Before you start the ambitious undertaking of debugging your PHP-Nuke installation, you should download and run some tools that may shorten the search path and save you some headaches:
test.php is a "quick'n dirty" script to help you find out if you could connect to the database and how your PHP configuration looks like. Put the following lines in a file, name it test.php,
upload it in the same directory where you have your config.php and tell your browser to open it (see Warning: Invalid
argument supplied for foreach()):
If everything is right, you will only see the PHP info. Otherwise, you will see a descriptive message of the error first (in the first line) and also the PHP info. You can use the output to
determine various parameters of your PHP configuration, like version numbers, libraries, paths and variables. Whenever you ask yourself if you have feature X enabled, remember to run this small
script and search its output for a string that describes the feature. You will most probably find the answer there. Conversely, if you don't find the answer in the output of test.php (i.e. the output
of the phpinfo() function), you will probably not find it easily.
The ConnectTest.php script from Humpa is a more elaborate test script that you
can help with database connection problems. Download and save it with a .php ending (it comes with a .txt ending to prevent the web server from interpreting the PHP code in it). You should put the
ConnectTest.php file in the PHP-Nuke root directory, i.e. in the same directory where also config.php is located. Then you just tell your browser to open it.
<?php
if($phpinfo=="phpinfo") {
phpinfo();
die();
}
require_once("config.php");
$dbcheck = mysql_connect("$dbhost", "$dbuname", "$dbpass");
if (!$dbcheck) {
echo mysql_error();
echo "<br><b>The Connection Test Script was unable to connect
to the MySQL server!<br>One or more of these variables are wrong in
your config.php:</b> <font color=purple><b>\$dbhost=\"<i>$dbhost</i>\",
\$dbuname=\"<i>$dbuname</i>\", and/or \$dbpass=\"*<i>hidden</i>*\"
</b></font><br>";
echo "<br>Now, please don't say that you <u>are</u> using the
correct values - say it to your mysql server, because that is who(what?)
is stopping you. : )<br>";
echo "Email your web host and ask them what to use for a mysql
username and password.<br>";
echo "PHP Manual, function:
<a href=\"http://www.php.net/manual/en/function.mysql-connect.php\"
target=\"_blank\">mysql_connect</a><br>";
echo "If you are the server, perhaps you just need to create
a mysql user instead of using your root user.<br>";
die("<br><a href=\"$_SERVER[PHP_SELF]?phpinfo=phpinfo\">
phpinfo</a>");
}else{
echo "<a href=\"$_SERVER[PHP_SELF]?phpinfo=phpinfo\">
phpinfo</a><br><br>";
echo "<font color=red><b>If everything looks good, but you
still have problems, get the ";
echo "<a href=\"http://nukecops.com/downloads-cat-7.htm\">
analyzer from NukeCops</a></b></font><br><br>";
echo "<b>Connection Test Script connected to your MySQL server
successfully!<br>";
echo "<br>\$dbuname = \"$dbuname\";<br>\$dbtype = \"$dbtype\";
<br>\$prefix = \"$prefix\";<br>\$user_prefix = \"$user_prefix\";<br>";
if (mysql_select_db($dbname)) {
echo "<br>Connection to your database \"
<font color=purple>$dbname</font>\" was also successful.<br>";
$result = mysql_list_tables($dbname);
if (!$result) {
print "DB Error, could not list tables\n";
print 'MySQL Error: ' . mysql_error();
die();
}
$i=0;
$stufftoprint = "";
while ($row = mysql_fetch_row($result)) {
$tablename = $row[0];
if($tablename == "".$prefix."_authors") {
$result4 = mysql_query("select aid from $tablename");
while(list($admin_name) = mysql_fetch_row($result4)) {
$admin_names .= "$admin_name, ";
}
}
$result3 = mysql_query("select * from $tablename");
$numFields = mysql_num_fields($result3);
$numRows = mysql_num_rows($result3);
$rows = "rows";
$fields = "fields";
if($numFields == 1) {$fields = "field";}
if($numRows == 1) {$rows = "row";}
$stufftoprint .= "Table: <font color=purple>$tablename
</font> ($numFields $fields / $numRows $rows)\n<br>";
$i++;
}
if($dbtype != "MySQL" AND eregi("mysql",$dbtype)) {
echo "<br><font color=red><b>But, you need to set </b>
</font><font color=purple><b> \$dbtype = \"MySQL\"; </b></font>";
echo "<font color=red><b> in your config.php!!!!!!!!</b></font><br>";
}
echo "<br>There are <font color=purple>$i tables</font> in your \"
<font color=purple>$dbname</font>\" database<br>";
echo "(by default, there are 89 fields in phpnuke 6.5 and 76 fields
in phpnuke 6.0)<br>";
if($i<66) {
echo "<br><font color=red><b>You don't seem to have all the
tables installed.<br>Get the ";
echo "<a href=\"http://www.nukeresources.com/modules.php?name=Downloads
&d_op=viewdownload&cid=79\">Web Installer</a> for your version of
phpnuke</b></font><br>";
}
echo "<br>These are the admin names (aid) in your nuke_authors
table: <font color=purple>$admin_names</font><br>";
echo "<br>Now check this list of tables with your nuke.sql file:<br><br>$stufftoprint</b>";
}else {
if(mysql_query("CREATE DATABASE $dbname")) {
echo "<br>Your database \"$dbname\" did not exist,
but this script just created it sucessfully<br>";
echo "Now, you need to get the appropriate
<a href=\"http://www.nukeresources.com/modules.php?name=Downloads
&d_op=viewdownload&cid=79\">";
echo "Web Installer from nukeresources.com</a>";
die();
}
echo "<br>However, the \"$dbname\" database does not exist.
If that is not the correct name, then put in the correct ";
echo "name for<br><font color=purple>
\$dbname =\"$dbname\";</font> (in your config.php)
<br>If you have not created the database yet, then ";
echo "create it. If you are not the server, then ask your
web host to create it for you.<br>";
echo "<br>Then, get the appropriate
<a href=\"http://www.nukeresources.com/modules.php?name=Downloads
&d_op=viewdownload&cid=79\">";
echo "Web Installer from nukeresources.com</a>";
}
}
?>
The analyze.php script from Paul Laudanski (a.k.a. Zhen-Xjell) is the most elaborate from all the three script presented here. Rename the file to "analyze.php", transfer it to the same place that your config.php file is found and call it
from your browser. For a preview of what it reports, run analyze.php for the nukecops site. The code has been successfully tested for Nuke
versions 6.5B6, 6.5B5, 6.0, 5.6.
Figure 3-25. analyze.php: MySQL connection transcript.
analyze.php: MySQL connection transcript.
The script not only tests your MySQL database connection (see Figure 3-25), but also displays information on:
config.php settings
SMTP (mail server) settings
GD (graphics) library settings
Databases
Modules
Blocks
Notices
Ranks
Administrators and Moderators
php,ini settings
Security code
Recursive file listing along with resource permissions
Figure 3-26. analyze.php: MySQL security warning.
analyze.php: MySQL security warning.
It also checks for MySQL (see Figure 3-26) and PHP (see Figure 23-1)
vulnerabilities and reports them to you if they need to be patched.
