2023/03/23 15:34:52 [error] 572838#0: *263 FastCGI sent in stderr: “PHP message: PHP Warning: Undefined array key “v_debug_mode” in /usr/local/hestia/web/edit/server/index.php on line 410” while reading response header from upstream, client: IP, server: _, request: “POST /edit/server/ HTTP/1.0”, upstream: “fastcgi://unix:/run/hestia-php.sock:”, host: “DOMAIN”, referrer: “https://DOMAIN/edit/server/”
Judging by the error messages, the problem lies in undefined variables and array keys in the files /usr/local/hestia/web/edit/server/index.php and /usr/local/hestia/web/templates/pages/edit_web.php .
Undefined array key “v_debug_mode” error on line 410 of the file index.php indicates that the array probably does not contain the “v_debug_mode” key. You can add a check for the existence of this key before using its value. For example, you can replace:
help me
Need to debug this currently busy with many other things…
Thanks for the information, I just wanted to know if there is a bug or problem on my part in the update and will be solved in future updates, cool update, I wish you good luck in fixing the identified bugs
I noticed it allready before on my test server but had ipv6 also enabled and not for web so I tough that was the issue will check to day
2023/03/25 03:00:13 [error] 282213#282213: *52196 FastCGI sent in stderr: “PHP message: PHP Warning: Access denied: There is a security token mismatch 1679731208 in /usr/share/phpmyadmin/hestia-sso.php on line 165” while reading response header from upstream, client: 178.89.231.78, server: cp.domain.kz, request: “GET /phpmyadmin//hestia-sso.php?database=admin_test&user=admin&exp=1679731208&hestia_token=$2y$10$Rg.EmbYVBY/FhNJrmsPJke7pXwNVlVY28l/SesoAIKz64ayCBVpWq HTTP/2.0”, upstream: “fastcgi://127.0.0.1:9000”, host: “cp.glonin.kz”, referrer: “https://cp.domain.kz/list/db/”
Couldn 't find a solution to this problem ?
I just tested and I have no issues…
if (!password_verify($database . $user . $ip . $time . PHPMYADMIN_KEY, $token)) {
trigger_error(
"Access denied: There is a security token mismatch " . $time,
E_USER_WARNING,
);
This check is always the issue
$database, $user, $token en $time are provided via get url.
IP is taken from the user ip. It is most times the issue…
<?php
/* Hestia way to enable support for SSO to PHPmyAdmin */
/* To install please run v-add-sys-pma-sso */
/* Following keys will get replaced when calling v-add-sys-pma-sso */
define("PHPMYADMIN_KEY", "%PHPMYADMIN_KEY%");
define("API_HOST_NAME", "%API_HOST_NAME%");
define("API_HESTIA_PORT", "%API_HESTIA_PORT%");
define("API_KEY", "%API_KEY%");
class Hestia_API {
/** @var string */
public $hostname;
/** @var string */
public $key;
/** @var string */
public $pma_key;
/** @var string */
private $api_url;
public function __construct() {
$this->hostname = "https://" . API_HOST_NAME . ":" . API_HESTIA_PORT . "/api/";
$this->key = API_KEY;
$this->pma_key = PHPMYADMIN_KEY;
}
/* Creates curl request */
public function request($postvars) {
$postdata = http_build_query($postvars);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $this->hostname);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata);
$answer = curl_exec($curl);
return $answer;
}
/* Creates an new temp user in mysql */
public function create_temp_user($database, $user, $host) {
$post_request = [
"hash" => $this->key,
"returncode" => "no",
"cmd" => "v-add-database-temp-user",
"arg1" => $user,
"arg2" => $database,
"arg3" => "mysql",
"arg4" => $host,
];
$request = $this->request($post_request);
$json = json_decode($request);
if (json_last_error() == JSON_ERROR_NONE) {
return $json;
} else {
trigger_error("Unable to connect over API please check api connection", E_USER_WARNING);
return false;
}
}
/* Delete an new temp user in mysql */
public function delete_temp_user($database, $user, $dbuser, $host) {
$post_request = [
"hash" => $this->key,
"returncode" => "yes",
"cmd" => "v-delete-database-temp-user",
"arg1" => $user,
"arg2" => $database,
"arg3" => $dbuser,
"arg4" => "mysql",
"arg5" => $host,
];
$request = $this->request($post_request);
if (is_numeric($request) && $request == 0) {
return true;
} else {
return false;
}
}
public function get_user_ip() {
// Saving user IPs to the session for preventing session hijacking
$user_combined_ip = "";
if (isset($_SERVER["REMOTE_ADDR"])) {
$user_combined_ip = $_SERVER["REMOTE_ADDR"];
}
if (isset($_SERVER["HTTP_CLIENT_IP"])) {
$user_combined_ip .= "|" . $_SERVER["HTTP_CLIENT_IP"];
}
if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) {
$user_combined_ip .= "|" . $_SERVER["HTTP_X_FORWARDED_FOR"];
}
if (isset($_SERVER["HTTP_FORWARDED_FOR"])) {
$user_combined_ip .= "|" . $_SERVER["HTTP_FORWARDED_FOR"];
}
if (isset($_SERVER["HTTP_X_FORWARDED"])) {
$user_combined_ip .= "|" . $_SERVER["HTTP_X_FORWARDED"];
}
if (isset($_SERVER["HTTP_FORWARDED"])) {
$user_combined_ip .= "|" . $_SERVER["HTTP_FORWARDED"];
}
if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
if (!empty($_SERVER["HTTP_CF_CONNECTING_IP"])) {
$user_combined_ip = $_SERVER["HTTP_CF_CONNECTING_IP"];
}
}
return $user_combined_ip;
}
}
/* Need to have cookie visible from parent directory */
session_set_cookie_params(0, "/", "", true, true);
/* Create signon session */
$session_name = "SignonSession";
session_name($session_name);
@session_start();
function session_invalid() {
global $session_name;
//delete all current sessions
session_destroy();
setcookie($session_name, null, -1, "/");
header("Location: " . dirname($_SERVER["PHP_SELF"]) . "/index.php");
die();
}
$api = new Hestia_API();
if (!empty($_GET)) {
if (isset($_GET["logout"])) {
$api->delete_temp_user(
$_SESSION["HESTIA_sso_database"],
$_SESSION["HESTIA_sso_user"],
$_SESSION["PMA_single_signon_user"],
$_SESSION["HESTIA_sso_host"],
);
//remove session
session_invalid();
} else {
if (isset($_GET["user"]) && isset($_GET["hestia_token"])) {
$database = $_GET["database"];
$user = $_GET["user"];
$host = "localhost";
$token = $_GET["hestia_token"];
if (is_numeric($_GET["exp"])) {
$time = $_GET["exp"];
} else {
$time = 0;
}
if ($time + 60 > time()) {
//note: Possible issues with cloudflare due to ip obfuscation
$ip = $api->get_user_ip();
if (!password_verify($database . $user . $ip . $time . PHPMYADMIN_KEY, $token)) {
trigger_error(
"Access denied: There is a security token mismatch " . $time,
E_USER_WARNING,
);
session_invalid();
} else {
$id = session_id();
//create a new temp user
$data = $api->create_temp_user($database, $user, $host);
if ($data) {
$_SESSION["PMA_single_signon_user"] = $data->login->user;
$_SESSION["PMA_single_signon_password"] = $data->login->password;
$_SESSION["PMA_single_signon_host"] = $host;
//save database / username to be used for sending logout notification.
$_SESSION["HESTIA_sso_user"] = $user;
$_SESSION["HESTIA_sso_database"] = $database;
$_SESSION["HESTIA_sso_host"] = $host;
@session_write_close();
setcookie($session_name, $id, 0, "/");
header("Location: " . dirname($_SERVER["PHP_SELF"]) . "/index.php");
die();
} else {
session_invalid();
}
}
} else {
trigger_error(
"Link has been expired: System time: " .
time() .
" / Time provided in link: " .
$time,
E_USER_WARNING,
);
session_invalid();
}
}
}
} else {
session_invalid();
}
Replace /usr/share/phpmyadmin/hestia-sso.php
And replace:
define(“PHPMYADMIN_KEY”, “%PHPMYADMIN_KEY%”);
define(“API_HOST_NAME”, “%API_HOST_NAME%”);
define(“API_HESTIA_PORT”, “%API_HESTIA_PORT%”);
define(“API_KEY”, “%API_KEY%”);
With the existing values
Thanks, I’ll try, what is PHPMYADMIN_KEY and what password does it contain?, I noticed that the password is the same as in mysql.conf, how can I change it?
v-delete-sys-pma-sso and v-add-sys-pma-sso
and everything worked. BUT! there is an error if you use the Proxy Template to log in to the panel How to remove port number from IP address / Redirect Hestia control panel port from 8083 to 80 (Web)? - #9 by Darkle
then single sign-on stops working.
That for example cp.domain.kz / error hestia-sso.php
cp.domain.kz:8083/ everything works with hestia-sso.php
nginx proxy probally add an additional ip to the list that is lacking from direct access it is the same with
Something I didn’t understand you at all (what do I need to do on my vds
Good afternoon, my mistake is still relevant. Where should I dig to solve it ?. Also hestia-sso.php does not work if I use proxying 8083 cp.stpl, cp.tpl.
Proxing still doesn’t work…
1 Like
Is it still in the works ?, and wait for a fix in future updates ?
I have the same issue with phpmyadmin sso.
phpmyadmin opens login page.
i am getting the following error: Unable to connect over API please check api connection.
I already followed the documentation Database & phpMyAdmin SSO | Hestia Control Panel but it didn’t work.
I also disabled the API and enabled it again and it didn’t work.
Make sure the api connection works …
Tell me, have you solved the problem with the design yet ?
Feel free to test…
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.