Of Stack

Solution of fsockopen and pfsockopen functions of PHP being disabled by host vendor

  • 2021-07-07 06:49:13
  • OfStack

Perhaps fsockopen, pfsockopen functions do exist security risks, but we have no way of textual research, this is IDC business said, no matter what the reason, anyway, they are disabled these two functions, then how to solve it, the following is the site collation method, I hope to use the students have a reference.

The solution is as follows:

1. Use stream_socket_client () instead

If the server disables both fsockopen and pfsockopen, replace them with other functions, such as stream_socket_client (). Note: stream_socket_client () and fsockopen () have different parameters.

Specific operation:

Search for the string fsockopen in the program (replace it with stream_socket_client), then delete the port parameter "80" from the original fsockopen function and add it to $host.

Examples are as follows:

Before modification: 

$fp = fsockopen($host, 80, $errno, $errstr, 30);

Or 

$fp = fsockopen($host, $port, $errno, $errstr, $connection_timeout);

After modification: 

$fp = stream_socket_client( " tcp:// " .$host. " 80 " , $errno, $errstr, 30);

Or 

$fp = stream_socket_client( " tcp:// " .$host. " : " .$port, $errno, $errstr, $connection_timeout);

2. Rewriting

What if PHP is less than 5.0, fsockopen is disabled, and there is no stream_socket_client ()? Write a function to achieve the function of fsockopen, reference code: 



function b_fsockopen($host, $port, &$errno, &$errstr, $timeout)

{ 

 $ip = gethostbyname($host);    

 $s = socket_create(AF_INET, SOCK_STREAM, 0);

 

 if (socket_set_nonblock($s))

 {    

  $r = @socket_connect($s, $ip, $port);

  

  if ($r || socket_last_error() == EINPROGRESS)

  { 

   $errno = EINPROGRESS;    return $s;    

  }

 }

 

 $errno = socket_last_error($s);

 

 $errstr = socket_strerror($errno);

 

 socket_close($s);

 

 return false;
}

Specific operation:

1. First find the code snippet that uses the fsockopen function, append the above code to it, and search for the string fsockopen (replaced by b_fsockopen (.

2. Because the fsockopen function returns a file pointer, it can be manipulated by a file function, but this b_fsockopen function fails to return a file pointer, and needs to continue modifying the code snippet: use socket_read (replace fread (, use socket_write (replace fwrite (, use socket_close (replace fclose ().

Among the above methods, I used stream_socket_client () instead of problem solving, and the second method was not tried.

Related articles: