I know many people associate this error with modifying PHP.INI but I think my error is a result of bad coding. Seeing that I haven't actively coded PHP in 4 or 5 years and trying to get my head back into it, I think I've missed something in my login page.

When you login with a correct password everything works fine. When you put in an incorrect password the following error comes up:

"Fatal error: Allowed memory size of 16777216 bytes exhausted (tried to allocate 19456 bytes) in checked.php on line 31"

So here is my code (bolding line 31):

<?php
ob_start();

$tbl_name="userdata"; // Table name

if(!isset($_POST['username'])) {
  include("home.html");
  include("login.html");
  include("footer.html");
} else {
 // username and password sent from form
$myusername=$_POST['username'];
$mypassword=$_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$encrypted = sha1($mypassword);

$query_login=mysql_query("SELECT * FROM $tbl_name WHERE Username='$myusername' and password='$encrypted'");

if(mysql_num_rows($query_login) == "1") {
    $login_array = mysql_fetch_array($query_login);
    $_SESSION['Active'] = $login_array['Active'];
    $count = $login_array['login_count'] + "1";
    [B]if(mysql_query('UPDATE user SET lastlogon=NOW(), login_count="'.  $count .'"
		    WHERE User_ID = "'. $login_array['User_ID'] .'"', $LIFE)) [/B]{
    }
if($_SESSION['Active'] == "0") {
      echo '<center><font face="verdana, tahoma" size="2" color="red">';
      echo 'Your account is disabled!';
      echo '</font></center>';
      exit;
      } else {

// Since the account is not disabled, start filling up the SESSION variables.
  $_SESSION['valid_user'] = true;
  $_SESSION['username'] = $login_array['Username'];
  $_SESSION['User_ID'] = $login_array['User_ID'];
  $_SESSION['Fname'] = $login_array['Fname'];
  $_SESSION['Lname'] = $login_array['Lname'];
  $_SESSION['email'] = $login_array['email'];
  $_SESSION['roll'] = $login_array['roll'];
}
 include("index.php");
 }
 else {
	include("checked.php");
	}
}
ob_end_flush();
?>

Perhaps I should add something to address bad passwords being entered? Any ideas/examples?

Thanks in advance for any help/guidance!

    First thing I notice is that you're using output buffering (via [man]ob_start/man). Why is that?

      I've just got into the habit of doing that when using Sessions to prevent the "headers already sent" error or whatever the text is that you sometimes get. So using that won't set the headers until the "ob_end_flush".

        It's not an error you "sometimes get," it's an error you always get if you don't organize your code such that functions that might alter HTTP headers are called before any output is sent.

        The solution is not to add ob_start() - this is a cheap workaround that adds extra load to your server just to cover up coding mistakes.

          Okay, well as I said, I'm not a pro or fulltime PHP coder...I do the best I can. I've removed those lines and the error persists, so its not related anyway.

            L8knight wrote:

            so its not related anyway.

            Your error involves PHP running out of memory. [man]ob_start/man causes all output to be held in memory until the script ends. To me, it sure seems like the two are related.

            I can't really see how your script is eating up 16 MB of memory, but unless your server is very low on RAM, I would suggest bumping up that limit (considering the default value for that directive is currently 8 times larger).

            Other than that, you can try doing some profiling to see which part of the script is using up the most memory.

              Thats what I don't understand either. Especially that it only returns the error when there is a bad password. Given that it shouldn't even go to line 31 because the result shouldn't be "1" from the sql query since the password didn't match. Thats why I didn't want to really make changes to php.ini because I know the problem has to be somewhere in my logic (which given my php aptitude is likely 🙂 )

              I'll see if I can try profiling (its been awhile)

              Thanks for your help so far

                Couple more things...

                Numeric quantities in PHP should not be surrounded by quotes. Using a strict comparison, "1" is not the same thing as 1 (the first is a string, the second is an integer).

                After this line:

                $login_array = mysql_fetch_array($query_login);

                add the following and let us know what the output is:

                var_dump($login_array);
exit;

                  I removed the quotes.

                  The results for the var_dump only appear on a successful login, otherwise the memory error appears when a bad pass is entered.

                  Results:

                  Array ( [0] => 1 [User_ID] => 1 [1] => Smith [Lname] => Smith [2] => Joe [Fname] => Joe [3] => test [Username] => test [4] => 9e59e5c6312a1990170932ef870f2d67d63ba6cd [password] => 9e59e5c6312a1990170932ef870f2d67d63ba6cd [5] => test@test.com [email] => test@test.com [6] => 28 [login_count] => 28 [7] => 2010-02-18 20:01:30 [lastlogon] => 2010-02-18 20:01:30 [8] => Test [roll] => Test [9] => 1 [Active] => 1 )

                    Not sure then.. like I said, only other option I can think of besides increasing the low memory limit (note that this doesn't require you to edit php.ini, though I still think it'd be a good idea since 16MB is a rather low limit) would be to do some profiling to examine which function/line causes a huge spike in memory usage.

                      I think I figured it out. I increased the memory size and still got the error so I walked my code and I think the problem is the

                      else { 
    include("checked.php"); 
    }

                      I'm guessing that it goes into some kind of loop? I took this code out and instead created a "failed login" page with registration option or try again. Using that it no longer returns the error on failed logins.

                      Thanks for all the help, very much appreciated! Feels good getting back into PHP 🙂

                        D'oh, didn't even bother to look at the filename.

                        Yes, of course it goes into a loop. You process the user data, check if the details are correct and, if not, load and execute the same file again... which processes the user data, checks if the details are correct, ... etc. etc.

                          Write a Reply...