#579 Infinite loop in WikiUserNew.php userExists()

User_Authentication
open
Reini Urban
php 5.2.x (4)
7
2012-10-11
2007-09-11
Matt
No

Using a stock phpwiki-1.3.14 setup, on Apache 2.2.4 with both mod_php 5.2.3 and 5.2.4, we are seeing an error that causes httpd to exit with an 'Illegal Instruction' error whenever a login attempt is POSTed.

Tracing with gdb, it reveals that the userExists() function of WikiUserNew.php is looping.

I see a comment at the bottom of that function wondering if the code there will prevent an endless loop in all PHPs. Well, for me, anyway, it seems the answer is no.

I'm attaching phpinfo() output and can attach the backtrace from gdb, which
at least can verify what I'm saying.

Happy to provide other information as needed.

Regards,

Matt Riffle

Discussion

1 2 > >> (Page 1 of 2)
  • Matt
    Matt
    2007-09-11

    Output of phpinfo()

     
    Attachments
  • Matt
    Matt
    2007-09-11

    GDB Backtrace showing loop

     
    Attachments
  • Matt
    Matt
    2007-09-11

    Logged In: YES
    user_id=1888217
    Originator: YES

    File Added: php-backtrace.txt

     
  • Logged In: NO

    same problem with php 5.2.5 and Apache 2.2.8

    there is a loop in WikiUserNew.php. Here is a part of the endless trace

              is_subclass_of
            isa
              check_php_version (3x)
              is_object
              get_class
              strtolower (2x)
              is_subclass_of
            get_class
            _DbPassUser->hasHomePage
          _DbPassUser->userExists
            get_class
            strtolower
            check_php_version
            UpgradeUser
              isa
                check_php_version (3x)
                is_object
                get_class
                strtolower (2x)
                is_subclass_of
              isa
    

    Regards Stefan

     
  • Logged In: NO

    One more comment on this:

    newest phpwiki from cvs WikiUserNew.php V. 1.147
    Authentication against an external mysql table (userauth from SMF Forum) set in config.ini

    DBAUTH_AUTH_DSN
    DBAUTH_AUTH_CHECK
    DBAUTH_AUTH_USER_EXISTS
    ... etc.

    php 4 works without problem

    regards Stefan

     
  • Reini Urban
    Reini Urban
    2008-02-05

    Logged In: YES
    user_id=13755
    Originator: NO

    Thanks for the backtrace!
    So the php 5.2 object cloning (copying the fields) does not work
    anymore as it used to be.

    As workaround the following config.ini setting will help:
    ENABLE_USER_NEW = false

     
  • Logged In: NO

    Unfortunately the Workaround does not function as desired.

    [06-Feb-2008 22:59:38] PHP Fatal error: Call to a member function get() on a non-object in /www/mineralienatlas/htdoc
    s/lexikonnew/lib/WikiUser.php on line 140

    One more comment to reproduce the loop from WikiUserNew.php.

    You can view the wikipage but when you try to logon, you the an empty page without any line of code. Thats whenn the loop appears.

    regards Stefan

     
  • Logged In: NO

    Is there a timeframe, when the problem will be fixed?
    I ask about, because we cannot switch to php5 before.
    Thank you for helping

     
  • Reini Urban
    Reini Urban
    2008-02-14

    Logged In: YES
    user_id=13755
    Originator: NO

    I fixed the workaround by using ENABLE_USER_NEW = false in current cvs.
    For the recursive login methods I need to get an 5.2 debugger. This can last longer.

    Outstanding probems are automatic disabling of ENABLE_USER_NEW on 5.2 and
    same old session problems on 5.2.

     
  • Logged In: NO

    I managed to fix this (with ENABLE_USER_NEW=true) by doing the following:
    In config.ini set USER_AUTH_ORDER = "AdoDb"
    Edit lib/WikiUser/AdoDb.php to add include_once("lib/WikiUser/Db.php"); before the class declaration

    I now don't get the blank page, not sure if that breaks anything else though :-)

     
1 2 > >> (Page 1 of 2)