how do i run php scripts with command line utilities in them in plesk 11+ ?

[Linulex]

Hello,

I used to get the admin password for cron scripts to do tasks, I used to do it like this

<?php

$pwfile = "/etc/psa/.psa.shadow";

$pwfile = fopen ($pwfile, "r");
if (!$pwfile) { exit; }
while (!feof ($pwfile)) {
	$pw = fgets($pwfile, 1024);
}
fclose($pwfile);

mysql_connect("localhost","admin", $pw);
mysql_select_db("psa");

bla .. bla ... what ever needed to be doing ....

This was a neat, generic way that always worked, whatever server it is on and no matter how many times the client changed his admin password.
But this methode gives an error now due to the encryption.

What is the correct way to do this now or do we need to create a new user, but this kinda defeats the idea of having admin encrypted if there is another users password in all the scripts that has access to the psa database.

regard
Jan

 

[Nikolay.]

But this methode gives an error now due to the encryption.

Does it though? MySQL authentication aspect did not change, you should be able to use the same file. Just check in console.

 

[Linulex]

i did check, thats why i ask.

[root@mainserver scripts]# php ./qmail_update_bounces.php

Warning: mysql_connect(): Access denied for user 'admin'@'localhost' (using password: NO) in /root/scripts/qmail_update_bounces.php on line 12

Warning: mysql_select_db(): Access denied for user 'root'@'localhost' (using password: NO) in /root/scripts/qmail_update_bounces.php on line 13

Warning: mysql_select_db(): A link to the server could not be established in /root/scripts/qmail_update_bounces.php on line 13

Warning: mysql_query(): Access denied for user 'root'@'localhost' (using password: NO) in /root/scripts/qmail_update_bounces.php on line 15

Warning: mysql_query(): A link to the server could not be established in /root/scripts/qmail_update_bounces.php on line 15
MySQL error: Access denied for user 'root'@'localhost' (using password: NO)
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /root/scripts/qmail_update_bounces.php on line 19
domains found ... Starting

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /root/scripts/qmail_update_bounces.php on line 21


regards
Jan

 

[EugeneKazakov]

This is rather suspicious: "(using password: NO)".

Looking at http://php.net/manual/en/function.mysql-connect.php
Argument password: In SQL safe mode, this parameter is ignored and empty password is used.
Check it, please.

 

[Linulex]

I have tried both

$pw = trim(shell_exec("/usr/local/psa/bin/admin --show-password"));
echo "$pw";
mysql_connect("localhost","linulex", $pw);
mysql_select_db("psa");

mysql_connect("localhost","admin", "mypassword");
mysql_select_db("psa");

in the first, the password is shown correct, in the second it is hardwired in the connection. In both i get


Warning: mysql_connect(): Access denied for user 'admin'@'localhost' (using password: YES) in /root/scripts/qmail_update_bounces.php on line 14
Warning: mysql_select_db(): Access denied for user 'root'@'localhost' (using password: NO) in /root/scripts/qmail_update_bounces.php on line 15

admin cant connect trough a script to the database.

When i change the user to our self created backup superuser it works perfect.

I have tested it on following configurations and always with the same result:

centos 5.9, plesk 11.5.30 (updated from plesk 8.6.0)
centos 6.4, plesk 11.0.9 (clean install)
centos 6.4, plesk 11.5.30 (updated from plesk 11.0.9)
centos 6.4, plesk 11.5.30 (clean install)

even
[root@mainserver scripts]# mysql --user=admin --password=mypassword psa

gives
ERROR 1045 (28000): Access denied for user 'admin'@'localhost' (using password: YES)


regards
Jan

 

[Nikolay.]

Try:
# mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa

Run
# plesk db
and then open `which plesk` file to see how it works on Plesk 11.5.

I suspect that you have .my.cnf in your home directory that is interfering, or something similar.

 

[Linulex]

I found a way to get the script working but is doing so i found an alarming new question.

mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa

works

mysql -uadmin -pmypassword psa

gives an error

This means that what stands in /etc/psa/.psa.shadow is the actual mysql admin password. I find this alarming.

as for the scripts

$pwfile = "/etc/psa/.psa.shadow";

$pwfile = fopen ($pwfile, "r");
if (!$pwfile) { exit; }
while (!feof ($pwfile)) {
$pw = fgets($pwfile, 1024);
}
fclose($pwfile);

does not work

$password = trim(file_get_contents('/etc/psa/.psa.shadow'));

does work.
again: the password used to log in is that what stands in /etc/psa/.psa.shadow

how encrypted is that then????

I am going to contribute the script changes to a change in php setup, however this is hard to believe because it is the same version on centos 5.9 as on 6.4 and even with the same /etc/php.ini.

I can live with changing the scripts, i find it more disterbing the the mysql password in /etc/psa/.psa.shadow is the actual password that is used to login.

I have double tested this by entering the text found in /etc/psa/.psa.shadow ad the admin user password in the webmin module and this is actualy the admin password. webmin uses the perl_dbd module to connect to mysql so thats 3 ways i have tested it: commandline, php and perl.

regards
jan