One of the overloads in PowerShell for the $Host.UI.PromptForCredential method has an options parameter, which is a bitwise combination of PSCredentialUIOptions values.
Looking at MSDN for PSCredentialUIOptions I find the enum values include:
Default : Validates the user name, but not its existence or
correctness.
and
ValidateUserNameSyntax : Validates the syntax of the user name, but
not its existence or correctness.
What exactly do these descriptions mean?
For Default, when it validates the user name, does it mean it just checks the user has entered something, anything, in the User Name field of the PSCredentials dialog?
And for ValidateUserNameSyntax, how does it validate the syntax of the user name? By checking for illegal characters in the entered text?
I've tried Googling for more information but all links just lead back to the MSDN page or the identical TechNet page.
Not only does ValidateUserNameSyntax check for illegal characters, but it also validates the format of the username against the allowedCredentialTypes you supply to PromptForCredential():
$PromptCaption = "Creds plz!"
$PromptMessage = "Please input your domain credentials"
$CredentialType = [System.Management.Automation.PSCredentialTypes]::Domain
$ValidateOption = [System.Management.Automation.PSCredentialUIOptions]::ValidateUserNameSyntax
$Host.UI.PromptForCredential($PromptCaption,$PromptMessage,"","",$CredentialType,$ValidateOption)
Related
I'm experimenting with PowerShell and got following problem:
When I wanted to sign in to twitter using Invoke-WebRequest
$r = Invoke-WebRequest -Uri "http://www.twitter.com"
$r.Forms[1].Fields.session[username_or_email] = "user"
$r.Forms[1].Fields.session[password] = "password"
and tried to assign a value to request object, it was impossible because of the twitter naming convention of their fields. This is what I got as an error message
Unexpected token 'username_or_email]' in expression or statement.
Is there some simple way to escape this characters?
The name of the field is session[username_or_email] and in PowerShell you have two ways of referring to that:
# dot notation, but it must be quoted because of special characters
$r[1].Fields."session[username_or_email]"
# array notation, must be quoted either way
$r[1].Fields["session[username_or_email]"]
Normally you could have just done $r[1].Fields.TheFieldName but you have to put it in quotes because of the special characters involved.
Additionally, I will point out that the response in $r should have already parsed all the fields into the object, letting you tab complete them, but this object does a strange thing: if an <input> field has an id attribute, it will name the object based on that instead of the name, which is why you'll find a field called signin-email but not one already named session[username_or_email].
If it causes you issues when you submit, you may want to manually remove the id-based fields.
Is there a way to successfully bind while leaving out one of the files in the bind search base string? I don't always know what $site is for a user and if I leave it out the binding fails. Can I have something like OU=*,
$ldapSearchBase = "OU=$site,OU=xxxx,OU=xxxx,DC=$globalLocation,DC=companyName,DC=com";
If I leave the site out I get. it works if I put in my correct site
The wrong password was supplied or the SASL credentials could not be processed
LDAP binds require you to have a single unique distinguished name plus the appropriate credentials (user/pass, SSL, etc.). Your bind will always fail if your DN is not unique.
You might want to try splitting your base DN and varying whatever $site is:
my $ldapSearchBase = "OU=user,OU=accounts,DC=$globalLocation,DC=companyName,DC=com";
my $ldapSite = "OU=$site";
my $bindString = $ldapSearch . "," . $ldapSearchBase;
Use the first container as search base:
$ldapSearchBase = "DC=$globalLocation,DC=companyName,DC=com";
Is there and Access equivalent to excel code Application.UserName to auto fill a text box as a default value?
Based on Feedback From HansUp I have modified as follows
Private Sub Form_Load()
Me.LastChgUser = Excel.Application.UserName
End Sub
As my Load event for the form. I now receive a Compile Error: Method or Data Member Not found. THe Txt box "LastChgUser" is on a subform "Staffing" as part form "Associate Lookup"
Access' CurrentUser() function returns the Access security account name, which will be "Admin" unless you have set up user-level security.
You can use the Windows API to get the name of the current Windows user. Try the fOSUserName() function from Get Login name.
Another alternative is the Environ() function:
? Environ("USERNAME")
hans
Although that approach is insecure, it may be adequate for your purpose: load a default value which the user will be allowed to change. However, security settings may not allow you to use it directly as the control source for a text box.
Not sure if this is a security feature, an oversight, or me missing the ocean for the waves, but wondering why there is no value attribute for the password field constructor
This is not an issue for user signup and other form creation events, but becomes a headache when, for example, a user renewal form does not have the password field filled in (and thus fails validation, which is ironic given that they just logged in in order to be able to renew in the first place ;-))
My workaround has been to set the value attrib manually by supplying it as an extra argument:
#inputPassword(
_form("password"), '_label-> "Password*", 'class-> "required",
'value-> _form("password").value map{Some(_)} getOrElse Some("")
)
would prefer the value attribute included by default, however, as with other input elements. Yes, I can override it, but wondering what the dealy-O is regardless
To me, you shouldn't be able to retrieve the user password in any way, since the password should be encrypted before storing it somewhere.
on my website I have a comment section. I want to filter and validate the input before I store it in my database. If there are any invalid chars in the input the user gets the notice that his input is invalid.
My question, which chars are not allowed? e.g. I want to avoid sql injections
Tags are not allowed. How do I check that?
If you are using Zend_Db and parameterised queries (i.e.: $adapter->insert($tableName, array('param' => 'value'))) then it will automagically escape everything for you.
If however you want to further validate the user input, have a look at Zend_Validate and Zend_Filter
Also, if by "tags" you mean HTML tags, I wouldn't do anything to those on input but do make sure you properly escape / strip them on output (have a look at htmlspecialchars())
If you want to display an error message if the input contains HTML tags, and assuming $comment is the comment body, you could try:
if(strip_tags($comment) !== $comment) {
// It seems it contained some html tags
}