code works on one server but not another

Fullmetal Chocobo

Moderator<br>Distributed Computing
Moderator
May 13, 2003
13,704
7
81
I am trying to prep a new LAMP server, but I'm getting weird results from it. In the following code, on one server everything works correctly, but on the server I have created (with Ubuntu server 9.10) I literally get nothing. When the submit button is clicked, the form just refreshes itself. No error messages, nothing.

What would cause a simple form not to respond on LAMP server?

PHP:
<html>
<head>
<title>Auth Test...</title>
</head>
<body>

<?php

$form_login = "

<form name=\"form_login\" method=\"POST\" action=\"$PHP_SELF\" >

<div>
   <label for=\"username\">Username:</label>
   <input type=\"text\" name=\"username\" value=\"$username\" />
   <br />
   <label for=\"password\">Password:</label>
   <input type=\"password\" name=\"password\" value=\"$password\" />
   <br />
   <input type=\"hidden\" name=\"l_written\" value=\"yes\" />
   <input type=\"submit\" name=\"submit\" value=\"submit\" />
</div>
</form>

";

if ( $l_written != "yes")
{
   echo $form_login;
}

else if ( $l_written == "yes" )
{
   if ( $username == "" )
   {
      $error_user = "Please enter yoru username or netID.</br />";
      $ready = "no";
   }

   if ( $password == "" )
   {
      $error_passwd = "Plesae enter your password.<br />";
      $ready = "no";
   }

   if ( $ready != "no" )
   {
      $ldap = ldap_connect('matrix.txstate.edu');
      if ( $ldap )
      {
         $result = @ldap_bind( $ldap, 'txstate\\'.$_POST['username'], $_POST['password']);
         if ( $result && !empty($_POST['password']))
         {
            echo "<strong>Logged in.</strong>";
            $_SESSION['status'] = "valid";
         }
         else
         {
            echo "<strong>Incorrect login.</strong>";
            echo $form_login;
            $_SESSION['status'] = "invalid";
         }
      }
   }

   else if ( $ready == "no" )
   {
      echo $error_user;
      echo $error_passwd;
      echo $form_login;
   }
}
?>

</body>
</html>
 

Crusty

Lifer
Sep 30, 2001
12,684
2
81
Check your apache logs to see what pages your browser hit or you can use LiveHTTPHeaders in Firefox(plugin) to view everything that you are sending/receiving from the web server. Compare the two servers to find the discrepancy.
 

Fullmetal Chocobo

Moderator<br>Distributed Computing
Moderator
May 13, 2003
13,704
7
81
Thanks for the tip. Here are the results. I'm going through and researching any differences between the two. It seems the non-working version has extra things in the header data...

Working version:
HTML:
http://cs.txstate.edu/~ds1397/auth.php

POST /~ds1397/auth.php HTTP/1.1
Host: cs.txstate.edu
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://cs.txstate.edu/~ds1397/auth.php
Cookie: PHPSESSID=52e175ff52ef71e115bd9ea458d81c68
Content-Type: application/x-www-form-urlencoded
Content-Length: 65
username=ds0000&password=password&l_written=yes&submit=submit
HTTP/1.x 200 OK
Date: Sat, 19 Dec 2009 23:17:06 GMT
Server: Apache
Content-Length: 111
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
----------------------------------------------------------

Non-working verison:
HTML:
http://192.168.42.11/test/auth.php

POST /test/auth.php HTTP/1.1
Host: 192.168.42.11
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://192.168.42.11/test/auth.php
Cookie: PHPSESSID=512d80bfc12adaacc88813be16ccb446
Content-Type: application/x-www-form-urlencoded
Content-Length: 65
username=ds0000&password=password&l_written=yes&submit=submit
HTTP/1.x 200 OK
Date: Sat, 19 Dec 2009 23:17:52 GMT
Server: Apache/2.2.12 (Ubuntu)
X-Powered-By: PHP/5.2.10-2ubuntu6.3
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 248
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: text/html
----------------------------------------------------------
 

TekniDude

Member
Mar 8, 2004
29
0
0
The server you started on has register_globals = on in the php setup.
It's generally a big no no to use php that way as it is very insecure.
http://www.php.net/manual/en/security.globals.php


Whenever you are referencing user input, like submitting a form, always use $_POST['variable_name'] instead of $variable_name


Change your $l_written to $_POST['l_written'] along with all of the other variables from the form

PHP:
if ( $_POST['l_written'] != "yes")
{
   echo $form_login;
}

else if ( $_POST['l_written'] == "yes" )
{
   if ( $_POST['username'] == "" )
   {
      $error_user = "Please enter yoru username or netID.</br />";
      $ready = "no";
   }

   if ( $_POST['username'] == "" )
   {
      $error_passwd = "Plesae enter your password.<br />";
      $ready = "no";
   }

etc...

Also a tip if you want to know if the user submitted a form or not is to use this:
PHP:
if ($_SERVER['REQUEST_METHOD']=='POST') {
  //the user hit submit, process it or do something

} else {
  //first visit, show your form
  echo $form_login; 
}
That way you won't need to test for the hidden input 'l_written' at all.
 

Tech_savy

Member
Nov 18, 2009
111
0
0
I think the server in not connected.
Check wheather the ping is working. And start the apache server.
 

Fullmetal Chocobo

Moderator<br>Distributed Computing
Moderator
May 13, 2003
13,704
7
81
I think the server in not connected.
Check wheather the ping is working. And start the apache server.

It's connected, as I'm accessing it remotely via SSH. And it pings all the servers it can. I'm really beginning to think it has to do with the fact that the server isn't on the AD.
 

Fullmetal Chocobo

Moderator<br>Distributed Computing
Moderator
May 13, 2003
13,704
7
81
The server you started on has register_globals = on in the php setup.
It's generally a big no no to use php that way as it is very insecure.
http://www.php.net/manual/en/security.globals.php


Whenever you are referencing user input, like submitting a form, always use $_POST['variable_name'] instead of $variable_name


Change your $l_written to $_POST['l_written'] along with all of the other variables from the form

Actually, I didn't have register_globals=on, and that was the whole cause of the issue. The server I was comparing to had it enabled, and my code was written with that in mind (I didn't know it at the time). My servers have it turned off, thus the code wasn't working correctly. Thank you very much, as now I know how to go through and fix the issues now that I know the cause.