phpMyAdmin 4.8.0

DirectAdmin Support

Administrator
Staff member
Joined
Feb 27, 2003
Messages
9,158
Hello,

phpMyAdmin 4.8.0 was released:
https://www.phpmyadmin.net/news/2018/4/7/phpmyadmin-480-released/

There was a delay in getting this into CustomBuild 2, due to changes in the logging format.
They've added a new AuthLog format, which is great (allows direct logging to a file).. however, the format didn't 'quote' the user or IP values logged, so the brute force scanning could just have a new filter entry added (limitation of DA with regards to the brute_filter.list)

For now:
CustomBuild 2.0 will use the new AuthLog format, but will add a patch to the 4.8.0 version of PMA to change the format from:
Apr 15 18:19:17 phpmyadmin: user denied: asdf (mysql-denied) from 192.168.1.2

to be:
Apr 15 18:19:17 phpmyadmin: user denied: 'asdf' (mysql-denied) from '192.168.1.2'

so that CB2 can then add a phpmyadmin3= filter entry to the brute_filter.list file, that can be used right away with any DA version.

Later:
DirectAdmin 1.53.1 will have this change:
https://www.directadmin.com/features.php?id=2112

so the ip_until=NULL can be used, so it uses the IP until the end of the line.
The limitation was that ip_until=? had to be specified, but couldn't use \0 or anything like that, so the logging format had to be changed, just for now.
Once 1.53.1 is out, then we no longer need to patch PMA at all (woohoo!) and then it will use the brute_filter.list entry phpmyadmin4= which uses ip_until=NULL (end of string)

Let us know if you run into any issues.

Failed logins should be stored in:
/var/www/html/phpMyAdmin-4.8.0/log/auth.log

and make sure DA is picking them up, by looking for a "Filter" column called "phpmyadmin3".

The pre-release version of DA does have the ip_until=NULL method, but CB2 won't know that anyway an will still patch for the single quotes, so not much point at the moment.

John
 
Problems php fatal error

Blank page.
[proxy_fcgi:error] [pid 761: AH01071: PHP Fatal error: Unknown: Failed opening required '/var/www/html/phpMyAdmin/index.php' (include_path='.:/usr/local/php56/lib/php') in Unknown on line 0\n', referer

Session save path tmp is in 50-webapps.ini as before, also suhosin parts to in that file and in php.ini in the php56 directory
and in 10-directadmin.ini ofcourse as https://forum.directadmin.com/showthread.php?t=51355

worked before but didn't tested login for a longer time now.
custombuild gui script 2.0.0 (rev: 1874) custombuild script latest
Build phpMyAdmin
Version 4.8.1-all-languages

Centos 7.5x
Apache 2.4.33 Running
Php 5.6.36 Installed in fpm


EDIT:::

Seems solved:
Don't know how i did ./build update and ./build phpmyadmin and restart httpd but after that no change
After a while and another reboot of the computer i'm working with phpmyadmin is shown without error
So must be i think something with sessions / cookies on server holding old/wrong ones?
Then the browser is have some in cache but strange i did delted them also few times before.
(i didn't a rewrite configs because don't needed, and first wanted to find out cause, now i still don't know. ;)
 
Last edited:
Got same error here.. dont know if related to logs though.

I was using previous PhpMyAdmin version without problems earlyer today.
Then i updated to latest DirectAdmin 1.55, CustomBuild2.0 1.0.23, then updated LetsEncrypt via CB. Untill now all went OK.

So running the latest versions, i then updated PhpMyAdmin to 4.8.4 via CB, which seems to go fine:

Code:
Executing /usr/local/directadmin/plugins/custombuild/admin/build phpmyadmin...
Using pma_auth_logging-4.8.patch to add quotes in logging, so brute_filter.list can find the IPs
Adding AuthLog to /var/www/html/phpMyAdmin-4.8.4-all-languages/config.inc.php
Adding PmaNoRelation_DisableWarning to /var/www/html/phpMyAdmin-4.8.4-all-languages/config.inc.php
Patching phpMyAdmin to log failed authentications for BFM...
patching file libraries/classes/Logging.php
phpMyAdmin 4.8.4-all-languages installation is done.
Done!

But nope, it now shows (an empty white page) error 500.
So the Apache log says:

Code:
[Wed Dec 12 11:06:27.245565 2018] [proxy_fcgi:error] [pid XXXXX:tid XXXXXXXXXXXXXXX] [client XXX.XXX.XXX.XXX:51332] AH01071: Got error 'PHP message: PHP Fatal error:  Unknown: Failed opening required '/var/www/html/phpMyAdmin/index.php' (include_path='.:/usr/local/php71/lib/php') in Unknown on line 0\n'

I dont really understand what this error message is trying to tell me.
I have tried..
- looking at/in mentioned files
- rebuilding, removing, reinstalling PhpMyAdmin.
- searching online for similar errors (and found this thread)
- other browsers and such. (because of @ikkeben comment)
- Testfile with phpinfo() and identical file permissions, it works.

I have an mostly identical server .. that did NOT have this problem, :) after upgrading from/to the same versions. So i guess its got to do with configuration?

So what differs.. the working server still uses PHP5 as primary (although PHP7 secondary is used by all users). Perhaps it has less disable_functions restrictions, not sure.
The PMA- server is running PHP7 primary for years. I remember having to config/fix DA (and webapps?) back then to makethem working. Perhaps there is some config involved i cant find..?
 
Last edited:
I just discovered that recreating a previously deleted (by CB upgrade/downgrade) phpinfo.php testfile in the phpMyAdmin folder results in the same error. Using a new filename fixed it again.

Try and restart PHP-FPm if you use it and Apache.
Yes thank you Alex! This fixed it.. didnt restart php before.

I wonder if this has to do with opcache being enabled somehow.. or is this just normal php-fpm behaviour?
 
Last edited:
Back
Top