Error with phpMyAdmin 3.5.4 showing Blank Screen

Earlier this week, I was going to update some database tables and attempted to log in to phpMyAdmin when I got a blank screen. If you’ve ever programed much in PHP, a blank screen almost always means one of two things:

  1. You never accessed the PHP file
  2. The PHP Script had a fatal error and error codes are set to off

After some debugging (detailed below) it turns out phpMyAdmin v3.5.4 has a fatal error where the script files are loaded in the wrong order. With PHP errors fully on, PHP kicked “Fatal error: Call to undefined function PMA_sanitize() in /usr/share/phpMyAdmin/libraries/Message.class.php on line 540”. All it took to fix was adding a line to call the sanitizing libraries before allowing the message class to be loaded. Hopefully Amazon’s repository will be updated with v3.5.5 soon, so no one else encounters this problem.

Debugging Blank Screen

Accessing the PHP Issue

For me, I found out after the fact that this step was not even necessary, but that is how debugging goes.

  1. Log into your AWS via SCP (like WinSCP)
  2. Find you installation of phpMyAdmin (the default YUM installed phpMyAdmin on an AWS Linux system is /usr/share/phpMyAdmin)
  3. Open the file “index.php” and add the following two lines on two new lines directly after the “<?php” at the beginning of the document. (‘echo “I AM phpMyAdmin”;’ and ‘exit;’) and save the file.
    • <?php
    • echo “I AM phpMyAdmin”;
    • exit;
    • /* vim: set expandtab sw=4 ts=4 sts=4: */
    • /**
  4. Attempt to access phpMyAdmin as you normally would. You should see a white screen with “I AM phpMyAdmin” on it. If you do, delete the two lines you just added, save the file and try to access phpMyAdmin again. If you get a blank screen this time then skip to the next section, since the web server is accessing phpMyAdmin.
  5. Log into your AWS server via a SSH client (like PUTTY)
  6. Type “sudo su” to transfer to the root user
  7. Restart the Apache2 web server (type “service httpd restart”). You should get two “OK”s
  8. Attempt to access phpMyAdmin as you normally would. You should see a white screen with “I AM phpMyAdmin” on it. If you do, delete the two lines you just added, save the file and try to access phpMyAdmin again. If you get a blank screen this time then skip to the next section, since the web server is accessing phpMyAdmin.
  9. Open the “phpMyAdmin.conf” file for apache2. The default AWS Linux location is /etc/httpd/conf.d/phpMyAdmin.conf.
  10. The default installation prevents everything but the localhost from accessing phpMyAdmin. Most likely you will add an exception for your computer’s IP address, or that of your VPN system. DO NOT, as per phpMyAdmin’s instructions, add the line “Require 0.0.0.0” or “Allow All” or “Allow 0.0.0.0”. All three of these settings create significant security holes. The resilience to brute force attacks is minimal and you will be hacked eventually.
  11. Restart the Apache2 web server (type “service httpd restart”). You should get two “OK”s
  12. Attempt to access phpMyAdmin as you normally would. You should see a white screen with “I AM phpMyAdmin” on it. If you do, delete the two lines you just added, save the file and try to access phpMyAdmin again. If you get a blank screen this time then skip to the next section, since the web server is accessing phpMyAdmin.
  13. Remove phpMyAdmin and reinstall it.

Identifying Fatal PHP Error

These steps identified the real problem and allowed for the quick patch.

  1. Log into your AWS server via a SCP client (like WinSCP)
  2. Open the apache2 configuration file for phpMyAdmin (“/etc/httpd/conf.d/phpMyAdmin.conf”) and add the following lines to the “<Directory /usr/share/phpMyAdmin/>” then save the file.

        <IfModule mod_php5.c>
    php_admin_flag engine on
    php_admin_value display_errors on
    php_admin_value error_reporting 30711
    php_admin_flag ini_set on
    </IfModule>

  3. Log in to your AWS server via SSH and restart apache2 (“service httpd restart”)
  4. Attempt to access phpMyAdmin as you normally would. Instead of a blank screen, you should get an error message along the lines of “Fatal error: Call to undefined function PMA_sanitize() in /usr/share/phpMyAdmin/libraries/Message.class.php on line 540”
  5. Open the file “/usr/share/phpMyAdmin/libraries/Message.class.php”
  6. At the top of the header comments, add the line “require_once(‘./libraries/sanitizing.lib.php’);”
  7. Save the Message.class.php file.
  8. Attempt to access phpMyAdmin as you normally would. It should work fine now. If you want to, you can go back to the apache2 phpMyAdmin configuration file (/etc/httpd/conf.d/phpMyAdmin.conf) and remove the lines you entered. If you have a public installation of phpMyAdmin, then you should remove them for security reasons.
Advertisements

Installing and Configuring phpMyAdmin on AWS Amazon Linux AMI running Apache2 PHP and MySQL

Installing and Configuring phpMyAdmin on AWS Amazon Linux AMI running Apache2, PHP and MySQL (see the links for instructions on installing each software package).

This is actually really easy, assuming you are using the base version of PHP (5.3.X) from the AWS package repository. YUM has phpMyAdmin as a package and most of the default settings work just fine. The first time I install on an AWS instance it took maybe 15 minutes to complete.

Installing phpMyAdmin

These instructions assume you have already setup an AWS instance and have an SSH client (like PuTTY) available and a SCP client (like WinSCP) to use when editing the configuration files.

  1. Log in to your instance via the SSH client. Transfer to the root user (“sudo su”).
  2. Use YUM to install phpMyAdmin
  3. Press “Y” when it asks if you want to install phpMyAdmin
  4. Open the SCP client and go to the apache2 configuration files directory (default is “/etc/httpd/conf.d”)
  5. Open the “phpMyAdmin.conf” file.
  6. Add an access exception to apache2 authentication protocol. There are three safe ways to allow access to phpMyAdmin;
    1. Allow Exception from a static IP Address Under the Directory tag “/usr/share/phpMyAdmin/”, add the following line at the end of the <IfModule mod_authz_core.c><RequreAny> tag, “Require ip XXX.XXX.XXX.XXX” and the following line at the end of the <IfModule !mod_authz_core.c> tag, “Allow from XXX.XXX.XXX.XXX”. In each situation you should be replace XXX.XXX.XXX.XXX with the actual IP address.
    2. Allow access from a VPN You will need a Virtual Private Network setup already, which is well beyond these instructions. Under the Directory tag “/usr/share/phpMyAdmin/”, add the following line at the end of the <IfModule mod_authz_core.c><RequreAny> tag, “Require ip XXX.XXX.XXX.XXX” and the following line at the end of the <IfModule !mod_authz_core.c> tag, “Allow from XXX.XXX.XXX.XXX”. In each situation you should be replace XXX.XXX.XXX.XXX with the actual IP address.
    3. Use SSL Certificate for authentication These instructions are not complete yet.
  7. Save the edited “phpMyAdmin.conf” file.
  8. Verify the installation occurred correctly by starting/restarting the httpd service (in SSH “service httpd restart”)

Summary of command line inputs

  • $ sudo su
  • $ yum install phpmyadmin
  • …..
  • Do you want to install phpMyAdmin 5.x (Y/N): Y
  • $ service httpd restart

First few lines of phpMyAdmin.conf file with default installation path, edited for access by a single IP address

# phpMyAdmin – Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

<Directory /usr/share/phpMyAdmin/>
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 127.0.0.1
Require ip ::1
Require ip XXX.XXX.XXX.XXX
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
Allow from XXX.XXX.XXX.XXX
</IfModule>
</Directory>

Configuring phpMyAdmin

The default configuration of phpMyAdmin needs only a few changes to get it working correctly.

  1. Log in to your instance via the SCP client (like WinSCP)
  2. Open the phpMyAdmin base directory (default AWS installation directory is “/usr/share/phpMyAdmin”)
  3. Open the file “config.sample.inc.php”
  4. Go down to the line “$cfg[‘blowfish_secret’] = ‘XXXXXXXX’;” where XXXXXX is some alphanumeric combination. Add a bunch more letters and numbers within the single quotes.
  5. Go down to the line “$cfg[‘Servers’][$i][‘controlhost’]” and make sure it is uncommented. After it, add “= ‘localhost’;”
  6. The next line should be “$cfg[‘Servers’][$i][‘controluser’]”and make sure it is uncommented. After it, add “= ‘USERNAME’;” where USERNAME is the username you want to log into phpMyAdmin using.
  7. The next line should be “$cfg[‘Servers’][$i][‘controlpass’]”and make sure it is uncommented. After it, add “= ‘PASSWORD’;” where PASSWORD is the password associated with the previously entered username.
  8. Save the file as “config.inc.php”.
  9. Use YUM to install phpMyAdmin
  10. Press “Y” when it asks if you want to install phpMyAdmin
  11. Open the SCP clint and go to the apache2 configuration files directory (default is “/etc/httpd/conf.d”)
  12. Open the “phpMyAdmin.conf” file.
  13. Direct your browser to “http://XXX.XXX.XXX.XXX/phpMyAdmin&#8221; where XXX.XXX.XXX.XXX is the IP address of your server. You should be prompted for a username and login. Enter the pair you just saved in the config file and you should run phpMyAdmin.

Installing Common PHP Extensions

PHP is a simpler programming language which offers the power of the more complex object orientated languages without some of the more complex data management issues. PHP is commonly used to develop dynamic web content, especially content based upon a database like MySQL. PHP is an on-demand compiled language, where it uses the Apache2 web server to compile the PHP code when the script is run.

In a practical sense, you must have Apache installed to use PHP on your server. If you do not have Apache currently installed, instructions can be found here. Instructions for installing PHP after you have installed Apache can be found here.

The base PHP distribution comes with a lot of the core features, but only core type features. You will often run across situations where you need a PHP Extension or Application Library. PHP extensions are divided between 2 repositories; PECL and PEAR. The difference between the repositories is the type of files each contain. PECL contains C compiled files while PEAR contains special PHP classes. This makes the PECL extensions faster and more powerful than PEAR extensions, however they can have robustness issues since programming in C is much more challenging.

Installing PECL

These instructions assume you have already setup an AWS instance and have an SSH client (like PuTTY) available.

  1. Log in to your instance via the SSH client. Transfer to the root user.
  2. Use PECL to install pecl extension
  3. Press “Y” when it asks if you want to install the extension. Depending on the extension, there may be multiple options you can choose during the installation.
  4. Verify the installation occurred correctly by starting/restarting the httpd service

Summary of command line inputs (example uses pecl_http extension)

  • $ sudo su
  • $ pecl install pecl_http
  • …..
  • $ service httpd restart

Popular PECL extensions

Extension Description PHP-Devel?
pecl_http HTTP request & response processing Y
mailparse Parsing email addresses N

Installing PHP-Devel

Some of the extensions, the PECL ones in particular, require the php-developer package to work properly. If you get an error like “needs php-devel to be installed’ when you attempt to install a package, you will need to install the php-developer package.

These instructions assume you have already setup an AWS instance and have an SSH client (like PuTTY) available.

  1. Log in to your instance via the SSH client. Transfer to the root user.
  2. Use YUM to install PHP-Devel
  3. Press “Y” when it asks if you want to install the extension.
  4. Verify the installation occurred correctly by starting/restarting the httpd service

Summary of command line inputs

  • $ sudo su
  • $ yum install php-devel
  • …..
  • Do you want to install PHP-Devel (Y/N): Y
  • $ service httpd restart

Note about PHP-Devel

When I installed PHP-Devel it changed the ownership and permissions of my session directory. This caused session_start() to fail with a “Permission Denied (13)” error. To fix the error I had to change the ownership back to the Apache user/group that is used when PHP is run on the session directory.

Installing and Configuring PHP on AWS Amazon Linux AMI with Apache2

Apache2 is the standard Linux web server. It deals with all of the http and https requests sent to the server and complies PHP scripts. PHP is a simpler programming language which offers the power of the more complex object orientated languages without some of the more complex data management issues. PHP is commonly used to develop dynamic web content, especially content based upon a database like MySQL.

In a practical sense, you must have Apache installed to use PHP on your server. If you do not have Apache currently installed, instructions can be found here.

Installing PHP

These instructions assume you have already setup an AWS instance and have an SSH client (like PuTTY) available.

  1. Log in to your instance via the SSH client. Transfer to the root user.
  2. Use YUM to install php
  3. Press “Y” when it asks if you want to install PHP
  4. Verify the installation occurred correctly by starting/restarting the httpd service

Summary of command line inputs

  • $ sudo su
  • $ yum install httpd
  • …..
  • Do you want to install PHP 5.x (Y/N): Y
  • $ service httpd restart

Configuring PHP

The default configuration of PHP is just fine to use for 90% of applications. If you are going to be doing development on the server, it would be appropriate to make a few changes to the php.ini file for the particular development server. These changes should occur in the Apache2 hosting configurations (“/etc/httpd/conf.d/vhosts.conf” in the previous Apache2 instructions). The major issue you would want to change is turning off safe mode.