This is security issue. I've got a socket server that should be accessed only from the same server, in other words, only from localhost. I need to somehow check if remote user that trying to connect is not an outsider. Currently I've come up with:
socket_getpeername($current_socket, $client_address, $client_port);
if( $client_address == '127.0.0.1' )
{
//allow
}
But such approach is not the best one, because I need to socket_accept() any user before proceeding. Does anybody know how to handle it?
Accepting the socket and then dropping the connection is totally acceptable.
If you don't like it, you can set up a firewall rule in your OS to allow connections only from localhost.
My suggestion is that you make your socket listen only to 127.0.0.1. This way it's only connectable from localhost.
I assume you are using stream_socket_server()
$socket = stream_socket_server("udp://127.0.0.1:1113", $errno, $errstr, STREAM_SERVER_BIND);
if (!$socket) {
die("$errstr ($errno)");
}
Related
So Im trying to get my head wrapped around this....
I open the port
$remip = $_SERVER['SERVER_ADDR']; //Grab my server address
$fp = fsockopen($remip, 80, $errno, $errstr, 10);//Godaddy hosting only 80 and 443 ports work
//fsockopen(ip address , port, IDK, IDK, timeout delay)
so now the ports open or if not maybe some error checking to be sure
if (!$fp) { echo "$errstr ($errno)<br>\n"; exit; } //Not sure what this echos out but its clear how it stops errors
So now that the port is open any ip/client can connect on this port????
Ill assume I can now connect....
So on my client I open a socket to my server ip address port tcp connection.....
The php file includes something like
else {$out = "hello, 80\r\n"; //out specifies the string to be written , bytes to write
fwrite($fp, $out); //$fp is the handle
fclose($fp)}//close the connection
at this point ill assume that my client gets the hello written to it ..
finish up by closing the connection
Im entirely new to this so Im attempting to understand some sample code here...
So how long is this socket open for? If i want to keep this port open do i need to do a cron job to launch this file periodically.
Im 100% sure that I have got something wrong here so please set me straight.
I think you have a misconception of what fsockopen does. In your example your fsockopen does not actually open port 80 (as in opening a server socket), but it opens a client socket that connects to port 80 on the server itself. It actually does open a (client) port which gets a (not completely) random number.
After you connected using fsockopen you can send HTTP commands to the webserver such as GET /index.php
What you need to use is socket_listen() and socket_bind(). There are a few places in the docs that show you how to get PHP listening on a socket: http://www.php.net/manual/en/function.socket-listen.php
I suggest you read and try them out by simply testing then with a unix tool called netcat (nc <ip_address> <port> command normally)
I have a socket which connects to an irc server and sends some commands during the connection.
Seems like this:
$socket = #fsockopen(IRCIP, IRCPORT, $errno, $errstr, IMEOUT);
stream_set_timeout($socket, TIMEOUT);
fputs($socket, "SVSLIST\n");
But it takes a bit long (mostly, 0.5 second but sometimes its up to 1.5 second) Not to mention that both php script and the irc server works on the same machine.
So i would like to ask how can i speed up this process? I was using readfile with different kind of mechanism (building a httpd server as module in that irc server and redirect the readfile to do queries) to do that, it was pretty fast.. Is there a way to boost the speed?
Thanks.
The last parameter of fsockopen() is the timeout, set this to a low value to make the script complete faster, like this:
$socket = #fsockopen(IRCIP, IRCPORT, $errno, $errstr, 0.1);
Also... you have to know that this code:
$socket = fsockopen('www.mysite.com', 80);
Is way slower than:
$socket = fsockopen(gethostbyname('www.mysite.com'=, 80);
One last thing... if your script has to be run locally on the same machine of the IRC server, just use 127.0.0.1 to connect instead of the machine public IP address.
The hosting service that I use currently does not let me use sockets, probably for good reason on their part. They do, however, let me use fsockopen. I was wondering what the difference is, because some scripts that worked with socket_create and even stream_socket_server, do not work with fsockopen. That said, if fsockopen should work, my code is listed below. What it does is it listens on its own ip address for incoming udp packets and reads them.
Thanks
$sock = fsockopen("udp://x.x.x.x", $port);
while(1)
{
$buf = fread($sock, 200);
flush();
ob_flush();
}
fsockopen creates a connection to a host, not a listening socket.
fsockopen($address) ~== socket_connect(socket_create(), $address)
Your hosting provider doesn't want you listening on alternate ports/protocols.
If what you have works, I wouldn't count on it always working as it would be a bug.
Hey guys, I am trying to do some socket programming in PHP.
So I am running a socket "server":
$address = '127.0.0.1';
$port = '9999';
$masterSocket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
socket_set_option($masterSocket, SOL_SOCKET, SO_REUSEADDR, 1);
socket_bind($masterSocket, $address, $port);
socket_listen($masterSocket, 5);
$clientSocket = socket_accept($masterSocket);
So I open up SSH and run this script. It is running, no errors.
Then I have another PHP script which attempts to connect to this:
$fp = fsockopen("me.com", 9999, $errno, $errstr, 30);
fclose($fp);
but it's giving me:
Warning: fsockopen(): unable to connect to me.com:9999 (Connection refused)
How do I begin to fix this?
You haven't finished the listening socket sequence, you need to call socket_accept to accept new connections. There is an example in the comments in the PHP documentation.
$clients = array();
$socket = socket_create(AF_INET,SOCK_STREAM,SOL_TCP);
socket_bind($socket,'127.0.0.1',$port);
socket_listen($socket);
socket_set_nonblock($socket);
while(true)
{
if(($newc = socket_accept($socket)) !== false)
{
echo "Client $newc has connected\n";
$clients[] = $newc;
}
}
http://php.net/manual/en/function.socket-accept.php
1) Check if the port is firewalled off. You could use telnet to check this.
2) See if it works when the client and server are on the same machine (I'm guessing from your mention of SSH that the server is remote).
3) If it works locally and you can hit the remote port using other tools then it's going to be tricky. I'd suggest you wail and gnash your teeth for a bit; I'm out of ideas.
EDIT: Heh. Or you could just read Steve-o's answer. Teeth-gnashing is still an option.
I know you said that "me.com" is an example but, just to be sure, socket_bind is expecting an IP address.
From http://php.net/manual/en/function.socket-bind.php :
address
If the socket is of the
AF_INET family, the address is an IP
in dotted-quad notation (e.g.
127.0.0.1).
If the socket is of the AF_UNIX
family, the address is the path of a
Unix-domain socket (e.g.
/tmp/my.sock).
I know the question is very old, but if someone still has this problem, make sure you connect to the SAME address you are listening on,
For example, If you're listening on 127.0.0.1 and your Machine address is me.com, you won't be able to connect to me.com with it, for that you'll have to listen on me.com.
Listening on: localhost:8088
Can only connect via: localhost:8088 // not via me.com:8088
Listening on: me.com:8088
Can only connect via: me.com:8088 // not via localhost:8088
I'm trying to connect to gmail pop server from a phplist installation and it fails, but i'm not sure whether my webhost opened port 995 or not. They say they have opened it, but i'm in doubt. Is there a way i can check it from a php script? They are running php 5.2.0 on a windows server, though i'm not sure what OS is that. phpinfo() says "Windows NT DEDI514 5.2 build 3790"
You can put code in a php script to open a connection to a specific hostname (or IP address) and port.
If you know the expected response, you should be able to tell if you are getting a connection. If you get something like "Connection refused", then either you are being blocked, or the destination host is not accepting connections on that port.
This example uses IP address 192.0.2.0 and port 995. Replace these with whatever you want to test.
<?php
echo "\nOpening connection\n\n";
$fp = fsockopen("192.0.2.0", 995, $errno, $errstr);
if (!$fp) {
echo "ERROR: $errno - $errstr\n";
} else {
echo fread($fp, 1024);
fclose($fp);
}
?>
You can also send data to the server using
fwrite($fp, "blah blah blah\r\n");
There is more information about fsockopen here.
I think you'll need to ping or traceroute to a machine that will respond on that port.
This article should have much more than you want to know, but there's an example script at the bottom that you can modify to test.
http://www.planet-source-code.com/vb/scripts/ShowCode.asp?lngWId=8&txtCodeId=1786
There are some other scripts here:
http://www.theworldsend.net/
I can't vouch for any of these personally, but they look like what you need.
And, of course, if you can ssh or telnet into your server, you can do all this much more easily using the ping and traceroute commands.
Maybe safe mode is active? This prevents calling services on other servers.
Edit:
All filesystem and stream functions are affected by the safe mode settings!
The open_basedir setting affects fopen()!