php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #10930 Can't connect to mysql after running some code that crashes IIS 5
Submitted: 2001-05-17 12:08 UTC Modified: 2002-05-24 20:24 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (50.0%)
From: tyler dot longren at midiowa dot net Assigned:
Status: Not a bug Package: IIS related
PHP Version: 4.0.5 OS: Windows 2000
Private report: No CVE-ID: None
 [2001-05-17 12:08 UTC] tyler dot longren at midiowa dot net
After running the code below, PHP 4.0.5 is no longer able to connecto to mysql.  I have tested this at 2 different locations, and the result is the same every time.  Also after visiting the website with this code in it, inetinfo.exe (IIS) crashes.

PHP was installed with php405-installer.exe.  The problem occurs on Windows 2000 Professional SP1 & SP2.  Windows 2000 server has not been tested.  Below is the code that should be pasted into a webpage, and then visited with any browser.  I accidentally caused inetinfo.exe to die with this:

<?
/*
This was written (accidentally) by Tyler Longren <tyler.longren@midiowa.net>.
This was found on accident...thanks to my crappy coding.  :)
Date: 05-14-2001
Kills: Inetinfo.exe on Win2k
*/
session_start();
session_register('username');
session_register('password');
header("Location: $PHP_SELF");
if ($formusername) {
	mysql_connect("$mysql_host","$mysql_user","$mysql_pass");
	mysql_select_db("$mysql_db");
	$auth_sql = mysql_query("SELECT * FROM $mysql_user_table WHERE username =
'$formusername' AND password = '$formpassword'");
	$user_exists = mysql_num_rows($auth_sql);
	if ($user_exists == "1") {
		$username = $formusername;
		$password = $formpassword;

	}
	else {
		$login_error = "<font face=Arial size=2><b>Error:</b></font><br><font
face=Arial size=1>Wrong<br>username/password</b></font>";
		session_unregister('username');
		session_unregister('password');
	}

}
else {
	mysql_connect("$mysql_host","$mysql_user","$mysql_pass");
	mysql_select_db("$mysql_db");
	$auth_sql = mysql_query("SELECT * FROM $mysql_user_table WHERE username =
'$username' AND password = '$password'");
	$user_exists = mysql_num_rows($auth_sql);
	if ($user_exists == "1") {
		// blah blah blah!
	}
	else {
		$login_error = "<font face=Arial size=2><b>Error:</b></font><br><font
face=Arial size=1><b>Wrong<Br>username/password</b></font>";
		session_unregister('username');
		session_unregister('password');
	}
}
if ($login == "no") {
	session_destroy();
	session_unregister('username');
	session_unregister('password');
	header("Location: $PHP_SELF");
}
?>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-03-07 07:50 UTC] dean dot jenkins at onexamination dot com
I have experienced the same bug with PHP 4.1.1 (Win32 install build) and Windows 2000 server. It is really an IIS bug not a PHP bug. The crux of it is ...

header("Location: $PHP_SELF");

This sends a 'virtual' URI not an absolute URI. (see the <a href="http://www.php.net/manual/en/function.header.php">PHP manual for header function</a>). Why this should crash IIS is unclear since surely it should cope with a rogue CGI program.

If an absolute URI is sent in the header it does not crash IIS.

This would cause problems on Windows boxes running a number of PHP websites for end users. Sloppy header coding can cause all the websites to be unavailable until admin restarts IIS.

Phorum 3.3.2a (www.phorum.org) uses the Location header with a virtual URI in the admin screens.
 [2002-05-24 20:24 UTC] derick@php.net
Sorry, but the bug system is not the appropriate forum for asking
support questions. Your problem does not imply a bug in PHP itself.
For a list of more appropriate places to ask for help using PHP,
please visit http://www.php.net/support.php

Thank you for your interest in PHP.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Oct 30 22:01:28 2024 UTC