Richard Korts
asked on
php error
See this code:
These are the first 4 lines in a php program (called from another).
The program displays a BLANK screen in the browser.
View source is totally blank, so nothing is rendered?
also, I ran the source code through http://phpcodechecker.com/
No errors
How can this happen?
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
echo "entered proc_registern.php<br>";
These are the first 4 lines in a php program (called from another).
The program displays a BLANK screen in the browser.
View source is totally blank, so nothing is rendered?
also, I ran the source code through http://phpcodechecker.com/
No errors
How can this happen?
the code isn't being runYep, there could be any number of things wrong. The other (calling) program might have logic in it that establishes a conditional call to this program, and the conditions are not met. Another program might have started output buffering and then discarded the buffers. Most likely it's the former. Try running this script all by itself, then go looking for the reasons the calling program is not running it.
Your sample code above works just fine here.
These are the first 4 lines in a php program (called from another).How is this code "called"?
ASKER
Responses.
(1) When i run JUST the code snippet I posted (with or without the die statement) it works fine.
(2) The code in the calling program is like this:
(3) The Javascript function chk_vals is this:
4. When the browser (FireFox) displays the blank page, the address bar is as in the attached image. That implies to me it is going to the right place.
5. The .htaccess file contains this one line:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.lakoshvac.com/$1 [R,L]
Thanks,
Richard
(1) When i run JUST the code snippet I posted (with or without the die statement) it works fine.
(2) The code in the calling program is like this:
<form method="post" name="st" action="proc_registern.php" onSubmit = "return chk_vals();">
(3) The Javascript function chk_vals is this:
function chk_vals() {
if (document.st.fname.value == "" || document.st.lname.value == "" || document.st.company.value == "" || document.st.email.value == "" || document.st.pwd.value == "" || document.st.city.value == "") {
alert ("Please complete all required fields.");
return false;
}
if (!is_email(document.st.email.value)) {
alert("Invalid email address.");
return false;
}
if (document.st.country.options[0].selected) {
alert ("Please specify Country.");
return false;
}
ctry = document.st.country.value;
if (ctry == "United States" || ctry == "Mexico" || ctry == "Canada") {
if (document.st.state.options[0].selected) {
alert("Please specify State or Province.");
return false;
}
}
if (document.st.pwd.value != document.st.cpwd.value) {
alert("Passwords do not match.")
return false;
}
if (document.st.pwd.value != "") {
pw = document.st.pwd.value;
if (pw.length < 8) {
alert("Password length must be at least 8.");
return false;
}
} else {
alert("Please either enter a password.");
return false;
}
return true;
}
4. When the browser (FireFox) displays the blank page, the address bar is as in the attached image. That implies to me it is going to the right place.
5. The .htaccess file contains this one line:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.lakoshvac.com/$1 [R,L]
Thanks,
Richard
Kind of a sidebar note, but you might want to check and correct the markup. You will need to do this anyway, even if you find the error elsewhere.
https://validator.w3.org/nu/?doc=http%3A%2F%2Fwww.lakos.com%2FAbout%2Fcontact-us
I think the JavaScript might not be an influencing factor. You might want to check the PHP logic.
https://validator.w3.org/nu/?doc=http%3A%2F%2Fwww.lakos.com%2FAbout%2Fcontact-us
I think the JavaScript might not be an influencing factor. You might want to check the PHP logic.
So, if I understand you correctly
Form => proc_registern.php
.htaccess redirects everything to https://www.lakoshvac.com
So resulting url is https://www.lakoshvac.com/proc_registern.php
Which gives a blank screen?
Form => proc_registern.php
.htaccess redirects everything to https://www.lakoshvac.com
So resulting url is https://www.lakoshvac.com/proc_registern.php
Which gives a blank screen?
ASKER
Julian,
Yes.
Here is the code for proc_registern.php:
Except for the initial echo, line 4, the changes from the prior version (which worked) are lines 40 - 49.
I am attempting to add a version of captcha.
Thanks
Yes.
Here is the code for proc_registern.php:
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
echo "entered proc_registern.php<br>";
function gen_rand() {
$p = "";
for ($j = 0; $j < 6; $j++) {
$n = rand(1,62);
if ($n < 11) {
$p = $p . ($n - 1);
}
// upper case
if ($n > 10 && $n < 37) {
$c = chr($n - 10 + 64);
$p = $p . $c;
}
// lower case
if ($n > 36) {
$c = chr($n - 36 + 96);
$p = $p . $c;
}
}
return $p;
}
$cwd = getcwd();
$lnc = strlen($cwd);
$l4cwd = substr($cwd,$lnc-4,4);
if ($l4cwd == "/dev") {
$locusr = "/dev/userok.php";
$locnet = "/dev/net_ok.php";
$locver = "/dev/verify_user.php";
} else {
$locusr = "/userok.php";
$locnet = "/net_ok.php";
$locver = "/verify_user.php";
}
$state = $_POST['state'];
session_start();
// check captcha
echo "posted security = " . $_POST['security_code'] . "<br>";
if( $_SESSION['security_code'] == $_POST['security_code'] && !empty($_SESSION['security_code'] )) {
$formok = true;
}
// captcha bad
if (! $formok) {
$str = "&fn=" . $_POST['fname'] . "&ln=" . $_POST['lname'] . "&tt=" . $_POST['title'] +. "&co=" . $_POST['company'] . "&ph=" . $_POST['phone'] . "&em=" . $_POST['email'] . "&city=" . $_POST['city'] . "&pwd=" . $_POST['pwd'] . "&cpwd =" . $_POST['cpwd'];
header("Location: registern.php?bad=1" . $str);
}
include "db_connect.php";
$qry = "SELECT * from registered_users where email = '" . $_POST['email'] . "' and affilliation = '" . $_POST['company'] . "'";
$res = mysqli_query($link, $qry);
$nr = mysqli_num_rows($res);
$qryk = "SELECT * from parms";
$resk = mysqli_query($link, $qryk);
$p = mysqli_fetch_array($resk,MYSQLI_ASSOC);
$key = $p['hkey'];
$gpwd = false;
if ($nr != 0) {
// already registered
header("Location: index.php?isuser=y");
exit;
} else {
$pwd = $_POST['pwd'];
$slnl = "N";
if ($_POST['slnl'] == "on") {
$slnl = "Y";
}
// send email to lakos admin (me first)
require_once('class.phpmailer.php');
// change to save values in temp db table
// hash the pwd
$code = gen_rand();
$hpwd = hash_hmac('ripemd160', $pwd, $key);
$qryi = "INSERT into registered_users (lastname, firstname, email, pwd, affilliation, phone, country, state, city, ccode, date_reg, subs) VALUES('" . $_POST['lname'] . "', '" . $_POST['fname'] . "', '" . $_POST['email'] . "', '" . $hpwd . "', '" . $_POST['company'] . "', '" . $_POST['phone'] . "', '" . $_POST['country'] . "', '" . $state . "', '" . $_POST['city'] . "', '" . $code . "', '" . date('Y-m-d') . "', '" . $slnl . "')";
//echo "insert qry = " . $qryi . "<br>";
$resi = mysqli_query($link, $qryi);
// update to allow pricing rights if email is in auto_pricing
//$qryap = "SELECT * from pricing_rights where email = '" . $_POST['email'] . "'";
//$resap = mysqli_query($link, $qryap);
//$nap = mysqli_num_rows($resap);
//if ($nap != 0) {
//$qryur = "UPDATE registered_users set see_pricing = 'Y' where email = '" . $_POST['email'] . "'";
//$resur = mysqli_query($link, $qryur);
//}
$nap = 0;
// welcome email to registrant
$mail1 = new PHPMailer(); // defaults to using php "mail()"
$mail1->isSMTP(); // telling the class to use SMTP transport
$body = "";
$mail1->SetFrom('noreply@lakos.com');
$mail1->Subject = "Verify your Email - Lakos HVAC Product Configurator";
$mail1->AddAddress($_POST['email']);
$body = "Dear " . $_POST['fname'] . ",<br><br>";
$body = $body . "Thank you for registering your account at Lakos HVAC Product Configurator. We need to verify your email address before you can fully register. <br><br>";
$body = $body . "Please click on the link below to verify your email<br><br>";
$body = $body . "<a href='https://www.lakoshvac.com" . $locver . "?email=". $_POST['email'] . "'>verify your email</a><br><br>";
$body = $body . "Thank you,<br><br>";
$body = $body . "The Lakos Product Configurator Team";
$mail1->MsgHTML($body);
if(!$mail1->Send()) {
echo "Mailer Error: ". $mail1->ErrorInfo;
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
<title>Lakos Configuration Tool - Registered User Application</title>
<style>
.nopadding {
padding: 0 !important;
margin: 0 !important;
}
.wrapper{
max-width:1100px;
min-width:900px;
margin:0 auto;
}
#dialog { text-align:center; }
.custom-overlay { background-color: black; background-image: none; opacity: 0.4; }
</style>
<script>
cwd = "<? print $cwd; ?>";
lnc = cwd.length;
l4cwd = cwd.substr(lnc-4,4);
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-5238882-1', 'auto');
ga('send', 'pageview');
$(function() {
$('#resendEmail').click(function() {
var data1 = "<? print $_POST['email']; ?>";
var data2 = "<? print $_POST['fname']; ?>";
$.ajax({
url: "registrant_email.php",
data: "email=" + data1 + "&fname=" + data2,
type: "post", //can be get or post
success: function(data) {
if(data.trim() === "1") {
alert("Your email has been re-sent'");
}
else {
alert("there was an issue sending the email");
}
}
});
return false;
});
});
$(document).ready(function() {
$('#showDialog').click(function(e){
$('#dialog').dialog({
modal: true,
open: function() {
$('.ui-widget-overlay').addClass('custom-overlay');
},
close: function() {
$('.ui-widget-overlay').removeClass('custom-overlay');
}
});
});
});
function show_thank() {
document.getElementById("showDialog").click();
}
</script>
</head>
<body>
<button id="showDialog" style="display:none;">Show The Dialog</button>
<div id="dialog" style="display:none;">
<h1>Thank You</h1>
<p>Your email has been sent</p>
</div>
<div class="wrapper">
<div class="container-fluid" >
<div class="row">
<div class="col-sm-6 col-xs-6"><img src="images/logo.jpg"></div>
</div>
<div class="row">
<div class="col-sm-12 col-xs-12" style="padding-top:3px;"> </div>
</div>
<div class="row">
<div class="col-sm-12 col-xs-12 text-center" style="padding-top:2px; padding-bottom:2px; background-color:#0A2F98; color: white; font-size:20px"><b>HT Product Configurator</b></div>
</div>
<div class="row" style="padding-top: 50px;">
<div class="col-sm-2 col-xs-2"> </div>
<div class="col-sm-8 col-xs-8" style="font-size:20px; color:#5B9BD5;">You are almost done with your registration.<br><br>
We sent an email to the email address you provided. Please check your inbox and click the link in that email to continue using Lakos HVAC Product Configurator.</div>
<div class="col-sm-2 col-xs-2"> </div>
</div>
<div class="row" style="padding-top: 30px;">
<div class="col-sm-2 col-xs-2"> </div>
<div class="col-sm-8 col-xs-8 text-left" style="font-size:18px;"><a id="resendEmail" href="#">Click Here to resend email</a></div>
<div class="col-sm-2 col-xs-2"> </div>
</div>
<div class="row" style="padding-top: 30px;">
<div class="col-sm-2 col-xs-2"> </div>
<div class="col-sm-8 col-xs-8" style="font-size:20px; color:#5B9BD5;"><p>Why do I have to do this?</p>
<p>We want to ensure that you own your email address and someone is not impersonating you.</p><br><br>
<p>I have not received my email</p>
<p>Check your spam mailbox and ensure lakos.com is allowed to send you an email. If you registered with an incorrect email address, please re-register with the correct email address.</p><br>
Still having trouble? Contact <a href="mailto:lit@lakos.com">lit@lakos.com</a> </div>
<div class="col-sm-2 col-xs-2"> </div>
</div>
</div>
</div>
</body>
</html>
Except for the initial echo, line 4, the changes from the prior version (which worked) are lines 40 - 49.
I am attempting to add a version of captcha.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Excellent, I see that. I'll fix. It's probably obvious that I converted that string from a Javascript that was similar.
Why do none of the error checkings, etc., catch this?
Richard
Why do none of the error checkings, etc., catch this?
Richard
More errors
Line 43 and 46 use of $formok when not set anywhere
Line 53
That should sort the obvious ones out.
You need to look at doing something about how you access your $_POST vars - accessing them directly as you have is problematic on a number of levels
1. It poses a security risk - which sort of goes against what you are trying to do with the CAPTCHA
2. It does not take into account the $_POST might not be there.
One strategy that might make it easier is to put your form variables into an array
Your mysqli_ callls seem to have been a direct conversion from an older mysql_ implementation (refer the num_rows() reference. I would go over that again and make sure it has all been converted properly.
Line 43 and 46 use of $formok when not set anywhere
Line 53
$nr = mysqli_num_rows($res);
no such function mysqli_num_rows() you want mysqli_affected_rows ($link)
That should sort the obvious ones out.
You need to look at doing something about how you access your $_POST vars - accessing them directly as you have is problematic on a number of levels
1. It poses a security risk - which sort of goes against what you are trying to do with the CAPTCHA
2. It does not take into account the $_POST might not be there.
One strategy that might make it easier is to put your form variables into an array
name="data[email]"
name="data[fname]"
etc
Now you can get your form data in one step$data = isset($_POST['data']) ? $_POST['data'] : false;
if (is_array($data)) {
// you have a valid array so you can do your sanity checks - either directly or with a generic function that loops through the array
}
Your mysqli_ callls seem to have been a direct conversion from an older mysql_ implementation (refer the num_rows() reference. I would go over that again and make sure it has all been converted properly.
Why do none of the error checkings, etc., catch this?They are but your ISP has blocked error reporting to the screen (mine does the same) what they do is configure errors to go to an error.log file in the webroot - I can check for them there - alternatively I can place a custom PHP.INI file in the folder to override their settings and if that is not available you can always create your own custom error handler that intercepts the error and logs it.
ASKER
Julian,
All excellent, thanks so much. I'm confident the combo will make it work.
Yes, the use of mysqli_num_rows is a conversion. But it works everywhere else (in this system & other projects).
All excellent, thanks so much. I'm confident the combo will make it work.
Yes, the use of mysqli_num_rows is a conversion. But it works everywhere else (in this system & other projects).
If you have it in other projects, you might want to re-run your unit tests!
http://php.net/manual-lookup.php?pattern=mysqli_num_rows&scope=quickref
If you want to put in a CAPTCHA, this article has several tested-and-working code samples, ranging from simple to elaborate.
https://www.experts-exchange.com/articles/9849/Making-CAPTCHA-Friendlier-with-Simple-Number-Tests-or-PHP-Image-Manipulation.html
If you're converting from MySQL, you may find that object-oriented MySQLI is the easiest conversion. Details here:
https://www.experts-exchange.com/articles/11177/PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html
http://php.net/manual-lookup.php?pattern=mysqli_num_rows&scope=quickref
If you want to put in a CAPTCHA, this article has several tested-and-working code samples, ranging from simple to elaborate.
https://www.experts-exchange.com/articles/9849/Making-CAPTCHA-Friendlier-with-Simple-Number-Tests-or-PHP-Image-Manipulation.html
If you're converting from MySQL, you may find that object-oriented MySQLI is the easiest conversion. Details here:
https://www.experts-exchange.com/articles/11177/PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html
ASKER
Thanks for great find.
You are welcome.
ASKER
I'm still amazed about mysqli_num_rows. I DID NOT change that.
I use it in HUNDREDS of programs & it works.
I see what Ray referenced & it says it's not a valid function, I cannot see how it works.
Was it recently dropped?
I'm reluctant to do a MASS replace with mysqli_affected_rows; scared of bad effects.
I guess I'll just do a little test program.
Thanks
I use it in HUNDREDS of programs & it works.
I see what Ray referenced & it says it's not a valid function, I cannot see how it works.
Was it recently dropped?
I'm reluctant to do a MASS replace with mysqli_affected_rows; scared of bad effects.
I guess I'll just do a little test program.
Thanks
'mysqli_num_rows' is a valid function.
http://php.net/manual/en/mysqli-result.num-rows.php
http://php.net/manual/en/mysqli-result.num-rows.php
ASKER
Thank you Dave. I was VERY confused, I use it & it works.
Wheeew!!
Wheeew!!
'mysqli_num_rows' doesn't show up in the search for some reason.
Dave: That's because it's not a method of the MySQLi object. It's a method of the MySQLi_Result object.
http://php.net/manual/en/class.mysqli-result.php
Generally speaking, MySQLi objects represent the connection and the per-connection events. MySQLi_Result objects represent the response from SELECT queries.
http://php.net/manual/en/class.mysqli-result.php
Generally speaking, MySQLi objects represent the connection and the per-connection events. MySQLi_Result objects represent the response from SELECT queries.
While I know that (since I gave the link for it), it is a BS reason for it to not show up in the function search. 'mysqli_query' does show up in the search but a number of other 'mysqli' functions do not. I consider it an error or oversight on their part.
PS: I've had 'discussions' with the PHP web people about problems with the search function and they really don't care.
PS: I've had 'discussions' with the PHP web people about problems with the search function and they really don't care.
ASKER
I am VERY happy there are so many php experts out there in EE Land.
I have told MANY people about EE. Best deal on the planet. I could not live without it.
Richard
I have told MANY people about EE. Best deal on the planet. I could not live without it.
Richard
Dave: I've talked to them, too. My gripe: There is only one input control on any page of the php.net site. So why not learn from Google and put the browser focus on the search input box? Instead, you have to visit the page, locate the search box visually, move your mouse or finger up there and activate the control. Idiotic design.
To their credit, they are trying to improve the documentation and have removed some of the more dangerous and foolish language features at PHP7+
To their credit, they are trying to improve the documentation and have removed some of the more dangerous and foolish language features at PHP7+
After exclusively using the OOP mysqli and affected rows coupled with the fact that a search on php's site for mysqli_num_rows yielded no results, assumed that it did not exist.
Just goes to show there is always something to learn and never make assumptions.
Just goes to show there is always something to learn and never make assumptions.
Worse than that, if you click in the search box too quick, the page takes the focus to something else and you have to click there again. Almost all of the 'mysqli' OOP functions have a procedural equivalent. For us lazy people.
Almost all of the 'mysqli' OOP functions have a procedural equivalentI know but I usually setup a $mysqli object that I inject all over the place I use that to do
$mysqli->affected_rows
Which gives the same values as $result->num_rows (if you happen to have a result) - but I never use the latter so had to rely on PHP search to check for existence and ... we know the rest.
1. adding a line above the given code (but after the <?php tag) with
Open in new window
in case that helps show what's happening2. checking any htaccess files that might call other files, to find out which code is really being run