Bug #15856 Updated: session_destroy() - hangs php4ts.dll - memory leak

Mon, 04 Mar 2002 07:27:15 -0800 

 ID:               15856
 Updated by:       [EMAIL PROTECTED]
 Reported By:      [EMAIL PROTECTED]
 Status:           Feedback
 Bug Type:         Session related
 Operating System: Windows 98
 PHP Version:      4.1.0 + 4.11
 New Comment:

Only the login function that is capsuled in the class. called on one
page the session start is before the constructor of the class...
if the login failed it passes the session_destroy...
the do login function is called after a post form...
hope that helps..

what do you mean with caps....
---


function doLogin($pseudo,$pw){
    global $s_userAuthorisation;
    global $s_loginRetries;
    if ($this->DEBUG) { echo "<br> doLogin($pseudo,$pw)";}
    $loginOk=false;
    $s_userData=array();
    if (!isset($s_loginRetries)){
      session_register("s_loginRetries");
      $s_loginRetries=0;
     }
   // count the retris
   $s_loginRetries++;
   // check pseudo
   $userid=$this->getUserIdFromPseudo($pseudo);
   if ($userid==0) {
      if ($s_loginRetries<3) {
         // nothing to do as no timeout to set
         if ($this->DEBUG) {echo "<br>Loginretries ".$s_loginRetries;}
         $this->ErrorMsg="Login inkorrekt";
      }
      else
         {
        $this->ErrorMsg="10sec. Timeout<br> 3 fehlerhafte
Loginversuche";
        if ($this->DEBUG) { echo "<br> 10sec. Timeout<br> 3 fehlerhafte
Loginversuche";}
        flush();
        sleep(10);
        $s_loginRetries=0;
     }
   }
   // pseudo exist so check the login
   else{
    // perform the login check
    $qstring = "select * ";
    $qstring = $qstring." from ".$this->tablename;
    $qstring = $qstring." where vch_pseudo ='".$pseudo."' ";
    $qstring = $qstring." and vch_pw ='".$pw."' ";
    $qstring = $qstring." and ".$this->activeRecord;
    $queryst = sprintf($qstring);
    $this->query($queryst);
   // only one row allowed
   if ($this->num_Rows()!=0) {
       while($this->next_record()) {
         $loginOk=true;
         if ($this->DEBUG) {
           echo "DOLOGINQUERYRESULT<br>";
           echo "sUserId:".$this->f("i_id")." <br>";
           echo "sSalutationId" .$this->f("i_salutation_id")." <br>";
           echo "sUserName" . $this->f("vch_pseudo")." <br>";
           echo "sUniqueId". $this->f("vch_unique")." <br>";
           echo "sEmail". $this->f("vch_email")." <br>";
           echo "sFirstName". $this->f("vch_first_name")." <br>";
           echo "sLastName". $this->f("vch_last_name")." <br>";
           echo "sLastLogin". $this->f("dt_last_login")." <br>";
           echo "sLoginSince". date("H:i:s")." <br>";


         }
         $s_userAuthorisation=array("sUserId" =>$this->f("i_id"),
                           "sSalutationId"
=>$this->f("i_salutation_id"),
                           "sUserName" => $this->f("vch_pseudo"),
                           "sUniqueId" => $this->f("vch_unique"),
                           "sEmail" => $this->f("vch_email"),
                           "sFirstName" => $this->f("vch_first_name"),
                           "sLastName" => $this->f("vch_last_name"),
                           "sLastLogin" => $this->f("dt_last_login"),
                           "sLoginSince" => date("H:i:s"));
         session_register("s_userAuthorisation");
         if ($this->DEBUG) {
          echo "<br>Login ok ".$s_loginRetries;}
         $this->lastLoginDateTime=$this->f("dt_last_login");
         $this->loggedInPseudo=$pseudo;
         $this->updateLastLoginDate($pseudo);
         $this->ErrorMsg="";
         $s_loginRetries=0;
         // put to member online
         $k=new Keepalive();
        
$k->updateUserLoggedIn(session_id(),$s_userAuthorisation["sUserName"],$s_userAuthorisation["sUserId"]);

         if ($this->DEBUG) { $this->displaySessionVars(); }


      }
   }
   else
      {
      // login failed
      // delete Session
      // here is the bug: HANGSPHP
session_destroy();

      // some security
      if ($this->DEBUG) { $this->displaySessionVars(); }

      if ($s_loginRetries<3) {
         // nothing to do as no timeout to set
         if ($this->DEBUG) {echo "<br>Loginretries ".$s_loginRetries;}
         $this->ErrorMsg="Login inkorrekt";

      }
      else
         {
        $this->ErrorMsg="10sec. Timeout<br> 3 fehlerhafte
Loginversuche";
        if ($this->DEBUG) { echo "<br> 10sec. Timeout<br> 3 fehlerhafte
Loginversuche in Folge<br>";}
        flush();
        sleep(10);
        $s_loginRetries=0;
        }
     // secutity end
      $this->lastLoginDateTime="";
      $this->loggedInPseudo="";
      }
  }
  return $loginOk;
 }


Previous Comments:
------------------------------------------------------------------------

[2002-03-04 10:23:24] [EMAIL PROTECTED]

Can you provide a simple sample script?

P.S.: no I don't like caps :)

------------------------------------------------------------------------

[2002-03-04 09:49:48] [EMAIL PROTECTED]

The PHP4TS.DLL hangs.. sorry..

------------------------------------------------------------------------

[2002-03-04 09:48:19] [EMAIL PROTECTED]

I use output buffering at a page start,
if I start a session and do session_destory(),e.g.
authentication failure, the the dll hangs with an win32 page fault.
I use PHP as CGI on an apache on an wamp system.

The Session Destroy is capsuled in an loginclass,


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=15856&edit=1

Reply via email to