search

mgdm / Mosquitto-PHP

A wrapper for the Eclipse Mosquitto™ MQTT client library for PHP.
BSD 3-Clause "New" or "Revised" License
535 stars 147 forks source link

authentication bypassed from PHP? #129

Closed nedoskiv closed 1 year ago

nedoskiv commented 1 year ago

Hello, I just started using mosquitto broker. Testing some command line parameters and some PHP functionalites. Decided to add authentication. Here is my config file:

persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
allow_anonymous false
password_file /etc/mosquitto/passwords
include_dir /etc/mosquitto/conf.d

mosquitto_pub now do not connect unless I use proper credentials. PHP on the other side connect and work without any credentials ..... here is the simple script:

<?php
/* Construct a new client instance, passing a client ID of “MyClient” */
$client = new Mosquitto\Client('MyClient');
/* Set the callback fired when the connection is complete */
echo ("SETTING ON CONNECT FUNCTION\n");
$client->onConnect(function($code, $message) use ($client) {
    /* Subscribe to the broker's $SYS namespace, which shows debugging info */
#    $client->subscribe('$SYS/#', 0);
    $client->subscribe('#', 0);
    echo ("CONNECTED TO SERVER!\n");
});

/* Set the callback fired when we receive a message */
echo ("SETTING ON RECEIVED MESSAGE FUNCTION\n");
$client->onMessage(function($message) {
    /* Display the message's topic and payload */
    echo $message->topic, "\n", $message->payload, "\n\n";
});
/* Connect, supplying the host and port. */
/* If not supplied, they default to localhost and port 1883 */
while (True) 
    {
    try
        {
        $client->connect('localhost', 1883);
        }
    catch (Exception $e)
        {
        echo ("UNABLE TO CONNECT!\n");
        echo 'Caught exception: ',  $e->getMessage(), "\n";
        sleep (5);
        continue;
        }
    /* Enter the event loop */
    try
        {
        $client->loopForever();
        }
    catch (Exception $e)
        {
        echo ("DISCONNECTED!\n");
        echo 'Caught exception: ',  $e->getMessage(), "\n";
        sleep (5);
        continue;
        }
    }

?>

It works like a charm. Receiving all messages without authentication ........

mosquitto version 2.0.15 on UBUNTU

nedoskiv commented 1 year ago

IT was configuration problem, here is my next config that solves the problem:

# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example

persistence true
persistence_location /var/lib/mosquitto/

log_dest file /var/log/mosquitto/mosquitto.log

per_listener_settings true
listener 1883
allow_anonymous false
#password_file /web/izvestitel.com/mqtt/credentials
password_file /etc/mosquitto/passwords

#include_dir /etc/mosquitto/conf.d