Script Issue After Upgrade to PHP 5.4

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
MalcolmH
Forum Newbie
Posts: 9
Joined: Mon Jun 02, 2014 12:20 pm

Script Issue After Upgrade to PHP 5.4

Post by MalcolmH »

I'm sorry I know nothing about PHP but I hope someone here will be good enough to help me or advise me where to go to get help.

I have a small website which runs the script below from a form in an iFrame. Since my web hosting company upgraded from PHP version 4 to version 5.4 the script sends the enquiry email but thankyou.html isn't displayed and instead the iFrame just appears blank. I don't have any PHP testing facilities but I have put the website up in some web space with another hosting company running PHP version 5.3 and everything works as expected. I therefore believe some of the PHP script may not be compatible with PHP 5.4.

Can anyone advise what the problem might be or advise me where to go to get help to resolve this?

Code: Select all

?php
$page = "http://www.some-domain.co.uk/*" ;
if (!ereg($page, $_SERVER['HTTP_REFERER'])){
echo "Invalid referer"; 
die;
}

if (strtolower($_POST['code']) != 'glow') {
   die;
}

$msg ="Name: $_POST[name]\n";
$msg .="Telephone: $_POST[telephone]\n";
$msg .="Email: $_POST[email]\n";
$msg .="Location: $_POST[location]\n";
$msg .="Message:\n";
$msg .="$_POST[message]\n";

// Set up the mail
$recipient="enquiry@some-domain.co.uk";
$subject = "Enquiry from your Website";
$mailheaders ="From: Admin <enquiry@some-domain.co.uk>\n";
$mailheaders .="Reply-To: $_POST[email]";
// Send the mail
mail($recipient, $subject, $msg, $mailheaders);

header('Location: http://www.some-domain.co.uk/thankyou.html');

?> 
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Script Issue After Upgrade to PHP 5.4

Post by Celauran »

ereg is deprecated as of 5.3.0, so it may be dying on an E_DEPRECATED notice. Try replacing those first two lines with

Code: Select all

$pattern = "#^http(s)?://www.some-domain.co.uk#"
if (!preg_match($pattern, $_SERVER['HTTP_REFERER'])) {
Everything else should be fine the way it is.
MalcolmH
Forum Newbie
Posts: 9
Joined: Mon Jun 02, 2014 12:20 pm

Re: Script Issue After Upgrade to PHP 5.4

Post by MalcolmH »

Update: There doesn't appear to be any related log file or error file in the web space.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Script Issue After Upgrade to PHP 5.4

Post by Celauran »

I'd turn on error reporting, then, until you're able to get this resolved.

Code: Select all

<?php error_reporting(E_ALL);
ini_set('display_errors', 1);
MalcolmH
Forum Newbie
Posts: 9
Joined: Mon Jun 02, 2014 12:20 pm

Re: Script Issue After Upgrade to PHP 5.4

Post by MalcolmH »

Thanks Celauran, I haven't switched on error reporting yet but after making the change you first suggested above this message was displayed in the iFrame:

Parse error: syntax error, unexpected 'if' (T_IF) in /homepages/21/d259772358/htdocs/multiglo/contact.php on line 3

Contact.php is my script file. Line 3 I think is the new if statement?
MalcolmH
Forum Newbie
Posts: 9
Joined: Mon Jun 02, 2014 12:20 pm

Re: Script Issue After Upgrade to PHP 5.4

Post by MalcolmH »

Sorry, I've missed off the terminating semi-colon I believe.
MalcolmH
Forum Newbie
Posts: 9
Joined: Mon Jun 02, 2014 12:20 pm

Re: Script Issue After Upgrade to PHP 5.4

Post by MalcolmH »

Celauran, I've corrected the missing terminated semi-colon and don't get the parse error any more but thankyou.html still doesn't get displayed after the email has been sent (the iFrame still goes blank).

I've pasted the two statements you've given above in to my script (they are now the first two lines) to turn on error reporting and I've run the script again - I now get this error:

Warning: Cannot modify header information - headers already sent by (output started at /homepages/21/d259772358/htdocs/multiglo/contact.php:1) in /homepages/21/d259772358/htdocs/multiglo/contact.php on line 30

It looks as if it's saying the Headers have already been sent but I'm not sure by what or how?
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Script Issue After Upgrade to PHP 5.4

Post by Celauran »

The script posted above only has 29 lines, it's complaining about line 30. Can you post the latest version?
MalcolmH
Forum Newbie
Posts: 9
Joined: Mon Jun 02, 2014 12:20 pm

Re: Script Issue After Upgrade to PHP 5.4

Post by MalcolmH »

Latest script version:

Code: Select all

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);

$pattern = "#^http(s)?://www.some-domain.co.uk#";
if (!preg_match($pattern, $_SERVER['HTTP_REFERER'])) {
echo "Invalid referer"; 
die;
}

if (strtolower($_POST['code']) != 'glow') {
   die;
}

$msg ="Name: $_POST[name]\n";
$msg .="Telephone: $_POST[telephone]\n";
$msg .="Email: $_POST[email]\n";
$msg .="Location: $_POST[location]\n";
$msg .="Message:\n";
$msg .="$_POST[message]\n";

// Set up the mail
$recipient="enquiry@some-domain.co.uk";
$subject = "Enquiry from your Website";
$mailheaders ="From: Admin <enquiry@some-domain.co.uk>\n";
$mailheaders .="Reply-To: $_POST[email]";
// Send the mail
mail($recipient, $subject, $msg, $mailheaders);

header('Location: http://www.some-domain.co.uk/thankyou.html');

?>
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Re: Script Issue After Upgrade to PHP 5.4

Post by Weirdan »

Since it says the output is started in line 1 I suspect there's a leading character (utf byte order mask probably) before the opening php tag. Everything outside php tags is output verbatim, so you need to make sure there's nothing (really nothing) before the opening tag.

I don't know what you're using to edit those files, but most editors can be configured to not include the BOM. This google search should prove useful if the problem is really caused by BOM: https://www.google.com.ua/search?q=utf+ ... ark+remove
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Re: Script Issue After Upgrade to PHP 5.4

Post by Weirdan »

On a side note, your script allows people to add arbitrary headers to the email sent. This can be used to spam arbitrary people. You need to make sure $_POST['email'] does not contain any newlines. Something like this should fix the problem:

Code: Select all

$_POST['email'] = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
MalcolmH
Forum Newbie
Posts: 9
Joined: Mon Jun 02, 2014 12:20 pm

Re: Script Issue After Upgrade to PHP 5.4

Post by MalcolmH »

Thank you Weirdan, I'm about to go on 10 days holiday but I try this and post back as soon as I return.
MalcolmH
Forum Newbie
Posts: 9
Joined: Mon Jun 02, 2014 12:20 pm

Re: Script Issue After Upgrade to PHP 5.4

Post by MalcolmH »

It looks as if you were right Weirdan with regards to the BOM. I checked my web development tool and it was set to include the BOM in every file (and I needed this in all the other files) so I re-created my PHP script using a plain text editor and manually uploaded it to the web space. The script now runs fine, no errors, many thanks!

Just one final question, thank you for your guidance on ensuring $_POST['email'] doesn't contain any new lines, where in my script do I place the line of code you've suggested, does it go after the last statement beginning $msg?
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Re: Script Issue After Upgrade to PHP 5.4

Post by Weirdan »

Anywhere before $mailheaders .="Reply-To: $_POST[email]"; , outside 'if's
MalcolmH
Forum Newbie
Posts: 9
Joined: Mon Jun 02, 2014 12:20 pm

Re: Script Issue After Upgrade to PHP 5.4

Post by MalcolmH »

Thanks again Weirdan, I put it in the script as the statement immediately before $mailheaders .="Reply-To: $_POST[email]"; and it works fine.
Post Reply