ID: 23025
User updated by: mfroeb at gmx dot de
Reported By: mfroeb at gmx dot de
-Status: Bogus
+Status: Open
Bug Type: MySQL related
Operating System: Windows 2000 SP3
PHP Version: 4.3.2RC1
New Comment:
A comment would be nice?
Previous Comments:
------------------------------------------------------------------------
[2003-05-20 09:00:26] shayb52 at hotmail dot com
hello,
i have also encountered this bug with php 4.3.RC1 woth apach 2.0.40 and
interbase, i also track it down to the select statement when executing
the query, my guess it caused since i have compiled php with some
switch missing
------------------------------------------------------------------------
[2003-04-03 04:35:16] mfroeb at gmx dot de
sorry for the long script.
I have tracked the error down to the following:
this is my sql query, with connection establish somewhere prev.:
$sql_ergebnis = mysql_query("SELECT Name, Gold, Stone, Wood, Food FROM
isles WHERE Owner = $player");
the sql query suceeds, and apache crashes with the following call:
$islename = mysql_result($sql_ergebnis, 0, 'Name');
if i comment this call, everything else works perfectly.
------------------------------------------------------------------------
[2003-04-02 18:49:25] [EMAIL PROTECTED]
Please open a new report with SHORT example script,
max. 10-15 lines which shows the real problem.
------------------------------------------------------------------------
[2003-04-02 13:31:19] mfroeb at gmx dot de
I had set up Apache 2.0.45 with PHP 4.3.2RC1 and MySQL 3.23.55.
This script causes apache to crash with a "write failed" error. With
PHP 4.3.1 everything's fine.
--- functions.php ---
<?php
$sql_server = 0;
if (!isset($sessionid)) {
if (isset($_REQUEST['sessionid'])) {
$sessionid = $_REQUEST['sessionid'];
} else {
$sessionid = "";
}
}
if ($sessionid == "") $sessionid = "-";
function sql_connect() {
global $sql_server;
$sql_server = mysql_connect("localhost", "***", "***");
mysql_select_db("***");
return true;
}
function sql_quit() {
global $sql_server;
mysql_close($sql_server);
return true;
}
function check_email ($email) {
if
(@preg_match("/^([a-zA-Z0-9_.-]+)@([a-zA-Z0-9_.-]+)([a-zA-Z]{2,4})$/",
$email) == 1) {
return true;
} else {
return false;
}
}
function check_passid ($passid) {
if (@preg_match("/^[0-9]{10}D-[0-9]{7}-[0-9]{7}-[0-9]$/", $passid) ==
1) {
/* erste zifferngruppe */
$digits1 = ($passid{0} + $passid{3} + $passid{6})*7;
$digits2 = ($passid{1} + $passid{4} + $passid{7})*3;
$digits3 = ($passid{2} + $passid{5} + $passid{8})*1;
$checksum = ($digits1 + $digits2 + $digits3) % 10;
if ($checksum != $passid{9})
return false;
/* zweite zifferngruppe */
$digits1 = ($passid{12} + $passid{15})*7;
$digits2 = ($passid{13} + $passid{16})*3;
$digits3 = ($passid{14} + $passid{17})*1;
$checksum = ($digits1 + $digits2 + $digits3) % 10;
if ($checksum != $passid{18})
return false;
/* dritte zifferngruppe */
$digits1 = ($passid{20} + $passid{23})*7;
$digits2 = ($passid{21} + $passid{24})*3;
$digits3 = ($passid{22} + $passid{25})*1;
$checksum = ($digits1 + $digits2 + $digits3) % 10;
if ($checksum != $passid{26})
return false;
/* alle ziffern */
$digits1 = ($passid{0} + $passid{3} + $passid{6} + $passid{9} +
$passid{14} + $passid{17} + $passid{21} + $passid{24})*7;
$digits2 = ($passid{1} + $passid{4} + $passid{7} + $passid{12} +
$passid{15} + $passid{18} + $passid{22} + $passid{25})*3;
$digits3 = ($passid{2} + $passid{5} + $passid{8} + $passid{13} +
$passid{16} + $passid{20} + $passid{23} + $passid{26})*1;
$checksum = ($digits1 + $digits2 + $digits3) % 10;
if ($checksum != $passid{28})
return false;
return true;
} else {
return false;
}
}
?>
--- login.php ---
<?php
include 'functions.php';
if (isset($_REQUEST['name'])) {
sql_connect();
$name = $_REQUEST['name'];
$password = $_REQUEST['pw'];
$sql_ergebnis = mysql_query("SELECT Count(ID) FROM players WHERE Name
= '$name' AND Password = '$password'");
if (mysql_result($sql_ergebnis, 0, 0) == 1) {
$sessionid = md5(md5(rand()) . md5(rand()));
$datetime = date("Y-m-d H:i:s");
$playerip = $_SERVER['REMOTE_ADDR'];
$sql_ergebnis = mysql_query("UPDATE players SET SessionID =
'$sessionid', LastActionTime = '$datetime', IP = '$playerip' WHERE Name
= '$name' AND Password = '$password'");
sql_quit();
header("Location: http://"; . $_SERVER['HTTP_HOST'] .
dirname($_SERVER['PHP_SELF']) . "/main.php?sessionid=" . $sessionid);
exit;
} else {
$error = true;
}
sql_quit();
}
?>
<?php
$page = "";
$stylesheet = "css/style00.css";
$showlogo = true;
$showlinks = false;
sql_connect();
include 'header.php';
?>
<?php
if (isset($error)) echo "<h2>Diese Name-/Passwortkombination ist im
System nicht bekannt!</h2><br>";
?>
<form action="login.php" method="get">
<table cols="2" rows="1">
<tr>
<td>
<table cols="2" rows="3">
<tr>
<td>Name:</td>
<td><input name="name" type="text" size="50"></td>
</tr>
<tr>
<td>Passwort:</td>
<td><input name="pw" type="password" size="50"></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" value="Einloggen"><input type="reset"
value="Löschen"></td>
</tr>
</table>
</td>
<td>
<table cols="1" rows="2">
<tr>
<td>
<a href="stats.php" target="_blank">Statistiken</a>
</td>
</tr>
<tr>
<td>
<a href="register.php">Registrieren</a>
</td>
</tr>
</table>
</td>
</tr>
</table>
</form>
<?php
sql_quit();
include 'footer.php';
?>
header.php and footer.php are basically html files that output current
time and date.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=23025&edit=1
