PHP Expert Needed

[Bolty]

Mirajj has been doing a bang-up job keeping the Lounge main site updated with WoW news. It's worth looking at the front page again! But unfortunately there's been no new STSIs.

This isn't Mirajj's fault; the STSI scripting broke at some point in the last year - most likely when I upgraded php on the server - and nobody found out until Mirajj tried to upload a new pic recently. I've valiantly attempted to identify what's wrong and failed. All I know is that an admin user can select the image to upload, fill out all the details about it including description, etc, and click Upload - only to have nothing happen. Long story short: it appears that the form information filled out doesn't get transmitted correctly to the next step in the process, another php file.

I've beaten my head against it for several hours over the course of the last two weeks and got nowhere for my trouble. This is undoubtedly something that someone who works in web design/php coding could solve in five minutes, but it's beyond my amateur-level understanding of php.

If anyone out there knows php well and would like to take a stab at it, drop me an email or PM. I'll hook you up with the code currently in place and give you more details.

Thanks,

-Bolty

[Zippyy]

It's been about 4 years since I did any PHP, but I do know quite a bit about web development. I'd be happy to take a look if you can't find anyone more qualified in PHP.:)

[Quark]

Bolty may have a solution in hand, we'll find out soon enough. In the process of looking, though, I found a curious story I'd like to share. It's called working code isn't always good code.

Seems the media extension Bolty's using has had some other bugs in it before. The most common with uploading happens to be permissions issues, where they aren't initialized properly and so access is denied. Here is one poster's suggestion on how to fix the issue:

There is a bug in BETA 3 of Zoom Gallery 2.5 - regards user upload.

Filename: zoom.class.php
Line: 207
There is:
if (!isset($my->gid)) {
Should be:
if (!isset($my->gid) || 1) {

This is beacause $my-gid is set but to wrong value so it shuold be recalculated.

Now, said user is probably right in that $my->gid isn't set properly. But checks like these exist for a reason. "|| 1" translates to "or 1". In an if clause, 0 is false and everything else is true. So the if statement now reads "If the variable is set, or true" -> always true. Congratulations, your access is now granted. So is everyone's, whether they are supposed to have access or not.

The only reply after that was a thank you posted two years later. Argh.

[Mavfin]

if (!isset($my->gid) || 1) {

You know, that's just scary. I have no PHP experience, and a very limited programming background (network troubleshooter type here), but that one just *leaped* out at me as a problem. Hmm, <whatever> OR 1 = 1, always. As you said...ARGH! Two years?

[Bolty]

Seems the media extension Bolty's using has had some other bugs in it before.

Oh, this software was totally unusable in its original state. I had made over 20 modifications to it when I first got it to make it work with the site, and that was by me being new to php (not new to programming, but completely ignorant of php syntax and design).

I'll hopefully get to your feedback today Quark, but if not, then Thursday.

-Bolty

[Quark]

I'll hopefully get to your feedback today Quark, but if not, then Thursday.

-Bolty

He denied me my victory:(

[Jim]

Hi,

I use FrontPage98, yes 1998. I was able to design this web site Fancy Paper Money

Here are a few URLs that helped me :D

Markup Validation Service
Check the markup (HTML, XHTML, …) of Web documents
http://validator.w3.org/

PHP Tutorials: PHP Programming, PHP Installation and Configuration
http://www.thesitewizard.com/

http://www.w3.org/
http://www.php.net/
http://www.webmonkey.com/webmonkey/index.html
http://www.websiteoptimization.com/

[swirly]

I can take a look at it if nobody has fixed it as of yet. My main concern is that I don't have a testing ground that uses php5 which I'm assuming is what you upgraded to. Its much harder to just look at something and fix it than to be able to run tests and such on it. I'd be willing to give it a go though.

My first reaction is that it is a problem with register_globals. In php4 and under it was turned on by default and in php5 it is turned off (I just read that in php6 it is removed completely). What this means is that if you have a form field of name="image" and the script references the value with $image then it won't work. The correct way would be $_POST['image'] or $_GET['image'] depending on which way the form is set up (probably $_POST). It is more secure to be using $_POST and $_GET anyway so if this is the problem then it may be a good thing that it is being forced to be fixed.

I've also done a quick search and found a few sites refering to problems with $_POST after upgrading to php5. It seems to be an issue with mod_bandwidth and php5 interacting badly. Here are a couple of quotes.

WN-Ali: I thought I should share the solution for this issue, it is caused by mod_bandwidth. Disabling mod_bandwidth will resolve the issue

ub3r: I actually ran into this problem back about a year ago. I think you can also move the module order around, in order to have php5 work alongside mod_bandwidth.

Scott.Mc: I had the same problem a few months back to, a work around is load PHP5 module before mod_bandwidth as php transmits the document without going through mod_bandwidth.

Eventually, the technical support guy switched off mod_bandwidth in the Apache configuration file and now everything works magically again PHP 5 it is!

I don’t really know what mod_bandwidth does (maybe it was actually a problem with memory limits?), but if you are having a similar problem, try looking there…

Of course then I wonder why other scripts (like this forum) aren't having issues. The main site and the forum could be on seperate servers (obviously you would know this, I don't) or the forum script could just be well written enough to work around the issue somehow.

My bet though is that it is the register_globals issue.

[Bolty]

I can take a look at it if nobody has fixed it as of yet. My main concern is that I don't have a testing ground that uses php5 which I'm assuming is what you upgraded to.

Turns out that I'm still on php 4.4.3. So I dunno what's going on. :(

-Bolty

[Munkay]

My main concern is that I don't have a testing ground that uses php5 which I'm assuming is what you upgraded to.

As an aside, the XAMPP virtual server package includes both PHP4 and PHP5 (which you can alternate between with just one switch). Its free for download and pretty handy to have. I use it a lot for development on my laptop, since a connection to my web server isn't always available on-the-go. As long as I don't try to set permissions for anything, a windows virtual server is almost as good as a unix based one.

Almost. :P

Cheers,

Munk

[[vL]Kp]

Turns out that I'm still on php 4.4.3. So I dunno what's going on. :(

-Bolty

You should probably upgrade again before fixing anything, then. PHP 4.4.8 is out and, as usual with PHP, fixes some security vulnerabilities. PHP and Wireshark are infamous for the number of security vulnerabilities they contain.

If no one else has solved this, start by checking the server's access and error logs. Maybe you'll get lucky and every access is triggering a message to the error log that explains what's broken. If it's not obvious what's broken, could you post any errors here for us to see? If there're no errors, that argues pretty strongly for a broken configuration. When it fails, does the server send any text to the client? That is, is the returned document zero bytes in size, have size and no visible content, or size and no meaningful content?

This probably isn't a great answer, but perhaps you'd be better off abandoning that script. Let the site admins use scp to upload files and the broken script becomes moot.

[Munkay]

Kp' date='Mar 20 2008, 07:25 PM' post='145369']PHP and Wireshark are infamous for the number of security vulnerabilities they contain.

I can't argue with that.

Kp' date='Mar 20 2008, 07:25 PM' post='145369']
You should probably upgrade again before fixing anything, then. PHP 4.4.8 is out and, as usual with PHP, fixes some security vulnerabilities.

Usually I'd agree. But in this case it really isn't worth the time to update PHP 4 anymore. Aside from some OOP issues on upgrades, the leap to PHP 5 doesn't cause nearly as much trouble as it gets press about. I've yet to break a non-OOP coded script in the transfer - admittedly, I cut my teeth on PHP4, so that may or may not mean much.

PHP6 is just around the corner, and support for 4 is all but done (what is it, one update left?).

Cheers,

Munk

[[vL]Kp]

Usually I'd agree. But in this case it really isn't worth the time to update PHP 4 anymore. Aside from some OOP issues on upgrades, the leap to PHP 5 doesn't cause nearly as much trouble as it gets press about. I've yet to break a non-OOP coded script in the transfer - admittedly, I cut my teeth on PHP4, so that may or may not mean much.

PHP6 is just around the corner, and support for 4 is all but done (what is it, one update left?).

Cheers,

Munk

Sorry, I should've clarified that. Yes, upgrading to PHP5 would be a better choice. I mentioned PHP4 because I had no idea how bad a 4->5 transition would be, and upgrading to 4.4.8 seemed like an almost guaranteed safe upgrade.

As I read the note on the PHP homepage there will be no more PHP4 releases unless someone finds a security problem before 2008-08-08.

[Bolty]

EPIC VICTORY!

There were so many things wrong, it's no wonder everyone who tried to help couldn't get it working. In fact, every person who helped me on the forum, via PMs, and via email had a piece of the puzzle correct. It was only when combining a number of fixes that it got to work...

Globals were a problem.
File permissions were a problem.
File conversion was a problem.
Variable registrations were a problem.
Using $_FILES was a problem.
Multi-staging FOR loops were a problem.
Configuration settings were a problem.

And that's just getting started...

Now go send Mirajj your interesting pictures! :)

-Bolty

[Tal]

EPIC VICTORY!

-Bolty

Grats!

[Pesmerga]

Now go send Mirajj your interesting pictures! :)

-Bolty

::goes to find the screenshot from Molten Core of Cleoboltra with a beard::

[Bolty]

::goes to find the screenshot from Molten Core of Cleoboltra with a beard::

-Bolty