Avatar of Richard Korts
Richard Korts
Flag for United States of America asked on

php error

See this code:

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
echo "entered proc_registern.php<br>";

Open in new window


These are the first 4 lines in a php program (called from another).

The program displays a BLANK screen in the browser.

View source is totally blank, so nothing is rendered?

also, I ran the source code through http://phpcodechecker.com/

No errors

How can this happen?
PHP

Avatar of undefined
Last Comment
Julian Hansen

8/22/2022 - Mon
Terry Woods

Usually in a situation like that you'll find the code isn't being run, or there's a problem elsewhere. I'd try:
1. adding a line above the given code (but after the <?php tag) with
die("helloworld");

Open in new window

in case that helps show what's happening
2. checking any htaccess files that might call other files, to find out which code is really being run
Ray Paseur

the code isn't being run
Yep, there could be any number of things wrong.  The other (calling) program might have logic in it that establishes a conditional call to this program, and the conditions are not met.  Another program might have started output buffering and then discarded the buffers.  Most likely it's the former.  Try running this script all by itself, then go looking for the reasons the calling program is not running it.
Dave Baldwin

Your sample code above works just fine here.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Julian Hansen

These are the first 4 lines in a php program (called from another).
How is this code "called"?
Richard Korts

ASKER
Responses.

(1) When i run JUST the code snippet I posted (with or without the die statement) it works fine.

(2) The code in the calling program is like this:
<form method="post" name="st" action="proc_registern.php" onSubmit = "return chk_vals();">

Open in new window


(3) The Javascript function chk_vals is this:
function chk_vals() {
	if (document.st.fname.value == "" || document.st.lname.value == "" || document.st.company.value == "" || document.st.email.value == "" || document.st.pwd.value == "" || document.st.city.value == "") {
		alert ("Please complete all required fields.");
		return false;
	}
	if (!is_email(document.st.email.value)) {
		alert("Invalid email address.");
		return false;
	}	
	if (document.st.country.options[0].selected) {
		alert ("Please specify Country.");
		return false;
	}
	ctry = document.st.country.value;
	if (ctry == "United States" || ctry == "Mexico" || ctry == "Canada") {
		if (document.st.state.options[0].selected) {
			alert("Please specify State or Province.");
			return false;
		}
	}
	if (document.st.pwd.value != document.st.cpwd.value) {
		alert("Passwords do not match.")
		return false;
	}	
	if (document.st.pwd.value != "") {
		pw = document.st.pwd.value;
		if (pw.length < 8) {
			alert("Password length must be at least 8.");
			return false;
		}
	} else {
			alert("Please either enter a password.");
			return false;
	}		
		
	return true;
}

Open in new window


4. When the browser (FireFox) displays the blank page, the address bar is as in the attached image. That implies to me it is going to the right place.

5. The .htaccess file contains this one line:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.lakoshvac.com/$1 [R,L]

Thanks,

Richard
Ray Paseur

Kind of a sidebar note, but you might want to check and correct the markup.  You will need to do this anyway, even if you find the error elsewhere.
https://validator.w3.org/nu/?doc=http%3A%2F%2Fwww.lakos.com%2FAbout%2Fcontact-us

I think the JavaScript might not be an influencing factor.  You might want to check the PHP logic.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Julian Hansen

So, if I understand you correctly
Form => proc_registern.php
.htaccess redirects everything to https://www.lakoshvac.com

So resulting url is https://www.lakoshvac.com/proc_registern.php

Which gives a blank screen?
Richard Korts

ASKER
Julian,

Yes.

Here is the code for proc_registern.php:

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
echo "entered proc_registern.php<br>";
function gen_rand() {
	$p = "";
	for ($j = 0; $j < 6; $j++) {
		$n = rand(1,62);
		if ($n < 11) {
			$p = $p . ($n - 1);
		}
	// upper case
		if ($n > 10 && $n < 37) {
			$c = chr($n - 10 + 64);
			$p = $p . $c;
		}
	// lower case
		if ($n > 36) {
			$c = chr($n - 36 + 96);
			$p = $p . $c;	
		}	
	}
	return $p;
		
}
$cwd = getcwd();
$lnc = strlen($cwd);
$l4cwd = substr($cwd,$lnc-4,4);
if ($l4cwd == "/dev") {
		$locusr = "/dev/userok.php";
		$locnet	= "/dev/net_ok.php";
		$locver = "/dev/verify_user.php";
	} else {
		$locusr = "/userok.php";
		$locnet = "/net_ok.php";
		$locver = "/verify_user.php";
	}
$state = $_POST['state'];
session_start();
// check captcha
echo "posted security = " . $_POST['security_code'] . "<br>";
if( $_SESSION['security_code'] == $_POST['security_code'] && !empty($_SESSION['security_code'] )) {
  	$formok = true;
}
// captcha bad
if (! $formok) {
	$str = "&fn=" . $_POST['fname'] . "&ln=" . $_POST['lname'] . "&tt=" . $_POST['title'] +. "&co=" . $_POST['company'] . "&ph=" . $_POST['phone'] .  "&em=" . $_POST['email'] . "&city=" . $_POST['city'] . "&pwd=" . $_POST['pwd'] . "&cpwd =" . $_POST['cpwd'];
	header("Location: registern.php?bad=1" . $str);
}	
include "db_connect.php";
$qry = "SELECT * from registered_users where email = '" . $_POST['email'] . "' and affilliation = '" . $_POST['company'] . "'";
$res = mysqli_query($link, $qry);
$nr = mysqli_num_rows($res);
$qryk = "SELECT * from parms";
$resk = mysqli_query($link, $qryk);
$p = mysqli_fetch_array($resk,MYSQLI_ASSOC); 
$key = $p['hkey'];
$gpwd = false;
if ($nr != 0) {
	// already registered
	header("Location: index.php?isuser=y");
	exit;
} else {
	$pwd = $_POST['pwd'];
	$slnl = "N";
	if ($_POST['slnl'] == "on") {
		$slnl = "Y";
	}	
		
	// send email to lakos admin (me first)
	require_once('class.phpmailer.php');
	// change to save values in temp db table
	// hash the pwd
	$code = gen_rand();
	$hpwd = hash_hmac('ripemd160', $pwd, $key);
	$qryi = "INSERT into registered_users (lastname, firstname, email, pwd, affilliation, phone, country, state, city, ccode, date_reg, subs) VALUES('" . $_POST['lname'] . "', '" . $_POST['fname'] . "', '" . $_POST['email'] . "', '" . $hpwd . "', '" . $_POST['company'] . "', '" . $_POST['phone'] . "', '" . $_POST['country'] . "', '" . $state	. "', '" . $_POST['city'] . "', '" . $code . "', '" . date('Y-m-d') . "', '" . $slnl . "')";
	//echo "insert qry = " . $qryi . "<br>";
	$resi = mysqli_query($link, $qryi);
	// update to allow pricing rights if email is in auto_pricing
	//$qryap = "SELECT * from pricing_rights where email = '" . $_POST['email'] . "'";
	//$resap = mysqli_query($link, $qryap);
	//$nap = mysqli_num_rows($resap);
	//if ($nap != 0) {
		//$qryur = "UPDATE registered_users set see_pricing = 'Y' where email = '" . $_POST['email'] . "'";
		//$resur = mysqli_query($link, $qryur);
	//}	
	$nap = 0;
	// welcome email to registrant
	$mail1             = new PHPMailer(); // defaults to using php "mail()"

	$mail1->isSMTP(); // telling the class to use SMTP transport
 
	$body             = "";
 
	$mail1->SetFrom('noreply@lakos.com');
	$mail1->Subject    = "Verify your Email - Lakos HVAC Product Configurator";
	$mail1->AddAddress($_POST['email']);
	$body = "Dear " . $_POST['fname'] . ",<br><br>";
	$body = $body . "Thank you for registering your account at Lakos HVAC Product Configurator. We need to verify your email address before you can fully register. <br><br>";
	$body = $body . "Please click on the link below to verify your email<br><br>"; 
	$body = $body . "<a href='https://www.lakoshvac.com" . $locver . "?email=". $_POST['email'] . "'>verify your email</a><br><br>";
	$body = $body . "Thank you,<br><br>";
	$body = $body . "The Lakos Product Configurator Team";
	$mail1->MsgHTML($body);
	if(!$mail1->Send()) {
		echo "Mailer Error: ". $mail1->ErrorInfo;
	} 	
}	
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <meta name="viewport" content="width=device-width, initial-scale=1">
 <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css">
  <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
<title>Lakos Configuration Tool - Registered User Application</title>
 <style>
.nopadding {
   padding: 0 !important;
   margin: 0 !important;
}
.wrapper{
  max-width:1100px;
  min-width:900px;
  margin:0 auto;
  
}
#dialog { text-align:center; }
.custom-overlay { background-color: black; background-image: none; opacity: 0.4; } 
</style> 
<script>
cwd = "<? print $cwd; ?>";
lnc = cwd.length;
l4cwd = cwd.substr(lnc-4,4);
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
  m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
  })(window,document,'script','//www.google-analytics.com/analytics.js','ga');
 
  ga('create', 'UA-5238882-1', 'auto');
  ga('send', 'pageview');
 $(function() {
  $('#resendEmail').click(function() {
    var data1 = "<? print $_POST['email']; ?>";
    var data2 = "<? print $_POST['fname']; ?>";

    $.ajax({

      url: "registrant_email.php",
      data: "email=" + data1 + "&fname=" + data2,
      type: "post", //can be get or post
      success: function(data) {
		
		if(data.trim() === "1") {
			alert("Your email has been re-sent'");
		}
		else {
        alert("there was an issue sending the email");
		}
	} 

    });
    return false;
  });
});
$(document).ready(function() {
    $('#showDialog').click(function(e){
        $('#dialog').dialog({
            modal: true, 
            open: function() {
                $('.ui-widget-overlay').addClass('custom-overlay');
            },
            close: function() {
                $('.ui-widget-overlay').removeClass('custom-overlay');
            }
        });
    });
});
function show_thank() {
	document.getElementById("showDialog").click();
}
</script> 
</head>
<body>
<button id="showDialog"  style="display:none;">Show The Dialog</button>

<div id="dialog" style="display:none;">
    <h1>Thank You</h1>
    <p>Your email has been sent</p>
</div>
<div class="wrapper">
<div class="container-fluid" >
<div class="row">
	<div class="col-sm-6 col-xs-6"><img src="images/logo.jpg"></div>
</div>	
<div class="row">
	<div class="col-sm-12 col-xs-12" style="padding-top:3px;">&nbsp;</div>
</div>
<div class="row">
	<div class="col-sm-12 col-xs-12 text-center" style="padding-top:2px; padding-bottom:2px; background-color:#0A2F98; color: white; font-size:20px"><b>HT Product Configurator</b></div>
</div>
<div class="row" style="padding-top: 50px;">
<div class="col-sm-2 col-xs-2">&nbsp;</div>
<div class="col-sm-8 col-xs-8" style="font-size:20px; color:#5B9BD5;">You are almost done with your registration.<br><br>
We sent an email to the email address you provided. Please check your inbox and click the link in that email to continue using Lakos HVAC Product Configurator.</div>
<div class="col-sm-2 col-xs-2">&nbsp;</div>
</div>
<div class="row" style="padding-top: 30px;">
	<div class="col-sm-2 col-xs-2">&nbsp;</div>
	<div class="col-sm-8 col-xs-8 text-left" style="font-size:18px;"><a id="resendEmail" href="#">Click Here to resend email</a></div>
	<div class="col-sm-2 col-xs-2">&nbsp;</div>
</div>
<div class="row" style="padding-top: 30px;">
	<div class="col-sm-2 col-xs-2">&nbsp;</div>
	<div class="col-sm-8 col-xs-8" style="font-size:20px; color:#5B9BD5;"><p>Why do I have to do this?</p>
<p>We want to ensure that you own your email address and someone is not impersonating you.</p><br><br> 

<p>I have not received my email</p>
<p>Check your spam mailbox and ensure lakos.com is allowed to send you an email. If you registered with an incorrect email address, please re-register with the correct email address.</p><br>
Still having trouble? Contact <a href="mailto:lit@lakos.com">lit@lakos.com</a> </div>
<div class="col-sm-2 col-xs-2">&nbsp;</div>
</div>
</div>
</div>
</body>
</html>
 

Open in new window


Except for the initial echo, line 4, the changes from the prior version (which worked) are lines 40 - 49.

I am attempting to add a version of captcha.

Thanks
ASKER CERTIFIED SOLUTION
Julian Hansen

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Richard Korts

ASKER
Excellent, I see that. I'll fix. It's probably obvious that I converted that string from a Javascript that was similar.

Why do none of the error checkings, etc., catch this?

Richard
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Julian Hansen

More errors

Line 43 and 46 use of $formok when not set anywhere
Line 53
$nr = mysqli_num_rows($res);

Open in new window

no such function mysqli_num_rows() you want
mysqli_affected_rows ($link)

Open in new window


That should sort the obvious ones out.

You need to look at doing something about how you access your $_POST vars - accessing them directly as you have is problematic on a number of levels
1. It poses a security risk - which sort of goes against what you are trying to do with the CAPTCHA
2. It does not take into account the $_POST might not be there.

One strategy that might make it easier is to put your form variables into an array
name="data[email]"
name="data[fname]"
etc

Open in new window

Now you can get your form data in one step
$data = isset($_POST['data']) ? $_POST['data'] : false;
if (is_array($data)) {
   // you have a valid array so you can do your sanity checks - either directly or with a generic function that loops through the array
}

Open in new window


Your mysqli_ callls seem to have been a direct conversion from an older mysql_ implementation (refer the num_rows() reference. I would go over that again and make sure it has all been converted properly.
Julian Hansen

Why do none of the error checkings, etc., catch this?
They are but your ISP has blocked error reporting to the screen (mine does the same) what they do is configure errors to go to an error.log file in the webroot - I can check for them there - alternatively I can place a custom PHP.INI file in the folder to override their settings and if that is not available you can always create your own custom error handler that intercepts the error and logs it.
Richard Korts

ASKER
Julian,

All excellent, thanks so much. I'm confident the combo will make it work.

Yes, the use of mysqli_num_rows is a conversion. But it works everywhere else (in this system & other projects).
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Ray Paseur

If you have it in other projects, you might want to re-run your unit tests!
http://php.net/manual-lookup.php?pattern=mysqli_num_rows&scope=quickref

If you want to put in a CAPTCHA, this article has several tested-and-working code samples, ranging from simple to elaborate.
https://www.experts-exchange.com/articles/9849/Making-CAPTCHA-Friendlier-with-Simple-Number-Tests-or-PHP-Image-Manipulation.html

If you're converting from MySQL, you may find that object-oriented MySQLI is the easiest conversion.  Details here:
https://www.experts-exchange.com/articles/11177/PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html
Richard Korts

ASKER
Thanks for great find.
Julian Hansen

You are welcome.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Richard Korts

ASKER
I'm still amazed about mysqli_num_rows. I DID NOT change that.

I use it in HUNDREDS of programs & it works.

I see what Ray referenced & it says it's not a valid function, I cannot see how it works.

Was it recently dropped?

I'm reluctant to do a MASS replace with mysqli_affected_rows; scared of bad effects.

I guess I'll just do a little test program.

Thanks
Dave Baldwin

'mysqli_num_rows' is a valid function.
http://php.net/manual/en/mysqli-result.num-rows.php
Richard Korts

ASKER
Thank you Dave. I was VERY confused, I use it & it works.

Wheeew!!
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Dave Baldwin

'mysqli_num_rows' doesn't show up in the search for some reason.
Ray Paseur

Dave: That's because it's not a method of the MySQLi object.  It's a method of the MySQLi_Result object.
http://php.net/manual/en/class.mysqli-result.php

Generally speaking, MySQLi objects represent the connection and the per-connection events.  MySQLi_Result objects represent the response from SELECT queries.
Dave Baldwin

While I know that (since I gave the link for it), it is a BS reason for it to not show up in the function search.  'mysqli_query' does show up in the search but a number of other 'mysqli' functions do not.  I consider it an error or oversight on their part.

PS:  I've had 'discussions' with the PHP web people about problems with the search function and they really don't care.
Your help has saved me hundreds of hours of internet surfing.
fblack61
Richard Korts

ASKER
I am VERY happy there are so many php experts out there in EE Land.

I have told MANY people about EE. Best deal on the planet. I could not live without it.

Richard
Ray Paseur

Dave: I've talked to them, too.  My gripe: There is only one input control on any page of the php.net site.  So why not learn from Google and put the browser focus on the search input box?  Instead, you have to visit the page, locate the search box visually, move your mouse or finger up there and activate the control.  Idiotic design.

To their credit, they are trying to improve the documentation and have removed some of the more dangerous and foolish language features at PHP7+
Julian Hansen

After exclusively using the OOP mysqli and affected rows coupled with the fact that a search on php's site for mysqli_num_rows yielded no results, assumed that it did not exist.

Just goes to show there is always something to learn and never make assumptions.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Dave Baldwin

Worse than that, if you click in the search box too quick, the page takes the focus to something else and you have to click there again.  Almost all of the 'mysqli' OOP functions have a procedural equivalent.  For us lazy people.
Julian Hansen

Almost all of the 'mysqli' OOP functions have a procedural equivalent
I know but I usually setup a $mysqli object that I inject all over the place I use that to do

$mysqli->affected_rows

Which gives the same values as $result->num_rows (if you happen to have a result) - but I never use the latter so had to rely on PHP search to check for existence and ... we know the rest.