Advanced search  

News:

cpg1.5.44 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter recently discovered vulnerabilities. It is important that all users who run version cpg1.5.42 or older update to this latest version as soon as possible.
[more]

Pages: [1] 2   Go Down

Author Topic: Registration, critical error  (Read 11022 times)

0 Members and 1 Guest are viewing this topic.

cyberdyne2

  • Coppermine regular visitor
  • **
  • Country: gb
  • Offline Offline
  • Posts: 75
Registration, critical error
« on: March 19, 2013, 06:37:19 PM »

The registration process of my gallery is resulting in a critical error. Only registration appears to cause the issue, I'm not experiencing it anywhere else.

Quote
Critical error
Script called without the required parameter(s). (username)

Website is -- www.londonallstars.co.uk/gallery

Username is: testing
Password is: testing

Debug mode is enabled.

Any help greatly appreciated.
Thank you.
Logged
v.1.5.22

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15268
Re: Registration, critical error
« Reply #1 on: March 20, 2013, 10:17:48 AM »

Please upgrade to the latest stable release (currently cpg1.5.22) and report if the issue still exists.
Logged

cyberdyne2

  • Coppermine regular visitor
  • **
  • Country: gb
  • Offline Offline
  • Posts: 75
Re: Registration, critical error
« Reply #2 on: March 20, 2013, 01:30:11 PM »

I hadn't done so as the release states it is not essential. I will do so though.
Are you aware that the date for the new update is wrong on the news section?
Quote
2011-08-01: cpg1.5.22 has been released. It fixes various issues, so all users of the cpg1.5.x series are encouraged to upgrade. The upgrade is not security-related.
Logged
v.1.5.22

cyberdyne2

  • Coppermine regular visitor
  • **
  • Country: gb
  • Offline Offline
  • Posts: 75
Re: Registration, critical error
« Reply #3 on: March 20, 2013, 02:10:35 PM »

I am about to upgrade but wanted to add that I just noticed the following in my Coppermine database logs:

Quote
While executing query 'SELECT cid FROM cpg_categories WHERE lft BETWEEN AND ' in include/functions.inc.php on line 54 the following error was encountered:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND' at line 1
Logged
v.1.5.22

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15268
Re: Registration, critical error
« Reply #4 on: March 20, 2013, 02:24:25 PM »

Are you aware that the date for the new update is wrong on the news section?
Fixed. Thanks.
Logged

cyberdyne2

  • Coppermine regular visitor
  • **
  • Country: gb
  • Offline Offline
  • Posts: 75
Re: Registration, critical error
« Reply #5 on: March 20, 2013, 02:39:17 PM »

OK update. Process seemed to go well but still receiving error on registration:

Quote
Critical error
Script called without the required parameter(s). (username)

File: [removed]/gallery/register.php - Line: 460

Site details remain as above.
« Last Edit: March 20, 2013, 09:02:30 PM by Αndré »
Logged
v.1.5.22

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15268
Re: Registration, critical error
« Reply #6 on: March 20, 2013, 02:58:26 PM »

Please open register.php, find
Code: [Select]
$user_name = trim(get_post_var('username'));and above, add
Code: [Select]
print_r($superCage->post->_source);print_r(trim($superCage->post->getEscaped('username')));pagefooter();die();
This won't fix your issue but prints the content of POST data. After you confirm to you have applied the change I'll try again to register in your gallery to see the new output.
Logged

cyberdyne2

  • Coppermine regular visitor
  • **
  • Country: gb
  • Offline Offline
  • Posts: 75
Re: Registration, critical error
« Reply #7 on: March 20, 2013, 03:02:27 PM »

Change made.

My output after the change was:
Code: [Select]
Array ( [username] => NewUser [password] => password [password_verification] => password [email] => test@fu.fu [user_profile1] => none [user_profile2] => none [agree] => 1 [confirmCode] => WPTRE [submit] => Submit registration )
Logged
v.1.5.22

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15268
Re: Registration, critical error
« Reply #8 on: March 20, 2013, 03:03:32 PM »

Please replace the new line with
Code: [Select]
print_r($superCage->post->_source);print_r($superCage->post->getRaw('username'));pagefooter();die();
Logged

cyberdyne2

  • Coppermine regular visitor
  • **
  • Country: gb
  • Offline Offline
  • Posts: 75
Re: Re: Registration, critical error
« Reply #9 on: March 20, 2013, 03:04:51 PM »

Please replace the new line with
Code: [Select]
print_r($superCage->post->_source);print_r($superCage->post->getRaw('username'));pagefooter();die();

Done.
Logged
v.1.5.22

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15268
Re: Registration, critical error
« Reply #10 on: March 20, 2013, 03:55:18 PM »

It seems that there's an issue with the getEscaped method, the trim function or their combination.

Please replace the new line one more time with the following lines:
Code: [Select]
    echo "<hr />trim(getEscaped): ";print_r(trim($superCage->post->getEscaped('username')));
    echo "<hr />getEscaped: ";print_r($superCage->post->getEscaped('username'));
    echo "<hr />trim(getRaw): ";print_r(trim($superCage->post->getRaw('username')));
    echo "<hr />getRaw: ";print_r($superCage->post->getRaw('username'));
    echo "<hr />";pagefooter();die();
Logged

cyberdyne2

  • Coppermine regular visitor
  • **
  • Country: gb
  • Offline Offline
  • Posts: 75
Re: Re: Registration, critical error
« Reply #11 on: March 20, 2013, 03:58:00 PM »

Please replace the new line one more time with the following lines:
Code: [Select]
    echo "<hr />trim(getEscaped): ";print_r(trim($superCage->post->getEscaped('username')));
    echo "<hr />getEscaped: ";print_r($superCage->post->getEscaped('username'));
    echo "<hr />trim(getRaw): ";print_r(trim($superCage->post->getRaw('username')));
    echo "<hr />getRaw: ";print_r($superCage->post->getRaw('username'));
    echo "<hr />";pagefooter();die();

Done.
Thank you for your time André
Logged
v.1.5.22

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15268
Re: Registration, critical error
« Reply #12 on: March 20, 2013, 04:07:55 PM »

Output is
Quote
trim(getEscaped):
getEscaped:
trim(getRaw): André
getRaw: André
which means that the getEscaped function doesn't work for you. It does basically
Code: [Select]
return mysql_real_escape_string(htmlspecialchars($value, ENT_QUOTES));so lets try to figure out what exactly is wrong.

Updated code:
Code: [Select]
    $_POST = $superCage->post->_source;
    echo "<hr />mysql_real_escape_string(htmlspecialchars({$_POST['username']}, ENT_QUOTES)): ".mysql_real_escape_string(htmlspecialchars($_POST['username'], ENT_QUOTES));
    echo "<hr />htmlspecialchars({$_POST['username']}, ENT_QUOTES): ".htmlspecialchars($_POST['username'], ENT_QUOTES);
    echo "<hr />htmlspecialchars({$_POST['username']}): ".htmlspecialchars($_POST['username']);
    echo "<hr />mysql_real_escape_string({$_POST['username']}): ".mysql_real_escape_string($_POST['username']);
    echo "<hr />";pagefooter();die();
Logged

cyberdyne2

  • Coppermine regular visitor
  • **
  • Country: gb
  • Offline Offline
  • Posts: 75
Re: Re: Registration, critical error
« Reply #13 on: March 20, 2013, 04:09:40 PM »

Updated code:
Code: [Select]
    $_POST = $superCage->post->_source;
    echo "<hr />mysql_real_escape_string(htmlspecialchars({$_POST['username']}, ENT_QUOTES)): ".mysql_real_escape_string(htmlspecialchars($_POST['username'], ENT_QUOTES));
    echo "<hr />htmlspecialchars({$_POST['username']}, ENT_QUOTES): ".htmlspecialchars($_POST['username'], ENT_QUOTES);
    echo "<hr />htmlspecialchars({$_POST['username']}): ".htmlspecialchars($_POST['username']);
    echo "<hr />mysql_real_escape_string({$_POST['username']}): ".mysql_real_escape_string($_POST['username']);
    echo "<hr />";pagefooter();die();

I got the same results.
Update done.
Logged
v.1.5.22

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15268
Re: Registration, critical error
« Reply #14 on: March 20, 2013, 04:16:33 PM »

Quote
mysql_real_escape_string(htmlspecialchars(André, ENT_QUOTES)):
htmlspecialchars(André, ENT_QUOTES): André
htmlspecialchars(André): André
mysql_real_escape_string(André):

If we don't use mysql_real_escape_string it works as expected. What's your PHP version? Do you find anything at the phpinfo about that function?
Logged

cyberdyne2

  • Coppermine regular visitor
  • **
  • Country: gb
  • Offline Offline
  • Posts: 75
Re: Re: Registration, critical error
« Reply #15 on: March 20, 2013, 04:20:23 PM »

If we don't use mysql_real_escape_string it works as expected. What's your PHP version?

PHP Version 5.2.9

Do you find anything at the phpinfo about that function?

Nothing found relating to that, no. I will look again but a search found nothing.
Logged
v.1.5.22

cyberdyne2

  • Coppermine regular visitor
  • **
  • Country: gb
  • Offline Offline
  • Posts: 75
Re: Registration, critical error
« Reply #16 on: March 20, 2013, 04:26:56 PM »

Can I PM you a link to a php info page ?
Logged
v.1.5.22

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15268
Re: Registration, critical error
« Reply #17 on: March 20, 2013, 04:31:22 PM »

Can I PM you a link to a php info page ?
I'll send you my contact details directly after this post. But as I'm not sure if I'll find anything helpful, please also ask your hosting provider what could be wrong with that function in the meanwhile.
Logged

cyberdyne2

  • Coppermine regular visitor
  • **
  • Country: gb
  • Offline Offline
  • Posts: 75
Re: Registration, critical error
« Reply #18 on: March 20, 2013, 04:32:19 PM »

OK, will do. Thank you André
Logged
v.1.5.22

cyberdyne2

  • Coppermine regular visitor
  • **
  • Country: gb
  • Offline Offline
  • Posts: 75
Re: Registration, critical error
« Reply #19 on: March 20, 2013, 05:03:54 PM »

Does this help? I don't know enough about MySql / PHP to know if this alternative code would make a difference.
Thank you.

Quote
Put mysql_connect("host", "user", "pass") or die('save_failed'); before mysql_real_escape_string.

http://stackoverflow.com/questions/7803522/mysql-real-escape-string-works-in-localhost-but-not-on-webserver
Logged
v.1.5.22
Pages: [1] 2   Go Up
 

Page created in 0.081 seconds with 20 queries.