ID: 15856 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Open +Status: Feedback Bug Type: Session related Operating System: Windows 98 Windows 2000 PHP Version: 4.1.1 New Comment:
Please try the PHP 4.2.0RC2 from http://www.php.net/~derick/ and remember to replace php4ts.dll also! --Jani Previous Comments: ------------------------------------------------------------------------ [2002-04-07 16:02:01] [EMAIL PROTECTED] I use Files as session save handler... ------------------------------------------------------------------------ [2002-04-03 09:56:13] [EMAIL PROTECTED] What is session save handler? files? ------------------------------------------------------------------------ [2002-03-09 07:30:16] [EMAIL PROTECTED] This Bug is even tested and reproduceable in Windows 2000 environment ------------------------------------------------------------------------ [2002-03-06 05:06:07] [EMAIL PROTECTED] Hope last feedback help. ------------------------------------------------------------------------ [2002-03-04 10:44:30] [EMAIL PROTECTED] Only the login function that is capsuled in the class. called on one page the session start is before the constructor of the class... if the login failed it passes the session_destroy... the do login function is called after a post form... hope that helps.. what do you mean with caps.... --- function doLogin($pseudo,$pw){ global $s_userAuthorisation; global $s_loginRetries; if ($this->DEBUG) { echo "<br> doLogin($pseudo,$pw)";} $loginOk=false; $s_userData=array(); if (!isset($s_loginRetries)){ session_register("s_loginRetries"); $s_loginRetries=0; } // count the retris $s_loginRetries++; // check pseudo $userid=$this->getUserIdFromPseudo($pseudo); if ($userid==0) { if ($s_loginRetries<3) { // nothing to do as no timeout to set if ($this->DEBUG) {echo "<br>Loginretries ".$s_loginRetries;} $this->ErrorMsg="Login inkorrekt"; } else { $this->ErrorMsg="10sec. Timeout<br> 3 fehlerhafte Loginversuche"; if ($this->DEBUG) { echo "<br> 10sec. Timeout<br> 3 fehlerhafte Loginversuche";} flush(); sleep(10); $s_loginRetries=0; } } // pseudo exist so check the login else{ // perform the login check $qstring = "select * "; $qstring = $qstring." from ".$this->tablename; $qstring = $qstring." where vch_pseudo ='".$pseudo."' "; $qstring = $qstring." and vch_pw ='".$pw."' "; $qstring = $qstring." and ".$this->activeRecord; $queryst = sprintf($qstring); $this->query($queryst); // only one row allowed if ($this->num_Rows()!=0) { while($this->next_record()) { $loginOk=true; if ($this->DEBUG) { echo "DOLOGINQUERYRESULT<br>"; echo "sUserId:".$this->f("i_id")." <br>"; echo "sSalutationId" .$this->f("i_salutation_id")." <br>"; echo "sUserName" . $this->f("vch_pseudo")." <br>"; echo "sUniqueId". $this->f("vch_unique")." <br>"; echo "sEmail". $this->f("vch_email")." <br>"; echo "sFirstName". $this->f("vch_first_name")." <br>"; echo "sLastName". $this->f("vch_last_name")." <br>"; echo "sLastLogin". $this->f("dt_last_login")." <br>"; echo "sLoginSince". date("H:i:s")." <br>"; } $s_userAuthorisation=array("sUserId" =>$this->f("i_id"), "sSalutationId" =>$this->f("i_salutation_id"), "sUserName" => $this->f("vch_pseudo"), "sUniqueId" => $this->f("vch_unique"), "sEmail" => $this->f("vch_email"), "sFirstName" => $this->f("vch_first_name"), "sLastName" => $this->f("vch_last_name"), "sLastLogin" => $this->f("dt_last_login"), "sLoginSince" => date("H:i:s")); session_register("s_userAuthorisation"); if ($this->DEBUG) { echo "<br>Login ok ".$s_loginRetries;} $this->lastLoginDateTime=$this->f("dt_last_login"); $this->loggedInPseudo=$pseudo; $this->updateLastLoginDate($pseudo); $this->ErrorMsg=""; $s_loginRetries=0; // put to member online $k=new Keepalive(); $k->updateUserLoggedIn(session_id(),$s_userAuthorisation["sUserName"],$s_userAuthorisation["sUserId"]); if ($this->DEBUG) { $this->displaySessionVars(); } } } else { // login failed // delete Session // here is the bug: HANGSPHP session_destroy(); // some security if ($this->DEBUG) { $this->displaySessionVars(); } if ($s_loginRetries<3) { // nothing to do as no timeout to set if ($this->DEBUG) {echo "<br>Loginretries ".$s_loginRetries;} $this->ErrorMsg="Login inkorrekt"; } else { $this->ErrorMsg="10sec. Timeout<br> 3 fehlerhafte Loginversuche"; if ($this->DEBUG) { echo "<br> 10sec. Timeout<br> 3 fehlerhafte Loginversuche in Folge<br>";} flush(); sleep(10); $s_loginRetries=0; } // secutity end $this->lastLoginDateTime=""; $this->loggedInPseudo=""; } } return $loginOk; } ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/15856 -- Edit this bug report at http://bugs.php.net/?id=15856&edit=1
