This morning we needed to upgrade PHP on our server. The code that manages BOB sessions (and file attachments) broke due to the upgrade. We believe we have fixed the issue with a temporary patch and will be investigating a more long-term solution.
If you experience any oddities or errors while using BOB please post them in this topic. Thanks.
Im really sorry to just randomly post here, but I dont know what else to do to contact you.
I found this thread because I am having this exact same problem on my forum (blank profile page and error with new registration) so I created an account to ask what you did to fix it because I cant find a solution anywhere. (Or find what the problem is, for that matter.)
I would have just sent a private message asking you, but I apparently dont have enough posts to view your profile.
Again, sorry for butting in, but Im desperate to get this resolved and youre the only person Ive found that has clearly fixed it.
It’s phpBB2.0.14
I don’t want to go past that if possible, because it’s at that version for a reason. It’s sort of a weird situation. This isn’t an ‘active’ forum exactly (or I would be using a newer version) it’s a sort of functioning replica of an older site that used to exist but was eventually upgraded to phpbb3.
There are members using it though, which is why I need the pages working.
If this is an issue caused by a php upgrade (I noticed it after my host notified me that they upgraded the version on their servers) maybe it’s possible to get them to revert my domain to the previous version. If that can be done, do you think that would solve this? (I still don’t know exactly what the problem is.)
How comfortable are you with code changes? If you can download a later version of phpBB2 and look at common.php and compare what you have to what’s in the newer code… you need to find the block of code where they reassign the variables from the new super global variables $_POST and $_GET to $HTTP_POST_VARS and $HTTP_GET_VARS. phpBB2 relies on the older version, and as of the latest php version there is no backwards support for them anymore.
There’s some code from your old version that you will remove / replace with a block of code from the newer file. That should fix it.
If you can’t figure it out, post back, and I’ll try to post specific instructions. But keep in mind that my code is based on an even older version than what you’re running…
I think I found the part you mean, but I compared it with common.php from the last version of phpbb2 (2.0.23) and what I have appears to be the same:
$HTTP_POST_VARS = $_POST;
$HTTP_GET_VARS = $_GET;
// PHP5 with register_long_arrays off?
if (@phpversion() >= '5.0.0' && (!@ini_get('register_long_arrays') || @ini_get('register_long_arrays') == '0' || strtolower(@ini_get('register_long_arrays')) == 'off'))
{
$HTTP_POST_VARS = $_POST;
$HTTP_GET_VARS = $_GET;
$HTTP_SERVER_VARS = $_SERVER;
$HTTP_COOKIE_VARS = $_COOKIE;
$HTTP_ENV_VARS = $_ENV;
$HTTP_POST_FILES = $_FILES;
// _SESSION is the only superglobal which is conditionally set
if (isset($_SESSION))
{
$HTTP_SESSION_VARS = $_SESSION;
}
}
And then you need something like this… in my version I had to drop some code and update it with this as a replacement
// Protect against GLOBALS tricks
if (isset($HTTP_POST_VARS['GLOBALS']) || isset($HTTP_POST_FILES['GLOBALS']) || isset($HTTP_GET_VARS['GLOBALS']) || isset($HTTP_COOKIE_VARS['GLOBALS']))
{
die("Hacking attempt");
}
// Protect against HTTP_SESSION_VARS tricks
if (isset($HTTP_SESSION_VARS) && !is_array($HTTP_SESSION_VARS))
{
die("Hacking attempt");
}
if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on')
{
// PHP4+ path
$not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS', 'HTTP_ENV_VARS', 'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path');
// Not only will array_merge give a warning if a parameter
// is not an array, it will actually fail. So we check if
// HTTP_SESSION_VARS has been initialised.
if (!isset($HTTP_SESSION_VARS) || !is_array($HTTP_SESSION_VARS))
{
$HTTP_SESSION_VARS = array();
}
// Merge all into one extremely huge array; unset
// this later
$input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES);
unset($input['input']);
unset($input['not_unset']);
while (list($var,) = @each($input))
{
if (in_array($var, $not_unset))
{
die('Hacking attempt!');
}
unset($$var);
}
unset($input);
}
This all goes right before the code that checks the magic quotes setting.
Can you log in? Without those changes I could not even log in.
Oh! I do remember one other change in the profile page. There was one function call that had to be updated. It was usercp_register.php. There is one of the functions related to selecting avatars where a parameter was passed by reference (with the & sign) and it’s no longer allowed in the latest version. I took it out, because we don’t really use avatars here it didn’t matter.
I can log in, yes. The only page that is failing is profile.php either at profile.php?mode=editprofile or profile.php?mode=register
Im not familiar enough with how php works to know for sure, but I think I may have found the problem. It might be a different one than you had, though its strange that if it is it had the same effects.
After the server upgrade I noticed that the profile pages of forum members were also failing to load. I was able to fix this by commenting out the lines
global $cm_viewprofile;
$cm_viewprofile->post_vars($template,$profiledata,$userdata);
in usercp_viewprofile.php
Looking through profile.php, the other page that isnt loading, I see one of the first things the code does is
define('CM_VIEWPROFILE',true);
That looks to me (but again, I dont know enough about it to be sure) that its trying to refer to the first mention of cm_viewprofile, which is no longer visible because I commented it out in the other file.
If thats whats happening, then that should be what the problem is here, shouldnt it? It would explain why the page isnt throwing an error I think and simply failing to load the content.
From what I remember, CM_ is the prefix used by the Cash MOD. It’s not part of the standard code, and I don’t use anything like that here.
The “define” statement is simply used to create a constant that can be checked later on. The profile code is used to view a profile, register, or edit a profile. It loads different code based on what function is passed. But I don’t think that line is your issue.
I think what I did to figure out what was going on was to increase the level for error reporting, so that the page reported every single issue, whether it was an actual error or just a warning. That finally helped me figure out what was wrong with my page.
So you have shell access to your server? If not, how do you test code?
Yes, I have a few mods installed. I thought the problem was with one of them at first, but then I saw several other sites noting the same problem and not all of them seemed to have mods, and then I found you having the same problem and you definitely dont. So I think I was having two issues, one with the mod, which is fixed now, and then this profile.php one which I still dont know the cause of.
I do not have server access. When Ive had problems in the past I was able to locate and fix the issue by using the error reporting available to me. If there is an error being thrown here, its beyond my visibility level. As I said Im not getting any errors, the page is simply not loading. Actually it is loading, I think, but it only displays a blank white page instead of any content.
Ill make sure all reporting options I have are on and see if theres anything Ive been missing.
We are so far beyond the standard phpBB2 code it’s silly. I haven’t installed many standard modifications, but I have done extensive rewrites on my own. So yeah, we’re modded.