfAsm2.html + + diff --git a/lam-0.4/docs/README.hosts.txt b/lam-0.4/docs/README.hosts.txt new file mode 100644 index 00000000..8303992e --- /dev/null +++ b/lam-0.4/docs/README.hosts.txt @@ -0,0 +1,28 @@ +The attribute "host" is only in objectclass account. +Unfortunatly "account" conflicts with +"inetorgperson". so there's no perfect way to use +both. + +In order to get attribute host working you have to +modify schema/inetorgperson and include host: + + +# inetOrgPerson +# The inetOrgPerson represents people who are associated with an +# organization in some way. It is a structural class and is derived +# from the organizationalPerson which is defined in X.521 [X521]. +objectclass ( 2.16.840.1.113730.3.2.2 + NAME 'inetOrgPerson' + DESC 'RFC2798: Internet Organizational Person' + SUP organizationalPerson + STRUCTURAL + MAY ( + audio $ businessCategory $ carLicense $ departmentNumber $ + displayName $ employeeNumber $ employeeType $ givenName $ + homePhone $ homePostalAddress $ initials $ jpegPhoto $ + labeledURI $ mail $ manager $ mobile $ o $ pager $ + photo $ roomNumber $ secretary $ uid $ userCertificate $ + x500uniqueIdentifier $ preferredLanguage $ + userSMIMECertificate $ userPKCS12 $ host ) + ) + diff --git a/lam-0.4/docs/README.lamdaemon.txt b/lam-0.4/docs/README.lamdaemon.txt new file mode 100644 index 00000000..6335e4b8 --- /dev/null +++ b/lam-0.4/docs/README.lamdaemon.txt @@ -0,0 +1,56 @@ +lamdaemon.pl is used to modify quota and homedirs +on a remote or local host via ssh. +If you want wo use it you have to set up some +things to get it to work: + +1. Setup values in LDAP Account Manager + * Set the remote or local host in the configuration + (e.g. 127.0.0.1) + * Path to lamdaemon.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemon.pl + + +2. Set up sudo + The perl script has to run as root. Therefore we need + a wrapper, sudo. + Edit /etc/sudoers on host where homedirs or quotas should be used + and add the following line: + $admin All= NOPASSWD: $path + $admin is the adminuser from LAM and $path + is the path to lamdaemon.pl e.g. $admin All= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl + At the moment the password is a paramteter of lamdaemon.pl + therefore you should disable logging so the password does not + appear in any logfile. + This can be done by adding the following line to /etc/sudoers: + Defaults:$admin !syslog + +3. Set up Perl + We need some external Perl modules, Quota and Net::SSH::Perl + To install them, run: + perl -MCPAN -e shell + install Quota + install Net::SSH::Perl + +4. Test lamdaemon.pl + I've installed a test-function in lamdaemon.pl. Please run lamdaemon.pl + with the following attributes to test it: + lamdaemon.pl $ssh-server $lam_path_on_host $admin-username $admin-password *test + $ssh-server is the remote host lamdaemon.pl should be run on + $lam_path_on_host is the path to lamdaemon.pl on remote host + $admin-username is the name of the user which is allowed to run lamdaemon.pl + as root. It is the same user as in /etc/sudoers + $admin-password is the password of the admin user + *test is the command which tells lamdaemon.pl to test settings + + You have to run the command as the user your webserver is running, e.g. + + wwwrun@tilo:/srv/www/htdocs/lam/lib> /srv/www/htdocs/lam/lib/lamdaemon.pl \ + 127.0.0.1 /srv/www/htdocs/lam/lib/lamdaemon.pl root secret *test + + You should get the following response: + Net::SSH::Perl successfully installed. + Perl quota module successfully installed. + If you have not seen any error lamdaemon.pl should be set up successfully. + +Now everything should work fine. + +Please send a mail to TiloLutz@gmx.de if you have any suggestions. diff --git a/lam-0.4/docs/README.openldap.txt b/lam-0.4/docs/README.openldap.txt new file mode 100644 index 00000000..b66ae625 --- /dev/null +++ b/lam-0.4/docs/README.openldap.txt @@ -0,0 +1,21 @@ +Some basic hints to configure the OpenLDAP server: + +SIZELIMIT: OpenLDAP allows by default 500 return values per search, if you have more users/groups/hosts + change this in slapd.conf: e.g. "sizelimit 10000" or "sizelimit -1" for unlimited return values. + +INDICES: Indices will improve the performance when searching for entries in the LDAP directory. + The following indices are recommended: + + index objectClass eq + index default sub + index uidNumber eq + index gidNumber eq + index memberUid eq + index cn,sn,uid,displayName pres,sub,eq + # Samba 2.x + index rid eq + index primaryGroupID eq + # Samba 3.x + index sambaSID eq + index sambaPrimaryGroupSID eq + index sambaDomainName eq diff --git a/lam-0.4/docs/README.security.txt b/lam-0.4/docs/README.security.txt new file mode 100644 index 00000000..cbae78d8 --- /dev/null +++ b/lam-0.4/docs/README.security.txt @@ -0,0 +1,36 @@ + +1. Use of SSL + + The data which is transfered between you and LAM is very sensitive. + Please always use SSL encrypted connections between LAM and your browser to + protect yourself against network sniffers. + + +2. LDAP+SSL and TLS + + LAM should start TLS automatically if possible. LDAP+SSL will be used if you use + ldaps://servername in your configuration profile. + + +3. Chrooted servers + + If your server is chrooted and you have no access to /dev/random or /dev/urandom + this can be a security risk. LAM stores your LDAP password encrypted in the session. + LAM uses rand() to generate the key if /dev/random and /dev/urandom are not accessible. + Therefore the key can be easily guessed. + An attaker needs read access to the session file (e.g. by another Apache instance) to + exploit this. + + +4. LDAP password protection + + Your LDAP password is stored encrypted in the session file. The key and IV to decrypt + it are stored in two cookies. We use MCrypt/AES or Blowfish to encrypt the password. + + +5. Protection of new user passwords + + These passwords are, if stored in the session file, encrypted with the same key and IV + as your LDAP password. + + diff --git a/lam/docs/README.fpdf.htm b/lam/docs/README.fpdf.htm new file mode 100755 index 00000000..f556c9cd --- /dev/null +++ b/lam/docs/README.fpdf.htm @@ -0,0 +1,286 @@ + + + +FAQ + + + +

FAQ

+1. What's exactly the license of FPDF? Are there any usage restrictions?
+2. When I try to create a PDF, a lot of weird characters show on the screen. Why?
+3. I try to generate a PDF and IE displays a blank page. What happens?
+4. I send parameters using the POST method and the values don't appear in the PDF.
+5. When I use a PHP session, IE doesn't display my PDF any more but asks me to download it.
+6. When I'm on SSL, IE can't open the PDF.
+7. When I execute a script I get the message "FPDF error: Don't alter the locale before including class file".
+8. I try to put a PNG and Acrobat says "There was an error processing a page. A drawing error occurred".
+9. I encounter the following error when I try to generate a PDF: Warning: Cannot add header information - headers already sent by (output started at script.php:X)
+10. I try to display a variable in the Header method but nothing prints.
+11. I defined the Header and Footer methods in my PDF class but nothing appears.
+12. I can't make line breaks work. I put \n in the string printed by MultiCell but it doesn't work.
+13. I try to put the euro symbol but it doesn't work.
+14. I draw a frame with very precise dimensions, but when printed I notice some differences.
+15. I'd like to use the whole surface of the page, but when printed I always have some margins. How can I get rid of them?
+16. What's the limit of the file sizes I can generate with FPDF?
+17. Can I modify a PDF with FPDF?
+18. I'd like to make a search engine in PHP and index PDF files. Can I do it with FPDF?
+19. Can I convert an HTML page to PDF with FPDF?
+20. Can I concatenate PDF files with FPDF?
+

+

1. What's exactly the license of FPDF? Are there any usage restrictions?

+FPDF is Freeware (it is stated at the beginning of the source file). There is no usage +restriction. You may embed it freely in your application (commercial or not), with or +without modification. You may redistribute it, too. +

2. When I try to create a PDF, a lot of weird characters show on the screen. Why?

+These "weird" characters are in fact the actual content of your PDF. This behaviour is a bug of +IE. When it first receives an HTML page, then a PDF from the same URL, it displays it directly +without launching Acrobat. This happens frequently during the development stage: on the least +script error, an HTML page is sent, and after correction, the PDF arrives. +
+To solve the problem, simply quit and restart IE. You can also go to another URL and come +back. +
+To avoid this kind of inconvenience during the development, you can generate the PDF directly +to a file and open it through the explorer. +

3. I try to generate a PDF and IE displays a blank page. What happens?

+First of all, check that you send nothing to the browser after the PDF (not even a space or a +carriage return). You can put an exit statement just after the call to the Output() method to +be sure. +
+If it still doesn't work, it means you're a victim of the "blank page syndrome". IE used in +conjunction with the Acrobat plug-in suffers from numerous bugs, in all versions. You should +test your application with as many IE versions as possible (at least if you're on the Internet). +The problem occurs mostly with the POST method, so it is strongly advised to avoid it (all the +more that it causes other problems, see the next question). The GET works better but may fail +when the URL becomes too long: don't use a query string with more than 45 characters. However, a +tip exists to exceed this limit: end the URL with .pdf, which tricks IE. If you use a form, you +can add a hidden field at the last position: +
+
+
+ +<INPUT TYPE="HIDDEN" NAME="ext" VALUE=".pdf"> + +

+The usage of PHP sessions also often causes trouble (avoid using HTTP headers preventing caching). +See question 5 for a workaround. +
+
+To avoid all these problems in a reliable manner, two main techniques exist: +
+
+- Disable the plug-in and use Acrobat as a helper application. To do this, launch Acrobat; in +the File menu, Preferences, General, uncheck the option "Web Browser Integration" (for Acrobat +5: Edit, Preferences, Options, "Display PDF in Browser"). Then, the next time you load a PDF in +IE, it displays the dialog box "Open it" or "Save it to disk". Uncheck the option "Always ask +before opening this type of file" and choose Open. From now on, PDF files will open +automatically in an external Acrobat window. +
+The drawback of the method is that you need to alter the client configuration, which you can do +in an intranet environment but not for the Internet. +
+
+- Use a redirection technique. It consists in generating the PDF in a temporary file on the +server and redirect the client on it (by using JavaScript, not the Location HTTP header which +also causes trouble). For instance, at the end of the script, you can put the following: +
+
+
+ +//Determine a temporary file name in the current directory
+$file=basename(tempnam(getcwd(),'tmp'));
+//Save PDF to file
+$pdf->Output($file);
+//JavaScript redirection
+echo "<HTML><SCRIPT>document.location='getpdf.php?f=$file';</SCRIPT></HTML>"; + +

+Then create the getpdf.php file with this: +
+
+
+ +<?php
+$f=$HTTP_GET_VARS['f'];
+//Check file (don't skip it!)
+if(substr($f,0,3)!='tmp' or strpos($f,'/') or strpos($f,'\\'))
+    die('Incorrect file name');
+if(!file_exists($f))
+    die('File does not exist');
+//Handle special IE request if needed
+if($HTTP_SERVER_VARS['HTTP_USER_AGENT']=='contype')
+{
+    Header('Content-Type: application/pdf');
+    exit;
+}
+//Output PDF
+Header('Content-Type: application/pdf');
+Header('Content-Length: '.filesize($f));
+readfile($f);
+//Remove file
+unlink($f);
+exit;
+?> + +

+This method works in most cases but IE6 can still experience trouble. The "ultimate" method +consists in redirecting directly to the temporary file. The file name must therefore end with .pdf: +
+
+
+ +//Determine a temporary file name in the current directory
+$file=basename(tempnam(getcwd(),'tmp'));
+rename($file,$file.'.pdf');
+$file.='.pdf';
+//Save PDF to file
+$pdf->Output($file);
+//JavaScript redirection
+echo "<HTML><SCRIPT>document.location='$file';</SCRIPT></HTML>"; + +

+This method turns the dynamic PDF into a static one and avoids all troubles. But you have to do +some cleaning in order to delete the temporary files. For instance: +
+
+
+ +function CleanFiles($dir)
+{
+    //Delete temporary files
+    $t=time();
+    $h=opendir($dir);
+    while($file=readdir($h))
+    {
+        if(substr($file,0,3)=='tmp' and substr($file,-4)=='.pdf')
+        {
+            $path=$dir.'/'.$file;
+            if($t-filemtime($path)>3600)
+                @unlink($path);
+        }
+    }
+    closedir($h);
+} + +

+This function deletes all files of the form tmp*.pdf older than an hour in the specified +directory. You may call it where you want, for instance in the script which generates the PDF. +
+
+Remark: it is necessary to open the PDF in a new window, as you can't go backwards due to the +redirection. +

4. I send parameters using the POST method and the values don't appear in the PDF.

+It's a problem affecting some versions of IE (especially the first 5.5). See the previous +question for the ways to work around it. +

5. When I use a PHP session, IE doesn't display my PDF any more but asks me to download it.

+It's a problem affecting some versions of IE. To work around it, add the following line before +session_start(): +
+
+
+ +session_cache_limiter('private'); + +

+or do a redirection as explained in question 3. +

6. When I'm on SSL, IE can't open the PDF.

+The problem may be fixed by adding this line:
+
+
+ +Header('Pragma: public'); + +

+ +

7. When I execute a script I get the message "FPDF error: Don't alter the locale before including class file".

+When the decimal separator is configured as a comma before including a file, there is a +bug in some PHP versions and decimal +numbers get truncated. Therefore you shouldn't make a call to setlocale() before including the class. +On Unix, you shouldn't set the LC_ALL environment variable neither, for it is equivalent to a +setlocale() call. +

8. I try to put a PNG and Acrobat says "There was an error processing a page. A drawing error occurred".

+Acrobat 5 has a bug and is unable to display transparent monochrome images (i.e. with 1 bit per +pixel). Remove transparency or save your image in 16 colors (4 bits per pixel) or more. +

9. I encounter the following error when I try to generate a PDF: Warning: Cannot add header information - headers already sent by (output started at script.php:X)

+You must send nothing to the browser except the PDF itself: no HTML, no space, no carriage return, +neither before nor after. The script outputs something at line X. +

10. I try to display a variable in the Header method but nothing prints.

+You have to use the global keyword, for instance: +
+
+
+ +function Header()
+{
+    global $title;
+
+    $this->SetFont('Arial','B',15);
+    $this->Cell(0,10,$title,1,1,'C');
+} + +

+ +

11. I defined the Header and Footer methods in my PDF class but nothing appears.

+You have to create an object from the PDF class, not FPDF:
+
+
+ +$pdf=new PDF(); + +

+ +

12. I can't make line breaks work. I put \n in the string printed by MultiCell but it doesn't work.

+You have to enclose your string with double quotes, not single ones. +

13. I try to put the euro symbol but it doesn't work.

+The standard fonts have the euro character at position 128. You can define a constant like this +for convenience: +
+
+
+ +define('EURO',chr(128)); + +

+Note: Acrobat 4 or higher is required to display euro. +

14. I draw a frame with very precise dimensions, but when printed I notice some differences.

+To respect dimensions, you have to uncheck the option "Fit to page" in the print dialog box. +

15. I'd like to use the whole surface of the page, but when printed I always have some margins. How can I get rid of them?

+All printers have physical margins (different depending on the model), it is therefore impossible +to remove them and print on the totality of the paper. +

16. What's the limit of the file sizes I can generate with FPDF?

+There is no particular limit. There are some constraints however: +
+
+- The maximum memory size allocated to PHP scripts defaults to 8MB. For very big documents, +especially with images, this limit may be reached (the file being built into memory). The +parameter is configured in the php.ini file. +
+
+- The maximum execution time allocated defaults to 30 seconds. This limit can of course be easily +reached. It is configured in php.ini and may be altered dynamically with set_time_limit(). +
+
+- Browsers generally have a 5 minute time-out. If you send the PDF directly to the browser and +reach the limit, it will be lost. It is therefore advised for very big documents to +generate them in a file, and to send some data to the browser from time to time (for instance +page 1, page 2... with flush() to force the output). When the document is finished, you can send +a redirection on it with JavaScript or create a link. +
+Remark: even when the browser goes in time-out, the script may continue to run on the server. +

17. Can I modify a PDF with FPDF?

+No. +

18. I'd like to make a search engine in PHP and index PDF files. Can I do it with FPDF?

+No. But a GPL C utility does exist, pdftotext, which is able to extract the textual content from +a PDF. It is provided with the Xpdf package:
+
+http://www.foolabs.com/xpdf/ +

19. Can I convert an HTML page to PDF with FPDF?

+No. But a GPL C utility does exist, htmldoc, which allows to do it and gives good results:
+
+http://www.easysw.com/htmldoc/ +

20. Can I concatenate PDF files with FPDF?

+No. But a free C utility exists to perform this task:
+
+http://thierry.schmit.free.fr/dev/mbtPdfAsm/enMbtPdfAsm2.html + + diff --git a/lam/docs/README.hosts.txt b/lam/docs/README.hosts.txt new file mode 100644 index 00000000..8303992e --- /dev/null +++ b/lam/docs/README.hosts.txt @@ -0,0 +1,28 @@ +The attribute "host" is only in objectclass account. +Unfortunatly "account" conflicts with +"inetorgperson". so there's no perfect way to use +both. + +In order to get attribute host working you have to +modify schema/inetorgperson and include host: + + +# inetOrgPerson +# The inetOrgPerson represents people who are associated with an +# organization in some way. It is a structural class and is derived +# from the organizationalPerson which is defined in X.521 [X521]. +objectclass ( 2.16.840.1.113730.3.2.2 + NAME 'inetOrgPerson' + DESC 'RFC2798: Internet Organizational Person' + SUP organizationalPerson + STRUCTURAL + MAY ( + audio $ businessCategory $ carLicense $ departmentNumber $ + displayName $ employeeNumber $ employeeType $ givenName $ + homePhone $ homePostalAddress $ initials $ jpegPhoto $ + labeledURI $ mail $ manager $ mobile $ o $ pager $ + photo $ roomNumber $ secretary $ uid $ userCertificate $ + x500uniqueIdentifier $ preferredLanguage $ + userSMIMECertificate $ userPKCS12 $ host ) + ) + diff --git a/lam/docs/README.lamdaemon.txt b/lam/docs/README.lamdaemon.txt new file mode 100644 index 00000000..6335e4b8 --- /dev/null +++ b/lam/docs/README.lamdaemon.txt @@ -0,0 +1,56 @@ +lamdaemon.pl is used to modify quota and homedirs +on a remote or local host via ssh. +If you want wo use it you have to set up some +things to get it to work: + +1. Setup values in LDAP Account Manager + * Set the remote or local host in the configuration + (e.g. 127.0.0.1) + * Path to lamdaemon.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemon.pl + + +2. Set up sudo + The perl script has to run as root. Therefore we need + a wrapper, sudo. + Edit /etc/sudoers on host where homedirs or quotas should be used + and add the following line: + $admin All= NOPASSWD: $path + $admin is the adminuser from LAM and $path + is the path to lamdaemon.pl e.g. $admin All= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl + At the moment the password is a paramteter of lamdaemon.pl + therefore you should disable logging so the password does not + appear in any logfile. + This can be done by adding the following line to /etc/sudoers: + Defaults:$admin !syslog + +3. Set up Perl + We need some external Perl modules, Quota and Net::SSH::Perl + To install them, run: + perl -MCPAN -e shell + install Quota + install Net::SSH::Perl + +4. Test lamdaemon.pl + I've installed a test-function in lamdaemon.pl. Please run lamdaemon.pl + with the following attributes to test it: + lamdaemon.pl $ssh-server $lam_path_on_host $admin-username $admin-password *test + $ssh-server is the remote host lamdaemon.pl should be run on + $lam_path_on_host is the path to lamdaemon.pl on remote host + $admin-username is the name of the user which is allowed to run lamdaemon.pl + as root. It is the same user as in /etc/sudoers + $admin-password is the password of the admin user + *test is the command which tells lamdaemon.pl to test settings + + You have to run the command as the user your webserver is running, e.g. + + wwwrun@tilo:/srv/www/htdocs/lam/lib> /srv/www/htdocs/lam/lib/lamdaemon.pl \ + 127.0.0.1 /srv/www/htdocs/lam/lib/lamdaemon.pl root secret *test + + You should get the following response: + Net::SSH::Perl successfully installed. + Perl quota module successfully installed. + If you have not seen any error lamdaemon.pl should be set up successfully. + +Now everything should work fine. + +Please send a mail to TiloLutz@gmx.de if you have any suggestions. diff --git a/lam/docs/README.openldap.txt b/lam/docs/README.openldap.txt new file mode 100644 index 00000000..b66ae625 --- /dev/null +++ b/lam/docs/README.openldap.txt @@ -0,0 +1,21 @@ +Some basic hints to configure the OpenLDAP server: + +SIZELIMIT: OpenLDAP allows by default 500 return values per search, if you have more users/groups/hosts + change this in slapd.conf: e.g. "sizelimit 10000" or "sizelimit -1" for unlimited return values. + +INDICES: Indices will improve the performance when searching for entries in the LDAP directory. + The following indices are recommended: + + index objectClass eq + index default sub + index uidNumber eq + index gidNumber eq + index memberUid eq + index cn,sn,uid,displayName pres,sub,eq + # Samba 2.x + index rid eq + index primaryGroupID eq + # Samba 3.x + index sambaSID eq + index sambaPrimaryGroupSID eq + index sambaDomainName eq diff --git a/lam/docs/README.security.txt b/lam/docs/README.security.txt new file mode 100644 index 00000000..cbae78d8 --- /dev/null +++ b/lam/docs/README.security.txt @@ -0,0 +1,36 @@ + +1. Use of SSL + + The data which is transfered between you and LAM is very sensitive. + Please always use SSL encrypted connections between LAM and your browser to + protect yourself against network sniffers. + + +2. LDAP+SSL and TLS + + LAM should start TLS automatically if possible. LDAP+SSL will be used if you use + ldaps://servername in your configuration profile. + + +3. Chrooted servers + + If your server is chrooted and you have no access to /dev/random or /dev/urandom + this can be a security risk. LAM stores your LDAP password encrypted in the session. + LAM uses rand() to generate the key if /dev/random and /dev/urandom are not accessible. + Therefore the key can be easily guessed. + An attaker needs read access to the session file (e.g. by another Apache instance) to + exploit this. + + +4. LDAP password protection + + Your LDAP password is stored encrypted in the session file. The key and IV to decrypt + it are stored in two cookies. We use MCrypt/AES or Blowfish to encrypt the password. + + +5. Protection of new user passwords + + These passwords are, if stored in the session file, encrypted with the same key and IV + as your LDAP password. + +