Debug file is created

I never said it wasn't created.

I asked

1. PHP Fatal error:  Uncaught Error: Call to undefined function mysqli_report(). What is that?

2. WHY full db name and password are revealed in debug.log, a file publicly available if debug log is enabled.


Just tested the (1) and it seems that fortunately the visitors in case of an issue with the db, do not get the full error of (1) but a generic notice. And that is good.

@dsf

If you enable the debug log in config file yes it creates debug.log file for you to find errors.
Disable in config and file is not generated anymore..... Clear or delete log file after you are done debugging and no info is shown to others who are interested in reading the file.

Good explanation and debug logs shouldn’t be enabled in production states and kept enabled. It should only be left on when to gather clues to identify issues occurred on website then disabled.

Plaintext passwords should never be exposed in debug logs so this needs to be fixed by your hosting provider not osclasspoint. Issue with your MySQL extension going down which signals that your database is trying to connect.

Because nobody is giving you a clear answer, here you go.
The error is most likely caused by the hosting environment, i.e. your webhost had a hiccup (lag, PHP crash etc.), and the MySQLi PHP extension became inaccessible.
If it happens again, check with your hosting company, or move to a better host.

PS: Debug should never be run in production.

Good luck!

Plaintext passwords should never be exposed in debug logs so this needs to be fixed by your hosting provider not osclasspoint.

My hosting provider? For a file created from Osclass script (stack trace)? Dude, you have no idea what you are talking about, sorry. No pun intended but clearly you have no experience in all this.

The error is most likely caused by the hosting environment, i.e. your webhost had a hiccup (lag, PHP crash etc.), and the MySQLi PHP extension became inaccessible.

PS: Debug should never be run in production.

Well, i have upgraded 12 Osclass sites so far from an other release. I work as a freelancer for support to hosting companies, mainly Wordpress and some Osclass.

Debug log is enabled for a while, since the upgrade from other release was hard to do, some db changes were applied and we must monitor customers sites for a while.

So all in all, nothing to do with hosting as you suggest. If any hiccup exists, it is from the script and nothing else.

For now, we had to block all ".log" files from public view, using .htaccess.

Quote from: Digitalcay Limited on October 19, 2022, 12:14:45 PM

Plaintext passwords should never be exposed in debug logs so this needs to be fixed by your hosting provider not osclasspoint.

My hosting provider? For a file created from Osclass script (stack trace)? Dude, you have no idea what you are talking about, sorry. No pun intended but clearly you have no experience in all this.

Mate, I run 8 servers and 2 businesses with one of them gaining 16k daily visitors according to analytics and earning me 6k gbp per month and you’re telling me I have no clue😂. How come this issue isn’t showing on one of my classified ads sites in debug logs it’s only showing for you. Sloppy webmaster or very bad hosting provider you have so you pick. Yes it’s from osclasspoint trying to connect to the MySQL extension when it goes down and nothing else and the script is failed to connect as quoted by previous user.

Quote from: dsf on October 19, 2022, 12:37:55 PM

Quote from: Digitalcay Limited on October 19, 2022, 12:14:45 PM

Plaintext passwords should never be exposed in debug logs so this needs to be fixed by your hosting provider not osclasspoint.

My hosting provider? For a file created from Osclass script (stack trace)? Dude, you have no idea what you are talking about, sorry. No pun intended but clearly you have no experience in all this.

Mate, I run 8 servers and 2 businesses with one of them gaining 16k daily visitors according to analytics and earning me 6k gbp per month and you’re telling me I have no clue😂. How come this issue isn’t showing on one of my classified ads sites in debug logs it’s only showing for you. Sloppy webmaster or very bad hosting provider you have so you pick. Yes it’s from osclasspoint trying to connect to the MySQL extension when it goes down nothing and the script is trying to connect as quoted by previous user me

He was talking about me.

Again, good luck mr. Expert!

Quote from: Digitalcay Limited on October 19, 2022, 12:44:11 PM

Quote from: dsf on October 19, 2022, 12:37:55 PM

Quote from: Digitalcay Limited on October 19, 2022, 12:14:45 PM

Plaintext passwords should never be exposed in debug logs so this needs to be fixed by your hosting provider not osclasspoint.

My hosting provider? For a file created from Osclass script (stack trace)? Dude, you have no idea what you are talking about, sorry. No pun intended but clearly you have no experience in all this.

Mate, I run 8 servers and 2 businesses with one of them gaining 16k daily visitors according to analytics and earning me 6k gbp per month and you’re telling me I have no clue😂. How come this issue isn’t showing on one of my classified ads sites in debug logs it’s only showing for you. Sloppy webmaster or very bad hosting provider you have so you pick. Yes it’s from osclasspoint trying to connect to the MySQL extension when it goes down nothing and the script is trying to connect as quoted by previous user me

He was talking about me.

Again, good luck mr. Expert!

Ah my bad. But what you said is correct. We’re here on the forum to help each other if people want private support they should submit ticket then instead of getting offended with the answers from valuable users. Debug logs are intended for the webmasters only to find issues then disabled. it's not for public to see. So if you leave debug enabled you aren't a very good freelancer. Debugs may contain issues for attackers to find vulnerabilities or break throughs so not sure you're even worried the database data is showing as long as the debug log is disabled which should be.

@Digitalcay Limited

Actually, the guy is acting idiotic, as I'm getting these type of errors all the time on my test environment (512 ram, 1 slooow core, slow connection).
When I do crazy stuff, my DB crashes, PHP runs out of memory etc.

But yeah, the guy is an expert and all of us are stupid.

@Digitalcay Limited

Actually, the guy is acting idiotic, as I'm getting these type of errors all the time on my test environment (512 ram, 1 slooow core, slow connection).
When I do crazy stuff, my DB crashes, PHP runs out of memory etc.

But yeah, the guy is an expert and all of us are stupid.

Yep I agree.
OP says he is using an older version of osclasspoint. He should either keep osclasspoint up to date, use another server provider or disable debug logs after each maintenance. No point in reporting PHP issue for a task done months ago, leaving logs enabled and then claiming now that you see errors in your debug logs from way back. Nobody knows what updates/maintenance you've done on your environment for that to show up. If it's a security loop hole, which I doubt or from either while doing work on osclass or the mysql connection drops. This needs to be reported privately to the developer to check your activities done for that to show up. You don't go post on support forums seeking help for an issue that provides personal data like this then get offended by each answer when you haven't included any detailed steps for that to show up. Like we both said, debug logs are just for developers only and your responsible for disabling it. All kinds of errors will show there which should only be visible to developers only. Sometimes, you may be logging sensitive data like signatures, keys, passwords, emails, usernames etc. Disabling the logging can prevent from accidentally leaking such information. Having that public you may as well put user demo password demo in your hosting control panel.
Anyway no more here, best of luck!

@Digitalcay Limited

Actually, the guy is acting idiotic, as I'm getting these type of errors all the time on my test environment (512 ram, 1 slooow core, slow connection).
When I do crazy stuff, my DB crashes, PHP runs out of memory etc.

But yeah, the guy is an expert and all of us are stupid.

Let the developer of the script reply and please refrain from personal attacks, like idiotic etc etc. Calling names is easy, give some good advice is not.

ok, then logging passwords and db names out in public TEXT files is ok.

Full of experts here, i guess. A lot of talk, with no help. Just blaiming the server etc etc.

Please, if the developer of the script can (even silently) fix this in the future. Do not log errors in the log with passwords.

Thanks.

Mate, I run 8 servers and 2 businesses with one of them gaining 16k daily visitors according to analytics and earning me 6k gbp per month and you’re telling me I have no clue😂. How come this issue isn’t showing on one of my classified ads sites in debug logs it’s only showing for you. Sloppy webmaster or very bad hosting provider you have so you pick. Yes it’s from osclasspoint trying to connect to the MySQL extension when it goes down and nothing else and the script is failed to connect as quoted by previous user.

ok, i don't doubt that. It is ok with you to have plain passwords in ANY ANY log (txt file)?

The passwords are only in config.php and php files can't (normally) be viewed.

I don't care what you run and you do not run. I only comment what i see in the sites i maintain. I don't care about anything else.

ok, then logging passwords and db names out in public TEXT files is ok.

Full of experts here, i guess. A lot of talk, with no help. Just blaiming the server etc etc.

Please, if the developer of the script can (even silently) fix this in the future. Do not log errors in the log with passwords.

Thanks.

You're not that smart. We've explained to you what debug.logs do.
Even for apps I create on environments (non-related to osclass) for other things will sometimes be logging sensitive data like signatures, keys, passwords, emails, usernames etc. It's not just for OsClass. You don't need to doubt anything for what I do. I'm just stating facts. It's your responsibility to not show debug logs to public (same way config.php permissions). You can do that but I'm sure you're very smart to fix that yourself.

You're not that smart. We've explained to you what debug.logs do.
Even for apps I create on environments (non-related to osclass) for other things will sometimes be logging sensitive data like signatures, keys, passwords, emails, usernames etc. It's not just for OsClass.

Again you are calling me names. No other script that i know logs passwords in plain text file. Even Osclass 3.9, Osclass 5.x, doesn't do that.

I don't need any explaination from you. Just let the developer (that i respect) to solve this. No such detailed information (unneeded) should be recorded EVER.