Page 1 of 1
Everything almost stopped working
Posted: Mon Aug 14, 2006 8:26 pm
by WorldCom
Weirdan | Please use Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Ok, I have a small database on site. Working fine for weeks. I go to login tonight .... error on username/password. I check the MySQL database ..... and its fine.
After messing around a bit I was finding that I had to use:
The get function in pages just to get variables to pass. I never used it because I thougth that since ver 4 of PHP you didn't need to. But that got parts ..... only parts .... of my site working again.
Still one more thing ....... for some reason a form is NOT passing the variables even when I used the GET to retrieve them. I can go from page to page via:
as long as I use the GET to retrieve. BUT will not retieve, example the username/password from the form submission on the previous page.
Queston? What happened? Did my hosting suddenly revert to some old version of PHP??
Anyone experienced anything like this?
I don't really know where to go from here when you have a fully working database completely stop for you.
Weirdan | Please use Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Posted: Mon Aug 14, 2006 8:35 pm
by Jenk
actually it sounds like your host is moving forward, not back, and you are coding in the dark ages of 'register_globals = On'
register_globals is now, by default, off in the current version of PHP. It is also penciled to be removed completely from the engine in the next version (6)
variables will no longer automatically be declared, you must access them directly with the superglobal arrays $_GET, $_POST and $_COOKIE.
You can also use $_REQUEST which is a merger of all the previous 3, but it is best practice imo to be as explicit as possible, thus if you know it should be coming from POST variables, use $_POST and so forth.
Posted: Mon Aug 14, 2006 8:35 pm
by RobertGonzalez
On the contrary, I think your hosted upgraded. It sounds like register globals is now off (which is better for you). That means that you need to reference your vars using the superglobals arrays: $_GET $_POST $_COOKIE $_SESSION etc.
EDIT | Dang you jenk, you beat me to it...

Posted: Mon Aug 14, 2006 8:40 pm
by feyd
Let's find out:
Run the following in a new file and tell us the results please.
Code: Select all
<?php
$neg = array('off', 0, false, '', null);
$flags = array(
'Register Globals' => 'register_globals',
'Short Tags' => 'short_open_tag',
'Display Errors' => 'display_errors',
'Magic Quotes GPC' => 'magic_quotes_gpc',
'Magic Quotes Runtime' => 'magic_quotes_runtime',
'Magic Quotes Sybase' => 'magic_quotes_sybase',
);
$ve = phpversion();
$os = PHP_OS;
$er = intval(error_reporting());
foreach ($flags as $n => $v)
{
$flags[$n] = (in_array(strtolower(ini_get($v)), $neg) ? 'Off' : 'On');
}
$cli = (php_sapi_name() == 'cli');
$eol = "\n";
$gle = get_loaded_extensions();
$rows = array();
$le = '';
$wide = 4;
$j = count($gle);
$pad = $wide - $j % $wide;
$len = max(array_map('strlen', $gle));
$func = create_function('$a', 'return str_pad($a, ' . intval($len) . ');');
$gle = array_map($func, $gle);
for($i = 0; $i < $j; $i += $wide)
{
$le .= ' ' . implode(' ', array_slice($gle, $i, $wide)) . $eol;
}
$ec = array(
'E_STRICT' => 2048, 'E_ALL' => 2047, 'E_USER_NOTICE' => 1024,
'E_USER_WARNING' => 512, 'E_USER_ERROR' => 256, 'E_COMPILE_WARNING' => 128,
'E_COMPILE_ERROR' => 64, 'E_CORE_WARNING' => 32, 'E_CORE_ERROR' => 16,
'E_NOTICE' => 8, 'E_PARSE' => 4, 'E_WARNING' => 2, 'E_ERROR' => 1,
);
$e = array();
$t = $er;
foreach ($ec as $n => $v)
{
if (($t & $v) == $v)
{
$e[] = $n;
$t ^= $v;
}
}
if (ceil(count($ec) / 2) + 1 < count($e))
{
$e2 = array();
foreach ($ec as $n => $v)
{
if (!in_array($n, $e) and $n != 'E_ALL')
{
$e2[] = $n;
}
}
$er = $er . ' ((E_ALL | E_STRICT) ^ ' . implode(' ^ ', $e2) . '))';
}
else
{
$er = $er . ' (' . implode(' | ', $e) . ')';
}
if (!$cli)
{
echo '<html><head><title>quick info</title></head><body><pre>', $eol;
}
echo 'PHP Version: ', $ve, $eol;
echo 'PHP OS: ', $os, $eol;
echo 'Error Reporting: ', $er, $eol;
foreach ($flags as $n => $v)
{
echo $n, ': ', $v, $eol;
}
echo 'Loaded Extensions:', $eol, $le, $eol;
if (!$cli)
{
echo '</pre></body></html>', $eol;
}
?>
Posted: Mon Aug 14, 2006 8:46 pm
by Jenk
That's a pretty long winded way to ask for them to run
(yes, I realise it will output easier to read text)
Posted: Mon Aug 14, 2006 8:53 pm
by feyd
It's easier for most to get back to us what we need to find out, which is the most common settings involved in "I got boo boo." No offense ~WorldCom.
Posted: Mon Aug 14, 2006 8:54 pm
by Jenk
Posted: Mon Aug 14, 2006 9:13 pm
by RobertGonzalez
Jenk wrote:That's a pretty long winded way to ask for them to run
(yes, I realise it will output easier to read text)
Not just easier to read text, but relevent information. And the user, that has no clear understanding of what is going on 'under their hood' can just tell us what their server is telling them. It is actually a neat little script that I have used on several client setups (some to my dissatisfaction).
Posted: Tue Aug 15, 2006 3:03 am
by WorldCom
Thanks for the help.
OK results of feyd's script:
PHP Version: 5.0.4
PHP OS: Linux
Error Reporting: 2047 (E_ALL)
Register Globals: Off
Short Tags: On
Display Errors: Off
Magic Quotes GPC: Off
Magic Quotes Runtime: Off
Magic Quotes Sybase: Off
Loaded Extensions:
yp xml wddx tokenizer
sysvshm sysvsem sysvmsg standard
SPL sockets SimpleXML shmop
session pspell posix pcre
mime_magic iconv gmp gettext
ftp exif dio dbx
curl ctype calendar bz2
zlib openssl libxml apache2handler
dom gd imap mbstring
mysql mysqli xsl Zend Optimizer
I didnt realize I was coding in the dark ages
Quick question though? I guess I have to change the way I submit forms and pass variables to the next page.
ummmmmmmm how??
Posted: Tue Aug 15, 2006 3:29 am
by WorldCom
Ok figured it out for myself
Now I guess I must go through all my pages and add the GET or POST function.
I was under the impression that when PHP 4.0
(or something close to that) came out, you were not required to use the $_GET or $_POST from page to page. For me, since I'm lazy, I thought it was great. Was that correct or did they find that the method was not that secure?
Thanks again to everybody for the help ..... I was stressed ...... but I guess it comes with the territory

Posted: Tue Aug 15, 2006 4:13 am
by RobertGonzalez
register_globals is a pretty serious security risk. It essentially takes all of the possible data passing mechanisms and commonizes them. That means that in your script, where you were certain that you wanted the var $email to be the 'email' field passed by a form, a user could simply throw ?email='somemailiciousstring' at your script and your script would process that. Because of the potential security risks in that directive, the PHP team made it diabled by default in PHP5 and there is talk (I believe) of doing away with it entirely in PHP6.
Posted: Tue Aug 15, 2006 4:29 am
by WorldCom
I see that now.
At least one thing I learned ....... my error checking from page to page is working good ...... cause I got heaps of them before I fixed everything up.
Thanks again for all the help. I think I got everything back to normal ..... well better than normal.
For feyd, thanks for that script ..... that's exactly what I need to look at. I've looked at phpinfo ...... there's a lot there for a newbie.
Posted: Tue Aug 15, 2006 12:02 pm
by RobertGonzalez
WorldCom wrote:At least one thing I learned ....... my error checking from page to page is working good ...... cause I got heaps of them before I fixed everything up.
That is probably one of my favorite quotes ever. Next to...
Ron Burgundy wrote:I immediately regret making this decision.