A bit of PHP help please anyone?
Discussion
I have inherited a PHP website with a MySQL back end.
I have restored all the databases, and setup MySQL users (I couldn't get the original user tables) however..
The site has an encrypted configuration, so I'm unable to see what the DB passwords are.
If I start MySQL with --skip-grant-tables, then of course it all works fine.
So I tried to read the config to a text file, to see if I could capture the passwords, but as this is written in OOP I'm a bit lost!
The code that I think is reading the decrypted config is this: (no code tags sadly - PH doesn't allow for this)
I tried to echo the value of:
$this->config['username'],
$this->config['password'],
To a file without success (couldn't work out the required code I think) - unless I misunderstand how this is working...
if (Phpr::$config->get('MYSQL_PERSISTENT', true))
{
Db::$connection = @mysql_pconnect($this->config['host'],
$this->config['username'],
$this->config['password'],
isset($this->config['flags']) ? $this->config['flags'] : 0);
} else
{
Db::$connection = @mysql_connect($this->config['host'],
$this->config['username'],
$this->config['password'],
isset($this->config['flags']) ? $this->config['flags'] : 0);
}
} catch (Exception $ex)
{
throw new Phpr_DatabaseException('Error connecting to the database.');
}
}
$err = 0;
if ((Db::$connection == null) || (Db::$connection === false) || ($err = @mysql_errno(Db::$connection) != 0))
throw new Phpr_DatabaseException('MySQL connection error: '.@mysql_error());
if (!$external_connection_found)
{
if ((@mysql_select_db($this->config['database'], Db::$connection) === false) || ($err = @mysql_errno(Db::$connection) != 0))
throw new Phpr_DatabaseException('MySQL error selecting database '.$this->config['database'].': '.@mysql_error());
I have restored all the databases, and setup MySQL users (I couldn't get the original user tables) however..
The site has an encrypted configuration, so I'm unable to see what the DB passwords are.
If I start MySQL with --skip-grant-tables, then of course it all works fine.
So I tried to read the config to a text file, to see if I could capture the passwords, but as this is written in OOP I'm a bit lost!
The code that I think is reading the decrypted config is this: (no code tags sadly - PH doesn't allow for this)
I tried to echo the value of:
$this->config['username'],
$this->config['password'],
To a file without success (couldn't work out the required code I think) - unless I misunderstand how this is working...
if (Phpr::$config->get('MYSQL_PERSISTENT', true))
{
Db::$connection = @mysql_pconnect($this->config['host'],
$this->config['username'],
$this->config['password'],
isset($this->config['flags']) ? $this->config['flags'] : 0);
} else
{
Db::$connection = @mysql_connect($this->config['host'],
$this->config['username'],
$this->config['password'],
isset($this->config['flags']) ? $this->config['flags'] : 0);
}
} catch (Exception $ex)
{
throw new Phpr_DatabaseException('Error connecting to the database.');
}
}
$err = 0;
if ((Db::$connection == null) || (Db::$connection === false) || ($err = @mysql_errno(Db::$connection) != 0))
throw new Phpr_DatabaseException('MySQL connection error: '.@mysql_error());
if (!$external_connection_found)
{
if ((@mysql_select_db($this->config['database'], Db::$connection) === false) || ($err = @mysql_errno(Db::$connection) != 0))
throw new Phpr_DatabaseException('MySQL error selecting database '.$this->config['database'].': '.@mysql_error());
Thank you.
Does this bit of code provide the missing context for $this ?
class Db_MySQLDriver extends Db_Driver
{
private static $locale_set = false;
public static function create()
{
return new self();
}
public function connect()
{
if (Db::$connection)
return;
try
{
Phpr_ErrorLog::$disable_db_logging = true;
// Load the configuration
parent::connect();
// Execute custom connection handlers
$external_connection = Backend::$events->fireEvent('core
nBeforeDatabaseConnect', $this); << the smiley is replacing this
$external_connection_found = false;
foreach ($external_connection as $connection)
{
if ($connection)
{
Db::$connection = $connection;
$external_connection_found = true;
break;
}
}
EDIT: What happened to Marshalla's post?
Does this bit of code provide the missing context for $this ?
class Db_MySQLDriver extends Db_Driver
{
private static $locale_set = false;
public static function create()
{
return new self();
}
public function connect()
{
if (Db::$connection)
return;
try
{
Phpr_ErrorLog::$disable_db_logging = true;
// Load the configuration
parent::connect();
// Execute custom connection handlers
$external_connection = Backend::$events->fireEvent('core
nBeforeDatabaseConnect', $this); << the smiley is replacing this core:onBeforeDatabaseConnect'
$external_connection_found = false;
foreach ($external_connection as $connection)
{
if ($connection)
{
Db::$connection = $connection;
$external_connection_found = true;
break;
}
}
EDIT: What happened to Marshalla's post?
Edited by TonyRPH on Wednesday 4th May 13:19
TonyRPH said:
EDIT: What happened to Marshalla's post?
I deleted it because I wasn't happy with the advice I was giving. I want to think about the code for a bit longer.In summary, though, $this refers to the current object so you either need to reference an object before using it to extract values, or find out which object it's referring to and then go back through the code to find where the values are being set. At the moment, because it's a while since I did any serious PHP coding, I can't remember if it's referring to Phpr or DB. The coder in me thinks it's Phpr because that's where the config is being tested in the "if" statement and all the passed variables are clearly config. data.
My preference would be to go back through the code as there's probably a load of other useful stuff in there too. The decryption key is probably lurking somewhere in there too.
Edited by marshalla on Wednesday 4th May 13:25
You appear to have posted a snippet of the mysql driver from the PHPR framework -
https://github.com/phproad/phpr-framework/blob/mas...
Usually these kind of things will have a config file somewhere where the username and password for MySQL is defined, but one isn't listed obviously in the docs.
The general procedure would be to create a user in MySQL, grant it all on the database & interface in question then put those credentials in the app's config.
You're delving right into the middle of the code there, you're looking for something more like a little config file. If you know what the database name or username was pre-move you can try searching through all the php to see where it's defined, the password will probably be defined there too.
If there is an obvious config file but it doesn't look human readable, the phpr docs talk of an install.php, maybe that is what takes the credentials from your and creates the config.
Just a shot in the dark.
https://github.com/phproad/phpr-framework/blob/mas...
Usually these kind of things will have a config file somewhere where the username and password for MySQL is defined, but one isn't listed obviously in the docs.
The general procedure would be to create a user in MySQL, grant it all on the database & interface in question then put those credentials in the app's config.
You're delving right into the middle of the code there, you're looking for something more like a little config file. If you know what the database name or username was pre-move you can try searching through all the php to see where it's defined, the password will probably be defined there too.
If there is an obvious config file but it doesn't look human readable, the phpr docs talk of an install.php, maybe that is what takes the credentials from your and creates the config.
Just a shot in the dark.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff