This morning we needed to upgrade PHP on our server. The code that manages BOB sessions (and file attachments) broke due to the upgrade. We believe we have fixed the issue with a temporary patch and will be investigating a more long-term solution.
If you experience any oddities or errors while using BOB please post them in this topic. Thanks.
Bob (BOB member since 2002-06-06)
I’m having problems editing my profile. When I click on “Profile”, I get an empty page.
Could the upgrade be the culprit?
Judy
JMulders 
(BOB member since 2002-06-20)
Yes, thanks. I will take a look.
Dave Rathbun (BOB member since 2002-06-06)
Thanks Dave. Just in case you need it, here’s the troublesome URL:
(link removed)
Judy
JMulders (BOB member since 2002-06-20)
No, I know what you mean. 
I won’t be able to look more at it until tomorrow (Saturday) afternoon though.
Dave Rathbun (BOB member since 2002-06-06)
The same issue - whatever it is - is also preventing new users from registering. I hope to get it addressed this weekend.
[Edit] Sometimes it just takes a different approach. I think it’s fixed now. [/Edit]
Dave Rathbun (BOB member since 2002-06-06)
This post is directed at Dave Rathbun:
Im really sorry to just randomly post here, but I dont know what else to do to contact you.
I found this thread because I am having this exact same problem on my forum (blank profile page and error with new registration) so I created an account to ask what you did to fix it because I cant find a solution anywhere. (Or find what the problem is, for that matter.)
I would have just sent a private message asking you, but I apparently dont have enough posts to view your profile.
Again, sorry for butting in, but Im desperate to get this resolved and youre the only person Ive found that has clearly fixed it.
drawup (BOB member since 2014-04-10)
The later versions of phpBB2 already have code in place to fix this. What base version are you using?
Dave Rathbun (BOB member since 2002-06-06)
It’s phpBB2.0.14
I don’t want to go past that if possible, because it’s at that version for a reason. It’s sort of a weird situation. This isn’t an ‘active’ forum exactly (or I would be using a newer version) it’s a sort of functioning replica of an older site that used to exist but was eventually upgraded to phpbb3.
There are members using it though, which is why I need the pages working.
If this is an issue caused by a php upgrade (I noticed it after my host notified me that they upgraded the version on their servers) maybe it’s possible to get them to revert my domain to the previous version. If that can be done, do you think that would solve this? (I still don’t know exactly what the problem is.)
drawup (BOB member since 2014-04-10)
How comfortable are you with code changes? If you can download a later version of phpBB2 and look at common.php and compare what you have to what’s in the newer code… you need to find the block of code where they reassign the variables from the new super global variables $_POST and $_GET to $HTTP_POST_VARS and $HTTP_GET_VARS. phpBB2 relies on the older version, and as of the latest php version there is no backwards support for them anymore.
There’s some code from your old version that you will remove / replace with a block of code from the newer file. That should fix it.
If you can’t figure it out, post back, and I’ll try to post specific instructions. But keep in mind that my code is based on an even older version than what you’re running…
Dave Rathbun (BOB member since 2002-06-06)
I think I found the part you mean, but I compared it with common.php from the last version of phpbb2 (2.0.23) and what I have appears to be the same:
$HTTP_POST_VARS = $_POST;
$HTTP_GET_VARS = $_GET;
drawup (BOB member since 2014-04-10)
Here’s the code you need to include:
// PHP5 with register_long_arrays off?
if (@phpversion() >= '5.0.0' && (!@ini_get('register_long_arrays') || @ini_get('register_long_arrays') == '0' || strtolower(@ini_get('register_long_arrays')) == 'off'))
{
$HTTP_POST_VARS = $_POST;
$HTTP_GET_VARS = $_GET;
$HTTP_SERVER_VARS = $_SERVER;
$HTTP_COOKIE_VARS = $_COOKIE;
$HTTP_ENV_VARS = $_ENV;
$HTTP_POST_FILES = $_FILES;
// _SESSION is the only superglobal which is conditionally set
if (isset($_SESSION))
{
$HTTP_SESSION_VARS = $_SESSION;
}
}And then you need something like this… in my version I had to drop some code and update it with this as a replacement
// Protect against GLOBALS tricks
if (isset($HTTP_POST_VARS['GLOBALS']) || isset($HTTP_POST_FILES['GLOBALS']) || isset($HTTP_GET_VARS['GLOBALS']) || isset($HTTP_COOKIE_VARS['GLOBALS']))
{
die("Hacking attempt");
}
// Protect against HTTP_SESSION_VARS tricks
if (isset($HTTP_SESSION_VARS) && !is_array($HTTP_SESSION_VARS))
{
die("Hacking attempt");
}
if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on')
{
// PHP4+ path
$not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS', 'HTTP_ENV_VARS', 'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path');
// Not only will array_merge give a warning if a parameter
// is not an array, it will actually fail. So we check if
// HTTP_SESSION_VARS has been initialised.
if (!isset($HTTP_SESSION_VARS) || !is_array($HTTP_SESSION_VARS))
{
$HTTP_SESSION_VARS = array();
}
// Merge all into one extremely huge array; unset
// this later
$input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES);
unset($input['input']);
unset($input['not_unset']);
while (list($var,) = @each($input))
{
if (in_array($var, $not_unset))
{
die('Hacking attempt!');
}
unset($$var);
}
unset($input);
}This all goes right before the code that checks the magic quotes setting.
Dave Rathbun (BOB member since 2002-06-06)
I found those sections and made the changes, but the profile.php pages are still blank for editing and registration.
drawup (BOB member since 2014-04-10)
Can you log in? Without those changes I could not even log in.
Oh! I do remember one other change in the profile page. There was one function call that had to be updated. It was usercp_register.php. There is one of the functions related to selecting avatars where a parameter was passed by reference (with the & sign) and it’s no longer allowed in the latest version. I took it out, because we don’t really use avatars here it didn’t matter.
Dave Rathbun (BOB member since 2002-06-06)
I can log in, yes. The only page that is failing is profile.php either at profile.php?mode=editprofile or profile.php?mode=register
Im not familiar enough with how php works to know for sure, but I think I may have found the problem. It might be a different one than you had, though its strange that if it is it had the same effects.
After the server upgrade I noticed that the profile pages of forum members were also failing to load. I was able to fix this by commenting out the lines
global $cm_viewprofile;
$cm_viewprofile->post_vars($template,$profiledata,$userdata);in usercp_viewprofile.php
Looking through profile.php, the other page that isnt loading, I see one of the first things the code does is
define('CM_VIEWPROFILE',true);That looks to me (but again, I dont know enough about it to be sure) that its trying to refer to the first mention of cm_viewprofile, which is no longer visible because I commented it out in the other file.
If thats whats happening, then that should be what the problem is here, shouldnt it? It would explain why the page isnt throwing an error I think and simply failing to load the content.
drawup (BOB member since 2014-04-10)
From what I remember, CM_ is the prefix used by the Cash MOD. It’s not part of the standard code, and I don’t use anything like that here.
The “define” statement is simply used to create a constant that can be checked later on. The profile code is used to view a profile, register, or edit a profile. It loads different code based on what function is passed. But I don’t think that line is your issue.
I think what I did to figure out what was going on was to increase the level for error reporting, so that the page reported every single issue, whether it was an actual error or just a warning. That finally helped me figure out what was wrong with my page.
So you have shell access to your server? If not, how do you test code?
Dave Rathbun (BOB member since 2002-06-06)
Yes, I have a few mods installed. I thought the problem was with one of them at first, but then I saw several other sites noting the same problem and not all of them seemed to have mods, and then I found you having the same problem and you definitely dont. So I think I was having two issues, one with the mod, which is fixed now, and then this profile.php one which I still dont know the cause of.
I do not have server access. When Ive had problems in the past I was able to locate and fix the issue by using the error reporting available to me. If there is an error being thrown here, its beyond my visibility level. As I said Im not getting any errors, the page is simply not loading. Actually it is loading, I think, but it only displays a blank white page instead of any content.
Ill make sure all reporting options I have are on and see if theres anything Ive been missing.
drawup (BOB member since 2014-04-10)
We are so far beyond the standard phpBB2 code it’s silly. I haven’t installed many standard modifications, but I have done extensive rewrites on my own. So yeah, we’re modded.
Do you have ftp access then?
Dave Rathbun (BOB member since 2002-06-06)
I do have ftp.
I found a debug option that was off and turned it on, but Im still not getting any error, just a blank page.
drawup (BOB member since 2014-04-10)
Can I send you an email? Would be easier than continuing in this topic…
Dave Rathbun (BOB member since 2002-06-06)