|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2001-05-17 12:08 UTC] tyler dot longren at midiowa dot net
After running the code below, PHP 4.0.5 is no longer able to connecto to mysql. I have tested this at 2 different locations, and the result is the same every time. Also after visiting the website with this code in it, inetinfo.exe (IIS) crashes.
PHP was installed with php405-installer.exe. The problem occurs on Windows 2000 Professional SP1 & SP2. Windows 2000 server has not been tested. Below is the code that should be pasted into a webpage, and then visited with any browser. I accidentally caused inetinfo.exe to die with this:
<?
/*
This was written (accidentally) by Tyler Longren <tyler.longren@midiowa.net>.
This was found on accident...thanks to my crappy coding. :)
Date: 05-14-2001
Kills: Inetinfo.exe on Win2k
*/
session_start();
session_register('username');
session_register('password');
header("Location: $PHP_SELF");
if ($formusername) {
mysql_connect("$mysql_host","$mysql_user","$mysql_pass");
mysql_select_db("$mysql_db");
$auth_sql = mysql_query("SELECT * FROM $mysql_user_table WHERE username =
'$formusername' AND password = '$formpassword'");
$user_exists = mysql_num_rows($auth_sql);
if ($user_exists == "1") {
$username = $formusername;
$password = $formpassword;
}
else {
$login_error = "<font face=Arial size=2><b>Error:</b></font><br><font
face=Arial size=1>Wrong<br>username/password</b></font>";
session_unregister('username');
session_unregister('password');
}
}
else {
mysql_connect("$mysql_host","$mysql_user","$mysql_pass");
mysql_select_db("$mysql_db");
$auth_sql = mysql_query("SELECT * FROM $mysql_user_table WHERE username =
'$username' AND password = '$password'");
$user_exists = mysql_num_rows($auth_sql);
if ($user_exists == "1") {
// blah blah blah!
}
else {
$login_error = "<font face=Arial size=2><b>Error:</b></font><br><font
face=Arial size=1><b>Wrong<Br>username/password</b></font>";
session_unregister('username');
session_unregister('password');
}
}
if ($login == "no") {
session_destroy();
session_unregister('username');
session_unregister('password');
header("Location: $PHP_SELF");
}
?>
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Apr 25 16:01:28 2024 UTC |
I have experienced the same bug with PHP 4.1.1 (Win32 install build) and Windows 2000 server. It is really an IIS bug not a PHP bug. The crux of it is ... header("Location: $PHP_SELF"); This sends a 'virtual' URI not an absolute URI. (see the <a href="http://www.php.net/manual/en/function.header.php">PHP manual for header function</a>). Why this should crash IIS is unclear since surely it should cope with a rogue CGI program. If an absolute URI is sent in the header it does not crash IIS. This would cause problems on Windows boxes running a number of PHP websites for end users. Sloppy header coding can cause all the websites to be unavailable until admin restarts IIS. Phorum 3.3.2a (www.phorum.org) uses the Location header with a virtual URI in the admin screens.