Page 1 of 1
Script Issue After Upgrade to PHP 5.4
Posted: Thu Jun 05, 2014 6:24 am
by MalcolmH
I'm sorry I know nothing about PHP but I hope someone here will be good enough to help me or advise me where to go to get help.
I have a small website which runs the script below from a form in an iFrame. Since my web hosting company upgraded from PHP version 4 to version 5.4 the script sends the enquiry email but thankyou.html isn't displayed and instead the iFrame just appears blank. I don't have any PHP testing facilities but I have put the website up in some web space with another hosting company running PHP version 5.3 and everything works as expected. I therefore believe some of the PHP script may not be compatible with PHP 5.4.
Can anyone advise what the problem might be or advise me where to go to get help to resolve this?
Code: Select all
?php
$page = "http://www.some-domain.co.uk/*" ;
if (!ereg($page, $_SERVER['HTTP_REFERER'])){
echo "Invalid referer";
die;
}
if (strtolower($_POST['code']) != 'glow') {
die;
}
$msg ="Name: $_POST[name]\n";
$msg .="Telephone: $_POST[telephone]\n";
$msg .="Email: $_POST[email]\n";
$msg .="Location: $_POST[location]\n";
$msg .="Message:\n";
$msg .="$_POST[message]\n";
// Set up the mail
$recipient="enquiry@some-domain.co.uk";
$subject = "Enquiry from your Website";
$mailheaders ="From: Admin <enquiry@some-domain.co.uk>\n";
$mailheaders .="Reply-To: $_POST[email]";
// Send the mail
mail($recipient, $subject, $msg, $mailheaders);
header('Location: http://www.some-domain.co.uk/thankyou.html');
?>
Re: Script Issue After Upgrade to PHP 5.4
Posted: Thu Jun 05, 2014 6:35 am
by Celauran
ereg is deprecated as of 5.3.0, so it may be dying on an E_DEPRECATED notice. Try replacing those first two lines with
Code: Select all
$pattern = "#^http(s)?://www.some-domain.co.uk#"
if (!preg_match($pattern, $_SERVER['HTTP_REFERER'])) {
Everything else should be fine the way it is.
Re: Script Issue After Upgrade to PHP 5.4
Posted: Thu Jun 05, 2014 6:36 am
by MalcolmH
Update: There doesn't appear to be any related log file or error file in the web space.
Re: Script Issue After Upgrade to PHP 5.4
Posted: Thu Jun 05, 2014 6:41 am
by Celauran
I'd turn on error reporting, then, until you're able to get this resolved.
Code: Select all
<?php error_reporting(E_ALL);
ini_set('display_errors', 1);
Re: Script Issue After Upgrade to PHP 5.4
Posted: Thu Jun 05, 2014 6:50 am
by MalcolmH
Thanks Celauran, I haven't switched on error reporting yet but after making the change you first suggested above this message was displayed in the iFrame:
Parse error: syntax error, unexpected 'if' (T_IF) in /homepages/21/d259772358/htdocs/multiglo/contact.php on line 3
Contact.php is my script file. Line 3 I think is the new if statement?
Re: Script Issue After Upgrade to PHP 5.4
Posted: Thu Jun 05, 2014 6:52 am
by MalcolmH
Sorry, I've missed off the terminating semi-colon I believe.
Re: Script Issue After Upgrade to PHP 5.4
Posted: Thu Jun 05, 2014 7:05 am
by MalcolmH
Celauran, I've corrected the missing terminated semi-colon and don't get the parse error any more but thankyou.html still doesn't get displayed after the email has been sent (the iFrame still goes blank).
I've pasted the two statements you've given above in to my script (they are now the first two lines) to turn on error reporting and I've run the script again - I now get this error:
Warning: Cannot modify header information - headers already sent by (output started at /homepages/21/d259772358/htdocs/multiglo/contact.php:1) in /homepages/21/d259772358/htdocs/multiglo/contact.php on line 30
It looks as if it's saying the Headers have already been sent but I'm not sure by what or how?
Re: Script Issue After Upgrade to PHP 5.4
Posted: Thu Jun 05, 2014 7:14 am
by Celauran
The script posted above only has 29 lines, it's complaining about line 30. Can you post the latest version?
Re: Script Issue After Upgrade to PHP 5.4
Posted: Thu Jun 05, 2014 7:44 am
by MalcolmH
Latest script version:
Code: Select all
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
$pattern = "#^http(s)?://www.some-domain.co.uk#";
if (!preg_match($pattern, $_SERVER['HTTP_REFERER'])) {
echo "Invalid referer";
die;
}
if (strtolower($_POST['code']) != 'glow') {
die;
}
$msg ="Name: $_POST[name]\n";
$msg .="Telephone: $_POST[telephone]\n";
$msg .="Email: $_POST[email]\n";
$msg .="Location: $_POST[location]\n";
$msg .="Message:\n";
$msg .="$_POST[message]\n";
// Set up the mail
$recipient="enquiry@some-domain.co.uk";
$subject = "Enquiry from your Website";
$mailheaders ="From: Admin <enquiry@some-domain.co.uk>\n";
$mailheaders .="Reply-To: $_POST[email]";
// Send the mail
mail($recipient, $subject, $msg, $mailheaders);
header('Location: http://www.some-domain.co.uk/thankyou.html');
?>
Re: Script Issue After Upgrade to PHP 5.4
Posted: Thu Jun 05, 2014 5:23 pm
by Weirdan
Since it says the output is started in line 1 I suspect there's a leading character (utf byte order mask probably) before the opening php tag. Everything outside php tags is output verbatim, so you need to make sure there's nothing (really nothing) before the opening tag.
I don't know what you're using to edit those files, but most editors can be configured to not include the BOM. This google search should prove useful if the problem is really caused by BOM:
https://www.google.com.ua/search?q=utf+ ... ark+remove
Re: Script Issue After Upgrade to PHP 5.4
Posted: Thu Jun 05, 2014 5:29 pm
by Weirdan
On a side note, your script allows people to add arbitrary headers to the email sent. This can be used to spam arbitrary people. You need to make sure $_POST['email'] does not contain any newlines. Something like this should fix the problem:
Code: Select all
$_POST['email'] = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
Re: Script Issue After Upgrade to PHP 5.4
Posted: Fri Jun 06, 2014 12:56 pm
by MalcolmH
Thank you Weirdan, I'm about to go on 10 days holiday but I try this and post back as soon as I return.
Re: Script Issue After Upgrade to PHP 5.4
Posted: Wed Jun 18, 2014 8:26 am
by MalcolmH
It looks as if you were right Weirdan with regards to the BOM. I checked my web development tool and it was set to include the BOM in every file (and I needed this in all the other files) so I re-created my PHP script using a plain text editor and manually uploaded it to the web space. The script now runs fine, no errors, many thanks!
Just one final question, thank you for your guidance on ensuring $_POST['email'] doesn't contain any new lines, where in my script do I place the line of code you've suggested, does it go after the last statement beginning $msg?
Re: Script Issue After Upgrade to PHP 5.4
Posted: Thu Jun 19, 2014 12:23 pm
by Weirdan
Anywhere before $mailheaders .="Reply-To: $_POST[email]"; , outside 'if's
Re: Script Issue After Upgrade to PHP 5.4
Posted: Wed Jun 25, 2014 11:40 am
by MalcolmH
Thanks again Weirdan, I put it in the script as the statement immediately before $mailheaders .="Reply-To: $_POST[email]"; and it works fine.