, Guest!
Already a Member? Login or Register.

Menu



Showcase


Due to the volume of spam happening on our forums, posting is now restricted to verified members only.  If you're not verified, drop us a note with your username.

Home > FlexCMS Support Forum > User Help > General Support Requests > Server settings and Forms

FlexCMS Support Forum


Server settings and Forms
Started February 3, 2010 @ 11:00am by Wolf
Post Message 
Wolf


Posts: 11
 
Server settings and FormsFebruary 3, 2010 @ 11:00am
I have a couple custom pages/forms that allow users to query custom tables in the database. It's a single page form that prompts the user for input and then re-displays the page with original form along with the retrieved information.

These pages have been in place and working for a long time (on multiple sites), but they have suddenly stopped working and I'm at a loss to figure out why.

In it's simplest form, the code posts back to itself like this:

SAMPLE SCRIPT

Code

$num_to_guess = 90;
$message = "";
if (!isset($guess)){
$message = "Welcome to the guessing machine!";
} elseif ($guess > $num_to_guess){
$message = "$guess is too big!";
} elseif ($guess < $num_to_guess){
$message = "$guess is too small!";
} else {
$message = "Well done!";
}
print $message
?>

<form action="<?php '.$MainURL.'?>/index.php/pages/test_php_form.html" method="POST">
Type in your guess here: <input type="text" name="guess">
</form>


phpinfo()

Code


PHP Version 5.2.8

System Linux server01.raymondlouis.com 2.6.18-128.el5 #1 SMP Wed Jan 21 10:44:23 EST 2009 i686
Build Date Sep 29 2009 02:57:38
Configure Command './configure' '--disable-pdo' '--enable-bcmath' '--enable-calendar' '--enable-ftp' '--enable-libxml' '--enable-magic-quotes' '--enable-sockets' '--prefix=/usr/local' '--with-apxs2=/usr/local/apache/bin/apxs' '--with-gd' '--with-imap=/opt/php_with_imap_client/' '--with-imap-ssl=/usr' '--with-jpeg-dir=/usr' '--with-kerberos' '--with-libxml-dir=/opt/xml2/' '--with-mysql=/usr' '--with-mysql-sock=/var/lib/mysql/mysql.sock' '--with-png-dir=/usr' '--with-xpm-dir=/usr' '--with-zlib' '--with-zlib-dir=/usr'
Server API Apache 2.0 Handler
Virtual Directory Support disabled
Configuration File (php.ini) Path /usr/local/lib
Loaded Configuration File /usr/local/lib/php.ini
Scan this dir for additional .ini files (none)
additional .ini files parsed (none)
PHP API 20041225
PHP Extension 20060613
Zend Extension 220060519
Debug Build no
Thread Safety disabled
Zend Memory Manager enabled
IPv6 Support enabled
Registered PHP Streams php, file, data, http, ftp, compress.zlib
Registered Stream Socket Transports tcp, udp, unix, udg
Registered Stream Filters string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, convert.iconv.*, zlib.*

This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies



--------------------------------------------------------------------------------

PHP Credits

--------------------------------------------------------------------------------

Configuration
PHP Core
Directive Local Value Master Value
allow_call_time_pass_reference On On
allow_url_fopen On On
allow_url_include On On
always_populate_raw_post_data Off Off
arg_separator.input & &
arg_separator.output & &
asp_tags Off Off
auto_append_file no value no value
auto_globals_jit On On
auto_prepend_file no value no value
browscap no value no value
default_charset no value no value
default_mimetype text/html text/html
define_syslog_variables Off Off
disable_classes no value no value
disable_functions no value no value
display_errors On On
display_startup_errors Off Off
doc_root no value no value
docref_ext no value no value
docref_root no value no value
enable_dl On On
error_append_string no value no value
error_log error_log error_log
error_prepend_string no value no value
error_reporting 6135 6135
expose_php On On
extension_dir /usr/local/lib/php/extensions/no-debug-non-zts-20060613 /usr/local/lib/php/extensions/no-debug-non-zts-20060613
file_uploads On On
highlight.bg #FFFFFF #FFFFFF
highlight.comment #FF8000 #FF8000
highlight.default #0000BB #0000BB
highlight.html #000000 #000000
highlight.keyword #007700 #007700
highlight.string #DD0000 #DD0000
html_errors On On
ignore_repeated_errors Off Off
ignore_repeated_source Off Off
ignore_user_abort Off Off
implicit_flush Off Off
include_path .:/usr/lib/php:/usr/local/lib/php .:/usr/lib/php:/usr/local/lib/php
log_errors On On
log_errors_max_len 1024 1024
magic_quotes_gpc On On
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
mail.force_extra_parameters no value no value
max_execution_time 30 30
max_input_nesting_level 64 64
max_input_time 60 60
memory_limit 32M 32M
open_basedir /home/lvpca:/usr/lib/php:/usr/local/lib/php:/tmp no value
output_buffering no value no value
output_handler no value no value
post_max_size 8M 8M
precision 12 12
realpath_cache_size 16K 16K
realpath_cache_ttl 120 120
register_argc_argv On On
register_globals Off Off
register_long_arrays On On
report_memleaks On On
report_zend_debug On On
safe_mode Off Off
safe_mode_exec_dir no value no value
safe_mode_gid Off Off
safe_mode_include_dir no value no value
sendmail_from no value no value
sendmail_path /usr/sbin/sendmail -t -i /usr/sbin/sendmail -t -i
serialize_precision 100 100
short_open_tag On On
SMTP localhost localhost
smtp_port 25 25
sql.safe_mode Off Off
track_errors Off Off
unserialize_callback_func no value no value
upload_max_filesize 2M 2M
upload_tmp_dir no value no value
user_dir no value no value
variables_order EGPCS EGPCS
xmlrpc_error_number 0 0
xmlrpc_errors Off Off
y2k_compliance On On
zend.ze1_compatibility_mode Off Off


apache2handler
Apache Version Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.8
Apache API Version 20020903
Server Administrator webmaster@lvpca.com
Hostname:Port lvpca.com:0
User/Group nobody(99)/99
Max Requests Per Child: 0 - Keep Alive: on - Max Per Connection: 100
Timeouts Connection: 300 - Keep-Alive: 15
Virtual Server Yes
Server Root /usr/local/apache
Loaded Modules core mod_access mod_auth mod_include mod_log_config mod_logio mod_env mod_expires mod_headers mod_setenvif mod_proxy proxy_connect proxy_ftp proxy_http mod_ssl prefork http_core mod_mime mod_status mod_autoindex mod_asis mod_info mod_suexec mod_cgi mod_negotiation mod_dir mod_imap mod_actions mod_userdir mod_alias mod_rewrite mod_so mod_auth_passthrough mod_bwlimited mod_fpcgid mod_php5

Directive Local Value Master Value
engine 1 1
last_modified 0 0
xbithack 0 0


Apache Environment
Variable Value
HTTP_ACCEPT */*
HTTP_REFERER http://lvpca.com/index.php/admin/pages.html
HTTP_ACCEPT_LANGUAGE en-us
HTTP_UA_CPU x86
HTTP_ACCEPT_ENCODING gzip, deflate
HTTP_USER_AGENT Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
HTTP_HOST lvpca.com
HTTP_CONNECTION Keep-Alive
HTTP_COOKIE FCLoginData12345=raymond%3D%3DraZpUZKqloLT5BQlPna%2FAloVP4PSAN5Suk
PATH /bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin
SERVER_SIGNATURE <address>Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.8 Server at lvpca.com Port 80</address>
SERVER_SOFTWARE Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.8
SERVER_NAME lvpca.com
SERVER_ADDR 209.249.66.156
SERVER_PORT 80
REMOTE_ADDR 71.236.28.54
DOCUMENT_ROOT /home/lvpca/public_html
SERVER_ADMIN webmaster@lvpca.com
SCRIPT_FILENAME /home/lvpca/public_html/index.php
REMOTE_PORT 3602
GATEWAY_INTERFACE CGI/1.1
SERVER_PROTOCOL HTTP/1.1
REQUEST_METHOD GET
QUERY_STRING no value
REQUEST_URI /index.php/pages/phpInfo.html
SCRIPT_NAME /index.php
PATH_INFO /pages/phpInfo.html
PATH_TRANSLATED /home/lvpca/public_html/pages/phpInfo.html


HTTP Headers Information
HTTP Request Headers
HTTP Request GET /index.php/pages/phpInfo.html HTTP/1.1
Accept */*
Referer http://lvpca.com/index.php/admin/pages.html
Accept-Language en-us
UA-CPU x86
Accept-Encoding gzip, deflate
User-Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Host lvpca.com
Connection Keep-Alive
Cookie FCLoginData12345=raymond%3D%3DraZpUZKqloLT5BQlPna%2FAloVP4PSAN5Suk
HTTP Response Headers
X-Powered-By PHP/5.2.8


bcmath
BCMath support enabled


calendar
Calendar support enabled


ctype
ctype functions enabled


date
date/time support enabled
"Olson" Timezone Database Version 2008.9
Timezone Database internal
Default timezone America/Chicago

Directive Local Value Master Value
date.default_latitude 31.7667 31.7667
date.default_longitude 35.2333 35.2333
date.sunrise_zenith 90.583333 90.583333
date.sunset_zenith 90.583333 90.583333
date.timezone no value no value


dom
DOM/XML enabled
DOM/XML API Version 20031129
libxml Version 2.7.3
HTML Support enabled
XPath Support enabled
XPointer Support enabled
Schema Support enabled
RelaxNG Support enabled


filter
Input Validation and Filtering enabled
Revision $Revision: 1.52.2.44 $

Directive Local Value Master Value
filter.default unsafe_raw unsafe_raw
filter.default_flags no value no value


ftp
FTP support enabled


gd
GD Support enabled
GD Version bundled (2.0.34 compatible)
GIF Read Support enabled
GIF Create Support enabled
JPG Support enabled
PNG Support enabled
WBMP Support enabled
XPM Support enabled
XBM Support enabled


hash
hash support enabled
Hashing Engines md2 md4 md5 sha1 sha256 sha384 sha512 ripemd128 ripemd160 ripemd256 ripemd320 whirlpool tiger128,3 tiger160,3 tiger192,3 tiger128,4 tiger160,4 tiger192,4 snefru gost adler32 crc32 crc32b haval128,3 haval160,3 haval192,3 haval224,3 haval256,3 haval128,4 haval160,4 haval192,4 haval224,4 haval256,4 haval128,5 haval160,5 haval192,5 haval224,5 haval256,5


iconv
iconv support enabled
iconv implementation glibc
iconv library version 2.5

Directive Local Value Master Value
iconv.input_encoding ISO-8859-1 ISO-8859-1
iconv.internal_encoding ISO-8859-1 ISO-8859-1
iconv.output_encoding ISO-8859-1 ISO-8859-1


imap
IMAP c-Client Version 2006k
SSL Support enabled
Kerberos Support enabled


json
json support enabled
json version 1.2.1


libxml
libXML support active
libXML Version 2.7.3
libXML streams enabled


mysql
MySQL Support enabled
Active Persistent Links 0
Active Links 1
Client API version 5.0.89
MYSQL_MODULE_TYPE external
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_INCLUDE -I/usr/include/mysql
MYSQL_LIBS -L/usr/lib -lmysqlclient

Directive Local Value Master Value
mysql.allow_persistent On On
mysql.connect_timeout 60 60
mysql.default_host no value no value
mysql.default_password no value no value
mysql.default_port no value no value
mysql.default_socket no value no value
mysql.default_user no value no value
mysql.max_links Unlimited Unlimited
mysql.max_persistent Unlimited Unlimited
mysql.trace_mode Off Off


pcre
PCRE (Perl Compatible Regular Expressions) Support enabled
PCRE Library Version 7.8 2008-09-05

Directive Local Value Master Value
pcre.backtrack_limit 100000 100000
pcre.recursion_limit 100000 100000


posix
Revision $Revision: 1.70.2.3.2.20 $


Reflection
Reflection enabled
Version $Id: php_reflection.c,v 1.164.2.33.2.54 2008/10/29 13:34:08 felipe Exp $


session
Session Support enabled
Registered save handlers files user sqlite
Registered serializer handlers php php_binary

Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 4 4
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /tmp /tmp
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid 0 0


SimpleXML
Simplexml support enabled
Revision $Revision: 1.151.2.22.2.45 $
Schema support enabled


sockets
Sockets Support enabled


SPL
SPL support enabled
Interfaces Countable, OuterIterator, RecursiveIterator, SeekableIterator, SplObserver, SplSubject
Classes AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, DirectoryIterator, DomainException, EmptyIterator, FilterIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RegexIterator, RuntimeException, SimpleXMLIterator, SplFileInfo, SplFileObject, SplObjectStorage, SplTempFileObject, UnderflowException, UnexpectedValueException


SQLite
SQLite support enabled
PECL Module version 2.0-dev $Id: sqlite.c,v 1.166.2.13.2.11 2008/12/01 12:28:27 felipe Exp $
SQLite Library 2.8.17
SQLite Encoding iso8859

Directive Local Value Master Value
sqlite.assoc_case 0 0


standard
Regex Library Bundled library enabled
Dynamic Library Support enabled
Path to sendmail /usr/sbin/sendmail -t -i

Directive Local Value Master Value
assert.active 1 1
assert.bail 0 0
assert.callback no value no value
assert.quiet_eval 0 0
assert.warning 1 1
auto_detect_line_endings 0 0
default_socket_timeout 60 60
safe_mode_allowed_env_vars PHP_ PHP_
safe_mode_protected_env_vars LD_LIBRARY_PATH LD_LIBRARY_PATH
url_rewriter.tags a=href,area=href,frame=src,input=src,form=,fieldset= a=href,area=href,frame=src,input=src,form=,fieldset=
user_agent no value no value


tokenizer
Tokenizer Support enabled


xml
XML Support active
XML Namespace Support active
libxml2 Version 2.7.3


xmlreader
XMLReader enabled


xmlwriter
XMLWriter enabled


zlib
ZLib Support enabled
Stream Wrapper support compress.zlib://
Stream Filter support zlib.inflate, zlib.deflate
Compiled Version 1.2.3
Linked Version 1.2.3

Directive Local Value Master Value
zlib.output_compression Off Off
zlib.output_compression_level -1 -1
zlib.output_handler no value no value


Additional Modules
Module Name


Environment
Variable Value
LD_LIBRARY_PATH /usr/local/apache/lib:
PATH /bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin
PWD /usr/local/cpanel/whostmgr/docroot
SHLVL 1
RESTARTSRV 1
_ /usr/local/apache/bin/httpd


PHP Variables
Variable Value
_REQUEST["FCLoginData12345"] raymond==raZpUZKqloLT5BQlPna/AloVP4PSAN5Suk
_COOKIE["FCLoginData12345"] raymond==raZpUZKqloLT5BQlPna/AloVP4PSAN5Suk
_SERVER["HTTP_ACCEPT"] */*
_SERVER["HTTP_REFERER"] http://lvpca.com/index.php/admin/pages.html
_SERVER["HTTP_ACCEPT_LANGUAGE"] en-us
_SERVER["HTTP_UA_CPU"] x86
_SERVER["HTTP_ACCEPT_ENCODING"] gzip, deflate
_SERVER["HTTP_USER_AGENT"] Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
_SERVER["HTTP_HOST"] lvpca.com
_SERVER["HTTP_CONNECTION"] Keep-Alive
_SERVER["HTTP_COOKIE"] FCLoginData12345=raymond%3D%3DraZpUZKqloLT5BQlPna%2FAloVP4PSAN5Suk
_SERVER["PATH"] /bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin
_SERVER["SERVER_SIGNATURE"] <address>Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.8 Server at lvpca.com Port 80</address>
_SERVER["SERVER_SOFTWARE"] Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.8
_SERVER["SERVER_NAME"] lvpca.com
_SERVER["SERVER_ADDR"] 209.249.66.156
_SERVER["SERVER_PORT"] 80
_SERVER["REMOTE_ADDR"] 71.236.28.54
_SERVER["DOCUMENT_ROOT"] /home/lvpca/public_html
_SERVER["SERVER_ADMIN"] webmaster@lvpca.com
_SERVER["SCRIPT_FILENAME"] /home/lvpca/public_html/index.php
_SERVER["REMOTE_PORT"] 3602
_SERVER["GATEWAY_INTERFACE"] CGI/1.1
_SERVER["SERVER_PROTOCOL"] HTTP/1.1
_SERVER["REQUEST_METHOD"] GET
_SERVER["QUERY_STRING"] no value
_SERVER["REQUEST_URI"] /index.php/pages/phpInfo.html
_SERVER["SCRIPT_NAME"] /index.php
_SERVER["PATH_INFO"] /pages/phpInfo.html
_SERVER["PATH_TRANSLATED"] /home/lvpca/public_html/pages/phpInfo.html
_SERVER["PHP_SELF"] /index.php/pages/phpInfo.html
_SERVER["REQUEST_TIME"] 1265212601
_SERVER["argv"] Array
(
)


_SERVER["argc"] 0
_ENV["LD_LIBRARY_PATH"] /usr/local/apache/lib:
_ENV["PATH"] /bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin
_ENV["PWD"] /usr/local/cpanel/whostmgr/docroot
_ENV["SHLVL"] 1
_ENV["RESTARTSRV"] 1
_ENV["_"] /usr/local/apache/bin/httpd



Thank you.
Wolf
 
DCSun
Administrator



Posts: 625
 
February 3, 2010 @ 12:14pm
Hey Wolf,

Nice to see you back here again.

My best guess is there was a PHP upgrade performed (probably 4.something before and 5.2.8 now), and in that process Register Globals got turned off. Register Globals give you the ability to access form post and query string data by just pretending it's already a variable (in this case $guess), which while convenient, turned out to be a bit of a security problem for PHP.

You should be able to re-write it pretty easily. Since this is inside FlexCMS already, you can use its built in form processing functions (note the few lines at the top which initiate the form processing (it only happens when asked to, not on every page load), and the different style of accessing the data).

You'll probably also want to re-write your line that has $MainURL in it. Either change that to $BaseURL, or remove the "/index.php" after it, as $MainURL should already contain "http://www.domain.com/index.php" and this will be giving you two of them (it's possible you have a re-write happening to remove the index.php from URLs and that's not giving you two of them there right now, but should still be changed).


Dave


Code


ReadFormArguments();
Global $FormArguments;

$guess = $FormArguments['guess'];


$num_to_guess = 90;
$message = "";
if (!isset($guess)){
$message = "Welcome to the guessing machine!";
} elseif ($guess > $num_to_guess){
$message = "$guess is too big!";
} elseif ($guess < $num_to_guess){
$message = "$guess is too small!";
} else {
$message = "Well done!";
}
print $message
?>

<form action="<?php '.$MainURL.'?>/pages/test_php_form.html" method="POST">
Type in your guess here: <input type="text" name="guess">
</form>



FlexCMS v3.2 Has Been Released!
 
Wolf


Posts: 11
 
Mission AccomplishesFebruary 3, 2010 @ 3:16pm
Dave,

Thanks! That did the trick. Smile Hope you're doing well up there in the cold north!

Cheers,
Wolf
 

Post Message 




Try & Buy FeedForAll - Easy to use RSS Feed Creator - great for iTunes users!

MEMBERS




All Contents, Code, Scripts and Technologies Copyright 2003-2009 FlexCMS.
All Rights Reserved. Software License Agreement

Processing Time: 0.06365 seconds.
 
Management Login

Powered By FlexCMS
Powered By FlexCMS