[PHP] Empty $_REQUEST
Hi, I have a apache2/php app written for php version 4 and have moved it to a system running php version 5: Old: PHP 4.3.10 New: PHP 5.2.6 with Suhosin-Patch 0.9.6.2 When I run the app I find that $_REQUEST is almost empty. it contains PHPSESSID but none of the data submitted through an html form. /etc/php5/apache2/php.ini has both: variables_order = GPCS request_order = GPCS (I added the 2nd line just to be sure.) Is there something else that needs to be turned on to get form data into $_REQUEST? An dd thing: If I issue phpinfo() before print_r($_REQUEST); then $_REQUEST does contain all my form data! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Empty $_REQUEST
On Tue, Jan 27, 2009 at 13:12, Robert Paulsen rob...@paulsenonline.net wrote: When I run the app I find that $_REQUEST is almost empty. it contains PHPSESSID but none of the data submitted through an html form. Bring on the code, Rob. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Unadvertised dedicated server deals, too low to print - email me to find out! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Empty $_REQUEST
On Tuesday 27 January 2009 12:16 pm, Daniel Brown wrote:
On Tue, Jan 27, 2009 at 13:12, Robert Paulsen rob...@paulsenonline.net
wrote:
When I run the app I find that $_REQUEST is almost empty. it contains
PHPSESSID but none of the data submitted through an html form.
Bring on the code, Rob.
Daniel,
It is pretty much resolved. Thanks for the advice -- it was in trying to strip
down my code for posting here that I figured out the following.
The immediate problem was that the code issued a header command to reawaken
my web page and that is *supposed* to wipe out all my form data. The real
problem to do with hashed md5 data I am keeping in the database (passwords)
that are not matching what gets input on the form. Looking at $_REQUEST was a
red herring that sent me astray.
In the code below, pg_num_rows came back with zero, saying the hashed password
didn't match. And I could see by doing a manual query that they indeed didn't
match. When I use php5 to asssign a new password, the above code correctly
matched the newly hashed password. In other words it appears that md5 hashing
doesn't agree between php4 and php5, but I am not in the mood for
transferring data back and forth between the two systems to prove a point now
that it is working for me (with no code change).
Here is the code in question, in case you spot anything wrong with it.
==
$passwd=htmlentities($passwd,ENT_QUOTES);
$query=SELECT md5('$passwd') as hashed;
$result=issue_query($query);
$row=pg_fetch_assoc($result);
$hashed=$row['hashed'];
$query=SELECT * from auth
WHERE userid='$userid'
AND passwd='$hashed';
$result=issue_query($query);
if (pg_num_rows($result)==0) {
$_SESSION['status']='bad';
header(location: $PHP_SELF);
exit ;
}
===
Bob
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Empty $_REQUEST
2009/1/27 Robert Paulsen rob...@paulsenonline.net
On Tuesday 27 January 2009 12:16 pm, Daniel Brown wrote:
On Tue, Jan 27, 2009 at 13:12, Robert Paulsen rob...@paulsenonline.net
wrote:
When I run the app I find that $_REQUEST is almost empty. it contains
PHPSESSID but none of the data submitted through an html form.
Bring on the code, Rob.
Daniel,
It is pretty much resolved. Thanks for the advice -- it was in trying to
strip
down my code for posting here that I figured out the following.
The immediate problem was that the code issued a header command to
reawaken
my web page and that is *supposed* to wipe out all my form data. The real
problem to do with hashed md5 data I am keeping in the database (passwords)
that are not matching what gets input on the form. Looking at $_REQUEST was
a
red herring that sent me astray.
In the code below, pg_num_rows came back with zero, saying the hashed
password
didn't match. And I could see by doing a manual query that they indeed
didn't
match. When I use php5 to asssign a new password, the above code correctly
matched the newly hashed password. In other words it appears that md5
hashing
doesn't agree between php4 and php5, but I am not in the mood for
transferring data back and forth between the two systems to prove a point
now
that it is working for me (with no code change).
Here is the code in question, in case you spot anything wrong with it.
==
$passwd=htmlentities($passwd,ENT_QUOTES);
$query=SELECT md5('$passwd') as hashed;
$result=issue_query($query);
$row=pg_fetch_assoc($result);
$hashed=$row['hashed'];
$query=SELECT * from auth
WHERE userid='$userid'
AND passwd='$hashed';
$result=issue_query($query);
if (pg_num_rows($result)==0) {
$_SESSION['status']='bad';
header(location: $PHP_SELF);
exit ;
}
===
why don't you just use phps md5() function ? you might mess up something in
that process of hashing that you use and you create another, probably
useless trip to the db.
Bob
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Alpar Torok
Re: [PHP] Empty $_REQUEST
On Tuesday 27 January 2009 2:13 pm, Alpár Török wrote: why don't you just use phps md5() function ? you might mess up something in that process of hashing that you use and you create another, probably useless trip to the db. I just don't know any better! I'll look it up. Thanks, Bob -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Empty $_REQUEST
2009/1/27 Robert Paulsen rob...@paulsenonline.net On Tuesday 27 January 2009 2:13 pm, Alpár Török wrote: why don't you just use phps md5() function ? you might mess up something in that process of hashing that you use and you create another, probably useless trip to the db. I just don't know any better! I'll look it up. php has an md5 function built in. so you can jsut do $hash = md5($passwd); and use that in the query that checks if the password is correct; Thanks, Bob -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Alpar Torok
Re: [PHP] Empty $_REQUEST
Robert Paulsen wrote:
On Tuesday 27 January 2009 12:16 pm, Daniel Brown wrote:
On Tue, Jan 27, 2009 at 13:12, Robert Paulsen rob...@paulsenonline.net
wrote:
When I run the app I find that $_REQUEST is almost empty. it contains
PHPSESSID but none of the data submitted through an html form.
Bring on the code, Rob.
Daniel,
It is pretty much resolved. Thanks for the advice -- it was in trying to
strip
down my code for posting here that I figured out the following.
The immediate problem was that the code issued a header command to reawaken
my web page and that is *supposed* to wipe out all my form data. The real
problem to do with hashed md5 data I am keeping in the database (passwords)
that are not matching what gets input on the form. Looking at $_REQUEST was a
red herring that sent me astray.
In the code below, pg_num_rows came back with zero, saying the hashed
password
didn't match. And I could see by doing a manual query that they indeed didn't
match. When I use php5 to asssign a new password, the above code correctly
matched the newly hashed password. In other words it appears that md5 hashing
doesn't agree between php4 and php5, but I am not in the mood for
transferring data back and forth between the two systems to prove a point now
that it is working for me (with no code change).
Here is the code in question, in case you spot anything wrong with it.
==
$passwd=htmlentities($passwd,ENT_QUOTES);
$query=SELECT md5('$passwd') as hashed;
$result=issue_query($query);
$row=pg_fetch_assoc($result);
$hashed=$row['hashed'];
Move the previous code into the following code.
$query=SELECT * from auth
WHERE userid='$userid'
AND passwd='$hashed';
Change that last line to this:
AND passwd=md5('{$passwd}');
$result=issue_query($query);
if (pg_num_rows($result)==0) {
$_SESSION['status']='bad';
header(location: $PHP_SELF);
exit ;
}
===
Bob
--
Jim Lucas
Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them.
Twelfth Night, Act II, Scene V
by William Shakespeare
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Empty $_REQUEST
On Tuesday 27 January 2009 2:25 pm, Alpár Török wrote: php has an md5 function built in. so you can jsut do $hash = md5($passwd); Works like a champ. Thanks. Bob -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
