php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #5544 native functions cause varable change
Submitted: 2000-07-12 20:11 UTC Modified: 2000-08-20 02:58 UTC
From: pshafer at netsolutionsllc dot com Assigned: zak (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 4.0.1pl2 OS: NT4.0 Server SP6a/IIS4
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: pshafer at netsolutionsllc dot com
New email:
PHP Version: OS:

 

 [2000-07-12 20:11 UTC] pshafer at netsolutionsllc dot com
I have discovered what appears to be a bug that is reproducable in our companie's production environment.  We have a user defined function that checks authentication against a database of email addresses and passwords.  If the authentication is successfull, the function will return the user ID number.  (eg a table with ID,email,password).

This function is called teacher_login, and accepts an email address along with an md5-hash of the password.  The purpose of the function is to lookup that email address, verify the password and return the uniquie ID for that user.

the line $uid = teacher_login($email,md4($password)); assigns the userid to the $uid variable.  if the next line is a simple operation, then the script runs as normal.  However, if a library(native) function is called, the $uid varable changes its value (note, that $uid is not referenced in the function call).  If a user-defined function is called, then the script runs as normal.

here is the teacher_login function.

function teacher_login($sEmail,$sMD5Pass) {
  $db = db_connect();
  if (!$db) fError("S001",$PHP_SELF,"");
  $sql = "SELECT id,password FROM teacher WHERE email='$sEmail'";
  $query = mssql_query($sql,$db);
  if (!$query) fError("S002",$PHP_SELF,"");
  $row = mssql_fetch_array($query);
  if (!$row[password]) fError("U001",$PHP_SELF,"");
  if (md5($row[password]) != $sMD5Pass) fError("U002",$PHP_SELF,"");
  echo "teacher_login:\$row[id] = " . $row[id] . "<br>\n";
  return $row[id];
}


and here is a snipet of code that causes the error:
  $uid = teacher_login($email,md5($password));
  $session_data[0] = $email;
  echo urlencode("goober");        //library function
  echo "\$uid = $uid";

where it is using urlencode, I had originaly used md5 as I was hashing a password.  I have tryed several random library functions, and I still get the incorrect UID.

If I move the echo "\$uid... line before the library function, then the correct UID is returned.




Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-07-26 21:43 UTC] zak@php.net
I cannot reproduce this error.  Could you send a more complete code snippet.
 [2000-08-20 02:58 UTC] sniper@php.net
No feedback from user.

--Jani
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 19:01:29 2024 UTC