I think I'm having problems using PHP sessions because I've got cPanel installed on the same server and I believe it has additional security in place that prevents write access to /tmp
I can set a new folder, but am unsure what permissions / owners should this folder have.
Also where should it ideally be located?
/tmp should always be accessible. You can of course create a new "tmp" folder somewhere near you application. Just make sure it does not reside within the web root. Give it read/write permissions and chown it to the user of the webserver.
You then need to change the session_save_path to your new "tmp" folder.
Look, bro.
You are pulling this log from the wrong end. Guessing will never help you.
There is a thing called error message.
And you desperately need to get in touch with it.
It will tell you everything of the reasons why your sessions doesn't work.
If it's really a /tmp problem, PHP got a special error message for tis case:
Warning: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp))
If you get this message, you can be certain that it's the reason for your sessions doesn't work and you can start to repair it.
It has an error message for the wrong session handler as well. As well for the every other problem.
So, you have to get error message first. Then read it nd it makes you know, what certain problem you have. Easy-peasy.
As a quick workaround you can use this code to bring error messages on the screen
error_reporting(E_ALL);
ini_set('display_errors',1);
but only to debug this situation and then remove it. Error messages shouldn't be output on the screen a production server.
So, learn to read error logs. I am sure your server put all errors messages into error_log. Just find it and look for PHP errors.
Related
I'm trying to get a file's content into a variable but I don't get anything when I read the file. I used both methods JFile::read() and file_get_contents() but both return the same thing: a blank string, not an error , not any boolean values or anything.
I want to mention that I'm working on a Linux machine (just for 2 days) and recently I changed the permissions for the entire machine to 777 ( I don't know if this affects something or not).
Is the a connection between my OS, permissions and the php's file_get_contents()? or Joomla restricts file reading?
Also I want to mention that my file_get_contents() function was added manually by me in the index.php file , also the file I want to read was manually added in the same folder with index.php.
We had the same problem with one of our clients, it turned out it was a firewall issue. It was very hard to debug this issue. I suggest you check with your networking team.
I am assuming, of course, that you have set the PHP error reporting level to the maximum and that you have checked the error logs.
It seemed the problem was from my system . I messed it up when I changed the permissions so I have to re-install it.
Never change the permissions on a Linux for the entire file system.
I need to connect to a mysql database using PHP. I am storing my login, user, password, and other info in a separate php file (let's say "mysql_connect.php") and then accessing it via require_once (mysql_connect.php) in a different file.
I have done a bit of googling and I know that I am supposed to keep "mysql_connect.php" out of the web root. I have moved it outside of the html folder and tried calling to it by using "../../mysql_connect.php" This is not working, it gives me an error "function not found" or something like that. Upon googling that, the internet says that its because it can't locate the file i'm referencing. When I move mysql_connect.php into a folder below root, everything works fine. The issue is because it is moved outside of the web root (i think).
I have been googling for two days now and cannot find a detailed explanation on how to get this to work. Something about changing the .htaccess file? I've read a bunch of articles on the theory but I am really looking for a step-by-step tutorial (I am a beginner). The only step-by-step tutorials I can find just tell you to put the config.php file into the same folder which is not secure.
Also in reading, it says that putting mysql_connect.php above root might not be THE most secure way to store the information as it is still basically just a .txt file and it can be retrieved easily(like downloading it). I am looking for a balance between secure and also do-able (for a beginner like myself). The mysql database I am trying to protect will not have any personal information and I plan on using a dedicated server (with no other information on it).
Can any one help me to solve this issue?
it gives me an error "function not found" or something like that.
This.
Is your main problem.
You either didn't bother to read this error message yourself nor didn't bring it here to help us to help you.
While
there is no problem in having this file below document_root,
and there is no problem in having this file above document root either,
the only problem you have is to assign a correct filename.
And the error message you got could help you more than 1000 volunteers from this site.
Despite of that, you can use PHP predefined variable to make this path work from whatever part of your site. Aassuming the file is one level above the document root, the code would be
require($_SERVER['DOCUMENT_ROOT']."/../mysql_connect.php");
however, this one may produce an error too, as nobody knows a real file locations. Thus, you may read the error message and corect the paths. Or post it here and get an interpretation
You can store the database information inside your web server configuration.
If you run Apache you can use SetEnv inside the VirtualHost. Since you're still on a shared host, your server admin probably need to help you with this. You can read more about this approach here.
... tried calling to it by using "../../mysql_connect.php" This is not working, it gives me an error "function not found" or something like that.
Include the connection details with:
require_once("../../mysql_connect.php");
This assumes that the file mysql_connect.php is two levels up from the currently executing script.
The database connection details will always be able to be read by whomever has administrative access to the server. It is not feasible to encrypt the file, because you would still need to store whatever key or password needed to decrypt it on the server as well, which would still not hide it from the server administrators.
Besides moving out of the web-root (which is a good step forward) an approach I've seen used is:
// at the top of your index or bootstrap file
define('SECURED', true);
And:
// at the top of any file subsequently included, such as mysql_connect.php
if(!defined('SECURED'))
{
exit();
}
This will at least prevent the file(s) from being accessed (executed) directly. This is helpful is the to-be-included files would otherwise issue a warning or error, that could potentially dump sensitive data as output.
If you're in a shared hosting environment you won't be allowed access outside of document root (most likely). You will need the password therefore it won't be completely secure. Instead, you can look into creating seperate mysql users with priviledges and limiting connections to to local accesses only.
i know i'm new, but something as simple as form for your login should be checked in order for it to work.
<form action="insertphpfilepath.php" method="POST">
and then in "insertphpfilepath.php", would have the mysql_query to check the login and password, not forgetting the mysql_query for connecting to the database and table using the right username and password .
a newbie recommendation to you for use mysql_real_escape_string for any $_POST['login'] so that it would become $login=mysql_real_escape_string($_POST['login']); for evading mysql injection.
I have just moved my CodeIgniter project to a new server and now I'm getting a 500 error and no output from the project. It works fine on my old server and in my test environment. I'm completely stumped how to troubleshoot this, especially as there's nothing of use in the log files. Any help would be great!
Well, this is embarrassing. I was missing php-mysql. CodeIgniter wasn't logging the fact that it couldn't find it, nothing was appearing in /var/log/messages. Installed it and suddenly, it works. Thanks all for your answers.
I get this problem on my live server with SuPHP. To avoid it, all PHP files must have permissions 0644, and directories 0755.
To do this without a headache, do one of the following:
Get an FTP client that will upload using permissions you specify
Find a PHP script that will change permissions, based on filtering criteria, after upload
Get shell access to your host!
Some ideas for you:
Are you sure there is nothing in the log files? Have you checked both the web server's log files as well as the system logs (EG: /var/log/messages)? Have you checked all of the logs enabled in php.ini?
Double-check your CI configuration settings. Perhaps you are pointing to the wrong database?
Have you confirmed that a basic PHP script <?phpinfo(); ?> works? This would isolate the problem to CI
Most likely you have not specified the base url for the new location, you can set it from file:
/system/config/config.php
at line:
$config['base_url'] = 'your new url here';
have you try load a new CodeIgniter project, and try to load in ur test environment? is it work?
From my experiment 500 error normally due with web server problem. But from what your said you didn't have any .htaccess. You better try just load a clean CI project and see your webserver OK or not.
I'm working with a legacy php script. There is a file upload form in it already, but I've added another one for a different section in the same script.
The $_file['file'] is there. But I keep getting a open_basedir restriction error, and if not that, I get a permission error.
I wouldn't mind working around these problems, but the thing is, the other form works fine. There are no differences in where the scripts are (same dir), nor are there any problems in where the files are going (I tried different dir, and same dir).
I'm going absolutely bat crazy trying to figure this out. Why is my file form not working? Why does it work for the other code? What is going on?
I've had similar issues which turned out to be to do with incorrect setting of the /tmp directory by the hosting provider (i.e. where PHP stores the temporary upload file). Might be worth a call to tech support.
Doesn't it have to be $_FILE['file'] instead of $_file['file']?
safe mode forces move_uploaded_file() to check whether the files or directories being operated upon have the same UID (owner) as the script that is being executed.
I would also recommend looking for ini_set() statements in the working code.
i dont know if you suffer from the same problem, but some time ago we had a problem with open_basedir and smarty. we were receiving problem from smarty code, but the problem was bad include_path (we were setting it through ini_set but without concatenating it with old include_path). in the result smarty tried to check if directory was readable creating possible path from root directory / which violated open_basedir. to sum up, check where do you get open_basedir error, what is the path that causes the problem.
I've got a really annoying problem with file uploads.
Users can choose a file in an html file field. When they submit the form, this file will be uploaded.
On the serverside I just use standard PHP code (move_uploaded_file). I do nothing weird.
Everything works perfectly.
I can see the file on the server, I can download it again, ...
However sometimes this doesn't work. I upload the file, process it and I get no errors.
But the file just doesn't exist on the server.
Each time I upload that specific file I get no errors but it never gets saved.
Only if I rename it (test.file to tst.file for example) I can upload it and it'll actually get saved.
I get this problem very rarely. And renaming always works. But I can't ask users to rename their files obviously...
I have no access to the apache tmp file directory, no access to logs or settings so this makes debugging even harder. I only have this problem on this particular server (which I don't manage; I don't even have access to it) and I use the exact same code on lots of servers that don't have this problem.
I would be grateful if someone could help me out here or point me in the right direction.
Trying adding this debug code:
echo '<pre>';
print_r($_FILES);
echo '</pre>';
You should see an error number. You can lookup what it means at http://uk3.php.net/manual/en/features.file-upload.errors.php
Might also be worth checking to make sure the destination file doesn't already exist.
My first thought was filesize issues. In the php.ini, if the post_max_size or upload_max_filesize are too small, you can end up with similar results - where the file just seems to disappear. You would get an error in the apache logs (which you mention you've no access to).
In those cases, the $_FILES array would simply be empty - as if the file never arrived. Since your responses to Gumbo and James Hall show that php is reporting a proper upload, I'm led to wonder about the processing you mention.
If, during the process, your memory gets maxed or the script runs too long, the script may be dying out before it gets a chance to move it. You'll want to check these:
memory_limit
max_execution_time
max_input_time
Otherwise, without the apache logs, I'd say it might be a good idea to start outputting to a log file of your own throughout your file processing script. Try a file_exists on the tmp file, see what info you can get from the file (permissions, etc).
Unfortunately PHP doesn't get involved until the upload is finished, which means you won't get much info during - only after the fact. You best option might be to talk to the hosting company and get access to the logs - even if for a short time. In my experience, I've rarely had trouble getting ot the logs - or at least getting a tech to check the logs for me while I run tests (in the case where a shared server doesn't split their logs - seems ridiculous, but I've seen it before).
Edit: I realize you can't change those php settings, but you might want to see what they are in order to find out if they're potential problems for your script. For instance, a low memory limit will kill your processor script if it's less than the size of the uploaded file.
If an upload failes you don’t get the same kind of error like a PHP syntax error or such.
But you can check the file upload status and report the error to the user yourself.
This is what you said...
"I have no access to the apache tmp file directory, no access to logs or settings so this makes debugging even harder. I only have this problem on this particular server (which I don't manage; I don't even have access to it) and I use the exact same code on lots of servers that don't have this problem."
According to what you said above, I assume that you are using a server that is shared among many users. If the Apache of this server is configured with something like "mod_suphp", then your PHP scripts will be executed using the privileges of your UNIX user account ("jef1234", for example), which means the files you create will have you ("jef1234") as the owner (instead of "apache" or "www-data").
The system's temporary directory (usually "/tmp") is usually configured with the "sticky bit" on. This means everyone can create files in this directory, but the created files are only accessible by the owner (you may treat this as the one who created it).
As a result, if the server configuration is not careful enough, you may have file naming collisions with other users' files. For example, when you upload "test.file", if another user has already uploaded another file with the same name, the system refuses to overwrite the file created by him, as thus you have to use another name.
Usually the problem does not exist because PHP is smart enough to generate temporary names for the uploaded file (ie. $_FILES["html_form_input_name"]["tmp_name"]). If somehow you can confirm that this is really the reason, the server is obviously mis-configured. Tell your system administrator the problem as ask him to solve it. If this could not be solved, you may do some JavaScript tricks on the name of the file before it is uploaded (not tested, just an idea)...
★ When the user submits the form, rename the file from, for example, "test.file" to "jef1234-test.file-jef1234". After the file is uploaded, move the file (ie move_uploaded_file()) to another place and rename it to the original filename by removing the added strings.
Hope this helps...
Asuka Kenji