Re: Please help: PHP4/postgres db woes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]




Hi Bruce,

Thanks for your assistance. Please see my responses below.


On Mar 8, 2004, at 12:21 PM, bruce wrote:

danny...

you might want to take a direct look at the actual database using the
command line functions to determine if there is actual information within the database. if there is information there.. any reasonable php programmer
can track down the issue...

OK -- one of the tables is called "usr," so I logged into the database as the original database creator (not root) and entered this:

SELECT * FROM usr;

and it showed me the appropriate data in the proper columns. So it appears the scripts worked and populated the database. So that answers that question.

so make sure the db is actually populated with data, make sure you can
actually read/write something to the db with the php code.. etc... walk
through a test plan to isolate what the prob might be...

My next test was an attempt to manually enter values into the database (called "ourdb" for the sake of this test):

ourdb=# INSERT INTO usr (id, fname, lname, login, password, admin_flag, client_id) VALUES (4, 'Fred', 'Friendly', 'Fred', 'xxxxx', 'A', 1)
ourdb-#

The database did not accept the new information. Why not? More questions....

Still, it seems that since we have a working database with actual data, the problem must be that the PHP code is not checking with the database, but simply responding with the error. Right?

Here's something interesting from the auth.php:

	if( $real_login )
	{	
$sql = "select fname, lname, password, admin_flag, client_id from usr where login = " . xxxxx($real_login);

It seems that the above code does not list all the columns in the table "usr" -- here are those columns:

id | fname | lname | login | password | admin_flag | client_id |

Should I add 'id' and 'login' to the line $sql = "select fname, lname, password, admin_flag, client_id from usr where login = " . xxxxx($real_login);

The complete auth.php is listed below, if you're available to check it out.

Thanks again for your thoughts.

- Danny O'Brien





-----Original Message-----
From: pgsql-php-owner@xxxxxxxxxxxxxx
[mailto:pgsql-php-owner@xxxxxxxxxxxxxx]On Behalf Of Danny O'Brien
Sent: Monday, March 08, 2004 8:55 AM
To: Andrew McMillan
Cc: pgsql-php@xxxxxxxxxxxxxxxxxxxxxxx@postgresql.org
Subject: Re: [PHP] Please help: PHP4/postgres db woes


On Mar 7, 2004, at 2:59 PM, Andrew McMillan wrote:

On Sat, 2004-03-06 at 07:18, Danny O'Brien wrote:
Any postgre experts out there? We have a PHP4 site that worked fine
under a previous RedHat build, but we just can't get it working on
this
Debian build.

We run heaps of PHP based sites on this codebase.  If you want to
upgrade to 7.4.1, Oliver Elphick (the Debian maintainer) has produced
packages for Woody that we also use in some situations:

deb http://people.debian.org/~elphick/debian/ stable main

It seems most likely to me that your webserver is attempting to
authenticate as www-data using 127.0.0.1 (rather than 'local' - i.e. no
host spec in pg_connect) and that you are not allowing that in your
pg_hba.conf, but the notes below do not give a lot of information to
work from.

Perhaps send the auth.php (with usernames / passwords munged), a
"select
* from pg_user" (ditto)

Cheers,
					Andrew McMillan


Hi Andrew,

Thanks for your response. Below is the contents of auth.php, per your
suggestion, if you feel like vetting the code. I'm not a PHP programmer.
I'm responsible for getting the site
running. I've been able to do it before, under RedHat, but not this
time.

When I set up the database (named identically to the previous), I ran a
script called "create_tables.sql" that the original programmers gave
me. This presumably provided the db with all necessary columns.

I then followed that with a script called "fake_data.sql," also from
the original programmers. This script contains a series of logins and
passwords that correspond to the columns in the create_tables.sql. My
conclusion from these actions is that we should now have a functioning
database with usable logins and passwords.

Is there any way for me to crack open the database to make sure that
the columns, logins, and passwords are all positioned properly? Could
it be that the scripts named above did not function properly, and we
have what amounts to a non-functioning database?




**********************************
auth.php:

<?
         include('dbconnect.php');
	include('util.php');
	include( 'login.php' );

	if( $real_login )
	{
		$sql = "select fname, lname, password, admin_flag, client_id from usr
where login = " . xxxxx($real_login);

		$result = pg_exec( $link, $sql );

		if( $result && pg_numrows( $result ) == 1 )
		{
			$row = pg_fetch_row( $result, 0 );
			$pw = $row[2];
			if( $row[2] == crypt( $real_password, $row[2] ) )
			{
setCookie( "srp_auth", "auth_login=$real_login&auth_password=$pw" );

				$auth_user_name = $row[0] . " " . $row[1];
				$auth_admin_flag = $row[3];
				$auth_client_id  = $row[4];

				$sql = "update usr set last_login='now' where login=" . xxxxx(
$real_login );
				pg_exec( $sql );
			}

			else
			{
				show_login( "<BR><B>We're sorry but that is incorrect. Please try
again.</B>");
			}
		}

		else
		{
			show_login( "<BR><B>We're sorry but that is incorrect. Please try
again.</B>");
		}
	}

	else if( $ourdb_auth )
	{
		parse_str( $ourdb_auth );

		$sql = "select fname, lname, admin_flag, client_id from usr where
login = " . xxxxx( $auth_login ) . " and password = " . xxxxx(
$auth_password ) ;

		$result = pg_exec( $link, $sql );

		if( $result && pg_numrows( $result ) == 1 )
		{
			$row = pg_fetch_row( $result, 0 );
			$auth_user_name = $row[0] . " " . $row[1];
			$auth_admin_flag = $row[2];
			$auth_client_id  = $row[3];
		}

		else
		{
			show_login( "<BR><B>We're sorry but that is incorrect. Please try
again.</B>");
		}
	}

	else
	{
		show_login( "" );
	}


	if( $auth_admin_flag == "A" )
	{
		$auth_admin_flag = "P";
	}

	if (isset($client_id) && $auth_client_id != 1 && $client_id !=
$auth_client_id)
	{
		show_login("Invalid data passed to form.  Please log in again");
	}

	if (isset($category_id))
	{
		$sql = "select descr, client_id from category where id =
$category_id";
		$result = pg_exec($link, $sql);

		if ($auth_client_id != 1)
		{
			if (pg_result($result, 0, 1) != $auth_client_id)
			{
				show_login("Invalid data passed to form.  Please log in again");
			}
		}

		if (!isset($category_descr))
		{
			$category_descr = pg_result($result, 0, 0);
		}
	}
?>
















Original post:


Here's what we're running:

Debian 3.0r1 "woody"
Kernel 2.4.18-bf2.4
Apache 1.3.26-0woo
postgres 7.2.1-2wood
php 4.1.2-6wood

We've applied a script sent to us by the original programmers, that
installed several logins and passwords.
But when we go to login to our PHP site, our login is rejected.

I've taken the following actions:

1) Checked to see that the database (called "ourdb") is in fact
available by entering "psql ourdb." The database opens up to an
"ourdb"
prompt.

2) Made sure that postgresql is running by outputting ps ax:

   xxx ?        S      0:00 /usr/lib/postgresql/bin/postmaster
   xxx ?        S      0:00 postgres: stats buffer process
   xxx ?        S      0:00 postgres: stats collector process

3) Altered the pg_hba.conf (located in /etc/postgresql) to reflect the
following, and re-started postgre:

#local        all                                           ident
sameuser
local        all                                           trust
host         all         127.0.0.1     255.0.0.0           ident
sameuser
host         all         0.0.0.0       0.0.0.0             reject

4) Made sure that the php4-pgsql module is present  -- I did an
"apt-get" for this last week

5) Examined the postgres.log for clues -- the log file is empty,
indicating that no login attempts have been made -- I suppose because
the auth.php has not found the DB?

6) pg_exec call deprecated under PHP 4.2.0 and replaced with pg_query:
since we're using php 4.1.2-6wood, it seems that this does not apply
to
our setup. Correct?

All suggestions welcome. Solution guaranteed posted to the list.

- Danny O'Brien


---------------------------(end of
broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings
---------------------------------------------------------------------- -
--
Andrew @ Catalyst .Net .NZ  Ltd,  PO Box 11-053,  Manners St,
Wellington
WEB: http://catalyst.net.nz/             PHYS: Level 2, 150-154 Willis
St
DDI: +64(4)916-7201       MOB: +64(21)635-694      OFFICE:
+64(4)499-2267
It is truth which you cannot contradict; you can without any difficulty
                      contradict Socrates. - Plato
---------------------------------------------------------------------- -
--



---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings



[Index of Archives]     [Postgresql General]     [Postgresql Admin]     [PHP Users]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Yosemite Backpacking]     [Postgresql Jobs]

  Powered by Linux