Connection to secure FTP Server from PHP

Question

This question is in line with this question , I am trying to connect to secure FTP Server and it is not able to connect, wierd part is that I am able to do ssh and connect to the server but when I try to do it from php code using few different approaches but it is not working

Approaches:

1. FTP Wrappers
2. ftp_connect & ftp_login
3. ftp_ssl_connect
4. ssh2_sftp
5. ssh2-scp-send & ssh2-scp-receive -- Have not tried this approach yet but recommended in comments portion and so would work on this and will post updates later.

Code for Approach 1:

$ftp_server = "ftp://username:password@192.168.1.1:21/{$log_file_name}";
$opts = array('ftp' => array('overwrite' => TRUE));
$context = stream_context_create($opts);
$put_file = file_put_contents($ftp_server, $response, LOCK_EX,$context);

Here also am not able to connect to secure FTP Server, any suggestions as to why it is not able to connect ?

Code for Approach 2:

ftp_server = 'www.server.com';
$conn_id = ftp_connect($ftp_server) or die ("Cannot connect to host");
//Program dies out here and give error message "Cannot connect to host",
//but why ftp_login does not work here, Any Suggestions ?
$ftp_user_name = "login";
$ftp_user_pass = "password";
// login with username and password
$login_result = ftp_login($conn_id, $ftp_user_name, $ftp_user_pass);
// check connection and login result
if ((!$conn_id) || (!$login_result)) 
{ echo "FTP connection has encountered an error!";
  echo "Attempted to connect to $ftp_server for user $ftp_user_name....";
 //exit;
} else 
{ 
 echo "Connected to $ftp_server, for user $ftp_user_name".".....";
}

Code for Approach 3:

Here am using same code as approach 1 but instead of ftp_connect, am using ftp_ssl_connect

Code for Approach 4:

$connection = ssh2_connect('www.server.com', 22);
ssh2_auth_password($connection, 'login', 'password');
$sftp = ssh2_sftp($connection);
//exit();
$stream = fopen("ssh2.sftp://$sftp/path/to/file", 'r');

Can anyone advise why am I not able to connect to secure FTP Server using above approaches but still am able to do so using ssh ?

Are there any other approaches to connect to secure FTP Server using php ?

UPDATE:

Q1. I tried again using ftp_connect but it just died out and why does it dies out, what are the scenarios in which ftp_connect dies out ?

Q2. Do we have only this approaches to connect to the server or are there any other which we can implement ?

Q3. Is this php language related that it does not support secure FTP Connection ? OR there is any other way of doing this using php, if yes than do provide different approaches as it would be very helpful.

UPDATE 1:

I was trying to google more on the issue and it seems that if ftp_connect does not work than firewall could be one of the reason for it. I am not totally sure if that is the case but I am researching more on it and post an update in here if I find anything useful.

Possible Solution :

Problem

If I remove the "or die" then you get the error:

When running from a webpage:

Warning: ftp_login() expects parameter 1 to be resource, boolean given in /var/www/ftp_test.php on line 28

var_dump($conn_id); returns bool(false).

From command line /usr/bin/php /var/www/ftp_test.php

var_dump($conn_id); returns resource(4) of type (FTP Buffer).

Script completes.

Solution 1

This could be one solution :

Try to turn off selinux and here is the way or Search : How to disable selinux for turning it off temporarily or permanently.

Solution 2

If you don't want to turn off selinux completely, you might get what you need by just setting the httpd_can_network_connect using the setsebool command.

Verify that it was previously set to "off": getsebool httpd_can_network_connect

Set it to "on":

setsebool httpd_can_network_connect=1

Turn selinux back on: setenforce 1

Check to be sure php ftp_connect still works when running under httpd.

Set the policy (-P) to "on" so it persists over a reboot:

setsebool -P httpd_can_network_connect=1

Solution 3

There could also be issue with company firewall. Make sure it is configured properly and has access rights set properly.

Solution 4

Another approach is to use cURL : libcurl as it can be used to connect and communicate to many different types of servers with many different types of protocols

Solution 5

There is open source project called PHP Secure Communication Library (phpspeclib) which can be also used to establish secure connection to FTP Server.

Answer 1

This page has what you seek (I think)

http://kevin.vanzonneveld.net/techblog/article/make_ssh_connections_with_php/

and here are the manual pages

http://php.net/manual/en/book.ssh2.php

Answer 2

1. Many cheap webhoster will not give you ssh (hence no ftp via ssh aka sftp) but only ssl-secured ftp aka ftps ( see here ). You might have that problem. As others suggested, use filezilla or another ftp client to test your credits and chosen security method beforehand.

2. ftp_ssl_connect() at least under windows will be a long journey, since you have to compile your own php binaries, see here .

3. As this php contributor rightfully points out , no secure connection is secure, as long as you don't know, who you are talking too, aka „peer certification“ through valid certificates.

4. phpseclib is probably your best bet. But I haven't figure out, how to ensure, it uses peer verification (guessing, the truth is in openssl.conf ...)

5. So even at the time of writing, I wonder more than ever, if peer-validated ftps (ftp with ssl/tls authentification) is possible... also see my question here .

Answer 3

As for ´ftp via ssh´ alias ´sftp´: No direct advice, but note, that many cheap 'non-dedicated server' webhosts do not support it (which is bad). Company firewalls might block the relevant ports.

As for 'ftp using ssl/tls' alias 'ftps': Your answer is here . Don't waste time on ftp_ssl_connect() :-)

(Yes, it's poorly documented on the php site, to say the least)

Answer 4

I, too, encountered quite a lot of issues when dealing with encrypted connections.

First thing is to check the protocol you are looking to use. Secure FTP is most commonly refearing to FTP over SHH but can also mean SCP, SFTP or FTPS.

One way to figure out is to check connecting using a client like filezilla.

If the protocol is handled via a PHP module, the best approach is indeed, to use it. In this case, you need to make sure that, in addition to the protocol-related one, the OPENSSL module is installed for php.

There are some cases where the module support still won't work. In this case, using the libcurl module is one option. This is the case for instance when you need to use a client certificate.

Unfortunately, here again, you may encounter some problems due to the partial support of libcurl in the php module. One scenario I experimented is when the server certificate is judged invalid by the module.

The last solution I usually use is to run the curl binary from an exec statement, for the later case using the "-k" switch.

Answer 5

I tried the phpseclib library and it works in Windows and Linux.

If you are using composer, just add in your require section :

"phpseclib/phpseclib": "0.3.*@dev"

And then, you can do this : http://phpseclib.sourceforge.net/sftp/examples.html#put