Re: [PHP] Login script problem
On Jan 5, 2008 11:50 AM, Reese [EMAIL PROTECTED] wrote:
Daniel Brown wrote:
Do you expect the value of $key in this condition to be a literal zero?
$twoyears = array('alphanumeric_code1', 'alphanumeric_code2',
'alphanumeric_code3', 'alphanumeric_code4',
'alphanumeric_code5',
'alphanumeric_code6', 'alphanumeric_code7');
$key = in_array($sPromocode,$twoyears);
if($key=='0')
I changed
if($key=='0')
to
if(!isset($key=='1'))
to see what effect that change might make, the server threw an error
so I set it back to its original state:
Parse error: parse error, unexpected T_IS_EQUAL, expecting ',' or ')' in
/[PATH]/login.php on line 16
That's because isset() isn't able to eval() an expression. Remove
the !isset() part, or the =='1' part and that will remove the parse
error.
--
Daniel P. Brown
[Phone Numbers Go Here!]
[They're Hidden From View!]
If at first you don't succeed, stick to what you know best so that you
can make enough money to pay someone else to do it for you.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login script problem
Daniel Brown wrote: if(!isset($key=='1')) //caused parse error That's because isset() isn't able to eval() an expression. Got it, I see the mistake now. Remove the !isset() part, or the =='1' part and that will remove the parse error. I changed it to if(!isset($key)) and you were right, the parse error went away. This change seems to have no effect on access code logins (I'm able to log in, as expected) or IP-authenticated logins (I still cannot log in, even though my IP is in the MySQL db). Reese -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Login script problem
Greetings,
I've been lurking for several weeks, I thought I'd post to describe
a problem I've been having in the hope that a solution can be found.
And my thanks to Casey, for his offlist assistance with another,
unrelated issue earlier this week. :-)
I apologize up front, for what is probably too much information.
I know this will take some time to read and digest.
On a client's site (PHP4 environment, natch), two login methods are
used to control access to premium content. The first sets a cookie
when valid access codes are submitted via the login form, there are
no known problems with that method at this time.
The second method was grafted on top of the first by a 2nd programmer.
It is a link to the verification script (index1.php) that is supposed
to do IP lookups in a MySQL db table. The table is called getIPval
and has 4 Fields, which are named 'nIP','ipStart','ipEnd','nStatus'
All ipStart/ipEnd ranges have a status of 1, and can accommodate
the number of characters required for IPv6 addresses but to the best
of my knowledge, no IPv6 addresses are listed at this time (there are
a couple thousand line items).
The script(s) is supposed to check rows in the table and if the
requesting IP is = ipStart AND = ipEnd on a given row, grant
access to the requesting IP [load the page identified by the rYear
(decade) year (actual year) variables called out in the navigation
link] - the default page after login is /1940s/1949.php . If the
requesting IP is not found, the user is to be bounced to the login
page [index.php]. Outside of these two scripts, the 'rYear'and 'year'
values are passed via GET in the navigation links, the key is not
passed by the navigation links. To repair emergent problems with the
1st access method while getting the 2nd access method to work, the
key was introduced but it is not included in the navigation links.
An example nav link looks something like this:
http://[domain][path]index1.php?rYear=value1year=value2
Or at least, that is how it is all supposed to work, per my
understanding of the programmer's description and my own understanding
after reviewing the code myself.
The Problem
A growing number of what are supposed to be authorized, IP-authenticated
users have reported an inability to navigate away from the initial
premium content page, 1949.php, after the script checks their IP and
lets them in that far. Access code users do not report difficulties.
I've been over this with the programmer, he says he cannot find
anything wrong with the PHP scripts. I've checked some of the affected
IP-range entries in the MySQL db table, our best guess to date has
been that a cache server is misbehaving somewhere. Neither of us is
able to duplicate the reported error of not being able to navigate
away from the 1949 page.
What I have observed recently however, with my own IP listed in the
db table as part of a range, sometimes the script will randomly either
let me in or not let me in. Whichever state it is in, persists, until
new changes are made when it will then either let me in or not.
It always lets me in if I list my specific IP (not as part of a range).
So as the number of users who report the navigation difficulty grows,
I am beginning to wonder if there might really be a problem in the
script that the programmer isn't seeing for whatever reason. Does
anyone see anything obviously wrong in the code below?
I've obscured the actual server domain name, login, passwords, and some
path statements. Watch for line wraps.
Reese
--
?php
//
//login script, invoked by all premium content pages via GET
//file name index1.php
//
$link = mysql_connect('mysql_server_url', 'login_id', 'login_password');
if (!$link) {
die('Not connected : ' . mysql_error());
}
// make mrfsql_db1 the current db
$db_selected = mysql_select_db('login_id', $link);
if (!$db_selected) {
die ('Can\'t use foo : ' . mysql_error());
}
$domain = GetHostByName($REMOTE_ADDR); // users IP//
if(!empty($_REQUEST['rYear']))
{
$yrs = $_REQUEST['rYear'].'s';
$yr = $_REQUEST['year'];
}
function getIP($cdomain)
{
$sql= SELECT nStatus FROM getIPval WHERE ipStart ='.$cdomain.'
;
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
return $row['nStatus'];
}
$row = getIP($domain);
if(!empty($_COOKIE[monthcode]))
{
$pcode = $_COOKIE[monthcode];
}
if($row == '1' || $pcode!='')
{
header(Location: decade/$yrs/$yr.php?key=1);
}
else
{
$sdomain = explode(.,$domain);
$cdomain = $sdomain['0'].'.'.$sdomain['1'].'.'.'0'.'.'.'0';
$row = getIP($cdomain);
if($row == '1' $sdomain['3'] 256)
{
header('Location: decade/1940s/1949.php?key=1');
}
else
{
header('Location: index.php');
}
}
?
EOF
Below, the check script that is used on all other premium pages.
Its intended function is to verify that the user is authorized
and if they are
Re: [PHP] Login script problem
On Jan 4, 2008 9:54 AM, Reese [EMAIL PROTECTED] wrote:
Greetings,
I've been lurking for several weeks, I thought I'd post to describe
a problem I've been having in the hope that a solution can be found.
And my thanks to Casey, for his offlist assistance with another,
unrelated issue earlier this week. :-)
[snip=all]
Reese,
While I noticed several areas for improvement in the code (such as
being sure to exit; after calling header(Location: ); ), two
things primarily come to mind:
Do you expect the value of $key in this condition to be a literal zero?
$twoyears = array('alphanumeric_code1', 'alphanumeric_code2',
'alphanumeric_code3', 'alphanumeric_code4', 'alphanumeric_code5',
'alphanumeric_code6', 'alphanumeric_code7');
$key = in_array($sPromocode,$twoyears);
if($key=='0')
Also, what about ISPs such as AOHell who use fully-dynamic IP
proxies that change on location, at time intervals, and are
interspersed with random changes? Even putting that into a range
won't help, as it's likely the IP will only have the network prefix
(and perhaps the same Class B slot).
--
Daniel P. Brown
[Phone Numbers Go Here!]
[They're Hidden From View!]
If at first you don't succeed, stick to what you know best so that you
can make enough money to pay someone else to do it for you.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login script problem
Web Design Company wrote: Someone? Me31!1!1ONE Please, if you do not need amplifying information or if you do not intend to pose a suggestion, it is better to remain silent. I wasn't helped by your Someone? post, no one else was either. Reese -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login script problem
Someone? - http://ooyes.net Web design company | http://ooyes.net Graphic design company | http://ooyes.net Outsourcing company -- View this message in context: http://www.nabble.com/Login-script-problem-tp14618073p14618942.html Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login script problem
Daniel Brown wrote:
[snip=all]
Reese,
While I noticed several areas for improvement in the code (such as
being sure to exit; after calling header(Location: ); ), two
things primarily come to mind:
Do you expect the value of $key in this condition to be a literal zero?
$twoyears = array('alphanumeric_code1', 'alphanumeric_code2',
'alphanumeric_code3', 'alphanumeric_code4', 'alphanumeric_code5',
'alphanumeric_code6', 'alphanumeric_code7');
$key = in_array($sPromocode,$twoyears);
if($key=='0')
No, it should either be 1 if set or NULL(?) if not set, there is
nothing to set that value to 0 - only this check to see if it is
== to 0. Is this another area, like the one Casey helped with
earlier, where '!empty' was being used instead of 'isset'?
The programmer is aware that improvement is possible and we've had
some discussions in that regard, but owing to this being a for a
friend item and his currently declared job demands, either he is
truly swamped or he is brushing me off. I'm willing to give him
benefit of the doubt, until I'm confronted with evidence to the
contrary.
Also, what about ISPs such as AOHell who use fully-dynamic IP
proxies that change on location, at time intervals, and are
interspersed with random changes? Even putting that into a range
won't help, as it's likely the IP will only have the network prefix
(and perhaps the same Class B slot).
That's an area where I left detail out, my apologies. The dual login
mechanisms are geared towards accommodating this, AOHell users will
tend to be individual entities and the 'access code' mechanism is
geared towards them. Meanwhile, entities with static, assigned IP
addresses such as libraries on city networks are meant to be given
IP-based access, hence the other login validation method (which
isn't working quite right).
Reese
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login script problem
On Jan 4, 2008 11:55 AM, Reese [EMAIL PROTECTED] wrote: Web Design Company wrote: Someone? Me31!1!1ONE Please, if you do not need amplifying information or if you do not intend to pose a suggestion, it is better to remain silent. I wasn't helped by your Someone? post, no one else was either. It's just some jackass who's replying to random posts to SPAM the links in his/her signature, I'm sure. Ridiculous posts have been made in other threads from Web Design Company as well. -- Daniel P. Brown [Phone Numbers Go Here!] [They're Hidden From View!] If at first you don't succeed, stick to what you know best so that you can make enough money to pay someone else to do it for you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
