1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
--TEST--
mysqli_real_connect()
--EXTENSIONS--
mysqli
--SKIPIF--
<?php
require_once 'skipifconnectfailure.inc';
?>
--INI--
mysqli.allow_local_infile=1
--FILE--
<?php
include 'connect.inc';
// ( mysqli link [, string hostname [, string username [, string passwd [, string dbname [, int port [, string socket [, int flags]]]]]]]
if (!$link = mysqli_init())
printf("[002] mysqli_init() failed\n");
if (!mysqli_real_connect($link, $host, $user, $passwd, $db, $port, $socket))
printf("[003] Cannot connect to the server using host=%s, user=%s, passwd=***, dbname=%s, port=%s, socket=%s\n",
$host, $user, $db, $port, $socket);
mysqli_close($link);
if (!$link = mysqli_init())
printf("[004] mysqli_init() failed\n");
if (false !== ($tmp = mysqli_real_connect($link, $host, $user . 'unknown_really', $passwd . 'non_empty', $db, $port, $socket)))
printf("[005] Expecting boolean/false got %s/%s. Can connect to the server using host=%s, user=%s, passwd=***non_empty, dbname=%s, port=%s, socket=%s\n", gettype($tmp), $tmp, $host, $user . 'unknown_really', $db, $port, $socket);
// Run the following tests without an anoynmous MySQL user and use a password for the test user!
ini_set('mysqli.default_socket', $socket);
if (!mysqli_real_connect($link, $host, $user, $passwd, $db, $port)) {
printf("[006] Usage of mysqli.default_socket failed\n");
} else {
mysqli_close($link);
if (!$link = mysqli_init())
printf("[007] mysqli_init() failed\n");
}
ini_set('mysqli.default_port', $port);
if (!mysqli_real_connect($link, $host, $user, $passwd, $db)) {
printf("[008] Usage of mysqli.default_port failed\n");
} else {
mysqli_close($link);
if (!$link = mysqli_init())
printf("[009] mysqli_init() failed\n");
}
ini_set('mysqli.default_pw', $passwd);
if (!mysqli_real_connect($link, $host, $user)) {
printf("[010] Usage of mysqli.default_pw failed\n") ;
} else {
mysqli_close($link);
if (!$link = mysqli_init())
printf("[011] mysqli_init() failed\n");
}
ini_set('mysqli.default_user', $user);
if (!mysqli_real_connect($link, $host)) {
printf("[012] Usage of mysqli.default_user failed\n") ;
} else {
mysqli_close($link);
if (!$link = mysqli_init())
printf("[011] mysqli_init() failed\n");
}
ini_set('mysqli.default_host', $host);
if (!mysqli_real_connect($link)) {
printf("[014] Usage of mysqli.default_host failed\n") ;
} else {
mysqli_close($link);
if (!$link = mysqli_init())
printf("[015] mysqli_init() failed\n");
}
// CLIENT_MULTI_STATEMENTS - should be disabled silently
if (!mysqli_real_connect($link, $host, $user, $passwd, $db, $port, $socket, 65536))
printf("[016] [%d] %s\n", mysqli_errno($link), mysqli_error($link));
if ($res = mysqli_query($link, "SELECT 1 AS a; SELECT 2 AS b")) {
printf("[017] Should have failed. CLIENT_MULTI_STATEMENT should have been disabled.\n");
var_dump($res->num_rows);
mysqli_next_result($link);
$res = mysqli_store_result($link);
var_dump($res->num_rows);
}
mysqli_close($link);
if (!$link = mysqli_init())
printf("[018] mysqli_init() failed\n");
if (ini_get('open_basedir')) {
// CLIENT_LOCAL_FILES should be blocked - but how to test it ?!
if (!mysqli_real_connect($link, $host, $user, $passwd, $db, $port, $socket, 128))
printf("[019] [%d] %s\n", mysqli_errno($link), mysqli_error($link));
$filename = sys_get_temp_dir() . DIRECTORY_SEPARATOR . 'mysqli_real_connect_phpt';
if (!$fp = fopen($filename, 'w'))
printf("[020] Cannot open temporary file %s\n", $filename);
fwrite($fp, '100;z');
fclose($fp);
// how do we test if gets forbidden because of a missing right or the flag, this test is partly bogus ?
if (mysqli_query($link, "LOAD DATA LOCAL INFILE '$filename' INTO TABLE test FIELDS TERMINATED BY ';'"))
printf("[021] LOAD DATA INFILE should have been forbidden!\n");
unlink($filename);
}
mysqli_close($link);
var_dump($link);
ini_set('mysqli.default_host', 'p:' . $host);
$link = mysqli_init();
if (!@mysqli_real_connect($link)) {
printf("[022] Usage of mysqli.default_host=p:%s (persistent) failed\n", $host) ;
} else {
if (!$res = mysqli_query($link, "SELECT 'mysqli.default_host (persistent)' AS 'testing'"))
printf("[023] [%d] %s\n", mysqli_errno($link), mysqli_error($link));
$tmp = mysqli_fetch_assoc($res);
if ($tmp['testing'] !== 'mysqli.default_host (persistent)') {
printf("[024] Result looks strange - check manually, [%d] %s\n",
mysqli_errno($link), mysqli_error($link));
var_dump($tmp);
}
mysqli_free_result($res);
mysqli_close($link);
}
ini_set('mysqli.default_host', 'p:');
$link = mysqli_init();
if (@mysqli_real_connect($link)) {
printf("[025] Usage of mysqli.default_host=p: did not fail\n") ;
mysqli_close($link);
}
@mysqli_close($link);
try {
mysqli_real_connect($link, $host, $user, $passwd, $db, $port, $socket);
} catch (Error $exception) {
echo $exception->getMessage() . "\n";
}
print "done!";
?>
--EXPECTF--
Warning: mysqli_real_connect(): (%s/%d): Access denied for user '%s'@'%s' %r(\(using password: \w+\) ){0,1}%rin %s on line %d
object(mysqli)#%d (%d) {
["client_info"]=>
string(%d) "%s"
["client_version"]=>
int(%d)
["connect_errno"]=>
int(%d)
["connect_error"]=>
NULL
}
mysqli object is already closed
done!
|
