Jump to content

Improved Server Status for secure PHP installs (shell_exec() and exec() disabled)


Recommended Posts

I've put together this modified version of the WHMCS Server Status script that will work under circumstances where the exec() and shell_exec() functions are disabled for PHP (mostly for security reasons).

 

It will also work like normal if those functions are enabled. This is definitely safe to add to the next release *hint hint* lol

whmcs_status_php.zip

Link to comment
Share on other sites

  • 1 month later...

Doh, thanks Rick.

I didn't think I was replacing the index.php in the WHMCS dir, but didn't know where else to look.

 

replaced file worked great, but without icons.

 

then i checked and realised i hadn't uploaded on my last upgrade.

 

Great fiz, lar

Link to comment
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
the uptime feature doesn't work at all (0 Days 00:00:00)

 

the server load feature doesn't seem to work for external servers (servers on which WHMCS is not hosted on), it shows "Unavailable".

 

 

 

I'm having the Exact Oposite problem. My off server is getting all the info, my local server with whmcs is not, but if I # out the phpinfo part, and click on phpinfo, I get the server load and uptime with the time last booted instead of the phpinfo ??

 

Here is what I get whith phpinfo # out and clicking on phpinfo:

 

0.04 4 Days 18:22:24 5.2.6 5.0.51a 2.2.0

 

Problem ?

 

Is there a script without phpinfo out there ? I don't want it on my server pages.

 

that is what I have disabled in the php.ini not the oter 2 listed here

Link to comment
Share on other sites

Good morning. On a very similar subject, I have just created a new topic called: Server Status wizardry here: http://forum.whmcs.com/showthread.php?p=73795#post73795 that some of you will find extremely useful, if not, interesting.

 

It is about how to achieve the perfect combination of Client and Admin Server Status displays if you are, like me, a 'one server host provider' and, because of that, have special considerations.

 

It is a solution for which I have not written any code whatsoever and all credit goes to those who did. I just experimented a little and made my discovery purely by accident.

 

Nevertheless, it is darned useful and unique. ;)

Link to comment
Share on other sites

Good morning. On a very similar subject, I have just created a new topic called: Server Status wizardry here: http://forum.whmcs.com/showthread.php?p=73795#post73795 that some of you will find extremely useful, if not, interesting.

 

It is about how to achieve the perfect combination of Client and Admin Server Status displays if you are, like me, a 'one server host provider' and, because of that, have special considerations.

 

It is a solution for which I have not written any code whatsoever and all credit goes to those who did. I just experimented a little and made my discovery purely by accident.

 

Nevertheless, it is darned useful and unique. ;)

Cool. Will be something I implement for my company ;)

Link to comment
Share on other sites

I'm having the Exact Oposite problem. My off server is getting all the info, my local server with whmcs is not, but if I # out the phpinfo part, and click on phpinfo, I get the server load and uptime with the time last booted instead of the phpinfo ??

 

Here is what I get whith phpinfo # out and clicking on phpinfo:

 

0.04 4 Days 18:22:24 5.2.6 5.0.51a 2.2.0

 

Problem ?

 

Is there a script without phpinfo out there ? I don't want it on my server pages.

 

that is what I have disabled in the php.ini not the oter 2 listed here

 

Weird. Could you post it here inside [ code ] and [ /code ] tags?

Link to comment
Share on other sites

  • 3 weeks later...
  • 1 year later...

My server has some thing turned off so the standard server index file for whmcs will not work so i gave this one a shot and end up with errors that i dont know how to get around. any advice??

----------------------------------

Warning: file_get_contents() [function.file-get-contents]: open_basedir restriction in effect. File(/proc/loadavg) is not within the allowed path(s): (/home/XXXXX/:/usr/lib/php:/usr/local/lib/php:/tmp) in /home/XXXX/public_html/status/index.php on line 16

 

Warning: file_get_contents(/proc/loadavg) [function.file-get-contents]: failed to open stream: Operation not permitted in /home/XXXXX/public_html/status/index.php on line 16

 

Warning: file_get_contents() [function.file-get-contents]: open_basedir restriction in effect. File(/proc/uptime) is not within the allowed path(s): (/home/XXXX/:/usr/lib/php:/usr/local/lib/php:/tmp) in /home/XXXXX/public_html/status/index.php on line 45

 

Warning: file_get_contents(/proc/uptime) [function.file-get-contents]: failed to open stream: Operation not permitted in /home/XXXXXX/public_html/status/index.php on line 45

0 Days 00:00:00 5.2.10 5.0.81 2.2.0

Link to comment
Share on other sites

Hi Jpoke5. Could you elaborate on some details please so that I can better understand your problem? Do you have VPS, dedi server? Root access? What O/S? I will await your response.

 

I have a cpanel master reseller account and use whmcs for server status. I use the code that comes with whmcs to monitor my main reseller account server, the one my whmcs is located on, that works great but when i used that same setup to monitor my remote master capnel reseller account server (off site) it will not work due to exec being turned off.

 

I downloaded the ( Improved Server Status for secure PHP installs (shell_exec() and exec() disabled) on this post thinking this would work since my remote server has exec/shell-exec turned off. but no luck..... my post was the error I received trying to use this code for server status.

 

Jeff

Link to comment
Share on other sites

Hi J.

 

Now that I understand you are in a shared environment I can better understand. As a last resort, please try a custom php.ini to overcome these restrictions. If that does not work, you will need to move. Please ask your host provider to assist you with the custom php.ini if they will. It might not work and please do bear in mind it will be the overall shared server considerations that prioritise their thinking. Hosts who offer Master Resller accounts rarely think this through and that is mitigating against you resolving this satisfactorily now.

 

I would think of ditching the whole idea of Master Reseller software because it can never deliver beyond shared server environment restrictions and, asides from that, the whole model is fundamentally flawed. The very notion of selling finite reseller resources to other resellers is patently absurd from the outset as they are rapidly depleted.

 

You might like now to think about getting a managed VPS. Unmanaged may be a step too far at this point. If you take the Master Reseller model substantially to market it will truly bite you straight in the ass and very quickly. It is not viable by any stretch of the imagination; just a temporary amusement that will never stand up to any serious operational requirements.

 

Kind regards,

 

 

Chris

Edited by redrat
Link to comment
Share on other sites

My server has some thing turned off so the standard server index file for whmcs will not work so i gave this one a shot and end up with errors that i dont know how to get around. any advice??

----------------------------------

Warning: file_get_contents() [function.file-get-contents]: open_basedir restriction in effect. File(/proc/loadavg) is not within the allowed path(s): (/home/XXXXX/:/usr/lib/php:/usr/local/lib/php:/tmp) in /home/XXXX/public_html/status/index.php on line 16

 

Warning: file_get_contents(/proc/loadavg) [function.file-get-contents]: failed to open stream: Operation not permitted in /home/XXXXX/public_html/status/index.php on line 16

 

Warning: file_get_contents() [function.file-get-contents]: open_basedir restriction in effect. File(/proc/uptime) is not within the allowed path(s): (/home/XXXX/:/usr/lib/php:/usr/local/lib/php:/tmp) in /home/XXXXX/public_html/status/index.php on line 45

 

Warning: file_get_contents(/proc/uptime) [function.file-get-contents]: failed to open stream: Operation not permitted in /home/XXXXXX/public_html/status/index.php on line 45

0 Days 00:00:00 5.2.10 5.0.81 2.2.0

 

Hi,

 

That means that the host has PHP's open_basedir setting in effect. It serves to attempt to limit users to their home folders, but is flawed (handling access permissions in the PHP engine, instead of using the lower-level file system ways)

 

This means that my script will not work on your account, nor the WHMCS default one.

 

Any sensible host could simply set up SuPHP and set /proc to have read-only access to "others". This would allow such scripts to work, and also be secure and prevent people from doing bad things.

Link to comment
Share on other sites

Hi,

 

That means that the host has PHP's open_basedir setting in effect. It serves to attempt to limit users to their home folders, but is flawed (handling access permissions in the PHP engine, instead of using the lower-level file system ways)

 

This means that my script will not work on your account, nor the WHMCS default one.

 

Any sensible host could simply set up SuPHP and set /proc to have read-only access to "others". This would allow such scripts to work, and also be secure and prevent people from doing bad things.

 

Thanks for the reply my friend, That last post was no help at all. I purchased this account with no clue that things may be turned off. Is there any way I can tell what other items may be off or set that may prevent my clients from using their accounts as they should? I may decide to ask that host to turn this stuff on or fix the issues so I can use the account as normal. my other host works just fine so I don't know why this one decided to limit options? This guy is sort of an ******* and expects everyone to know everything.... so when i bring it up he will most likely have a smart ass answer and i will decide to move and loose my money....

 

Jeff

Link to comment
Share on other sites

Thanks for the reply my friend, That last post was no help at all. I purchased this account with no clue that things may be turned off. Is there any way I can tell what other items may be off or set that may prevent my clients from using their accounts as they should? I may decide to ask that host to turn this stuff on or fix the issues so I can use the account as normal. my other host works just fine so I don't know why this one decided to limit options? This guy is sort of an ******* and expects everyone to know everything.... so when i bring it up he will most likely have a smart ass answer and i will decide to move and loose my money....

 

Jeff

 

Create a .php page containing only the following:

 

<?php

phpinfo();

?>

 

View that page in IE or Firefox. Look for the "disable_functions" directive and post back with what is listed there for the Local and Master Values (usually the same).

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated