Link to home
Start Free TrialLog in
Avatar of Peter Chan
Peter ChanFlag for Hong Kong

asked on

Question to locate the problem

Hi,
How to check/validate where it is abnormally behaving below?
function login($username, $password)
// check username and password with db
// if yes, return true
// else return false
{
  // connect to db
  $conn = df_conn();
  if (!$conn)
    return 0;

$sql="select top 10000 * from user_acct where username='$username' and passwd = '$password'";
$rst = odbc_exec($conn,$sql);
$num_rows = odbc_num_rows($rst); 

 if (!$rst)
     return 0;
  
  if ($num_rows>0)
     return 1;
  else 
     return 0; 
}

Open in new window

I do not know why sometimes it is fine to access but sometimes not, using the same correct user name and password?
Avatar of Terry Woods
Terry Woods
Flag of New Zealand image

Is it a live site or a dev site? If live, then if the database is too busy then it might be failing to run the query.

Can you replicate the problem yourself, even if it doesn't occur every time?

Are you getting an error message? If not, then you need to be adding code so that errors are detected and either displayed (if a dev site) or logged.
Avatar of Peter Chan

ASKER

Within function in above, how to show any relevant meaningful error (that can be from DATABASE)?
Firstly, I am fascinated by this
select top 10000 * from 

Open in new window

Why top 10000 - surely your user / pass forms a unique key?

Secondly, when you say it does not work - can you be a bit more specific.
Hi,
Julian,
It does go to 'else' part below, even if I've put correct user name and password. (I also already adjusted function below)
if ($username && $passwd)
// they have just tried logging in
{
    if (login($username, $passwd))
    {
      // if they are in the database register the user id
      $valid_user = $username;
      session_register("valid_user");
	  $conn = df_conn();
	  $sql="select top 1 principal from user_acct where username='$username'";
	  $rst = odbc_exec($conn,$sql);
	  $qry = odbc_fetch_array($rst);
	  $pri=$qry[principal];
      session_register("pri");
	  $sql="select top 1 territory from user_acct where username='$username'";
	  $rst = odbc_exec($conn,$sql);
	  $qry = odbc_fetch_array($rst);
	  $g_area=$qry[territory];
	  session_register("g_area");
	  $g_multiarea = str_replace(",", chr(13), $g_area);
	  session_register("g_multiarea");
    }  
    else
    {
      // unsuccessful login
      do_html_header("Problem:");
      echo "You could not be logged in. 
            You must be logged in to view this page.";
      do_html_url("login.php", "Login");
      do_html_footer();
      exit;
    }      
}

function login($username, $password)
// check username and password with db
// if yes, return true
// else return false
{
  // connect to db
  $conn = df_conn();
  if (!$conn)
    return 0;

//$sql="select top 10000 * from user_acct where username='$username' and passwd = '$password'";
$sql="select top 1 * from user_acct where username='$username' and passwd = '$password'";
$rst = odbc_exec($conn,$sql);
$num_rows = odbc_num_rows($rst); 

 if (!$rst)
     return 0;
  
  if ($num_rows>0)
     return 1;
  else 
     return 0; 
}

Open in new window

Within function, how to detect any DATABASE problem if exists?
@Julian, note that I've already mentioned in a previous question the need for sanitising the database inputs... :-)
SOLUTION
Avatar of Terry Woods
Terry Woods
Flag of New Zealand image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
@Terry - I was not referring to sanitizing - just why he was limiting his results to only the first 10000

@HuaMinChen - can you guarantee that you are putting in correct name and password. Have you tried logging all login requests so you can see what happens on a fail.
Terry,
Here is the error message I've got

[Microsoft][ODBC SQL Server Driver]Communication link failure

Yes, Julian. User name and password are definitely fine.
@Julian, I know... but I figured that would probably be the next logical thing for you to comment on, so I thought I'd save you the trouble!
That error fits with the sporadic behaviour. A failure to connect to the database can be sporadic. Do you have any idea why that might happen? Is the database server very busy, or remote?
No, I don't think it is sanitising - my bet is on a database connection issue. If it were sanitizing it should fail all the time - as he says it happens on the same name / password combination.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
A failure to connect to the database can be sporadic. Do you have any idea why that might happen? Is the database server very busy, or remote?

It is using System DSN to connect to SQL server database, from the current Web server.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I think you can close this question (and open a new one as suggested above); the request was to locate the problem, and it has been located as being elsewhere! :-)
Where is the database server located - is it on the same machine or are you accessing it over the network?

It connects to DATABASE through System DSN, while Web server and Database are on different servers.
Then I second Terry's comment above - this is an infrastructure problem which falls outside the scope of this thread.
You have a problem with either your network connection to your DB Server or the Server itself.  You will need to get in touch with Experts who specialise on those areas.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial