Search code examples
phpfacebookfacebook-graph-apiopen-basedir

Facebook api: "open_basedir restriction in effect"

I've uploaded my script for facebook login, based on facebook php api 4.0,on a web hosting which supports php 5.4, but I'm getting

Warning: is_readable(): open_basedir restriction in effect. File(/dev/urandom) is not within the allowed path(s): (/home/myuserid:/usr/lib/php:/tmp) in /home/myuserid/public_html/Facebook/FacebookRedirectLoginHelper.php on line 244

Here are line 244 of the file and some of the following

if (is_readable('/dev/urandom')) {
  $fp = fopen('/dev/urandom', 'rb');
  if ($fp !== FALSE) {
    $buf = fread($fp, $bytes);
    fclose($fp);
    if($buf !== FALSE) {
      return bin2hex($buf);
    }
  }
}

If it could be helpful, here is the basic login script:

<?php
session_start();
require_once('Facebook/Entities/AccessToken.php');
require_once( 'Facebook/FacebookSession.php' );
require_once( 'Facebook/FacebookRedirectLoginHelper.php' );
require_once('Facebook/HttpClients/FacebookHttpable.php');
require_once('Facebook/HttpClients/FacebookCurl.php');
require_once('Facebook/HttpClients/FacebookCurlHttpClient.php');
require_once( 'Facebook/FacebookRequest.php' );
require_once( 'Facebook/FacebookResponse.php' );
require_once( 'Facebook/FacebookSDKException.php' );
require_once( 'Facebook/FacebookRequestException.php' );
require_once( 'Facebook/FacebookAuthorizationException.php' );
require_once( 'Facebook/GraphObject.php' );

use Facebook\FacebookSession;
use Facebook\FacebookRedirectLoginHelper;
use Facebook\FacebookRequest;
use Facebook\FacebookResponse;
use Facebook\FacebookSDKException;
use Facebook\FacebookRequestException;
use Facebook\FacebookAuthorizationException;
use Facebook\GraphObject;

// init app with app id (APPID) and secret (SECRET)
FacebookSession::setDefaultApplication('','');

// login helper with redirect_uri
$helper = new FacebookRedirectLoginHelper( 'http://mysite/fb.php' );

try {
  $session = $helper->getSessionFromRedirect();
} catch( FacebookRequestException $ex ) {
  // When Facebook returns an error
} catch( Exception $ex ) {
  // When validation fails or other local issues
}

// see if we have a session
if ( isset( $session ) ) {
  // graph api request for user data
  $request = new FacebookRequest( $session, 'GET', '/me' );
  $response = $request->execute();
  // get response
  $graphObject = $response->getGraphObject();

//[...] uses data to login
} else {
  // show login url
  echo '<a href="' . $helper->getLoginUrl() . '">Login</a>';
}
?>

Note: locally with easyPHP, the script works perfectly

Solution

  • Most shared hosting providers actively restrict users to prevent them from accessing other users' content and system resources.

    In this case they used the open_basedir option from php.ini which only allows PHP to open files in specified paths, and denies every other access.

    To solve the problem you can either ask them to grant you access to /dev/urandom, which they probably won't do, or replace your code with the following:

    if (function_exists('openssl_random_pseudo_bytes')) {
    return bin2hex(openssl_random_pseudo_bytes($bytes));
}

    The openssl_random_pseudo_bytes function does almost exactly the same and is available on PHP 5.3.0 or higher.