Jump to content

[SOLVED] A real tickler?

rarebit

By rarebit
in PHP Coding Help

 Share

Recommended Posts

rarebit Regular Member

rarebit

Posted
Posted

This has been causing striffe for a couple of hours now. It simple defies the logic... In full it's an registration email authentication parser. I'll do some kind of pseudo code to demonstrate the process and then explain how it's firing:

if(isset($_GET['auth']))
{
SELECT * FROM login_authentication WHERE authcode = '9e37c410c1d79ce5a7ac3fa5439d2dfe' && authat = '0'

if(num_rows==1)
{
	- Check not timeout
	- Authorise the user account
	- Update the login_authentication table (authat)
}
else
{
	print 'no entry'
}
}

 

What happens is that num_rows equals 0, but it 'Update the login_authentication table (authat)', but doesn't 'Authorise the user account', then to top it off it reaches 'print 'no entry''.

 

I've tried hardcoding the the statement like above as well, but to same effect.

 

How can it reach two endpoints (also missing part of one of the paths)?

 

 

You can see the code if you really want, but it uses a db library, at mo it's full of debugging flags and other stuff...

Link to comment
Share on other sites
rarebit Regular Member

rarebit

Posted
  • Author
Posted

Here's me bump!

function users_draw_authenticate2($page_req)
{
global $db_table_prefix, $login_admin;

site_title("Authentication");
site_meta("");

$tnA = $db_table_prefix."login_authentiation";	//	id, user_name, authcode, authdate, authat
$tnU = $db_table_prefix."login_users";		//	id, uname, pass, groups, auth, email, msg_nofity

$sret = "<h2>AUTHENTICATE</h2>";
$sret .= _users_draw_menus_01();
if ($login_admin['allow_register'] == 1)
{
	$res = log_severe_check();
	if(count($res)!=0)
	{
		$sret .= $hacker_msg;
		log_login_attempt(2, 'hacker_authenticate', '');
		return $sret;
	}

	$freq = log_login_check_freq(2);
	if ($freq != -1)
	{
		$time = date("r", $freq);
		$sret .= "<br><h4>You may not try to authenticate until after ".$time."</h4><br>";
		log_login_attempt(2, 'banned', '');
	}
	elseif (isset($_GET['auth']))
	{
$sret .= ":HERE:<br>";
		$authcode = get_GET('auth');
		//SELECT * FROM login_authentiation WHERE authcode = '9e37c410c1d79ce5a7ac3fa5439d2dfe' && authat = '0'
		$s = "SELECT * FROM ".$tnA." WHERE authcode = '".$authcode."' && authat = '0' ";
$sret .= "<br>".$s."<br>";
		$ret = db_do_mysql_query_d($s);
		if ($ret != -1)
		{
$sret .= ":THERE:<br>";
			if (count($ret) == 1)
			{
$sret .= ":WHERE:<br>";
				if(time() < ($ret[0]['authdate'] + $login_admin['registration_timeout']) )
				{
					//	AUTH THE USER	<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< A
					if($login_admin['require_complete'] == 0)
					{
						$aa = array( "auth" => 10 );
					}
					else
					{
						$aa = array( "auth" => 1 );
					}
					$iret = db_mysql_update_d($tnU, $aa, "uname = '".$ret[0]['user_name']."' ");

					//	CONGRATULATE
					$sret .= "<br>THANKYOU FOR REGISTERING! YOU MAY NOW LOGIN!<br>";
					$sret .= "<br><br>".helpers_link_create("login"._SEP."login", "LOGIN")."<br>";
					log_login_attempt(2, 'success', '');

					// <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< B
					$aa = array( "authat" => time() );
					$iret = db_mysql_update_d($tnA, $aa, "id = '".$ret[0]['id']."' ");
				}
				else
				{
					$sret .= "<br>SORRY, THAT CODE HAS TIMED OUT<br>";
					$sret .= "<br><br>".helpers_link_create("login"._SEP."resend", "REQUEST NEW AUTHENTICATION EMAIL")."<br>";
					//log_login_attempt(2, 'success', '');

					$aa = array( "authat" => -1 );
					$iret = db_mysql_update_d($tnA, $aa, "id = '".$ret[0]['id']."' ");
				}
			}
			else
			{
				//	INCORRECT <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< C
				$sret .= "<br>SORRY THAT INFORMATION WAS INCORRECT!<br>";
				log_login_attempt(2, 'code_fail', '');
$sret .= ":".count($ret).":<br>";
			}
		}
		else
		{
			//	db_error
			$sret .= "<br>SORRY THAT INFORMATION WAS INCORRECT!!<br>";
			log_login_attempt(2, 'db_error', '');
		}
		//}
	}
	else
	{
		$sret .= "<br><br>Please use the authentication code link sent to you when you registered.<br><br>";
	}
}
else
{
	$sret .= "<h4>AUTHENTICATION CURRENTLY DISALLOWED!</h4>";
	log_login_attempt(2, 'override', '');
}
return $sret;
}

 

 

- It never reaches A

- It executes B

- It executes C

 

- It only ever gets executed once...

 

 

lost, i've had more understandable trips than this...

Link to comment
Share on other sites
rarebit Regular Member

rarebit

Posted
  • Author
Posted

I can say why it was happening, but not why it was doing it!

The page was being called twice, but I can't find where or how. It turns out it was doing it on every page. But once i'd uploaded a page with some debugging in it and overwritten a file, the problem disappeared. 21 hours of hair pulling, problem sorted but none the  wiser!

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.