strange behaviour of php session - php

im using php a server, that uses ubuntu 8.04 :
PHP 5.2.4-2ubuntu5.12 with Suhosin-Patch 0.9.6.2 (cli) (built: Sep 20 2010 13:33:05)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
i found a strange behaviour:
<?php
session_name('session');
session_start();
$_SESSION['username']='realName';
$username='otherName';
?>
this leads to, that php saves in the session variable 'otherName' (instead of 'realName'). why is php saving the $username into the session variables? How can i disable this?
thanks in advance for any help... :)


It looks like you have register_globals = on in your php.ini. This option has been deprecated as of PHP 5.3 and you should turn it off. More information can be found here: http://www.php.net/manual/en/security.globals.php

Related

PHP: shell_exec is neither Defined nor disabled

Well, I know there are already lots of related questions but non of them address my issue.
In my case, I want to use the shell_exec function but, I see that the shell_exec function is not defined and not even mentioned in the disable_functions list in php.ini.
here is the php.ini snippet
; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names.
; http://php.net/disable-functions
disable_functions =
; This directive allows you to disable certain classes for security reasons.
; It receives a comma-delimited list of class names.
; http://php.net/disable-classes
disable_classes =
and here is how I'm using the function
if(!function_exists('shell_exec')) {
die("shell_exec is not found");
}
NOTE: I'm using Linux version CentOS release 6.9 (Final) and php -v outputs as follow
ea-php-cli Copyright 2017 cPanel, Inc.
PHP 7.0.28 (cli) (built: Mar 6 2018 09:27:52) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
with Zend OPcache v7.0.28, Copyright (c) 1999-2017, by Zend Technologies
Your help is highly appreciated.

Ok, I was using PHP-FPM that added the following line to the configuration of each domain at /opt/cpanel/ea-php70/root/etc/php-fpm.d/
php_admin_value[disable_functions] = exec,passthru,shell_exec,system
So, this is what I did to make the shell_exec function available to use
mkdir /var/cpanel/ApachePHPFPM
echo "php_admin_value_disable_functions : exec,passthru,system">/var/cpanel/ApachePHPFPM/system_pool_defaults.yaml
/scripts/php_fpm_config --rebuild
and at the end restarted the PHP-FPM from WHM, and that's it.

Troubleshoot Codeigniter CLI stopped

I have been using the CLI interface to send out cron jobs from my codeigniter page. It worked fine until I updated Wordpress yesterday. I do not know how this effected Codeigniter but that is when the trouble started. I also installed cURL at about the same time. I am not sure if that could have made a difference.
SYMPTOMS:
None of my codeigniter CLI scripts work. I have two scripts that send out email reminders, and another that synchronizes my database and none function.
ERRORS:
I had some errors come up when I tried to run my scripts such as:
Use of undefined constant __DIR__ - assumed '__DIR__'
This was never a problem before. But for now I change that to
dirname(__FILE__)
and that seemed to help. At least that error stopped.
Next another error notice appeared regarding code in my scripts that I was not getting before: "Can't use method return value in write context in . . ."
This error was in reference to this line of code:
if (!empty($this->get_available_hours($date, $provider_id))) {
I modified this to
$availabehours=$this->get_available_hours($date, $provider_id);
if (!empty($availabehours)) {
And the error stopped. But the script usually sends out email regarding availability and no email is sent.
Now I have no errors. I run the scripts and I get no results. If I purposefully mess with the code and do things wrong, I get the appropriate error messages. So, at some level it is reading the file.
I tried just running a simple "hello world file" as discribed here
https://ellislab.com/codeigniter/user-guide/general/cli.html
And nothing was returned.
I tried a simple email script that would send out an email without accessing my database and it did not send anything to me.
It appeares to me like something has caused my code to be interpreted in an older version of php. So I looked at the version currently running:
When logged into the terminal in PuTTY I get:
PHP 5.2.17 (cli) (built: Feb 23 2012 10:42:34)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
Out of date ...
But when I look in the terminal within WinSCP I get:
PHP 5.5.28 (cli) (built: Sep 4 2015 12:07:49)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2015 Zend Technologies
with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2015, by Zend Technologies
This looks up to date.
Running this works: php -r 'echo "Hello World!\n";'
MY QUESTIONS:
1) What tests can I run to find out what is blocking things with my CLI?
Any tips would be appreciated.
2) Why am I seeing two different versions of PHP depending on the terminal I am running and could this be the cause of my problem?

Call to a member function getAction() on a non-object

Hi there i followed these instructions (http://pietervogelaar.nl/php-xdebug-netbeans-vagrant/) to get XDebug up and running with vagrant and NetBeans.
It now works .... almost.
Anytime i run a code that fire a breakpoints, NetBeans works fine allowing me to do my debug thing with no problems.
The thing is at the end of the request Laravel will always return that error :
Call to a member function getAction() on a non-object, specifying a code location that looks weird : xdebug:/­/­debug-eval:1.
Even stranger, my page is rendered and the html is here, but the standard laravel error page is rendered also, at the end of my own page ......
Of course if i disable my breakpoint, everything runs just fine.
My versions right now :
Apache :
Server version: Apache/2.2.22 (Ubuntu)
Server built: Apr 17 2014 21:49:25
PHP :
PHP 5.4.28-1+deb.sury.org~precise+1 (cli) (built: May 5 2014 09:32:44)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies
with Xdebug v2.2.3, Copyright (c) 2002-2013, by Derick Rethans

Ok i finally found it.
Problem doesn't come from XDebug or Php or Laravel.
Problem comes from Netbeans.
I had an expression in my watch list i wasn't using anymore.
Deleting every custom entries in the watch list just solves the issues.
Hope at some point it helps someone else ....

Is there a PHP setting that sets whether you can index the result of a function?

I have two servers. They are both running php 5.3.3. This code works on one server and returns a syntax error on the other. Is there a php ini setting that affects this behaviour? I can't find anything related in the PHP documentation, but I may be looking in the wrong place.
Server 1
> php -v
PHP 5.3.3 (cli) (built: Sep 23 2010 14:15:16)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
with Xdebug v2.0.3, Copyright (c) 2002-2007, by Derick Rethans
php > echo explode(" ", " foo ")[1];
foo
Server 2
> php -v
PHP 5.3.3 (cli) (built: Jan 31 2011 15:57:29)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
php > echo explode(" ", " foo ")[1];
Parse error: syntax error, unexpected '[', expecting ',' or ';' in php shell code on line 1
Another idea: PHP on both servers is custom-compiled, so it could also be a different compile flag.

No.
PHP doesn't support this syntax. It's on the trunk, but not yet released (as of PHP 5.3.3).
I have no idea how it's working on your first server, but perhaps this "Xdebug" is making a difference?

Aha! I figured it out.
We installed Facebook's XHP to profile our development server. This syntax (which is quite elegant) was added in in the PHP module. Here's a diff of the php.ini file between server 1 and 2:
> ; XHP https://github.com/facebook/xhp/wiki/Building-XHP
> extension=xhp.so
> ; adds support for the [] operator on the return value of a function
> xhp.idx_expr = 1
> ; Tracking errors in XHP applications is very difficult without annotations.
> xhp.include_debug = 1
I like this syntax, so I'll probably install XHP on the other server. Thanks for the help Michas for suggesting I diff the ini files.

Segmentation Fault error in PHP, using SOAP to connect to SalesForce

I'm integrating my software (PHP) with SalesForce, using the SalesForce PHP Toolkit.
So far, everything's worked great, but when I started writing the code to call convertLead(), I got a "Segmentation Fault" error.
This is the code I'm running:
require_once('../salesforce/SforceEnterpriseClient.php');
ini_set('soap.wsdl_cache_enabled', 0);
$SForce = new SforceEnterpriseClient();
$result = $SForce->createConnection('../salesforce/enterprise.wsdl.xml');
$result = $SForce->login('user', 'pass+token');
echo "Logged In!";
$data = array(
'convertedStatus' => 'Converted',
'leadId' => '00QC000000mDcmJMAS'
);
$result = $SForce->convertLead(array($data));
That's it. And i'm getting a Segmentation Fault. I tried using StdClass instead of a keyed array, same thing. The convertLead method in the SF toolkit is really simple, it just calls the same method into a SoapClient instance...
NOTE: I'm running this script from the CLI, not through Apache.
UPDATE: Just tried running "strace" with my script. The last lines of it are:
close(4) = 0
write(1, "Logged IN!", 10Logged IN!) = 10
open("error_log", O_WRONLY|O_CREAT|O_APPEND, 0644) = 4
--- SIGSEGV (Segmentation fault) # 0 (0) ---
+++ killed by SIGSEGV +++
Also, in case it's relevant:
php --version
PHP 5.2.13 (cli) (built: Jul 17 2010 22:01:13)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
with eAccelerator v0.9.6.1, Copyright (c) 2004-2010 eAccelerator, by eAccelerator
with the ionCube PHP Loader v3.3.20, Copyright (c) 2002-2010, by ionCube Ltd., and
with Zend Optimizer v3.3.9, Copyright (c) 1998-2009, by Zend Technologies
This also happens in my dev machine (Windows), so I doubt it's the Accelerators or anything like that:
php --version
PHP 5.2.13 (cli) (built: Feb 24 2010 14:37:44)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
This may or may not be specific to SalesForce. Probably not, seems like a bug in the SOAP PHP library. Maybe the request/response are broken, but I can't see those because they're HTTPS.
Any ideas how I can go about diagnosing (or more importantly, working around) this issue?
Thank!
Daniel

There is a bug (still after 4 years) in the PHP soap extension. It has to do with how it handles WSDL caching. Disabling caching with ini_set() does not work. You also need to turn off caching for your particular client instance.
return new SforceEnterpriseClient('../salesforce/enterprise.wsdl.xml', array(
'cache_wsdl' => WSDL_CACHE_NONE
));
This is true even when using the native PHP SoapClient class.

Ok, this doesn't solve the underlying issue, but, in case someone got this same problem with SalesForce and PHP...
Despite what the documentation implies, fields SendNotificationEmail and OverwriteLeadSource ARE MANDATORY, you MUST specify them in the call.
Not doing so should give you a nice error, not a SegFault, but still, that solves it.

Categories