php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #11450 Retrieving cookies in MSIE 5.0 returns an Apache Error 500 page
Submitted: 2001-06-12 20:52 UTC Modified: 2001-06-13 10:59 UTC
From: macfreak at adelphia dot net Assigned:
Status: Not a bug Package: Apache related
PHP Version: 4.0.5 OS: Windows 98 Second Edition
Private report: No CVE-ID: None
 [2001-06-12 20:52 UTC] macfreak at adelphia dot net
PHP.ini file:
[PHP]

; $Id: php.ini-dist,v 1.73.2.2 2001/04/22 11:58:49 phanto 
Exp $



;;;;;;;;;;;;;;;;;;;

; About this file ;

;;;;;;;;;;;;;;;;;;;

; This file controls many aspects of PHP's behavior.  In 
order for PHP to

; read it, it must be named 'php.ini'.  PHP looks for it 
in the current

; working directory, in the path designated by the 
environment variable

; PHPRC, and in the path that was defined in compile time 
(in that order).

; Under Windows, the compile-time path is the Windows 
directory.  The

; path in which the php.ini file is looked for can be 
overriden using

; the -c argument in command line mode.

;

; The syntax of the file is extremely simple.  Whitespace 
and Lines

; beginning with a semicolon are silently ignored (as you 
probably guessed).

; Section headers (e.g. [Foo]) are also silently ignored, 
even though

; they might mean something in the future.

;

; Directives are specified using the following syntax:

; directive = value

; Directive names are *case sensitive* - foo=bar is 
different from FOO=bar.

;

; The value can be a string, a number, a PHP constant 
(e.g. E_ALL or M_PI), one

; of the INI constants (On, Off, True, False, Yes, No and 
None) or an expression

; (e.g. E_ALL & ~E_NOTICE), or a quoted string ("foo").

;

; Expressions in the INI file are limited to bitwise 
operators and parentheses:

; |        bitwise OR

; &        bitwise AND

; ~        bitwise NOT

; !        boolean NOT

;

; Boolean flags can be turned on using the values 1, On, 
True or Yes.

; They can be turned off using the values 0, Off, False or 
No.

;

; An empty string can be denoted by simply not writing 
anything after the equal

; sign, or by using the None keyword:

;

;  foo =         ; sets foo to an empty string

;  foo = none    ; sets foo to an empty string

;  foo = "none"  ; sets foo to the string 'none'

;

; If you use constants in your value, and these constants 
belong to a

; dynamically loaded extension (either a PHP extension or 
a Zend extension),

; you may only use these constants *after* the line that 
loads the extension.

;

; All the values in the php.ini-dist file correspond to 
the builtin

; defaults (that is, if no php.ini is used, or if you 
delete these lines,

; the builtin defaults will be identical).





;;;;;;;;;;;;;;;;;;;;

; Language Options ;

;;;;;;;;;;;;;;;;;;;;



; Enable the PHP scripting language engine under Apache.

engine = On



; Allow the <? tag.  Otherwise, only <?php and <script> 
tags are recognized.

short_open_tag = On



; Allow ASP-style <% %> tags.

asp_tags = Off



; The number of significant digits displayed in floating 
point numbers.

precision    =  14



; Enforce year 2000 compliance (will cause problems with 
non-compliant browsers)

y2k_compliance = on



; Output buffering allows you to send header lines 
(including cookies) even

; after you send body content, at the price of slowing 
PHP's output layer a

; bit.  You can enable output buffering during runtime by 
calling the output

; buffering functions.  You can also enable output 
buffering for all files by

; setting this directive to On.

output_buffering = On



; You can redirect all of the output of your scripts to a 
function.  For

; example, if you set output_handler to "ob_gzhandler", 
output will be

; transparently compressed for browsers that support gzip 
or deflate encoding.

; Setting an output handler automatically turns on output 
buffering.

output_handler =



; Transparent output compression using the zlib library

; Valid values for this option are 'off', 'on', or a 
specific buffer size

; to be used for compression (default is 4KB)

zlib.output_compression = Off



; Implicit flush tells PHP to tell the output layer to 
flush itself

; automatically after every output block.  This is 
equivalent to calling the

; PHP function flush() after each and every call to 
print() or echo() and each

; and every HTML block.  Turning this option on has 
serious performance

; implications and is generally recommended for debugging 
purposes only.

implicit_flush = Off



; Whether to enable the ability to force arguments to be 
passed by reference

; at function call time.  This method is deprecated and is 
likely to be

; unsupported in future versions of PHP/Zend.  The 
encouraged method of

; specifying which arguments should be passed by reference 
is in the function

; declaration.  You're encouraged to try and turn this 
option Off and make

; sure your scripts work properly with it in order to 
ensure they will work

; with future versions of the language (you will receive a 
warning each time

; you use this feature, and the argument will be passed by 
value instead of by

; reference).

allow_call_time_pass_reference = On





;

; Safe Mode

;

safe_mode = Off



safe_mode_exec_dir =



; Setting certain environment variables may be a potential 
security breach.

; This directive contains a comma-delimited list of 
prefixes.  In Safe Mode,

; the user may only alter environment variables whose 
names begin with the

; prefixes supplied here.  By default, users will only be 
able to set

; environment variables that begin with PHP_ (e.g. 
PHP_FOO=BAR).

;

; Note:  If this directive is empty, PHP will let the user 
modify ANY

; environment variable!

safe_mode_allowed_env_vars = PHP_



; This directive contains a comma-delimited list of 
environment variables that

; the end user won't be able to change using putenv().  
These variables will be

; protected even if safe_mode_allowed_env_vars is set to 
allow to change them.

safe_mode_protected_env_vars = LD_LIBRARY_PATH



; This directive allows you to disable certain functions 
for security reasons.

; It receives a comma-deliminated list of function names.  
This directive is

; *NOT* affected by whether Safe Mode is turned On or Off.

disable_functions =



; Colors for Syntax Highlighting mode.  Anything that's 
acceptable in

; <font color="??????"> would work.

highlight.string  = #CC0000

highlight.comment = #FF9900

highlight.keyword = #006600

highlight.bg      = #FFFFFF

highlight.default = #0000CC

highlight.html    = #000000





;

; Misc

;

; Decides whether PHP may expose the fact that it is 
installed on the server

; (e.g. by adding its signature to the Web server header).  
It is no security

; threat in any way, but it makes it possible to determine 
whether you use PHP

; on your server or not.

expose_php = On





;;;;;;;;;;;;;;;;;;;

; Resource Limits ;

;;;;;;;;;;;;;;;;;;;



max_execution_time = 30     ; Maximum execution time of 
each script, in seconds

memory_limit = 8M      ; Maximum amount of memory a script 
may consume (8MB)





;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; Error handling and logging ;

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;



; error_reporting is a bit-field.  Or each number up to 
get desired error

; reporting level

; E_ALL             - All errors and warnings

; E_ERROR           - fatal run-time errors

; E_WARNING         - run-time warnings (non-fatal errors)

; E_PARSE           - compile-time parse errors

; E_NOTICE          - run-time notices (these are warnings 
which often result

;                     from a bug in your code, but it's 
possible that it was

;                     intentional (e.g., using an 
uninitialized variable and

;                     relying on the fact it's 
automatically initialized to an

;                     empty string)

; E_CORE_ERROR      - fatal errors that occur during PHP's 
initial startup

; E_CORE_WARNING    - warnings (non-fatal errors) that 
occur during PHP's

;                     initial startup

; E_COMPILE_ERROR   - fatal compile-time errors

; E_COMPILE_WARNING - compile-time warnings (non-fatal 
errors)

; E_USER_ERROR      - user-generated error message

; E_USER_WARNING    - user-generated warning message

; E_USER_NOTICE     - user-generated notice message

;

; Examples:

;

;   - Show all errors, except for notices

;

;error_reporting = E_ALL & ~E_NOTICE

;

;   - Show only errors

;

;error_reporting = E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR

;

;   - Show all errors except for notices

;

error_reporting  =  E_ALL & ~E_NOTICE



; Print out errors (as a part of the output).  For 
production web sites,

; you're strongly encouraged to turn this feature off, and 
use error logging

; instead (see below).  Keeping display_errors enabled on 
a production web site

; may reveal security information to end users, such as 
file paths on your Web

; server, your database schema or other information.

display_errors = On



; Even when display_errors is on, errors that occur during 
PHP's startup

; sequence are not displayed.  It's strongly recommended 
to keep

; display_startup_errors off, except for when debugging.

display_startup_errors = Off



; Log errors into a log file (server-specific log, stderr, 
or error_log (below))

; As stated above, you're strongly advised to use error 
logging in place of

; error displaying on production web sites.

log_errors = Off



; Store the last error/warning message in $php_errormsg 
(boolean).

track_errors = Off



; String to output before an error message.

;error_prepend_string = "<font color=ff0000>"



; String to output after an error message.

;error_append_string = "</font>"



; Log errors to specified file.

;error_log = filename



; Log errors to syslog (Event Log on NT, not valid in 
Windows 95).

;error_log = syslog



; Warn if the + operator is used with strings.

warn_plus_overloading = Off





;;;;;;;;;;;;;;;;;

; Data Handling ;

;;;;;;;;;;;;;;;;;

;

; Note - track_vars is ALWAYS enabled as of PHP 4.0.3



; The separator used in PHP generated URLs to separate 
arguments.

; Default is "&". 

;arg_separator.output = "&amp;"



; List of separator(s) used by PHP to parse input URLs 
into variables.

; Default is "&". 

; NOTE: Every character in this directive is considered as 
separator!

;arg_separator.input = ";&"



; This directive describes the order in which PHP 
registers GET, POST, Cookie,

; Environment and Built-in variables (G, P, C, E & S 
respectively, often

; referred to as EGPCS or GPC).  Registration is done from 
left to right, newer

; values override older values.

variables_order = "EGPCS"



; Whether or not to register the EGPCS variables as global 
variables.  You may

; want to turn this off if you don't want to clutter your 
scripts' global scope

; with user data.  This makes most sense when coupled with 
track_vars - in which

; case you can access all of the GPC variables through the 
$HTTP_*_VARS[],

; variables.

;

; You should do your best to write your scripts so that 
they do not require

; register_globals to be on;  Using form variables as 
globals can easily lead

; to possible security problems, if the code is not very 
well thought of.

register_globals = On



; This directive tells PHP whether to declare the 
argv&argc variables (that

; would contain the GET information).  If you don't use 
these variables, you

; should turn it off for increased performance.

register_argc_argv = On



; Maximum size of POST data that PHP will accept.

post_max_size = 8M



; This directive is deprecated.  Use variables_order 
instead.

gpc_order = "GPC"



; Magic quotes

;



; Magic quotes for incoming GET/POST/Cookie data.

magic_quotes_gpc = On



; Magic quotes for runtime-generated data, e.g. data from 
SQL, from exec(), etc.

magic_quotes_runtime = Off    



; Use Sybase-style magic quotes (escape ' with '' instead 
of \').

magic_quotes_sybase = Off



; Automatically add files before or after any PHP 
document.

auto_prepend_file =

auto_append_file =



; As of 4.0b4, PHP always outputs a character encoding by 
default in

; the Content-type: header.  To disable sending of the 
charset, simply

; set it to be empty.

;

; PHP's built-in default is text/html

default_mimetype = "text/html"

;default_charset = "iso-8859-1"





;;;;;;;;;;;;;;;;;;;;;;;;;

; Paths and Directories ;

;;;;;;;;;;;;;;;;;;;;;;;;;



; UNIX: "/path1:/path2"  Windows: "\path1;\path2"

include_path =



; The root of the PHP pages, used only if nonempty.

doc_root = "c:\program files\apache group\apache\htdocs"





; The directory under which PHP opens the script using 
/~usernamem used only

; if nonempty.

user_dir =



; Directory in which the loadable extensions (modules) 
reside.

extension_dir = ./



; Whether or not to enable the dl() function.  The dl() 
function does NOT work

; properly in multithreaded servers, such as IIS or Zeus, 
and is automatically

; disabled on them.

enable_dl = On





;;;;;;;;;;;;;;;;

; File Uploads ;

;;;;;;;;;;;;;;;;



; Whether to allow HTTP file uploads.

file_uploads = On



; Temporary directory for HTTP uploaded files (will use 
system default if not

; specified).

;upload_tmp_dir = "C:\Windows\Temp"



; Maximum allowed size for uploaded files.

upload_max_filesize = 2M





;;;;;;;;;;;;;;;;;;

; Fopen wrappers ;

;;;;;;;;;;;;;;;;;;



; Whether to allow the treatment of URLs (like http:// or 
ftp://) as files.

allow_url_fopen = On





;;;;;;;;;;;;;;;;;;;;;;

; Dynamic Extensions ;

;;;;;;;;;;;;;;;;;;;;;;

;

; If you wish to have an extension loaded automaticly, use 
the following

; syntax:

;

;   extension=modulename.extension

;

; For example, on Windows:

;

;   extension=msql.dll

;

; ... or under UNIX:

;

;   extension=msql.so

;

; Note that it should be the name of the module only; no 
directory information 

; needs to go here.  Specify the location of the extension 
with the

; extension_dir directive above.





;Windows Extensions

;Note that MySQL and ODBC support is now built in, so no 
dll is needed for it.

;

;extension=php_bz2.dll

;extension=php_ctype.dll

;extension=php_cpdf.dll

;extension=php_curl.dll

;extension=php_cybercash.dll

;extension=php_db.dll

;extension=php_dba.dll

;extension=php_dbase.dll

;extension=php_domxml.dll

;extension=php_dotnet.dll

;extension=php_exif.dll

;extension=php_fdf.dll

;extension=php_filepro.dll

;extension=php_gd.dll

;extension=php_gettext.dll

;extension=php_hyperwave.dll

;extension=php_iconv.dll

;extension=php_ifx.dll

;extension=php_iisfunc.dll

;extension=php_imap.dll

;extension=php_ingres.dll

;extension=php_interbase.dll

;extension=php_java.dll

;extension=php_ldap.dll

;extension=php_mcrypt.dll

;extension=php_mhash.dll

;extension=php_ming.dll

;extension=php_mssql.dll

;extension=php_oci8.dll

;extension=php_openssl.dll

;extension=php_oracle.dll

;extension=php_pdf.dll

;extension=php_pgsql.dll

;extension=php_printer.dll

;extension=php_sablot.dll

;extension=php_snmp.dll

;extension=php_sybase_ct.dll

;extension=php_yaz.dll

;extension=php_zlib.dll





;;;;;;;;;;;;;;;;;;;

; Module Settings ;

;;;;;;;;;;;;;;;;;;;



[Syslog]

; Whether or not to define the various syslog variables 
(e.g. $LOG_PID,

; $LOG_CRON, etc.).  Turning it off is a good idea 
performance-wise.  In

; runtime, you can define these variables by calling 
define_syslog_variables().

define_syslog_variables  = Off



[mail function]

; For Win32 only.

SMTP = localhost



; For Win32 only.

sendmail_from = me@localhost.com



; For Unix only.  You may supply arguments as well 
(default: 'sendmail -t -i').

;sendmail_path =



[Logging]

; These configuration directives are used by the example 
logging mechanism.

; See examples/README.logging for more explanation.

;logging.method = db

;logging.directory = /path/to/log/directory



[Java]

;java.class.path = .\php_java.jar

;java.home = c:\jdk

;java.library = c:\jdk\jre\bin\hotspot\jvm.dll 

;java.library.path = .\



[SQL]

sql.safe_mode = Off



[ODBC]

;odbc.default_db    =  Not yet implemented

;odbc.default_user  =  Not yet implemented

;odbc.default_pw    =  Not yet implemented



; Allow or prevent persistent links.

odbc.allow_persistent = On



; Check that a connection is still valid before reuse.

odbc.check_persistent = On



; Maximum number of persistent links.  -1 means no limit.

odbc.max_persistent = -1



; Maximum number of links (persistent + non-persistent).  
-1 means no limit.

odbc.max_links = -1  



; Handling of LONG fields.  Returns number of bytes to 
variables.  0 means

; passthru.

odbc.defaultlrl = 4096  



; Handling of binary data.  0 means passthru, 1 return as 
is, 2 convert to char.

; See the documentation on odbc_binmode and 
odbc_longreadlen for an explanation

; of uodbc.defaultlrl and uodbc.defaultbinmode

odbc.defaultbinmode = 1  



[MySQL]

; Allow or prevent persistent links.

mysql.allow_persistent = On



; Maximum number of persistent links.  -1 means no limit.

mysql.max_persistent = -1



; Maximum number of links (persistent + non-persistent).  
-1 means no limit.

mysql.max_links = -1



; Default port number for mysql_connect().  If unset, 
mysql_connect() will use

; the $MYSQL_TCP_PORT or the mysql-tcp entry in 
/etc/services or the

; compile-time value defined MYSQL_PORT (in that order).  
Win32 will only look

' at MYSQL_PORT.

mysql.default_port =



; Default socket name for local MySQL connects.  If empty, 
uses the built-in

; MySQL defaults.

mysql.default_socket =



; Default host for mysql_connect() (doesn't apply in safe 
mode).

mysql.default_host =



; Default user for mysql_connect() (doesn't apply in safe 
mode).

mysql.default_user =



; Default password for mysql_connect() (doesn't apply in 
safe mode).

; Note that this is generally a *bad* idea to store 
passwords in this file.

; *Any* user with PHP access can run 'echo 
cfg_get_var("mysql.default_password")

; and reveal this password!  And of course, any users with 
read access to this

; file will be able to reveal the password as well.

mysql.default_password =



[mSQL]

; Allow or prevent persistent links.

msql.allow_persistent = On



; Maximum number of persistent links.  -1 means no limit.

msql.max_persistent = -1



; Maximum number of links (persistent+non persistent).  -1 
means no limit.

msql.max_links = -1



[PostgresSQL]

; Allow or prevent persistent links.

pgsql.allow_persistent = On



; Maximum number of persistent links.  -1 means no limit.

pgsql.max_persistent = -1



; Maximum number of links (persistent+non persistent).  -1 
means no limit.

pgsql.max_links = -1



[Sybase]

; Allow or prevent persistent links.

sybase.allow_persistent = On



; Maximum number of persistent links.  -1 means no limit.

sybase.max_persistent = -1



; Maximum number of links (persistent + non-persistent).  
-1 means no limit.

sybase.max_links = -1



;sybase.interface_file = "/usr/sybase/interfaces"



; Minimum error severity to display.

sybase.min_error_severity = 10



; Minimum message severity to display.

sybase.min_message_severity = 10



; Compatability mode with old versions of PHP 3.0.

; If on, this will cause PHP to automatically assign types 
to results according

; to their Sybase type, instead of treating them all as 
strings.  This

; compatability mode will probably not stay around 
forever, so try applying

; whatever necessary changes to your code, and turn it 
off.

sybase.compatability_mode = Off



[Sybase-CT]

; Allow or prevent persistent links.

sybct.allow_persistent = On



; Maximum number of persistent links.  -1 means no limit.

sybct.max_persistent = -1



; Maximum number of links (persistent + non-persistent).  
-1 means no limit.

sybct.max_links = -1



; Minimum server message severity to display.

sybct.min_server_severity = 10



; Minimum client message severity to display.

sybct.min_client_severity = 10



[bcmath]

; Number of decimal digits for all bcmath functions.

bcmath.scale = 0



[browscap]

;browscap = extra/browscap.ini



[Informix]

; Default host for ifx_connect() (doesn't apply in safe 
mode).

ifx.default_host =



; Default user for ifx_connect() (doesn't apply in safe 
mode).

ifx.default_user =



; Default password for ifx_connect() (doesn't apply in 
safe mode).

ifx.default_password =



; Allow or prevent persistent links.

ifx.allow_persistent = On



; Maximum number of persistent links.  -1 means no limit.

ifx.max_persistent = -1



; Maximum number of links (persistent + non-persistent).  
-1 means no limit.

ifx.max_links = -1



; If on, select statements return the contents of a text 
blob instead of its id.

ifx.textasvarchar = 0



; If on, select statements return the contents of a byte 
blob instead of its id.

ifx.byteasvarchar = 0



; Trailing blanks are stripped from fixed-length char 
columns.  May help the

; life of Informix SE users.

ifx.charasvarchar = 0



; If on, the contents of text and byte blobs are dumped to 
a file instead of

; keeping them in memory.

ifx.blobinfile = 0



; NULL's are returned as empty strings, unless this is set 
to 1.  In that case,

; NULL's are returned as string 'NULL'.

ifx.nullformat = 0



[Session]

; Handler used to store/retrieve data.

session.save_handler = files



; Argument passed to save_handler.  In the case of files, 
this is the path

; where data files are stored.

session.save_path = /tmp



; Whether to use cookies.

session.use_cookies = 1





; Name of the session (used as cookie name).

session.name = PHPSESSID



; Initialize session on request startup.

session.auto_start = 0



; Lifetime in seconds of cookie or, if 0, until browser is 
restarted.

session.cookie_lifetime = 0



; The path for which the cookie is valid.

session.cookie_path = /



; The domain for which the cookie is valid.

session.cookie_domain =



; Handler used to serialize data.  php is the standard 
serializer of PHP.

session.serialize_handler = php



; Percentual probability that the 'garbage collection' 
process is started

; on every session initialization.

session.gc_probability = 1



; After this number of seconds, stored data will be seen 
as 'garbage' and

; cleaned up by the garbage collection process.

session.gc_maxlifetime = 1440



; Check HTTP Referer to invalidate externally stored URLs 
containing ids.

session.referer_check =



; How many bytes to read from the file.

session.entropy_length = 0



; Specified here to create the session id.

session.entropy_file =



;session.entropy_length = 16



;session.entropy_file = /dev/urandom



; Set to {nocache,private,public} to determine HTTP 
caching aspects.

session.cache_limiter = nocache



; Document expires after n minutes.

session.cache_expire = 180



; use transient sid support if enabled by compiling with 
--enable-trans-sid.

session.use_trans_sid = 1



url_rewriter.tags = 
"a=href,area=href,frame=src,input=src,form=fakeentry"



[MSSQL]

; Allow or prevent persistent links.

mssql.allow_persistent = On



; Maximum number of persistent links.  -1 means no limit.

mssql.max_persistent = -1



; Maximum number of links (persistent+non persistent).  -1 
means no limit.

mssql.max_links = -1



; Minimum error severity to display.

mssql.min_error_severity = 10



; Minimum message severity to display.

mssql.min_message_severity = 10



; Compatability mode with old versions of PHP 3.0.

mssql.compatability_mode = Off



; Valid range 0 - 2147483647.  Default = 4096.

;mssql.textlimit = 4096



; Valid range 0 - 2147483647.  Default = 4096.

;mssql.textsize = 4096



; Limits the number of records in each bach.  0 = all 
records in one batch.

;mssql.batchsize = 0



[Assertion]

; Assert(expr); active by default.

;assert.active = On



; Issue a PHP warning for each failed assertion.

;assert.warning = On



; Don't bail out by default.

;assert.bail = Off



; User-function to be called if an assertion fails.

;assert.callback = 0



; Eval the expression with current error_reporting().  Set 
to true if you want

; error_reporting(0) around the eval().

;assert.quiet_eval = 0



[Ingres II]

; Allow or prevent persistent links.

ingres.allow_persistent = On



; Maximum number of persistent links.  -1 means no limit.

ingres.max_persistent = -1



; Maximum number of links, including persistents.  -1 
means no limit.

ingres.max_links = -1



; Default database (format: 
[node_id::]dbname[/srv_class]).

ingres.default_database =



; Default user.

ingres.default_user =



; Default password.

ingres.default_password =



[Verisign Payflow Pro]

; Default Signio server.

pfpro.defaulthost = "test.signio.com"



; Default port to connect to.

pfpro.defaultport = 443



; Default timeout in seconds.

pfpro.defaulttimeout = 30



; Default proxy IP address (if required).

;pfpro.proxyaddress =



; Default proxy port.

;pfpro.proxyport =



; Default proxy logon.

;pfpro.proxylogon =



; Default proxy password.

;pfpro.proxypassword =



[Sockets]

; Use the system read() function instead of the php_read() 
wrapper.

sockets.use_system_read = On



[com]

; path to a file containing GUIDs, IIDs or filenames of 
files with TypeLibs

;com.typelib_file = 



; allow Distributed-COM calls

;com.allow_dcom = true


Done with php.ini file (ignore the hard return marks).

Script that causes error:

<?

if ((!$username) || (!$password)) {
	header("Location: http://localhost/show_login.html");
	exit;
} 


$db_name = "testDB";
$table_name = "auth_users";

$connection = @mysql_connect("localhost", "sandman", 
"tQ9472b") 
	or die("Couldn't connect.");

$db = mysql_select_db($db_name, $connection)
	or die("Couldn't select database.");

$sql = "SELECT * FROM $table_name
	WHERE username = \"$username\" AND password = 
password(\"$password\")
	"; 

$result = mysql_query($sql) 
        or die ("Can't execute query."); 

$num = mysql_numrows($result); 

if ($num != 0) { 

	$cookie_name = "auth";
	$cookie_value = "ok";
	$cookie_expire = "";
	$cookie_domain = "";
	
	setcookie($cookie_name, $cookie_value, $cookie_expire, "/" 
, $cookie_domain, 0);


	$display_block = "
	<p><strong>Secret Menu:</strong></p>
	<ul>
	<li><a href=\"secretA.php\">secret page A</a>
	<li><a href=\"secretB.php\">secret page B</a>
	</ul>
	";

} else { 

	header("Location: http://localhost/show_login.html");
	exit;
} 

?> 

<HTML>
<HEAD>
<TITLE>Secret Area</TITLE>
</HEAD>
<BODY>

<? echo "$display_block"; ?>

</BODY>
</HTML>

End of error script.

Here are the two scripts that co-work with the first:

Script 1:

<?

if ($auth == "ok") {

	$msg = "<P>Welcome to secret page A, authorized 
user!</p>";
	
} else {

	header( "Location: http://localhost/show_login.html");
	exit;
}

?>

<HTML>
<HEAD>
<TITLE>Secret Page A</TITLE>
</HEAD>
<BODY>

<? echo "$msg"; ?>

</BODY>
</HTML>

Script 2:

<?

if ($auth == "ok") {

	$msg = "<P>Welcome to secret page B, authorized 
user!</p>";
	
} else {

	header( "Location: http://localhost/show_login.html");
	exit;
}

?>

<HTML>
<HEAD>
<TITLE>Secret Page B</TITLE>
</HEAD>
<BODY>

<? echo "$msg"; ?>

</BODY>
</HTML>

End of scripts.

I am using Apache version 1.3.2 (or whatever one comes 
right before v2.0beta. I am not using any modules except 
for the newest PHP module.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-06-13 10:59 UTC] sniper@php.net
ask support question somewehere else. This is not bug.

 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 13:01:31 2024 UTC