I am trying to establish connection using sftp class
my code:
$host = 'some ip address';
$username = 'username';
$pass = 'password';
$sftp = new SFTPConnection($host, 22);
$sftp->login($username, $pass);
When i run this script i get message Could not authenticate with username and password
When i use same user and pass in fileZilla with sftp, then is ok, I can establish connection, but with script i cant
Anyone know what is the problem?
Ok, here what was the problem...
My IP address wasnt been allowed on FTP server?! Now when they put my IP on whitelist, everything working just fine.
Thank you guys for your effort.
Try to add this code in your sftp.php in login(){} function. Then tell what error does it give:
if (!extension_loaded('ssh2'))
{
throw new Exception("Extension ssh2 has to be loaded to use this class. Please enable in php.ini.");
}
if (! #ssh2_auth_password($this->connection, $username, $password))
throw new Exception("Could not authenticate with username $username " . "and password $password.");
$this->sftp = #ssh2_sftp($this->connection);
if (! $this->sftp)
throw new Exception("Could not initialize SFTP subsystem.");
Edit your code to do the following[ as some people say that we should authenticate both via username_password and as well as hostKeyAuthentication ]
-------------------------------
The above description shows that:
The issue lies in the php extension assuming that you’re going to authenticate either with a password or with a public key. Because of that assumption, authenticating with a password will give you a failure and could throw you off into the wrong direction (brief description is in the link: Must Read).
$connection = ssh2_connect($host, $port);
ssh2_auth_password($connection, $username, $password);
if (ssh2_auth_pubkey_file($connection, $username, $pubkey, $privatekey)) {
echo "Public Key Authentication Successful";
}
else {
echo 'Public Key Authentication Failed' ;
return false;
}
Related
I have a php file that connects and binds to AD with a service account no problem on that.
I have an HTML form asking for user name and password.
I need a way to verify the user's credentials against AD
when the user enters their user name and password in the form.
I cannot use the ldap_bind function, because our users don't have the permission to do that.
Suppose PHP has an auth class, but I cannot figure out how to get it to work. Can anyone help me with that? If auth class doesn't work, what other codes can I use to verify credentials and add it to my PHP page?
The following is my php page:
<?php
// Connect to AD========================================================
include('studentFormAuth.html');
$ldapusername = 'service_account_name';
$ldappassword = "service_account_password";
$server = 'xx.xx.xx.xx';
$domain = '#abc.com';
$port = 389;
$connection = ldap_connect($server, $port);
if (!$connection) {
exit('Connection failed');
}
// Settings for AD======================================================
ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connection, LDAP_OPT_REFERRALS, 0);
$bind = #ldap_bind($connection, $ldapusername.$domain, $ldappassword);
if (!$bind) {
exit('Binding failed');
}
// Verify user credentials auth function=============================================
$auth = new Auth($connection, $_POST['usern'].$domain, $_POST['password']);
// begin validation
$auth->start();
if ($auth->getAuth()) {
// content for validated users
echo 'user name is: ' $_POST['usern'].$domain;
} else {
echo 'Cannot verify user';
}
// log users out
$auth->logout();
This is what I am trying to do: I want to download the code of my existing, and successfully running app (PHP and mySQL) and then upload it again to a different directory. I want to keep the database login the same. So basically I have a "live" code and a "test" code.
Now, when I go through this process I am getting a blank page when trying to log in as the newly uploaded "test" code. I am really puzzled why this is not working since I have not made any change to the code, I just duplicated it. I guess the blank page is telling me that the test code could not connect to the database. But why? Login details are the same!!
Any idea what I am missing here?
require_once("site_constant.php");
require_once("lib/mysql.php");
require_once("lib/function.php");
$DBObject = new db_sql();
$link = $DBObject->db_connect(DB_SERVER,DB_SERVER_USERNAME,DB_SERVER_PASSWORD, DB_DATABASE) or die('DB not connect');
The login details are in site_constant.php, which I have not changed:
define('DB_SERVER','xxxx');
define('DB_SERVER_USERNAME','xxxxx');
define('DB_SERVER_PASSWORD','xxxxx');
define('DB_DATABASE','xxxxxx');
define('SITE_URL', 'xxxxxxx');
The login function is in lib/mysql.php:
function db_connect($server = DB_SERVER, $username = DB_SERVER_USERNAME, $password = DB_SERVER_PASSWORD, $database = DB_DATABASE, $link = 'db_link')
{
global $$link;
$$link =mysql_connect($server, $username, $password);
if($$link)
{
$$link=mysql_select_db($database);
if(!$$link)
{
$msg="Can't connect from Database";
$this->db_error($msg,mysql_errno(),mysql_error());
}
}
else
{
$msg="Can't connect from MYSQL";
$this->db_error($msg,mysql_errno(),mysql_error());
}
return $$link;
}
I have put together a basic web-app, the actual web-app itself works fine. However I wanted to add user authentication using our existing ldap server. The ldap script seems to work intermittently though, when logging in the first few attempts will fail with the 'access denied' message then it will authenticate. I ran the script stand alone without the app and the same behavior applies.
I cant seem to tie the problem down anywhere, I can only assume it is occuring on the ldap side and not the php side. I have included the script below, any help would be great.
While writing this, it failed to auth 3 times and passed twice...
<?php
$user = $_POST['login-name'];
$password = $_POST['login-pass'];
$ldap_user = 'uid='.$user.',ou=people,dc=ourdomain,dc=com,dc=au';
$ldap_pwd = $password;
$ldaphost = 'ldap://ldapserver.domain.com';
$ldapport = 389;
$ds = ldap_connect($ldaphost, $ldapport)
or die("Could not connect to $ldaphost");
if ($ds)
{
$username = $ldap_user;
$upasswd = $password;
$ldapbind = ldap_bind($ds, $username, $upasswd);
if ($ldapbind)
{
//print "Congratulations! $username is authenticated.";
header('Location: message.html');
}
else
{print "Access Denied!";}
}
?>
You probably should set the LDAP-protocol version to 3 using
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
before calling ldap_bind().
I've found this at http://php.net/manual/de/function.ldap-bind.php#72795
I have serious trouble figuring out which credentials to use to connect to the ad in php.
I can connect successfully using ldp.exe with generic function type and the right domain, user, and password. With any other option set in ldp.exe I can only connect anonymous.
In php I have no chance. I'm not very familiar with ldap, so I am kinda lost here.
Here some php code:
$ldap_host = "ldap://<dc>:389";
$ldap_user = "<username>";
$ldap_pw = "<pw>";
$ldap_domain = "<full domain>";
$connection = ldap_connect($ldap_host) or die("Could not connect to LDAP server.");
//$user = $ldap_user;
$user = $ldap_user."#".$ldap_domain;
//$user = $ldap_user;
//$user = "uid=".$ldap_user;
//$user = $ldap_domain."\\".$ldap_user;
//$user = "User=$ldap_user";
//$user = "cn=".$ldap_user;
//$user = "CN=".$ldap_user.",OU=<someOU>,OU=<someOU>,DC=<DC1>,DC=<DC2>";
ldap_bind($connection, $user, $ldap_pw);
You can see there some combinations I tried. In ldp.exe it is just the $ldap_user in the username field and $ldap_domain in the domain field. Imho atleast the user#domain and domain\user version should work. It is a kerberos domain, if thats important.
Well I don't think there are code errors. But how do I translate the generic function type of ldp.exe into php?
Here the error message to make it easier to find:
Warning: ldap_bind(): Unable to bind to server: Invalid credentials in ...
I would really appreciate some help.
EDIT: In ldp.exe I seem to use the SSPI method. I thought generic picks the method it self so far. Does it have something to do with ldap_sasl_bind() ? The server specifies on connection he is capable of the following:
supportedSASLMechanisms: GSSAPI; GSS-SPNEGO; EXTERNAL; DIGEST-MD5;
While only GSSAPI (SSPI ????) seems to work.
EDIT2: Here some other output of ldp.exe after an successful authentication:
res = ldap_bind_s(ld, NULL, &NtAuthIdentity, 1158); // v.3
{NtAuthIdentity: User='<username>'; Pwd= <unavailable>; domain = '<full domain'.}
Authenticated as dn:'<username>'.
Try specifying the port as well into a variable
$ldapPort = 389;
I would ignore the host part and just try connecting to your server (you have it as domain) Check to see if your ldap bind is working
// Handle login requests
$ds = ldap_connect($ldapServer, $ldapPort);
if (ldap_bind($ds, $user, $password)) {
// Successful auth
$_SESSION['lastactivity'] = time();
$_SESSION['username'] = $user;
$_SESSION['password'] = $password;
return $ds;
} else {
// Auth failed
header("Location: failpage.php?fail=1"); //bad credentials
exit;
}
Also for calling all the attributes, try http://blog.uta.edu/jthardy/2007/08/08/obtaining-user-information-from-ldap-using-php/
I am using a fairly straightforward php class emailtodb to import emails to a mysql database. Everything works perfectly as hoped when I use it to check email accounts on the local server. The issue is I took the connection script and put it on another server and now it cant connect. To summarize hopefully what im trying to say:
server1.com -accessing-> myemail#server1.com = works perfect
server2.com -accessing-> myemail#server1.com = Warning: imap_open() [function.imap-open]: Couldn't open stream
This is the code im using to connect to the server
$mysql_pconnect = mysql_pconnect($cfg["db_host"], $cfg["db_user"], $cfg["db_pass"]);
if(!$mysql_pconnect){echo "Connection Failed"; exit; }
$db = mysql_select_db($cfg["db_name"], $mysql_pconnect);
if(!$db){echo"DB Select Failed"; exit;}
$edb = new EMAIL_TO_DB();
$edb->connect('mail.MYSERVER.com', '/pop3:110/notls', $email, $pass);
$edb->do_action();
which actually goes to this function to actually connect (I believe)
function connect($host, $port, $login, $pass){
$this->IMAP_host = $host;
$this->IMAP_login = $login;
$this->link = imap_open("{". $host . $port."}INBOX", $login, $pass);
if($this->link) {
$this->status = 'Connected';
} else {
$this->error[] = imap_last_error();
$this->status = 'Not connected';
}
}
Finally I would say there is one major difference between the two servers, the new server has an SSL where the first does not so the new mail connection is going from HTTPS to HTTP but I dont know if that would have anything to do with it.
I was playing with this script just this evening. Have you tried something like this? (assuming you're switching from POP3 to IMAP with SSL)
$edb->connect('mail.server.com:993', '/imap/ssl/novalidate-cert', 'myname#server.com', 'password');
I discovered that my PHP environment didn't have PHP complied with IMAP-SSL (--with-imap-ssl in phpinfo() ), so that was causing some early problems for me too.