Could not log in at php login program

hanpedro

Could not log in at php login program on Windows Apache + php + mysql system.

The web page stops white apge at login_check.php.

This is the source code on firebug which is appears and disappears after pressing enter on login button.

<html>
<head>
<script id="rtcdomscr" type="text/javascript">
window.oldSetTimeout=window.setTimeout;window.setTimeout=function(func,delay){return window.oldSetTimeout(function(){try{if(!document.documentElement.getAttribute('stopTimers')){if(typeof func=='string') {var nfunc = new Function(func); nfunc();} else func();}}catch(ex){}},delay);}; window.oldSetInterval=window.setInterval;window.setInterval=function(func,delay){return window.oldSetInterval(function(){try{if(!document.documentElement.getAttribute('stopTimers')){if(typeof func=='string') {var nfunc = new Function(func); nfunc();} else func();}}catch(ex){}},delay);}; function rtcDomScrRemove(){var domscript = document.getElementById('rtcdomscr'); domscript.parentNode.removeChild(domscript);}; window.addEventListener('pageshow', function(){setTimeout(rtcDomScrRemove, 5000)}, true);
</script>
</head>
<body></body>
</html>

And this is the session part of php.ini. Additionally there are empty session files at /data/session

[Session]
session.save_handler = files
session.save_path = "I:\apm_packages\xampp\tmp"
session.use_cookies = 1
session.use_only_cookies = 0
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 100
session.gc_maxlifetime = 1440
session.bug_compat_42 = On
session.bug_compat_warn = On
session.referer_check =
session.entropy_length = 0
session.entropy_file =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 1
session.hash_function = 0
session.hash_bits_per_character = 5
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset="

Any helpful comment would be appreciated.

Thanks in advance.

bradgrafelman

Er... do you really expect us to be able to diagnose a problem with PHP code we haven't seen? Guess I'll do my best...

My guess is that the problem is with your PHP code. Or maybe it's not.

hanpedro

bradgrafelman/ Sorry, but I forgot.

I could not understand which part has problem, so I post whole code.

<?
include_once("./_common.php");

$mb_id       = $_POST[mb_id];
$mb_password = $_POST[mb_password];

if (!trim($mb_id) || !trim($mb_password))
    alert("id or not space");

$mb = get_member($mb_id);
$login_check=0;
if (!$mb[mb_id]) {
    $login_check = 1;
} else if (sql_password($mb_password) !== $mb[mb_password]) {
    if (sql_old_password($mb_password) != $mb[mb_password]) {
        $login_check = 1;
    } else {
        $sql = " update $g4[member_table] set mb_password='" . sql_password($mb_password) . "' where mb_id='$mb_id' ";
        sql_query($sql);
    }
}

if ($login_check) {
    $sql = " insert into $g4[login_fail_log_table] (mb_id, ip_addr, log_datetime, log_url) values ('$mb_id', '$remote_addr', '$g4[time_ymdhis]', '/bbs/login_check.php') ";
    sql_query($sql);
    if ($config['cf_retry_time_interval'] > 0 && $config['cf_retry_count']) {
        $sql = " select count(*) as cnt from $g4[login_fail_log_table] where log_datetime >= '" . date("Y-m-d H:i:s", $g4[server_time] - $config['cf_retry_time_interval'] ) . "' and ip_addr='$remote_addr' ";
        $result = sql_fetch($sql);

    $ip = $_SERVER[REMOTE_ADDR];
    if ($result['cnt'] >= $config['cf_retry_count']) {
        $pattern = explode("\n", trim($config['cf_intercept_ip']));
        if (empty($pattern[0]))
            $cf_intercept_ip = $ip;
        else
            $cf_intercept_ip = trim($config['cf_intercept_ip'])."\n{$ip}";
        $sql = " update {$g4['config_table']} set cf_intercept_ip = '$cf_intercept_ip' ";
        sql_query($sql);

        alert_close($msg);
    } else {
        alert($msg);
    }
}

alert("not user or wrong password");
}

if ($mb[mb_intercept_date] && $mb[mb_intercept_date] <= date("Ymd", $g4[server_time])) {
    $date = preg_replace("/([0-9]{4})([0-9]{2})([0-9]{2})/", "\\1&#45380; \\2&#50900; \\3&#51068;", $mb[mb_intercept_date]); 
    alert("Your id is not parmitted : $date");
}

if ($mb[mb_leave_date] && $mb[mb_leave_date] <= date("Ymd", $g4[server_time])) {
    $date = preg_replace("/([0-9]{4})([0-9]{2})([0-9]{2})/", "\\1&#45380; \\2&#50900; \\3&#51068;", $mb[mb_leave_date]); 
    alert("you are not registered : $date");
}

if ($config[cf_use_email_certify] && !preg_match("/[1-9]/", $mb[mb_email_certify])) {
    set_session('email_mb_id', $mb[mb_id]);
    alert("mail activation needed $mb[mb_email] &#51077;&#45768;&#45796;.", "$g4[bbs_path]/email_re_certify.php");
}

if ($config['cf_double_login'] && $mb_id) {

if ($use_db_session) {
    $sql = "select * from $g4[session_table] where mb_id = '$mb[mb_id]' and ss_ip != '$remote_addr' and ss_datetime > '$login_time' ";
    $sql.= "order by ss_datetime desc limit 1";

        $login_time = date("Y-m-d H:i:s", $g4[server_time] - 60*10); // 10&#48516;
        $sql = " SELECT * from $g4[session_table] 
                  WHERE mb_id = '$mb[mb_id]' and ip_addr != '$remote_addr' and ss_datetime > '$login_time' ";
        $result = sql_query($sql);

        if (mysql_num_rows($result) > 0) {
            alert("dual ip log in");
        }
}

else {
    $result = sql_fetch(" select count(*) as cnt from $g4[login_table] where mb_id='$mb[mb_id]' and lo_ip <> '$_SERVER[REMOTE_ADDR]' ");

    if ($result['cnt'] > 0) {
        alert("you are logged in another ip");
    }
}
}

$member_skin_path = "$g4[path]/skin/member/$config[cf_member_skin]";
if (file_exists("$member_skin_path/login_check.skin.php"))
    @include_once("$member_skin_path/login_check.skin.php");

function is_admin_check($mb_id)
{
    global $g4, $config;

if (!$mb_id) return;

if ($config['cf_admin'] == $mb_id) return 'super';

$mb = sql_fetch("select gr_id from $g4[group_table] where gr_admin = '$mb_id' limit 1 ");
if ($mb) return 'group';

$mb = sql_fetch("select bo_table from $g4[board_table] where bo_admin = '$mb_id' limit 1 ");
if ($mb) return 'board';

return '';
}

if ($g4['use_auto_levelup'] && !is_admin_check($mb_id))
{
    $res = member_level_up($mb_id);
    if ($res) {

    $tsql = " insert into $g4[whatson_table] ( mb_id, wr_subject, wo_type, wo_count, wo_datetime, bo_table, wr_id ) 
              values ('$mb_id', '$res','mb_level','1','$g4[time_ymdhis]','','') ";
    sql_query($tsql);
}
}

set_session('ss_mb_id', $mb[mb_id]);
set_session('ss_mb_key', md5($mb[mb_datetime] . $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT']));

if ($auto_login) {
    if ($g4['load_balance']) {
        if ($g4['g4_mobile_device'])
            $key = md5($g4['load_balance'] . $_SERVER[HTTP_USER_AGENT] . $mb[mb_password]);
        else
            $key = md5($g4['load_balance'] . $_SERVER[REMOTE_ADDR] . $_SERVER[HTTP_USER_AGENT] . $mb[mb_password]);
    } else {
        if ($g4['g4_mobile_device'])
            $key = md5($_SERVER[SERVER_ADDR] . $_SERVER[HTTP_USER_AGENT] . $mb[mb_password]);
        else
            $key = md5($_SERVER[SERVER_ADDR] . $_SERVER[REMOTE_ADDR] . $_SERVER[HTTP_USER_AGENT] . $mb[mb_password]);
    }
    set_cookie('ck_mb_id', encrypt($mb[mb_id],$g4[encrypt_key]), 86400 * 31);
    set_cookie('ck_auto', $key, 86400 * 31);
} else {
    set_cookie('ck_mb_id', '', 0);
    set_cookie('ck_auto', '', 0);
}

if ($auto_mb_id) {
    set_cookie('ck_auto_mb_id', encrypt($mb[mb_id],$g4[encrypt_key]), 86400 * 31);
} else {
    set_cookie('ck_auto_mb_id', '', 0);
}

if ($url) 
{
    $link = urldecode($url);
    if (preg_match("/\?/", $link))
        $split= "&"; 
    else
        $split= "?"; 
    foreach($_POST as $key=>$value) 
    {
        if ($key != "mb_id" && $key != "mb_password" && $key != "x" && $key != "y" && $key != "url") 
        {
            $link .= "$split$key=$value";
            $split = "&";
        }
    }
} 
else
    $link = $g4[path];

if ($mb['mb_password_change_datetime'] != '0000-00-00 00:00:00' && !$is_admin) {
$change_alert = $g4[server_time] - strtotime($mb['mb_password_change_datetime']);
if ($config['cf_password_change_dates'] > 0 && $change_alert > 0)
    $link = "$g4[bbs_path]/password_chage_request.php";
}

goto_url($link);
?>

dagon

you really need to do some of the work yourself, echoing variables, and seeing where things fail.

hanpedro

dagon/ Thanks a lot!
I'll try.

hanpedro

Please check httpd.conf and .htaccess.

This is "DocumentRoot" part of httpd.conf.

<Directory "i:/www/">

	Options Indexes Includes FollowSymLinks MultiViews Includes ExecCGI

	AllowOverride AuthConfig FileInfo
            Order allow,deny
	Allow from all

</Directory>

This is ".htaccess" file.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond &#37;{REQUEST_URI}    !^/adm/?$ 
RewriteCond %{REQUEST_URI}    !^/login/?$
RewriteCond %{REQUEST_URI}    !^/m/?$
RewriteRule ^([a-zA-Z0-9_]+)$                   ./bbs_shorten.php?bo_table=$1
RewriteRule ^([a-zA-Z0-9_]+)/([0-9]+)$          ./bbs_shorten.php?bo_table=$1&wr_id=$2
RewriteRule ^([a-zA-Z0-9_]+)/([0-9]+)/([0-9]+)$ ./bbs_shorten.php?bo_table=$1&wr_id=$2&c=$3
</IfModule>

I feel some of these part might cause white screen problem after press "login" button.