Re: [PHP] Re: Authentication fails - problem line found
John Swartzentruber wrote:
I stripped down my original script until it started receiving POST data,
then I kept modifying it until I figured out where the problem was. I
found it, but I'm still as clueless as every.
To summarize: I have a form that posts to the same script that contains
the form. In its original state, when the script is called after I
submit the form data, the $_POST[] data is completely empty and the
_SERVER variable that indicates the type of data is set to GET.
In the script is the following code:
if (IsSet($_POST[action])) {
//$action = $_POST[action];
} else {
$action = $_GET[action];
}
Normally the second line is not commented. When I comment out that line,
then the $_POST array has all of the data I would expect it to. When it
is not commented, then it does not work.
Just to make sure that I am really confused, this bit of code is *after*
the call to var_dump($_POST), but *before* the code that creates the form.
Does anyone have any ideas about why setting this variable has such a
large and seemingly unrelated affect?
WILD GUESS:
Somewhere in your form and/or the logic, you are sending GET data for
$action as well as POST data for $action, and you are confusing the two.
Show us your stripped-down but still-broken code.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Authentication fails - problem line found
I think all php functions are case sensitive and must be all
lowercase. try changing IsSet to isset and give it a run. I im not
100% sure because i always type every function in php lowercase and
keep it the same throughout the application so i dont ever have to
worry about that. Just a thought.
-phpninja
-Original Message-
From: Richard Lynch [mailto:[EMAIL PROTECTED]
Sent: Friday, March 04, 2005 11:03 AM
To: John Swartzentruber
Cc: php-general@lists.php.net
Subject: Re: [PHP] Re: Authentication fails - problem line found
John Swartzentruber wrote:
I stripped down my original script until it started receiving POST data,
then I kept modifying it until I figured out where the problem was. I
found it, but I'm still as clueless as every.
To summarize: I have a form that posts to the same script that contains
the form. In its original state, when the script is called after I
submit the form data, the $_POST[] data is completely empty and the
_SERVER variable that indicates the type of data is set to GET.
In the script is the following code:
if (IsSet($_POST[action])) {
//$action = $_POST[action];
} else {
$action = $_GET[action];
}
Normally the second line is not commented. When I comment out that line,
then the $_POST array has all of the data I would expect it to. When it
is not commented, then it does not work.
Just to make sure that I am really confused, this bit of code is *after*
the call to var_dump($_POST), but *before* the code that creates the form.
Does anyone have any ideas about why setting this variable has such a
large and seemingly unrelated affect?
WILD GUESS:
Somewhere in your form and/or the logic, you are sending GET data for
$action as well as POST data for $action, and you are confusing the two.
Show us your stripped-down but still-broken code.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Authentication fails - problem line found
phpninja wrote:
I think all php functions are case sensitive and must be all
lowercase. try changing IsSet to isset and give it a run. I im not
100% sure because i always type every function in php lowercase and
keep it the same throughout the application so i dont ever have to
worry about that. Just a thought.
-phpninja
-Original Message-
From: Richard Lynch [mailto:[EMAIL PROTECTED]
Sent: Friday, March 04, 2005 11:03 AM
To: John Swartzentruber
Cc: php-general@lists.php.net
Subject: Re: [PHP] Re: Authentication fails - problem line found
John Swartzentruber wrote:
I stripped down my original script until it started receiving POST data,
then I kept modifying it until I figured out where the problem was. I
found it, but I'm still as clueless as every.
To summarize: I have a form that posts to the same script that contains
the form. In its original state, when the script is called after I
submit the form data, the $_POST[] data is completely empty and the
_SERVER variable that indicates the type of data is set to GET.
In the script is the following code:
if (IsSet($_POST[action])) {
//$action = $_POST[action];
} else {
$action = $_GET[action];
}
Normally the second line is not commented. When I comment out that line,
then the $_POST array has all of the data I would expect it to. When it
is not commented, then it does not work.
Just to make sure that I am really confused, this bit of code is *after*
the call to var_dump($_POST), but *before* the code that creates the form.
Does anyone have any ideas about why setting this variable has such a
large and seemingly unrelated affect?
WILD GUESS:
Somewhere in your form and/or the logic, you are sending GET data for
$action as well as POST data for $action, and you are confusing the two.
Show us your stripped-down but still-broken code.
How about using single quotes around all the action phrases:
if (IsSet($_POST['action'])) {
//$action = $_POST['action'];
} else {
$action = $_GET['action'];
}
I'm slowly learning, myself, on the proper placement of quotes.
Thanks
-dant
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Authentication fails - problem line found
On 3/4/2005 2:23 PM Dan wrote:
phpninja wrote:
I think all php functions are case sensitive and must be all
lowercase. try changing IsSet to isset and give it a run. I im not
100% sure because i always type every function in php lowercase and
keep it the same throughout the application so i dont ever have to
worry about that. Just a thought.
How about using single quotes around all the action phrases:
if (IsSet($_POST['action'])) {
//$action = $_POST['action'];
} else {
$action = $_GET['action'];
}
I'm slowly learning, myself, on the proper placement of quotes.
Thanks
-dant
I tried that. I also doubt that isset would work any better because that
condition is being processed correctly.
This script is not something that I wrote, it is something I downloaded.
I assume that it works correctly for the author on the author's system.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Authentication fails - problem line found
On 3/4/2005 2:02 PM Richard Lynch wrote:
John Swartzentruber wrote:
I stripped down my original script until it started receiving POST data,
then I kept modifying it until I figured out where the problem was. I
found it, but I'm still as clueless as every.
To summarize: I have a form that posts to the same script that contains
the form. In its original state, when the script is called after I
submit the form data, the $_POST[] data is completely empty and the
_SERVER variable that indicates the type of data is set to GET.
In the script is the following code:
if (IsSet($_POST[action])) {
//$action = $_POST[action];
} else {
$action = $_GET[action];
}
Normally the second line is not commented. When I comment out that line,
then the $_POST array has all of the data I would expect it to. When it
is not commented, then it does not work.
Just to make sure that I am really confused, this bit of code is *after*
the call to var_dump($_POST), but *before* the code that creates the form.
Does anyone have any ideas about why setting this variable has such a
large and seemingly unrelated affect?
WILD GUESS:
Somewhere in your form and/or the logic, you are sending GET data for
$action as well as POST data for $action, and you are confusing the two.
Show us your stripped-down but still-broken code.
Thanks for sticking with me. I tried stripping it down again, but then
the stripped down version worked (even with the problem line). That
means I need to take a couple more passes at it and figure out what else
is working with this line that causes the problem.
I did determine that it is not the name of the $action variable or the
action POST value. If I manually set $action to login, it causes the
problem, but if I set it to loginx, then the post values come through
correctly.
I didn't write this script, and I'm seeing the same problem in
phpMyAdmin, so I don't think it is a coding problem unless it is an
incompatibility between php4 and php5. I still need to track it down
further. I'll let you know what I find.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Authentication fails - problem line found
John Swartzentruber wrote:
On 3/4/2005 2:23 PM Dan wrote:
phpninja wrote:
I think all php functions are case sensitive and must be all
lowercase. try changing IsSet to isset and give it a run. I im not
100% sure because i always type every function in php lowercase and
keep it the same throughout the application so i dont ever have to
worry about that. Just a thought.
How about using single quotes around all the action phrases:
if (IsSet($_POST['action'])) {
//$action = $_POST['action'];
} else {
$action = $_GET['action'];
}
I'm slowly learning, myself, on the proper placement of quotes.
Thanks
-dant
I tried that. I also doubt that isset would work any better because that
condition is being processed correctly.
This script is not something that I wrote, it is something I downloaded.
I assume that it works correctly for the author on the author's system.
what I do sometimes is throw in keywords or the like:
if (IsSet($_POST['action'])) {
//$action = $_POST['action'];
echo stage 1;
} else {
// $action = $_GET['action'];
echo stage 2;
}
That helps me to determine the logical order of execution. I don't
think case has anything to do with it, as Chris had asked, but I don't
suppose it would hurt.
YOu can also use phpinfo('INFO_VARIABLES'); to print all env vars to see
if your var is even coming through. However, the above example will
pretty much determine this.
Hope that helps.
-dant
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Authentication fails - problem line found
phpninja wrote: I think all php functions are case sensitive and must be all lowercase. try changing IsSet to isset and give it a run. I im not 100% sure because i always type every function in php lowercase and keep it the same throughout the application so i dont ever have to worry about that. Just a thought. PHP functions are case-INsensitive. PHP variables are case-sensitive. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Authentication fails - SOLVED
On 3/4/2005 2:02 PM Richard Lynch wrote:
John Swartzentruber wrote:
I stripped down my original script until it started receiving POST data,
then I kept modifying it until I figured out where the problem was. I
found it, but I'm still as clueless as every.
To summarize: I have a form that posts to the same script that contains
the form. In its original state, when the script is called after I
submit the form data, the $_POST[] data is completely empty and the
_SERVER variable that indicates the type of data is set to GET.
In the script is the following code:
if (IsSet($_POST[action])) {
//$action = $_POST[action];
} else {
$action = $_GET[action];
}
Normally the second line is not commented. When I comment out that line,
then the $_POST array has all of the data I would expect it to. When it
is not commented, then it does not work.
Just to make sure that I am really confused, this bit of code is *after*
the call to var_dump($_POST), but *before* the code that creates the form.
Does anyone have any ideas about why setting this variable has such a
large and seemingly unrelated affect?
WILD GUESS:
Somewhere in your form and/or the logic, you are sending GET data for
$action as well as POST data for $action, and you are confusing the two.
Show us your stripped-down but still-broken code.
I think I found it. I was very, very confused by the fact that changing
a single line seemed to retroactively affect code that was *before* that
line. Just a bit ago, it struck me that I should look at header() calls,
since that would make the file reload and in affect retroactively change
the previous code. I commented out each header() call, and the POST
variables came through correctly. Then I narrowed it down to a single
one (which was the one I suspected in the first place). It made sense
when the header() call caused the page to reload, it wouldn't have POST
data. Then I needed to figure out what the code was supposed to do.
Voila, right above the header() call and the exit, were four calls to
session_register(). Aha, now I have something to R in TFM.
Yup, you guessed it. I have register_globals disabled, as is the
default. The script was written assuming that the session data would be
global. The session data basically disappeared as far as the script was
concerned. So it turns out that having the POST data disappear was
intentionally, but having the session data disappear was the problem.
Another example of the problems a newbie can have when debugging someone
else's code.
Thanks for sticking with me.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Authentication fails - problem line found
Richard Lynch wrote: phpninja wrote: I think all php functions are case sensitive and must be all lowercase. try changing IsSet to isset and give it a run. I im not 100% sure because i always type every function in php lowercase and keep it the same throughout the application so i dont ever have to worry about that. Just a thought. PHP functions are case-INsensitive. PHP variables are case-sensitive. thats not to say it's not blasphemous to write isset() as IsSet() ;-) one a more serious not there are some posts a while back about CS. (Coding Style)...anyhow, I think most people expect php core functions, language-constructs to be written in lowercase, maybe only in my sector? :-). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Authentication fails
On 3/2/2005 5:21 PM Richard Lynch wrote: John Swartzentruber wrote: VirtualHost 66.92..XX:80 10.X.0.3:80 ServerName john.swartzentruber.us ServerAdmin webmasXXXtzentruber.us DocumentRoot /var/www/vhosts/swartzentruber.us/john/html Directory /var/www/vhosts/swartzentruber.us/john/html AllowOverride AuthConfig Options Indexes Includes FollowSymLinks Order allow,deny Allow from all /Directory /VirtualHost Nothing I can see... I guess the next thing I would advise would be: 1. Write/steal a Perl CGI script that does a simple POST processing, and see if *IT* can work. Either your webserver is messing up POST, or PHP is. If Perl can't work POST, it's your webserver. If Perl *can* do POST, it's probably PHP. 2. File a bug report (after searching for them) in the PHP or Apache bugs systems. I'm still clueless, but I did find something interesting. I found a small PHP form example in the PHP book that I'm reading. I ran it and it works correctly. That seems to indicate that Apache isn't the problem. Somehow my one fairly stripped down script is different from another very stripped down script. When I have the time, my task will be to try to figure out what is different between the two scripts. Thanks for your help and your time. I'll try to report back when I find out something new. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Authentication fails - problem line found
I stripped down my original script until it started receiving POST data,
then I kept modifying it until I figured out where the problem was. I
found it, but I'm still as clueless as every.
To summarize: I have a form that posts to the same script that contains
the form. In its original state, when the script is called after I
submit the form data, the $_POST[] data is completely empty and the
_SERVER variable that indicates the type of data is set to GET.
In the script is the following code:
if (IsSet($_POST[action])) {
//$action = $_POST[action];
} else {
$action = $_GET[action];
}
Normally the second line is not commented. When I comment out that line,
then the $_POST array has all of the data I would expect it to. When it
is not commented, then it does not work.
Just to make sure that I am really confused, this bit of code is *after*
the call to var_dump($_POST), but *before* the code that creates the form.
Does anyone have any ideas about why setting this variable has such a
large and seemingly unrelated affect?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Authentication fails
On 3/1/2005 3:52 PM John Swartzentruber wrote: On 3/1/2005 2:12 PM Jason Barnett wrote: John Swartzentruber wrote: Somehow my PHP 5.0.3 or something is configured incorrectly. When I try to get past an authentication input, nothing happens. For example, I have phpMyAdmin configured now to use mysqli, but when I enter the username and password, the screen doesn't change. In previous testing, I saw that an incorrect authentication was detected and reported, but a correct authentication had no affect. Not sure if this is a phpMyAdmin bug or not, but you might try to clear out all cookies that your browser has from john.swartzentruber.us. For that matter you should see if you *have* any cookie set from john.swartzenruber.us. I'm not pointing fingers at phpMyAdmin, but just tossing out a possible solution. My phpinfo() output is at http://john.swartzentruber.us/test.php For example, I'm trying to use a simple file upload script called file thingie that is at http://www.solitude.dk/filethingie/download.php I have edited the original file only to decrease the maximum file size to 500 bytes and limit uploads to text files. I hope no one here tries to be nasty. The user name is USERNAME2 and the password is PASSWORD. Yeah... I wouldn't suggest putting user / pw combos onto the web even if you intend on changing it later. You just never know. Well, if someone can get past the login page, at least someone is making progress :-) Can anyone check this out and give me some clues or things to look into? Is there some setting that would cause _POST data to disappear? How would I go about debugging this? Start by going to the form page's action page (since your test.php page only displays phpinfo() I'm not sure what this is going to be). We'll call this page action.php. I forgot to mention that the page in question was http://john.swartzentruber.us/test.php I'm working on creating an even simpler script, but since I'm not that familiar with either HTML forms or PHP, it is taking some time. In these examples, the action page is the same page as original page (i.e., filethingie.php). When I look at the page source (i.e., the PHP output) in my browser, this is what the form looks like (sorry about the word wrapping): form action=filethingie.php method=post h1Please Login/h1 input type=hidden name=log_lang value=en / div label for=log_userUser: /labelinput type=text size=15 name=log_user id=log_user / /div div label for=log_passPass: /labelinput type=password size=15 name=log_pass id=log_pass / input type=hidden name=action value=login / input type=submit value=login / /div /form The simplest way to debug this (but it's effective) is to var_dump($_POST) at the top of action.php. Insert this at the very top of the page (likely to cause a lot of errors :) and then gradually cut / paste that code throughout the action page. Do this until you narrow down the problem code. Well, I've been trying print_r($_POST), and it is always empty. That's the problem. Since this is a file upload script you are doing you will probably want to var_dump($_FILES) as well. Heck, if you're having *session* problems then you should be looking into the $_SESSION array and (possibly) the $_COOKIE array. I'll try removing the session stuff to see if that is significant. It looks like $_SESSION is also empty, although I do see what appear to be session files created in /tmp, which is where they go. To summarize, it appears that the problem is not with authentication per se, but is that $_POST is empty when the script is called from a form in the same file. I'll try to test this using a different action script and see what happens. In the meantime, if you see anything or have any other ideas, please let me know. I appreciate you taking the time to help. I've got some more information and I hope someone can help me figure out the problem. I changed my original PHP program so that the form action script is a different script. In that file, I just do a var_dump on $_POST and $_SERVER. When I do that, it looks like all of the data comes through correctly. On the other hand, when the form action script is the *same* script that contains the form, when I do the same var_dumps, the data does *not* have any $_POST data. Also, the _SERVER[REQUEST_METHOD] is GET, not POST in this instance. So it appears that my problem is that when I post to the same script I am running, things don't work. I still have no idea why this would be the case. Does anyone have any ideas? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Authentication fails
I've got some more information and I hope someone can help me figure out the problem. I changed my original PHP program so that the form action script is a different script. In that file, I just do a var_dump on $_POST and $_SERVER. When I do that, it looks like all of the data comes through correctly. Super. On the other hand, when the form action script is the *same* script that contains the form, when I do the same var_dumps, the data does *not* have any $_POST data. Also, the _SERVER[REQUEST_METHOD] is GET, not POST in this instance. My suspicion was that this was what had happened as well, but *why* your POST is being interpreted as a GET is unclear to me. I did notice that you were sending GET variables when you had a login error... but someone more knowledgeable than I (Richard?) will likely come along and explain how / why PHP can interpret a form with both POST and GET variables as a GET script. So it appears that my problem is that when I post to the same script I am running, things don't work. I still have no idea why this would be the case. Does anyone have any ideas? One other thing I noticed, but didn't quite understand. Your apache2handler shows you are using port 0, but your SERVER_PORT is 80. I don't understand the Apache side of things well enough to untangle that one either. -- Teach a man to fish... NEW? | http://www.catb.org/~esr/faqs/smart-questions.html STFA | http://marc.theaimsgroup.com/?l=php-generalw=2 STFM | http://php.net/manual/en/index.php STFW | http://www.google.com/search?q=php LAZY | http://mycroft.mozdev.org/download.html?name=PHPsubmitform=Find+search+plugins signature.asc Description: OpenPGP digital signature
[PHP] Re: Authentication fails
On 3/2/2005 9:22 AM Jason Barnett wrote: On the other hand, when the form action script is the *same* script that contains the form, when I do the same var_dumps, the data does *not* have any $_POST data. Also, the _SERVER[REQUEST_METHOD] is GET, not POST in this instance. My suspicion was that this was what had happened as well, but *why* your POST is being interpreted as a GET is unclear to me. I did notice that you were sending GET variables when you had a login error... but someone more knowledgeable than I (Richard?) will likely come along and explain how / why PHP can interpret a form with both POST and GET variables as a GET script. I don't know, but in this particular case, it shouldn't be significant because I see the problem when there is no error, so the GET variables aren't needed. So it appears that my problem is that when I post to the same script I am running, things don't work. I still have no idea why this would be the case. Does anyone have any ideas? One other thing I noticed, but didn't quite understand. Your apache2handler shows you are using port 0, but your SERVER_PORT is 80. I don't understand the Apache side of things well enough to untangle that one either. That is odd. I use name-based virtual hosting, and I have both an internal and an external address for each VirtualHost, but in all cases, I specify the port to be 80. I don't know why apache2handler would show 0. I guess it is one more thing to google to look for clues. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Authentication fails
On the other hand, when the form action script is the *same* script that contains the form, when I do the same var_dumps, the data does *not* have any $_POST data. Also, the _SERVER[REQUEST_METHOD] is GET, not POST in this instance. My suspicion was that this was what had happened as well, but *why* your POST is being interpreted as a GET is unclear to me. I did notice that you were sending GET variables when you had a login error... but someone more knowledgeable than I (Richard?) will likely come along and explain how / why PHP can interpret a form with both POST and GET variables as a GET script. As I recall, the POST format simply allows GET data as well. Almost for sure POST came after GET, in terms of historical web techniques. So when they made the spec for POST, GET data was included already. I don't think PHP does any magic to make it work, really... If his form says: method=post and it's not sending POST and the REQUEST_METHOD isn't POST, then the httpd server (mini_httpd, right) is almost for sure at fault. I'm repeating myself, but PHP pretty much just takes whatever the SERVER sends it, and fills in $_SERVER and $_POST and $_GET based on that. Fix mini_httpd and/or its configuration if you want to get $_POST to work. You'll need to ask mini_httpd experts how to do that... Which ain't here. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Authentication fails
I've got some more information and I hope someone can help me figure out the problem. I changed my original PHP program so that the form action script is a different script. In that file, I just do a var_dump on $_POST and $_SERVER. When I do that, it looks like all of the data comes through correctly. On the other hand, when the form action script is the *same* script that contains the form, when I do the same var_dumps, the data does *not* have any $_POST data. Also, the _SERVER[REQUEST_METHOD] is GET, not POST in this instance. So it appears that my problem is that when I post to the same script I am running, things don't work. I still have no idea why this would be the case. Does anyone have any ideas? Whoops! You're *not* the mini_httpd guy, are you? Sorry, crossed my threads. Start digging into httpd.conf and look real careful at any changes involving POST/GET and METHOD etc. 'diff' your httpd.conf with the one that ships out with the software. (See man diff) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Authentication fails
On 3/2/2005 2:29 PM Richard Lynch wrote: I've got some more information and I hope someone can help me figure out the problem. I changed my original PHP program so that the form action script is a different script. In that file, I just do a var_dump on $_POST and $_SERVER. When I do that, it looks like all of the data comes through correctly. On the other hand, when the form action script is the *same* script that contains the form, when I do the same var_dumps, the data does *not* have any $_POST data. Also, the _SERVER[REQUEST_METHOD] is GET, not POST in this instance. So it appears that my problem is that when I post to the same script I am running, things don't work. I still have no idea why this would be the case. Does anyone have any ideas? Whoops! You're *not* the mini_httpd guy, are you? Sorry, crossed my threads. No, I'm the Apache/2.0.52 (Fedora) Server at john.swartzentruber.us Port 80 guy. Start digging into httpd.conf and look real careful at any changes involving POST/GET and METHOD etc. 'diff' your httpd.conf with the one that ships out with the software. (See man diff) I've done this and don't see anything. I'm not positive I have the original httpd.conf file to compare against, but I have one saved in a backup directory that is named httpd.conf.rpmnew, so I think it is either original or from an RPM update. My differences are: 1. additional files in DirectoryIndex 2. HostnameLookups is On 3. the /server-status and /server-info sections are uncommented (but only accessible from my internal network) 4. Added virtual hosting stuff I looked at all instances of GET and POST, and only see a section that is commented out in both copies of httpd.conf. Here is my VirtualHost for the thing I am testing (I X'd out some stuff): VirtualHost 66.92..XX:80 10.X.0.3:80 ServerName john.swartzentruber.us ServerAdmin webmasXXXtzentruber.us DocumentRoot /var/www/vhosts/swartzentruber.us/john/html Directory /var/www/vhosts/swartzentruber.us/john/html AllowOverride AuthConfig Options Indexes Includes FollowSymLinks Order allow,deny Allow from all /Directory /VirtualHost Is there anything funny there that would cause a problem? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Authentication fails
John Swartzentruber wrote: VirtualHost 66.92..XX:80 10.X.0.3:80 ServerName john.swartzentruber.us ServerAdmin webmasXXXtzentruber.us DocumentRoot /var/www/vhosts/swartzentruber.us/john/html Directory /var/www/vhosts/swartzentruber.us/john/html AllowOverride AuthConfig Options Indexes Includes FollowSymLinks Order allow,deny Allow from all /Directory /VirtualHost Nothing I can see... I guess the next thing I would advise would be: 1. Write/steal a Perl CGI script that does a simple POST processing, and see if *IT* can work. Either your webserver is messing up POST, or PHP is. If Perl can't work POST, it's your webserver. If Perl *can* do POST, it's probably PHP. 2. File a bug report (after searching for them) in the PHP or Apache bugs systems. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Authentication fails
John Swartzentruber wrote: Somehow my PHP 5.0.3 or something is configured incorrectly. When I try to get past an authentication input, nothing happens. For example, I have phpMyAdmin configured now to use mysqli, but when I enter the username and password, the screen doesn't change. In previous testing, I saw that an incorrect authentication was detected and reported, but a correct authentication had no affect. Not sure if this is a phpMyAdmin bug or not, but you might try to clear out all cookies that your browser has from john.swartzentruber.us. For that matter you should see if you *have* any cookie set from john.swartzenruber.us. I'm not pointing fingers at phpMyAdmin, but just tossing out a possible solution. My phpinfo() output is at http://john.swartzentruber.us/test.php For example, I'm trying to use a simple file upload script called file thingie that is at http://www.solitude.dk/filethingie/download.php I have edited the original file only to decrease the maximum file size to 500 bytes and limit uploads to text files. I hope no one here tries to be nasty. The user name is USERNAME2 and the password is PASSWORD. Yeah... I wouldn't suggest putting user / pw combos onto the web even if you intend on changing it later. You just never know. Can anyone check this out and give me some clues or things to look into? Is there some setting that would cause _POST data to disappear? How would I go about debugging this? Start by going to the form page's action page (since your test.php page only displays phpinfo() I'm not sure what this is going to be). We'll call this page action.php. The simplest way to debug this (but it's effective) is to var_dump($_POST) at the top of action.php. Insert this at the very top of the page (likely to cause a lot of errors :) and then gradually cut / paste that code throughout the action page. Do this until you narrow down the problem code. Since this is a file upload script you are doing you will probably want to var_dump($_FILES) as well. Heck, if you're having *session* problems then you should be looking into the $_SESSION array and (possibly) the $_COOKIE array. Thanks for any help or pointers. -- Teach a man to fish... NEW? | http://www.catb.org/~esr/faqs/smart-questions.html STFA | http://marc.theaimsgroup.com/?l=php-generalw=2 STFM | http://php.net/manual/en/index.php STFW | http://www.google.com/search?q=php LAZY | http://mycroft.mozdev.org/download.html?name=PHPsubmitform=Find+search+plugins signature.asc Description: OpenPGP digital signature
[PHP] Re: Authentication fails
On 3/1/2005 2:12 PM Jason Barnett wrote: John Swartzentruber wrote: Somehow my PHP 5.0.3 or something is configured incorrectly. When I try to get past an authentication input, nothing happens. For example, I have phpMyAdmin configured now to use mysqli, but when I enter the username and password, the screen doesn't change. In previous testing, I saw that an incorrect authentication was detected and reported, but a correct authentication had no affect. Not sure if this is a phpMyAdmin bug or not, but you might try to clear out all cookies that your browser has from john.swartzentruber.us. For that matter you should see if you *have* any cookie set from john.swartzenruber.us. I'm not pointing fingers at phpMyAdmin, but just tossing out a possible solution. My phpinfo() output is at http://john.swartzentruber.us/test.php For example, I'm trying to use a simple file upload script called file thingie that is at http://www.solitude.dk/filethingie/download.php I have edited the original file only to decrease the maximum file size to 500 bytes and limit uploads to text files. I hope no one here tries to be nasty. The user name is USERNAME2 and the password is PASSWORD. Yeah... I wouldn't suggest putting user / pw combos onto the web even if you intend on changing it later. You just never know. Well, if someone can get past the login page, at least someone is making progress :-) Can anyone check this out and give me some clues or things to look into? Is there some setting that would cause _POST data to disappear? How would I go about debugging this? Start by going to the form page's action page (since your test.php page only displays phpinfo() I'm not sure what this is going to be). We'll call this page action.php. I forgot to mention that the page in question was http://john.swartzentruber.us/test.php I'm working on creating an even simpler script, but since I'm not that familiar with either HTML forms or PHP, it is taking some time. In these examples, the action page is the same page as original page (i.e., filethingie.php). When I look at the page source (i.e., the PHP output) in my browser, this is what the form looks like (sorry about the word wrapping): form action=filethingie.php method=post h1Please Login/h1 input type=hidden name=log_lang value=en / div label for=log_userUser: /labelinput type=text size=15 name=log_user id=log_user / /div div label for=log_passPass: /labelinput type=password size=15 name=log_pass id=log_pass / input type=hidden name=action value=login / input type=submit value=login / /div /form The simplest way to debug this (but it's effective) is to var_dump($_POST) at the top of action.php. Insert this at the very top of the page (likely to cause a lot of errors :) and then gradually cut / paste that code throughout the action page. Do this until you narrow down the problem code. Well, I've been trying print_r($_POST), and it is always empty. That's the problem. Since this is a file upload script you are doing you will probably want to var_dump($_FILES) as well. Heck, if you're having *session* problems then you should be looking into the $_SESSION array and (possibly) the $_COOKIE array. I'll try removing the session stuff to see if that is significant. It looks like $_SESSION is also empty, although I do see what appear to be session files created in /tmp, which is where they go. To summarize, it appears that the problem is not with authentication per se, but is that $_POST is empty when the script is called from a form in the same file. I'll try to test this using a different action script and see what happens. In the meantime, if you see anything or have any other ideas, please let me know. I appreciate you taking the time to help. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
