On Mar 7, 2004, at 2:59 PM, Andrew McMillan wrote:
On Sat, 2004-03-06 at 07:18, Danny O'Brien wrote:
Any postgre experts out there? We have a PHP4 site that worked fine
under a previous RedHat build, but we just can't get it working on
this
Debian build.
We run heaps of PHP based sites on this codebase. If you want to
upgrade to 7.4.1, Oliver Elphick (the Debian maintainer) has produced
packages for Woody that we also use in some situations:
deb http://people.debian.org/~elphick/debian/ stable main
It seems most likely to me that your webserver is attempting to
authenticate as www-data using 127.0.0.1 (rather than 'local' - i.e. no
host spec in pg_connect) and that you are not allowing that in your
pg_hba.conf, but the notes below do not give a lot of information to
work from.
Perhaps send the auth.php (with usernames / passwords munged), a
"select
* from pg_user" (ditto)
Cheers,
Andrew McMillan
Hi Andrew,
Thanks for your response. Below is the contents of auth.php, per your
suggestion, if you feel like vetting the code. I'm not a PHP programmer
-- we've hired one to mod the site, but he seems incapable of
resolving the database issue. I'm responsible for getting the site
running. I've been able to do it before, under RedHat, but not this
time.
When I set up the database (named identically to the previous), I ran a
script called "create_tables.sql" that the original programmers gave
me. This presumably provided the db with all necessary columns.
I then followed that with a script called "fake_data.sql," also from
the original programmers. This script contains a series of logins and
passwords that correspond to the columns in the create_tables.sql. My
conclusion from these actions is that we should now have a functioning
database with usable logins and passwords.
Is there any way for me to crack open the database to make sure that
the columns, logins, and passwords are all positioned properly? Could
it be that the scripts named above did not function properly, and we
have what amounts to a non-functioning database?
**********************************
auth.php:
<?
include('dbconnect.php');
include('util.php');
include( 'login.php' );
if( $real_login )
{
$sql = "select fname, lname, password, admin_flag, client_id from usr
where login = " . xxxxx($real_login);
$result = pg_exec( $link, $sql );
if( $result && pg_numrows( $result ) == 1 )
{
$row = pg_fetch_row( $result, 0 );
$pw = $row[2];
if( $row[2] == crypt( $real_password, $row[2] ) )
{
setCookie( "srp_auth", "auth_login=$real_login&auth_password=$pw" );
$auth_user_name = $row[0] . " " . $row[1];
$auth_admin_flag = $row[3];
$auth_client_id = $row[4];
$sql = "update usr set last_login='now' where login=" . xxxxx(
$real_login );
pg_exec( $sql );
}
else
{
show_login( "<BR><B>We're sorry but that is incorrect. Please try
again.</B>");
}
}
else
{
show_login( "<BR><B>We're sorry but that is incorrect. Please try
again.</B>");
}
}
else if( $srp_auth )
{
parse_str( $srp_auth );
$sql = "select fname, lname, admin_flag, client_id from usr where
login = " . xxxxx( $auth_login ) . " and password = " . xxxxx(
$auth_password ) ;
$result = pg_exec( $link, $sql );
if( $result && pg_numrows( $result ) == 1 )
{
$row = pg_fetch_row( $result, 0 );
$auth_user_name = $row[0] . " " . $row[1];
$auth_admin_flag = $row[2];
$auth_client_id = $row[3];
}
else
{
show_login( "<BR><B>We're sorry but that is incorrect. Please try
again.</B>");
}
}
else
{
show_login( "" );
}
if( $auth_admin_flag == "A" )
{
$auth_admin_flag = "P";
}
if (isset($client_id) && $auth_client_id != 1 && $client_id !=
$auth_client_id)
{
show_login("Invalid data passed to form. Please log in again");
}
if (isset($category_id))
{
$sql = "select descr, client_id from category where id =
$category_id";
$result = pg_exec($link, $sql);
if ($auth_client_id != 1)
{
if (pg_result($result, 0, 1) != $auth_client_id)
{
show_login("Invalid data passed to form. Please log in again");
}
}
if (!isset($category_descr))
{
$category_descr = pg_result($result, 0, 0);
}
}
?>
Original post:
Here's what we're running:
Debian 3.0r1 "woody"
Kernel 2.4.18-bf2.4
Apache 1.3.26-0woo
postgres 7.2.1-2wood
php 4.1.2-6wood
We've applied a script sent to us by the original programmers, that
installed several logins and passwords.
But when we go to login to our PHP site, our login is rejected.
I've taken the following actions:
1) Checked to see that the database (called "ourdb") is in fact
available by entering "psql ourdb." The database opens up to an
"ourdb"
prompt.
2) Made sure that postgresql is running by outputting ps ax:
xxx ? S 0:00 /usr/lib/postgresql/bin/postmaster
xxx ? S 0:00 postgres: stats buffer process
xxx ? S 0:00 postgres: stats collector process
3) Altered the pg_hba.conf (located in /etc/postgresql) to reflect the
following, and re-started postgre:
#local all ident
sameuser
local all trust
host all 127.0.0.1 255.0.0.0 ident
sameuser
host all 0.0.0.0 0.0.0.0 reject
4) Made sure that the php4-pgsql module is present -- I did an
"apt-get" for this last week
5) Examined the postgres.log for clues -- the log file is empty,
indicating that no login attempts have been made -- I suppose because
the auth.php has not found the DB?
6) pg_exec call deprecated under PHP 4.2.0 and replaced with pg_query:
since we're using php 4.1.2-6wood, it seems that this does not apply
to
our setup. Correct?
All suggestions welcome. Solution guaranteed posted to the list.
- Danny O'Brien
---------------------------(end of
broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings
-----------------------------------------------------------------------
--
Andrew @ Catalyst .Net .NZ Ltd, PO Box 11-053, Manners St,
Wellington
WEB: http://catalyst.net.nz/ PHYS: Level 2, 150-154 Willis
St
DDI: +64(4)916-7201 MOB: +64(21)635-694 OFFICE:
+64(4)499-2267
It is truth which you cannot contradict; you can without any difficulty
contradict Socrates. - Plato
-----------------------------------------------------------------------
--
