I seem to be unable to use php to securely bind to Active Directory. Unencrypted connections work fine. Using other clients are able to securely bind, e.g. connecting using LDAPAdmin over SSL. What is the problem here? Is there some LDAP SSL module that I'm missing? How to securely bind to the server using php?
I noticed from phpinfo() that cURL has support for ldap/ldaps - what is a good example on utilizing this to perform secure bind in php? Is this a viable workaround?
phpinfo();
ldap
LDAP Support enabled
RCS Version $Id: ldap.c 293036 2010-01-03 09:23:27Z sebastian $
Total Links 0/unlimited
API Version 3001
Vendor Name OpenLDAP
Vendor Version 20421
SASL Support Enabled
Attempting to bind to an Active Directory server using PHP Version 5.3.2-1ubuntu4.7 from Ubuntu 10.04 repo
$username = 'user';
$password = 'passwd';
$account_suffix = '#example.com';
$hostnameSSL = 'ldaps://ldap.example.com:636';
$hostnameTLS = 'ldap.example.com';
$portTLS = 389;
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
// Attempting fix from http://www.php.net/manual/en/ref.ldap.php#77553
putenv('LDAPTLS_REQCERT=never');
####################
# SSL bind attempt #
####################
// Attempting syntax from http://www.php.net/manual/en/function.ldap-bind.php#101445
$con = ldap_connect($hostnameSSL);
if (!is_resource($con)) trigger_error("Unable to connect to $hostnameSSL",E_USER_WARNING);
// Options from http://www.php.net/manual/en/ref.ldap.php#73191
if (!ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3))
{
trigger_error("Failed to set LDAP Protocol version to 3, TLS not supported",E_USER_WARNING);
}
ldap_set_option($con, LDAP_OPT_REFERRALS, 0);
if (ldap_bind($con,$username . $account_suffix, $password)) die('All went well using SSL');
ldap_close($con);
####################
# TLS bind attempt #
####################
$con = ldap_connect($hostnameTLS,$portTLS);
ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($con, LDAP_OPT_REFERRALS, 0);
$encrypted = (ldap_start_tls($con));
if ($encrypted) ldap_bind($con,$username . $account_suffix, $password); // Unecrypted works, but don't want logins sent in cleartext
ldap_close($con);
#####################
# SASL bind attempt #
#####################
$con = ldap_connect($hostnameTLS,$portTLS);
ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($con, LDAP_OPT_REFERRALS, 0);
ldap_sasl_bind($con, NULL, $password, 'DIGEST-MD5', NULL, $username. $account_suffix);
ldap_close($con);
All of the above fails. Errors from log:
ldap_create
ldap_url_parse_ext(ldaps://ldap.example.com:636)
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldap.example.com:636
ldap_new_socket: 27
ldap_prepare_socket: 27
ldap_connect_to_host: Trying 1.1.1.1:636
ldap_pvt_connect: fd: 27 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
ldap_result ld 0x215380c0 msgid 1
wait4msg ld 0x215380c0 msgid 1 (infinite timeout)
wait4msg continue ld 0x215380c0 msgid 1 all 1
** ld 0x215380c0 Connections:
* host: ldap.example.com port: 636 (default)
refcnt: 2 status: Connected
last used: Thu Mar 10 11:15:53 2011
** ld 0x215380c0 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x215380c0 request count 1 (abandoned 0)
** ld 0x215380c0 Response Queue:
Empty
ld 0x215380c0 response count 0
ldap_chkResponseList ld 0x215380c0 msgid 1 all 1
ldap_chkResponseList returns ld 0x215380c0 NULL
ldap_int_select
read1msg: ld 0x215380c0 msgid 1 all 1
ldap_err2string
[Thu Mar 10 11:15:53 2011] [error] [client ::1] PHP Warning: ldap_bind() [<a href='function.ldap-bind'>function.ldap-bind</a>]: Unable to bind to server: Can't contact LDAP server in /..test.php on line 28
[Thu Mar 10 11:15:53 2011] [error] [client ::1] PHP Stack trace:
[Thu Mar 10 11:15:53 2011] [error] [client ::1] PHP 1. {main}() /..test.php:0
[Thu Mar 10 11:15:53 2011] [error] [client ::1] PHP 2. ldap_bind() /..test.php:28
ldap_free_request (origid 1, msgid 1)
ldap_free_connection 1 1
ldap_free_connection: actually freed
ldap_create
ldap_err2string
[Thu Mar 10 11:15:53 2011] [error] [client ::1] PHP Warning: ldap_start_tls() [<a href='function.ldap-start-tls'>function.ldap-start-tls</a>]: Unable to start TLS: Not Supported in /..test.php on line 37
[Thu Mar 10 11:15:53 2011] [error] [client ::1] PHP Stack trace:
[Thu Mar 10 11:15:53 2011] [error] [client ::1] PHP 1. {main}() /..test.php:0
[Thu Mar 10 11:15:53 2011] [error] [client ::1] PHP 2. ldap_start_tls() /..test.php:37
ldap_create
ldap_sasl_interactive_bind_s: user selected: DIGEST-MD5
ldap_err2string
[Thu Mar 10 11:15:53 2011] [error] [client ::1] PHP Warning: ldap_sasl_bind() [<a href='function.ldap-sasl-bind'>function.ldap-sasl-bind</a>]: Unable to bind to server: Not Supported in /..test.php on line 47
[Thu Mar 10 11:15:53 2011] [error] [client ::1] PHP Stack trace:
[Thu Mar 10 11:15:53 2011] [error] [client ::1] PHP 1. {main}() /..test.php:0
[Thu Mar 10 11:15:53 2011] [error] [client ::1] PHP 2. ldap_sasl_bind() /..test.php:47
Looking at ssl response:
>> openssl s_client -connect my.example.com:636 -prexit
(...)
SSL handshake has read 5732 bytes and written 443 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID: 111111111111111111111111
Session-ID-ctx:
Master-Key: AAAAAAAAAAAAAAAAAAAAA
Key-Arg : None
Start Time: 1299071105
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Results from 'strace php test.php' :
write(2, " refcnt: 2 status: Connected\n", 31 refcnt: 2 status: Connected
) = 31
write(2, " last used: Tue Mar 15 10:59:19"..., 39 last used: Tue Mar 15 10:59:19 2011
) = 39
write(2, "\n", 1
) = 1
write(2, "** ld 0x954e0b8 Outstanding Requ"..., 38** ld 0x954e0b8 Outstanding Requests:
) = 38
write(2, " * msgid 1, origid 1, status In"..., 41 * msgid 1, origid 1, status InProgress
) = 41
write(2, " outstanding referrals 0, pare"..., 43 outstanding referrals 0, parent count 0
) = 43
write(2, " ld 0x954e0b8 request count 1 ("..., 45 ld 0x954e0b8 request count 1 (abandoned 0)
) = 45
write(2, "** ld 0x954e0b8 Response Queue:\n", 32** ld 0x954e0b8 Response Queue:
) = 32
write(2, " Empty\n", 9 Empty
) = 9
write(2, " ld 0x954e0b8 response count 0\n", 32 ld 0x954e0b8 response count 0
) = 32
write(2, "ldap_chkResponseList ld 0x954e0b"..., 48ldap_chkResponseList ld 0x954e0b8 msgid 1 all 1
) = 48
write(2, "ldap_chkResponseList returns ld "..., 47ldap_chkResponseList returns ld 0x954e0b8 NULL
) = 47
write(2, "ldap_int_select\n", 16ldap_int_select
) = 16
poll([{fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, -1) = 1 ([{fd=3, revents=POLLIN}])
write(2, "read1msg: ld 0x954e0b8 msgid 1 a"..., 37read1msg: ld 0x954e0b8 msgid 1 all 1
) = 37
read(3, "", 8) = 0
write(2, "ldap_err2string\n", 16ldap_err2string
) = 16
write(2, "PHP Warning: ldap_bind(): Unabl"..., 158PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in
And I do have the /etc/ldap.conf fix with 'TLS_REQCERT never' - even though this fix is for a different error, which gives a fairly clear error message.
Did you see the comment on the PHP.net page about missing permissions on some cert store that does this:
http://de3.php.net/manual/en/function.ldap-connect.php
bleathem 27-Feb-2008 10:30
Everyone is posting about getting ldaps:// working in a WAMP/AD stack, I had a tough time finding how to get it going in RHEL 5.1 (w/ all stock rpms). Good old strace did the trick and helped me find the problem... Turns out php was looking for the CA file in /etc/pki/CA, and I didn't have the correct permissions on the folder. chmod'ing it to 755 solved my "Can't contact LDAP server" message.
So maybe thats your issue too. If not you should give either strace or wireshark a try to catch the syscalls and network transmissions and figure out what goes wrong. One of the two will show it clearly.
this is how i do it:
<?php
$username = ''; // username to check
$password = ''; // password to check
/**
* Is it an Active Directory?
*
* <pre>
* true = yes
* set the following values:
* SDB_AUTH_LDAP_HOST
* SDB_AUTH_LDAP_SSL
* SDB_AUTH_LDAP_BASE
* SDB_AUTH_LDAP_SEARCH
* SDB_AUTH_LDAP_USERDOMAIN
* false = no, you have to supply an hostname
* and configure the following values:
* SDB_AUTH_LDAP_HOST
* SDB_AUTH_LDAP_PORT
* SDB_AUTH_LDAP_SSL
* SDB_AUTH_LDAP_BASE
* SDB_AUTH_LDAP_SEARCH
* SDB_AUTH_LDAP_USERDOMAIN
* </pre>
* #see SDB_AUTH_LDAP_HOST
*/
define('SDB_AUTH_IS_AD', true);
/**
* Domain name of the LDAP Host or of the AD-Domain
*/
define('SDB_AUTH_LDAP_HOST', 'your-domain.tld');
/**
* LDAP Port?
*
* if {#link SDB_AUTH_IS_AD} = true, then the port will be read form DNS.
*/
define('SDB_AUTH_LDAP_PORT', '389');
/**
* Use LDAPS (true) oder LDAP (false) connection?
*/
define('SDB_AUTH_LDAP_SSL', false);
/**
* LDAP Base
*/
define('SDB_AUTH_LDAP_BASE', 'CN=Users,DC=your-domain.tld,DC=de');
/**
* LDAP Search, to find a user
*
* %s will be replaced by the username.<br>
* z.B. CN=%s
*/
define('SDB_AUTH_LDAP_SEARCH', '(&(sAMAccountName=%s)(objectclass=user)(objectcategory=person))');
/**
* Die LDAP Domain des Benutzers
*
* if the username doesnt contain a domain append this domain to it.<br>
* in case this is empty, nothing will be appended.
*/
define('SDB_AUTH_LDAP_USERDOMAIN', 'your-domain.tld');
/**
* Path to LDAP Search
*
* Will give back better error messages
* ( leave empty in case you don't want to have it. )
*/
define('SDB_AUTH_LDAP_SEARCHBIN', '/usr/bin/ldapsearch');
$ldap_error_codes=array(
'525' => 'Username doesnt exist.',
'52e' => 'Wrong password.',
'530' => 'You cannot login at this time.',
'531' => 'You cannot login from this host.',
'532' => 'Your password was expired.',
'533' => 'Your account has been deactivated.',
'701' => 'Your account was expired.',
'773' => 'Please set another password (at your workstation) before you login.',
'775' => 'Your account has been locked.',
);
if(SDB_AUTH_LDAP_SSL) $dcs=dns_get_record("_ldaps._tcp.".SDB_AUTH_LDAP_HOST, DNS_SRV); else $dcs=dns_get_record("_ldap._tcp.".SDB_AUTH_LDAP_HOST, DNS_SRV);
shuffle($dcs);
$_LDAP_ATTRS=array('cn', 'sn', 'description', 'givenName', 'distinguishedName', 'displayName', 'memberOf', 'name', 'sAMAccountName', 'sAMAccountType', 'objectClass', 'objectCategory');
if(SDB_AUTH_LDAP_USERDOMAIN!='' && strstr($username, '#')===false) {
$username=$username.'#'.SDB_AUTH_LDAP_USERDOMAIN;
}
$status=array();
$status['CN']='';
$status['displayName']='';
$status['description']='';
$status['distinguishedName']='';
$status['groups']=array();
$status['RC']=array();
$status['connected']=false;
$status['user_exists']=false;
$status['is_in_team']=false;
foreach($dcs as $_LDAP_HOST) {
$_LDAP_PORT=$_LDAP_HOST['port'];
$_LDAP_HOST=$_LDAP_HOST['target'];
// check connection first ( http://bugs.php.net/bug.php?id=15637 )
$sock=#fsockopen($_LDAP_HOST, $_LDAP_PORT, $errno, $errstr, 1);
#fclose($sock);
if($errno!=0) continue;
// then do a "connect"... ( the real connect happens with bind )
$ds=#ldap_connect(( SDB_AUTH_LDAP_SSL ? "ldaps://" : "ldap://" ).$_LDAP_HOST.":".$_LDAP_PORT."/");
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
// are we connected? actually, this will always return true
if(is_resource($ds)) {
$status['connected']=true;
// login sucessful? actually also connection test
if(#ldap_bind($ds, $username, $password)) {
// search
$sr=ldap_search($ds, SDB_AUTH_LDAP_BASE, sprintf(SDB_AUTH_LDAP_SEARCH, $usernode), $_LDAP_ATTRS);
// suche successful?
if(is_resource($sr)) {
// fetch entries
$info = ldap_get_entries($ds, $sr);
if(isset($info['count']) && $info['count']>0) {
$status['user_exists']=true;
}
// close search result
ldap_free_result($sr);
$status['CN']=$info[0]['cn'][0];
$status['description']=$info[0]['description'][0];
$status['displayName']=$info[0]['displayname'][0];
$status['distinguishedName']=$info[0]['distinguishedname'][0];
// is the user in the dexteam?
for($i=0; $i<$info[0]['memberof']['count']; $i++) {
$status['groups'][]=$info[0]['memberof'][$i];
// IS IN TEAM CHECK
if(substr($info[0]['memberof'][$i], 0, strlen('CN=DexTeam,'))=='CN=DexTeam,') $status['is_in_team']=true;
}
$status['RC']['code']=ldap_errno($ds);
$status['RC']['string']=ldap_error($ds);
ldap_close($ds);
break;
}
else {
$status['RC']['code']=ldap_errno($ds);
$status['RC']['string']=ldap_error($ds);
ldap_close($ds);
break;
}
}
else {
$status['RC']['code']=ldap_errno($ds);
$status['RC']['string']=ldap_error($ds);
// do we want better error messages?
if(SDB_AUTH_LDAP_SEARCHBIN!='' && is_executable(SDB_AUTH_LDAP_SEARCHBIN)) {
$status['RC']['ldapsearchrc']='';
$status['RC']['ldapsearchtxt']=array();
exec(SDB_AUTH_LDAP_SEARCHBIN.' -x -H '.escapeshellarg(( SDB_AUTH_LDAP_SSL ? "ldaps://" : "ldap://" ).$_LDAP_HOST.":".$_LDAP_PORT."/").' -D '.escapeshellarg($username).' -w '.escapeshellarg($password).' 2>&1', $status['RC']['ldapsearchtxt'], $status['RC']['ldapsearchrc']);
if($status['RC']['ldapsearchrc']!=0) {
if(preg_match("/data ([^, ]+),/", $status['RC']['ldapsearchtxt'][1], $matches)) {
if(isset($ldap_error_codes[$matches[1]])) {
$status['RC']['code']=$matches[1];
$status['RC']['string']=$ldap_error_codes[$matches[1]];
}
}
unset($status['RC']['ldapsearchrc']);
unset($status['RC']['ldapsearchtxt']);
}
}
ldap_close($ds);
break;
}
}
else {
continue;
}
}
did you enable the certificate? i know there was a problem, when the certifiacte gets refused. edit the "/etc/ldap/ldap.conf" and add "TLS_REQCERT never"
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
TLS_REQCERT never
however, to me it works with ldap and ldaps:
it might be a configuration issue with the ad configuration. maybe lower certain security limitations...
OR it might be also a php / ldap lib issue. Try to update to newer versions :)
I was finally able to get things working on my Windows machine by reading the following PHP bug thread:
http://bugs.php.net/bug.php?id=48866
Unfortunately, this is Windows specific but it got me at least going in the right direction now in my testing (I know it should work from PHP now on my web server...so long as I have ldap.conf configured correctly). On Windows with PHP 5.3 I needed to add the ldap.conf file into the root of my C: drive (other examples I had seen online had been placing it in C:\openldap\sysconf which wasn't working).
TLS still doesn't work exactly (it gives me a "unable to start tls: can't contact LDAP server" message), but SSL does appear to be working and I was able to update a password for an account in my test script.
I'm guessing the ldap.conf file just needs to be setup similarly on my web server and I should hopefully be in business (I'm just not sure if the one that's already there is the one I need to modify or if I need to create an additional one). I'll see if I can report back on that front.
Does your Active Directory have LDAPS enabled? If so, get the Trusted Root of the CA's key into the trusted root keystore.
As my code is working fine with CentOS, I conclude that the problem is not programming specific. I have not been able to get it running in my Ubuntu environment as of yet, but I assume this is a bug in my server software.
What saved my day after reading and trying out solutions from allover the web and SO, was to use a ldaps uri without the port specified in it.
So instead of this: ldaps://example.com:636 I had to use this: ldaps://example.com and it now works like a charm.
I was setting this up on Ubuntu 16.04 with PHP7.3 runing through Nginx and php-fpm.
A full code example:
try{
$ldapUri = "ldaps://example.com";
$ldapUsername = 'username';
$ldapPassword = 'password';
$ldapConn = ldap_connect($ldapUri);
if($ldapConn){
ldap_set_option($ldapConn,LDAP_OPT_NETWORK_TIMEOUT,10);
if(!ldap_set_option($ldapConn,LDAP_OPT_PROTOCOL_VERSION,3)){
print 'Failed to set ldap protocol to version 3<br>';
}
ldap_set_option($ldapConn, LDAP_OPT_REFERRALS,0);
$ldapBind = ldap_bind($ldapConn, $ldapUsername, $ldapPass);
if ($ldapBind) {
echo "LDAP bind successful...";
//DO LDAP search and stuff
ldap_unbind($ldapConn);
} else {
echo "LDAP bind failed...";
}
}
}catch(Exception $e){
print($e->getMessage();
}
Related
i want to ask about the problem i'm having. I'm using 2 desktops i.e. ubuntu and mint, when I run my code on ubuntu it runs smoothly. but if i run on mint desktop i have an error that says "Symfony\Component\ErrorHandler\Error\FatalError
Maximum execution time of 60 seconds exceeded"
and i get this log on my terminal
Starting Laravel development server: http://127.0.0.1:8000
[Tue Nov 9 16:18:53 2021] PHP 8.0.12 Development Server (http://127.0.0.1:8000) started
[Tue Nov 9 16:18:55 2021] 127.0.0.1:38908 Accepted
[Tue Nov 9 16:18:55 2021] 127.0.0.1:38910 Accepted
[Tue Nov 9 16:20:22 2021] PHP Fatal error: Maximum execution time of 60 seconds exceeded in /home/aditya/Documents/Laravel/eyrin/vendor/symfony/polyfill-mbstring/Mbstring.php on line 632
[Tue Nov 9 16:20:23 2021] 127.0.0.1:38908 Closing
[Tue Nov 9 16:20:23 2021] 127.0.0.1:38910 Closed without sending a request; it was probably just an unused speculative preconnection
[Tue Nov 9 16:20:23 2021] 127.0.0.1:38910 Closing
and this is code on controller
$store = Store::where('user_id',Helper::getSession('user_id'))->first();
$match_report = [];
$top_weekly_product = [];
$compressed_date = [];
$uncompressed_date = Report::where('store_id',$store->id)->whereBetween('created_at', [Carbon::now()->startOfWeek(), Carbon::now()->endOfWeek()])->select('created_at')->distinct()->get();
foreach ($uncompressed_date as $item) {
if(!in_array(Carbon::parse($item['created_at'])->format('d/m/Y'),$match_report)){
$match_report[] = Carbon::parse($item['created_at'])->format('d/m/Y');
$compressed_date[] = $item;
}
}
$match_report = [];
$compressed_weekly_product = [];
$uncompressed_weekly_product = Report::where('store_id',$store->id)->whereBetween('created_at', [Carbon::now()->startOfWeek(), Carbon::now()->endOfWeek()])->get()->map(function($report){
return [
'product_name'=>$report->product_name,
'product_variant'=>$report->product_variant,
'product_sku'=>$report->product_sku,
'weekly_amount'=>sizeof(Report::where(['store_id'=>$report->store_id, 'product_sku'=>$report->product_sku])->whereBetween('created_at', [Carbon::now()->startOfWeek(), Carbon::now()->endOfWeek()])->get())
];
});
foreach ($uncompressed_weekly_product as $item) {
if(!in_array($item['product_sku'],$match_report)){
$match_report[] = $item['product_sku'];
$compressed_weekly_product[] = $item;
}
}
foreach ($compressed_weekly_product as $key => $item) {
$rows = [];
foreach ($compressed_date as $obj) {
$rows[] = sizeof(Report::where(['store_id'=>$store->id, 'product_sku'=>$item['product_sku']])->whereDate('created_at', Carbon::parse($obj['created_at']))->get());
}
$compressed_weekly_product[$key]['daily_amount'] = $rows;
}
foreach ($compressed_date as $key => $item) {
$compressed_date[$key]['formated'] = Carbon::parse($item->created_at)->format('m/d/Y');
}
$match_report = [];
usort($compressed_weekly_product, function($a, $b) {
return $a['weekly_amount'] > $b['weekly_amount'] ? -1 : 1;
});
foreach ($compressed_weekly_product as $item) {
if(sizeof($top_weekly_product) < 3){
$top_weekly_product[] = $item;
}
}
//testing
$growth_percentage = 1.8;
return view('panel.outlet.dashboard.index', [
'is_dashboard'=>true,
'total_customer'=>sizeof(Customer::where('store_id',$store->id)->get()),
'total_revenue'=>Order::where('store_id',$store->id)->whereIn('status',['2','3','-'])->sum('total_amount'),
'total_order'=>sizeof(Order::where('store_id',$store->id)->get()),
'total_sales'=>sizeof(Order::where('store_id',$store->id)->whereIn('status',['2','3','-'])->get()),
'total_product'=>sizeof(Product::where('store_id',$store->id)->get()),
'total_sales_income'=>Order::where('store_id',$store->id)->whereIn('status',['2','3','-'])->sum('total_amount'),
'growth_percentage'=>round($growth_percentage,2),
'lastest_order'=>Order::where(['store_id'=>$store->id,'type'=>'app'])->orderBy('id','DESC')->limit(10)->get(),
'report_date'=>$compressed_date,
'top_weekly_product'=>$top_weekly_product,
'weekly_product'=>$compressed_weekly_product,
'weekly_report'=>DailyReport::where('store_id',$store->id)->whereBetween('created_at', [Carbon::now()->startOfWeek(), Carbon::now()->endOfWeek()])->get()]);
}
can anyone help me with this problem? i had a similar experience when i tried to truncrate a string in my blade view. does it have something to do with the configuration in my php.ini?
thankss i hope get solution for this problem...
This error appends when the max_execution_time of your PHP is reached. From the look of your error, it is probably set to 60 seconds.
You can increase this limit directly into your php.ini file (see with the command php --ini where it is located on your machine) or try to optimize your code.
If you don't want to edit the max_execution_time permanently, you can also add the instruction:
set_time_limit($seconds);
at the beginning of your script. I would not recommend this solution.
You can set it in the php.ini file in the max_execution_time variable, the default is 60 seconds, you can change it according to your needs
Symfony\Component\ErrorHandler\Error\FatalError
Maximum execution time of 60 seconds exceeded
There was a problem with the route. check your web.php
Route::get('feedback', 'App\Http\Controllers\FeedBackController#index')->name('feedback.index');
changed to
Route::get('cfeedback', 'App\Http\Controllers\FeedBackController#index')->name('feedback.index');
added only c in before feedback
I was having the same issue.
Running php via software collection the mbstring package was not installed.
# dnf install -y php73-php-mbstring
# systemctl restart php73-php-fpm
After installing packages and restarting service it was working well.
In your php.ini file, Uncomment extension=mbstring and you will see the error goes away.
I have a script using com_dotnet, that makes PHP segfault (not sure if segfault is the technical correct term) under certain circumstances.
Using PHP 7.4.2 NTS 32bit on Windows 2019 64bit. The same error happens when using FCGI or CLI. The same script worked will with PHP 7.0.30.
In case of FCGI, only this error is in the Apache log:
[...] [fcgid:warn] [pid ...] (OS 109)The pipe has been ended. : [client ...] mod_fcgid: get overlap result error
[...] [fcgid:warn] [pid ...] (OS 109)The pipe has been ended. : [client ...] mod_fcgid: ap_pass_brigade failed in handle_request_ipc function
In the event log, Application log, there is an Application Error event with id 1000:
Faulting application name: php-cgi.exe, version: 7.4.2.0, time stamp: 0x5e273bd1
Faulting module name: php7.dll, version: 7.4.2.0, time stamp: 0x5e274c52
Exception code: 0xc0000005
Fault offset: 0x004a1554
Faulting process id: 0x1d3c
Faulting application start time: 0x01d5e7035b9ba103
Faulting application path: F:\wamp\bin\php\php7.4.2nts86\php-cgi.exe
Faulting module path: F:\wamp\bin\php\php7.4.2nts86\php7.dll
Report Id: 83f813df-1bda-48f9-89f6-2374f9b04af5
Faulting package full name:
Faulting package-relative application ID:
And event 1001 Windows Error Reporting
Fault bucket 1785407568804712926, type 1
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: php-cgi.exe
P2: 7.4.2.0
P3: 5e273bd1
P4: php7.dll
P5: 7.4.2.0
P6: 5e274c52
P7: c0000005
P8: 004a1554
P9:
P10:
Attached files:
[Temp files no longer on disk]
These files may be available here:
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_php-cgi.exe_db93fdd1eb9fce3ac32a6e96e418914fb9fca_32a55e52_0a30ae4b
Analysis symbol:
Rechecking for solution: 0
Report Id: 83f813df-1bda-48f9-89f6-2374f9b04af5
Report Status: 268435456
Hashed bucket: 85fc32c6322e070cd8c70ab96de611de
Cab Guid: 0
The WER\ReportArchive-file does not seem to contain interesting data.
I was not able to locate the exact place in the code where the fault is happening. It happens while reading data using the com_dotnet module.
if($this->statement->State == 1){
$result = [];
while(!$this->statement->EOF) {
$row = [];
for( $x = 0; $x < $this->statement->Fields->Count; $x++) {
$name = $this->statement->Fields[$x]->Name;
$value = $this->statement->Fields[$x]->Value;
$row[$name] = $value;
}
$this->statement->MoveNext();
$result[] = $row;
}
return $result;
}
The fault appears all tested data sources as soon as I read more than 9000 to 9500 rows. It does not seem to be related to the data itself.
The minimum code that leads to a fault is:
if($this->statement->State == 1){
$result = [];
while(!$this->statement->EOF) {
$row = [];
$row[] = ''; // <==
$this->statement->MoveNext();
$result[] = $row; // <==
}
return $result;
}
There is no fault when I remove either of the two lines marked with an arrow. Here the content of $result and the com-object are completely unrelated, and even so, PHP faults if there are more than 9000 loops. The number of lines leading to the fault does not seem to change neither with the data source, neither between the two code snippets above.
This here interestingly does not fault, even though $row = ['']; is functionally equivalent to $row = []; $row[] = ''; (above).
if($this->statement->State == 1){
$result = [];
while(!$this->statement->EOF) {
$row = [''];
$this->statement->MoveNext();
$result[] = $row;
}
return $result;
}
Here I'm at the end of my knowledge. Things do not seem to behave logically anymore. How could I narrow down the problem ? Any advice ?
Edit: PHP 7.3.15 is not affected, only PHP 7.4.2.
I'm tryng to implement this discovery message for Yeelight lamp (link to manual: http://www.yeelight.com/download/Yeelight_Inter-Operation_Spec.pdf)
The searching message generated by 3rd device should follow below format and rules and
being sent to multi-cast address 239.255.255.250:1982 over UDP.
-------------------------------------------------------------
M-SEARCH * HTTP/1.1
HOST: 239.255.255.250:1982
MAN: "ssdp:discover"
ST: wifi_bulb
-------------------------------------------------------------
1. The start line must be "M-SEARCH * HTTP/1.1" without any leading LWP.
2. "HOST" header is optional, if it's present, the value should be "239.255.255.250:1982".
3. "MAN" header is required. The value for "MAN" header must be "ssdp:discover",
double quotes included.
4. "ST" header is required. The value for "ST" header must be "wifi_bulb".
5. The headers are case-insensitive while the start line and all the header values are case
sensitive. Each line should be terminated by "\r\n".
I admit: I'm not able to work with socket, so I did try and failed (no answer, on var dump only "int(116)").
$discover_message = "M-SEARCH * HTTP/1.1\r\n
HOST: 239.255.255.250:1982\r\n
MAN: \"ssdp:discover\"\r\n
ST: wifi_bulb\r\n";
$socket=socket_create(AF_INET, SOCK_DGRAM, SOL_UDP) or die("Cannot create a socket");
socket_connect($socket,'239.255.255.250','1982') or die("Couldnot connect to socket");
$ret = socket_sendto($socket,$discover_message,strlen($discover_message),0,'239.255.255.250','1982');
socket_set_nonblock($socket);
var_dump($ret);
I did try also add
$socket=socket_create(AF_INET, SOCK_DGRAM, SOL_UDP) or die("Cannot create a socket");
socket_connect($socket,'239.255.255.250','1982') or die("Couldnot connect to socket");
$ret = socket_sendto($socket,$discover_message,strlen($discover_message),0,'239.255.255.250','1982');
socket_set_nonblock($socket);
var_dump($ret);
$sec = 0;
$usec = $sec === null ? null : (($sec - floor($sec)) * 1000000);
$r = array($socket);
while (socket_select($r, $x, $x, $sec, $usec)) {
$data = socket_read($socket, 4096, PHP_BINARY_READ);
var_dump($data);
}
(reading how implemented on another github project, this one uses a packagist socket that wrapper socket itself)
but I get the int(116) again.
The answer need to be (as stated by manual)
-------------------------------------------------------------
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Date:
Ext:
Location: yeelight://192.168.1.239:55443
Server: POSIX UPnP/1.0 YGLC/1
id: 0x000000000015243f
model: color
fw_ver: 18
support: get_prop set_default set_power toggle set_bright start_cf stop_cf set_scene
cron_add cron_get cron_del set_ct_abx set_rgb
power: on
bright: 100
color_mode: 2
ct: 4000
rgb: 16711680
hue: 100
sat: 35
name: my_bulb
-------------------------------------------------------------
How get my list of lamp, as stated on the manual?
Thank you
I am trying to write a piece of php code with zend framework. I`m using zend_http_client.The code works randomly!I mean , It works fine sometimes and sometimes get an empty page and this error from Apache error log :
[Mon May 27 16:46:37 2013] [error] [client 4.4.4.4] PHP Warning: require_once(/var/www/my.somesite.com/library/Zend/Http/Client/Adapter/Exception.php): failed to open stream: Too many open files in /var/www/my.somesite.com/library/Zend/Http/Client/Adapter/Socket.php on line 222
[Mon May 27 16:46:37 2013] [error] [client 4.4.4.4] PHP Fatal error: require_once(): Failed opening required 'Zend/Http/Client/Adapter/Exception.php' (include_path='/var/www/my.somesite.com/application/../library:../application/models:.:/usr/share/php:/usr/share/pear') in /var/www/my.somesite.com/library/Zend/Http/Client/Adapter/Socket.php on line 222
[Mon May 27 16:46:37 2013] [error] [client 4.4.4.4] PHP Fatal error: Undefined class constant 'PRIMARY_TYPE_NUM' in /var/www/my.somesite.com/library/Zend/Session/SaveHandler/DbTable.php on line 522
php code sth like this :
public function Request($server_method, $params_arr) {
$httpClient = new Zend_Http_Client;
$httpClient->setConfig(array('timeout' => '900'));
$client = new Zend_XmlRpc_Client ( Zend_Registry::getInstance ()->config->ibs->xmlrpc_url ,$httpClient);
$request = new Zend_XmlRpc_Request ( );
$response = new Zend_XmlRpc_Response ( );
$request->setMethod ( $server_method );
$request->setParams ( array ($params_arr ) );
$client->doRequest ( $request, $response );
if ($response->isFault ()) {
$fault = $response->getFault ();
//echo '<pre>' . $fault->getCode () . '' . $fault->getMessage () . '</pre>';
$this->response = array (FALSE, $fault->getMessage () );
return array (FALSE, $fault->getMessage () );
}
//return $response;
$this->response = array (TRUE, $response->getReturnValue () );
return array (TRUE, $response->getReturnValue () );
//var_dump($response->getReturnValue());
}
Where is the problem ?
The problem may be not related to your method itself.
You are opening many files and not closing them (a socket count as a file open too). The socket adapter itself has a configuration called persistent, set false to prevent TCP reuse.
Try to check if your http client is properly destroyed at end of use and is not refered in another place of your code (that prevents garbage collector cleaning).
More info:
Check the limits with ulimit -aH (max limit for number of open files)
There some numbers too in /etc/security/limits.conf
soft nofile 1024 <- Soft limit
hard nofile 65535 <- Hard limit
You could increase ulimit by ulimit -n 65535 and echo 65535 > /proc/sys/fs/file-max to set a higher value, but this is strongly discouraged.
To set this permamently, in /etc/sysctl.conf set fs.file-max=65535
Here is the code. It seems to be having an issue in PHP 5. It works well in PHP 4.4.9.
if($_REQUEST['action']== "Update"){
$curDate = date("Y-m-d");
$image =$_FILES['vImage']["name"];
$uploadedfile = $_FILES['vImage']['tmp_name'];
$sql="UPDATE businessad
SET iBUserID= '$_REQUEST[iBUserID]',
iCategoryID= '$_REQUEST[iBCategoryID]',
vAdTitle= '$_REQUEST[vAdTitle]',
tAdText= '$_REQUEST[tAdText]',
vAdImage= '$vAdImage',
vAdURL= '$_REQUEST[vAdURL]',
dStartDate= '$_REQUEST[dStartDate]',
dEndDate= '$_REQUEST[dEndDate]',
vAddress1= '$_REQUEST[vAddress1]',
vAddress2= '$_REQUEST[vAddress2]',
vCity= '$_REQUEST[vCity]',
vState= '$_REQUEST[vState]',
vZipCode= '$_REQUEST[vZipCode]',
vPhone= '$_REQUEST[vPhone]',
vEmail= '$_REQUEST[vEmail]',
eStatus='$_REQUEST[eStatus]'
WHERE iBusAdID='".$_REQUEST['iBusAdID']."'";
$db_sql=$obj->sql_query($sql);
if($db_sql)
{
$msg=MSG_UPDATE;
header("Location:businessadview.php?var_msg=$msg");
exit;
}
else
{
$msg=MSG_UPDATE_ERROR;
header("Location:businessadview.php?var_msg=$msg");
exit;
That code doesn't update to the MySQL table, and I'm not sure why.
What precedes the above code is a form that looks like this
<form name="frmadd" method="post" action="businessadadd_a.php" enctype="multipart/form-data">
<input type="hidden" name="action" value="<?=$action;?>">
<input type="hidden" name="iBusAdID" value=<?=$iBusAdID;?>>
I check my server error logs and found out this. It mentions some errors in the globals.php, which is a part of the include call up. I'll include the include code too.
Here is the include code
<?php
#session_start();
#ob_start();
include_once("./lib/db_config.php");
include_once("./lib/myclass.php");
include_once("./lib/globals.php");
if(!isset($obj)){
$obj = new myclass($SERVER,$DBASE,$USERNAME,$PASSWORD);
}
include_once("./lib/generalsettings.php");
include_once("./function/general.php");
include_once("./lib/messages.php");
getGeneralVar();
?>
Here is the globals.php code that the server error logs have an issue with
<?php
$glob=array("SERVER");
if(isset($GPC_vars))
{ foreach($GPC_vars as $var)
{ foreach(array("GET","POST","COOKIE") as $avar)
if(isset($GLOBALS["HTTP_".$avar."_VARS"][$var]))
{ $$var=$GLOBALS["HTTP_".$avar."_VARS"][$var];
}
}
}
else
{ $glob=array_merge(array("GET","POST","COOKIE"),$glob);
}
foreach($glob as $avar)
{ $arr=$GLOBALS["HTTP_".$avar."_VARS"];
foreach($arr as $var => $res)
$$var=$res;
}
foreach ($HTTP_POST_FILES as $name => $value) {
$$name = $value["tmp_name"];
foreach($value as $k=>$v) {
$varname_ = $name."_".$k;
$$varname_ = $v;
}
}
reset($HTTP_POST_FILES);
?>
Here is what the error logs say
[Mon Mar 14 13:08:55 2011] [error] [client -] File does not exist: /public_html/favicon.ico
[Mon Mar 14 13:08:54 2011] [error] [client -] PHP Warning: reset() [function.reset]: Passed variable is not an array or object in /public_html/lib/globals.php on line 30, referer: xxx.com/admin/businessadadd.php?iBusAdID=4&action=Update
[Mon Mar 14 13:08:54 2011] [error] [client -] PHP Warning: Invalid argument supplied for foreach() in .../public_html/lib/globals.php on line 23, referer: xxx.com/admin/businessadadd.php?iBusAdID=4&action=Update
[Mon Mar 14 13:08:54 2011] [error] [client -] PHP Warning: Invalid argument supplied for foreach() in .../public_html/lib/globals.php on line 19, referer: xxx.com/admin/businessadadd.php?iBusAdID=4&action=Update
[Mon Mar 14 13:08:54 2011] [error] [client -] PHP Warning: Invalid argument supplied for foreach() in .../public_html/lib/globals.php on line 19, referer: xxx.com/admin/businessadadd.php?iBusAdID=4&action=Update
[Mon Mar 14 13:08:54 2011] [error] [client -] PHP Warning: Invalid argument supplied for foreach() in .../public_html/lib/globals.php on line 19, referer: xxx.com/admin/businessadadd.php?iBusAdID=4&action=Update
[Mon Mar 14 13:08:54 2011] [error] [client -] PHP Warning: Invalid argument supplied for foreach() in .../public_html/lib/globals.php on line 19, referer: xxx.com/admin/businessadadd.php?iBusAdID=4&action=Update
Because it's just a string. Do you execute the query? If so, what does mysql_error tell you?
And please, pretty please, Google for SQL injection. This code is very vulnerable.
The reason its failing is explained by your statement:
and I'm not sure why
1) you've cited a fragment of the code used to generate the query - but we need to see the query which gets sent to the database and the structure of the table
2) we also need to see the error message that is returned after the query fails.
3) since you are using $_REQUEST, we also need to see your variables_order setting for both PHP installations to determine how $_REQUEST is populated
I expect once you find the answers to these the solution will be obvious. But it's also worth noting that splicing user supplied data into an SQL query is a very bad idea - you're wide open to SQL injection attacks.
You might try to use the concatenation you are doing at the end within the query. It might be look at the $_REQUEST['SOMETHING'] as a string.
$sql = "UPDATE businessad
SET iBUserID = '".$_REQUEST['iBUserID']."',
iCategoryID = '".$_REQUEST['iBCategoryID']."',
vAdTitle = '".$_REQUEST['vAdTitle']."',
tAdText = '".$_REQUEST['tAdText']."',
vAdImage = '$vAdImage',
vAdURL = '".$_REQUEST['vAdURL']."',
dStartDate = '".$_REQUEST['dStartDate']."',
dEndDate = '".$_REQUEST['dEndDate']."',
vAddress1 = '".$_REQUEST['vAddress1']."',
vAddress2 = '".$_REQUEST['vAddress2']."',
vCity = '".$_REQUEST['vCity']."',
vState = '".$_REQUEST['vState']."',
vZipCode = '".$_REQUEST['vZipCode']."',
vPhone = '".$_REQUEST['vPhone']."',
vEmail= '".$_REQUEST['vEmail']."',
eStatus = '".$_REQUEST['eStatus']."'
WHERE iBusAdID = '".$_REQUEST['iBusAdID']."'";
When you say your code works in PHP4 but stops working in PHP5, then it's easy to assume this is due to lack of magic_quotes. This feature has been disabled in the default configurations of PHP5. And your SQL query now became invalid due to lack of escaping.
At the start of your script (but after the mysql_connect) add following:
$_REQUEST = array_map("mysql_real_escape_string", $_REQUEST);
It's workaround-ish, but at least safe if it is always executed right after the database connection. Do the same for $_GET and $_POST if you must. (The correct approach would be to migrate to PDO and parameterized SQL, or at least apply the mysql_real_escape_string function wherever you concatenate SQL queries.)