Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Question to locate the problem

Posted on 2016-09-29
18
Medium Priority
?
165 Views
Last Modified: 2016-09-29
Hi,
How to check/validate where it is abnormally behaving below?
function login($username, $password)
// check username and password with db
// if yes, return true
// else return false
{
  // connect to db
  $conn = df_conn();
  if (!$conn)
    return 0;

$sql="select top 10000 * from user_acct where username='$username' and passwd = '$password'";
$rst = odbc_exec($conn,$sql);
$num_rows = odbc_num_rows($rst); 

 if (!$rst)
     return 0;
  
  if ($num_rows>0)
     return 1;
  else 
     return 0; 
}

Open in new window

I do not know why sometimes it is fine to access but sometimes not, using the same correct user name and password?
0
Comment
Question by:HuaMinChen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
  • 5
18 Comments
 
LVL 35

Expert Comment

by:Terry Woods
ID: 41821266
Is it a live site or a dev site? If live, then if the database is too busy then it might be failing to run the query.

Can you replicate the problem yourself, even if it doesn't occur every time?

Are you getting an error message? If not, then you need to be adding code so that errors are detected and either displayed (if a dev site) or logged.
0
 
LVL 11

Author Comment

by:HuaMinChen
ID: 41821276
Within function in above, how to show any relevant meaningful error (that can be from DATABASE)?
0
 
LVL 59

Expert Comment

by:Julian Hansen
ID: 41821278
Firstly, I am fascinated by this
select top 10000 * from 

Open in new window

Why top 10000 - surely your user / pass forms a unique key?

Secondly, when you say it does not work - can you be a bit more specific.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 11

Author Comment

by:HuaMinChen
ID: 41821286
Hi,
Julian,
It does go to 'else' part below, even if I've put correct user name and password. (I also already adjusted function below)
if ($username && $passwd)
// they have just tried logging in
{
    if (login($username, $passwd))
    {
      // if they are in the database register the user id
      $valid_user = $username;
      session_register("valid_user");
	  $conn = df_conn();
	  $sql="select top 1 principal from user_acct where username='$username'";
	  $rst = odbc_exec($conn,$sql);
	  $qry = odbc_fetch_array($rst);
	  $pri=$qry[principal];
      session_register("pri");
	  $sql="select top 1 territory from user_acct where username='$username'";
	  $rst = odbc_exec($conn,$sql);
	  $qry = odbc_fetch_array($rst);
	  $g_area=$qry[territory];
	  session_register("g_area");
	  $g_multiarea = str_replace(",", chr(13), $g_area);
	  session_register("g_multiarea");
    }  
    else
    {
      // unsuccessful login
      do_html_header("Problem:");
      echo "You could not be logged in. 
            You must be logged in to view this page.";
      do_html_url("login.php", "Login");
      do_html_footer();
      exit;
    }      
}

function login($username, $password)
// check username and password with db
// if yes, return true
// else return false
{
  // connect to db
  $conn = df_conn();
  if (!$conn)
    return 0;

//$sql="select top 10000 * from user_acct where username='$username' and passwd = '$password'";
$sql="select top 1 * from user_acct where username='$username' and passwd = '$password'";
$rst = odbc_exec($conn,$sql);
$num_rows = odbc_num_rows($rst); 

 if (!$rst)
     return 0;
  
  if ($num_rows>0)
     return 1;
  else 
     return 0; 
}

Open in new window

Within function, how to detect any DATABASE problem if exists?
0
 
LVL 35

Expert Comment

by:Terry Woods
ID: 41821329
@Julian, note that I've already mentioned in a previous question the need for sanitising the database inputs... :-)
0
 
LVL 35

Assisted Solution

by:Terry Woods
Terry Woods earned 1400 total points
ID: 41821347
Try this change to your code:
$rst = odbc_exec($conn,$sql);
if (!$rst) { die(odbc_errormsg()); }

Open in new window


If you'd rather it didn't die, you can output it to a log file, with something like this. You may want to change the file/folder name of course, especially if you're running it on Windows:
$rst = odbc_exec($conn,$sql);
if (!$rst) { file_put_contents('/tmp/phplogfile.txt', odbc_errormsg(), FILE_APPEND); }

Open in new window

0
 
LVL 59

Expert Comment

by:Julian Hansen
ID: 41821351
@Terry - I was not referring to sanitizing - just why he was limiting his results to only the first 10000

@HuaMinChen - can you guarantee that you are putting in correct name and password. Have you tried logging all login requests so you can see what happens on a fail.
0
 
LVL 11

Author Comment

by:HuaMinChen
ID: 41821355
Terry,
Here is the error message I've got

[Microsoft][ODBC SQL Server Driver]Communication link failure

Yes, Julian. User name and password are definitely fine.
0
 
LVL 35

Expert Comment

by:Terry Woods
ID: 41821357
@Julian, I know... but I figured that would probably be the next logical thing for you to comment on, so I thought I'd save you the trouble!
0
 
LVL 35

Expert Comment

by:Terry Woods
ID: 41821360
That error fits with the sporadic behaviour. A failure to connect to the database can be sporadic. Do you have any idea why that might happen? Is the database server very busy, or remote?
0
 
LVL 59

Expert Comment

by:Julian Hansen
ID: 41821365
No, I don't think it is sanitising - my bet is on a database connection issue. If it were sanitizing it should fail all the time - as he says it happens on the same name / password combination.
0
 
LVL 35

Accepted Solution

by:
Terry Woods earned 1400 total points
ID: 41821366
Assuming that the database is running SQL Server (on a Windows server), I think this question would be best reposted in specific Windows Topic areas. If you look at some of the solutions suggested for resolving the error here, you can see it might require someone with specific WIndows server experience: https://support.microsoft.com/en-nz/kb/942861
0
 
LVL 11

Author Comment

by:HuaMinChen
ID: 41821367
A failure to connect to the database can be sporadic. Do you have any idea why that might happen? Is the database server very busy, or remote?

It is using System DSN to connect to SQL server database, from the current Web server.
0
 
LVL 59

Assisted Solution

by:Julian Hansen
Julian Hansen earned 600 total points
ID: 41821368
[Microsoft][ODBC SQL Server Driver]Communication link failure
Well there you have it - db link is unstable. So either your network is faulty or your database server has an issue. Where is the database server located - is it on the same machine or are you accessing it over the network?
0
 
LVL 35

Expert Comment

by:Terry Woods
ID: 41821369
I think you can close this question (and open a new one as suggested above); the request was to locate the problem, and it has been located as being elsewhere! :-)
0
 
LVL 11

Author Comment

by:HuaMinChen
ID: 41821382
Where is the database server located - is it on the same machine or are you accessing it over the network?

It connects to DATABASE through System DSN, while Web server and Database are on different servers.
0
 
LVL 59

Expert Comment

by:Julian Hansen
ID: 41821398
Then I second Terry's comment above - this is an infrastructure problem which falls outside the scope of this thread.
You have a problem with either your network connection to your DB Server or the Server itself.  You will need to get in touch with Experts who specialise on those areas.
0
 
LVL 35

Assisted Solution

by:Terry Woods
Terry Woods earned 1400 total points
ID: 41821405
Note though, as a final comment on this question, that you can get an error code in addition to the message... this should hopefully worK:
if (!$rst) { die(odbc_error().": ".odbc_errormsg()); }

Open in new window

The code may help in tracking down additional information on the problem, eg with a Google search.
0

Featured Post

Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Add visuals to your Prezi to keep your audience engaged. Learn how to embed images, edit them, and more in this video micro tutorial. Select "Insert" from the top menu in your Prezi editor: Select "Image": A toolbar will pop in from the right …
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question