forum.coppermine-gallery.net

Support => cpg1.5.x Support => cpg1.5 miscellaneous => Topic started by: cyberdyne2 on March 19, 2013, 05:37:19 pm

Title: Registration, critical error
Post by: cyberdyne2 on March 19, 2013, 05:37:19 pm
The registration process of my gallery is resulting in a critical error. Only registration appears to cause the issue, I'm not experiencing it anywhere else.

Quote
Critical error
Script called without the required parameter(s). (username)

Website is -- www.londonallstars.co.uk/gallery

Username is: testing
Password is: testing

Debug mode is enabled.

Any help greatly appreciated.
Thank you.
Title: Re: Registration, critical error
Post by: Αndré on March 20, 2013, 09:17:48 am
Please upgrade to the latest stable release (currently cpg1.5.22) and report if the issue still exists.
Title: Re: Registration, critical error
Post by: cyberdyne2 on March 20, 2013, 12:30:11 pm
I hadn't done so as the release states it is not essential. I will do so though.
Are you aware that the date for the new update is wrong on the news section?
Quote
2011-08-01: cpg1.5.22 has been released. It fixes various issues, so all users of the cpg1.5.x series are encouraged to upgrade. The upgrade is not security-related.
Title: Re: Registration, critical error
Post by: cyberdyne2 on March 20, 2013, 01:10:35 pm
I am about to upgrade but wanted to add that I just noticed the following in my Coppermine database logs:

Quote
While executing query 'SELECT cid FROM cpg_categories WHERE lft BETWEEN AND ' in include/functions.inc.php on line 54 the following error was encountered:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND' at line 1
Title: Re: Registration, critical error
Post by: Αndré on March 20, 2013, 01:24:25 pm
Are you aware that the date for the new update is wrong on the news section?
Fixed. Thanks.
Title: Re: Registration, critical error
Post by: cyberdyne2 on March 20, 2013, 01:39:17 pm
OK update. Process seemed to go well but still receiving error on registration:

Quote
Critical error
Script called without the required parameter(s). (username)

File: [removed]/gallery/register.php - Line: 460

Site details remain as above.
Title: Re: Registration, critical error
Post by: Αndré on March 20, 2013, 01:58:26 pm
Please open register.php, find
Code: [Select]
$user_name = trim(get_post_var('username'));and above, add
Code: [Select]
print_r($superCage->post->_source);print_r(trim($superCage->post->getEscaped('username')));pagefooter();die();
This won't fix your issue but prints the content of POST data. After you confirm to you have applied the change I'll try again to register in your gallery to see the new output.
Title: Re: Registration, critical error
Post by: cyberdyne2 on March 20, 2013, 02:02:27 pm
Change made.

My output after the change was:
Code: [Select]
Array ( [username] => NewUser [password] => password [password_verification] => password [email] => test@fu.fu [user_profile1] => none [user_profile2] => none [agree] => 1 [confirmCode] => WPTRE [submit] => Submit registration )
Title: Re: Registration, critical error
Post by: Αndré on March 20, 2013, 02:03:32 pm
Please replace the new line with
Code: [Select]
print_r($superCage->post->_source);print_r($superCage->post->getRaw('username'));pagefooter();die();
Title: Re: Re: Registration, critical error
Post by: cyberdyne2 on March 20, 2013, 02:04:51 pm
Please replace the new line with
Code: [Select]
print_r($superCage->post->_source);print_r($superCage->post->getRaw('username'));pagefooter();die();

Done.
Title: Re: Registration, critical error
Post by: Αndré on March 20, 2013, 02:55:18 pm
It seems that there's an issue with the getEscaped method, the trim function or their combination.

Please replace the new line one more time with the following lines:
Code: [Select]
    echo "<hr />trim(getEscaped): ";print_r(trim($superCage->post->getEscaped('username')));
    echo "<hr />getEscaped: ";print_r($superCage->post->getEscaped('username'));
    echo "<hr />trim(getRaw): ";print_r(trim($superCage->post->getRaw('username')));
    echo "<hr />getRaw: ";print_r($superCage->post->getRaw('username'));
    echo "<hr />";pagefooter();die();
Title: Re: Re: Registration, critical error
Post by: cyberdyne2 on March 20, 2013, 02:58:00 pm
Please replace the new line one more time with the following lines:
Code: [Select]
    echo "<hr />trim(getEscaped): ";print_r(trim($superCage->post->getEscaped('username')));
    echo "<hr />getEscaped: ";print_r($superCage->post->getEscaped('username'));
    echo "<hr />trim(getRaw): ";print_r(trim($superCage->post->getRaw('username')));
    echo "<hr />getRaw: ";print_r($superCage->post->getRaw('username'));
    echo "<hr />";pagefooter();die();

Done.
Thank you for your time André
Title: Re: Registration, critical error
Post by: Αndré on March 20, 2013, 03:07:55 pm
Output is
Quote
trim(getEscaped):
getEscaped:
trim(getRaw): André
getRaw: André
which means that the getEscaped function doesn't work for you. It does basically
Code: [Select]
return mysql_real_escape_string(htmlspecialchars($value, ENT_QUOTES));so lets try to figure out what exactly is wrong.

Updated code:
Code: [Select]
    $_POST = $superCage->post->_source;
    echo "<hr />mysql_real_escape_string(htmlspecialchars({$_POST['username']}, ENT_QUOTES)): ".mysql_real_escape_string(htmlspecialchars($_POST['username'], ENT_QUOTES));
    echo "<hr />htmlspecialchars({$_POST['username']}, ENT_QUOTES): ".htmlspecialchars($_POST['username'], ENT_QUOTES);
    echo "<hr />htmlspecialchars({$_POST['username']}): ".htmlspecialchars($_POST['username']);
    echo "<hr />mysql_real_escape_string({$_POST['username']}): ".mysql_real_escape_string($_POST['username']);
    echo "<hr />";pagefooter();die();
Title: Re: Re: Registration, critical error
Post by: cyberdyne2 on March 20, 2013, 03:09:40 pm
Updated code:
Code: [Select]
    $_POST = $superCage->post->_source;
    echo "<hr />mysql_real_escape_string(htmlspecialchars({$_POST['username']}, ENT_QUOTES)): ".mysql_real_escape_string(htmlspecialchars($_POST['username'], ENT_QUOTES));
    echo "<hr />htmlspecialchars({$_POST['username']}, ENT_QUOTES): ".htmlspecialchars($_POST['username'], ENT_QUOTES);
    echo "<hr />htmlspecialchars({$_POST['username']}): ".htmlspecialchars($_POST['username']);
    echo "<hr />mysql_real_escape_string({$_POST['username']}): ".mysql_real_escape_string($_POST['username']);
    echo "<hr />";pagefooter();die();

I got the same results.
Update done.
Title: Re: Registration, critical error
Post by: Αndré on March 20, 2013, 03:16:33 pm
Quote
mysql_real_escape_string(htmlspecialchars(André, ENT_QUOTES)):
htmlspecialchars(André, ENT_QUOTES): André
htmlspecialchars(André): André
mysql_real_escape_string(André):

If we don't use mysql_real_escape_string (http://www.php.net/manual/en/function.mysql-real-escape-string.php) it works as expected. What's your PHP version? Do you find anything at the phpinfo (http://www.londonallstars.co.uk/gallery/phpinfo.php) about that function?
Title: Re: Re: Registration, critical error
Post by: cyberdyne2 on March 20, 2013, 03:20:23 pm
If we don't use mysql_real_escape_string (http://www.php.net/manual/en/function.mysql-real-escape-string.php) it works as expected. What's your PHP version?

PHP Version 5.2.9

Do you find anything at the phpinfo (http://www.londonallstars.co.uk/gallery/phpinfo.php) about that function?

Nothing found relating to that, no. I will look again but a search found nothing.
Title: Re: Registration, critical error
Post by: cyberdyne2 on March 20, 2013, 03:26:56 pm
Can I PM you a link to a php info page ?
Title: Re: Registration, critical error
Post by: Αndré on March 20, 2013, 03:31:22 pm
Can I PM you a link to a php info page ?
I'll send you my contact details directly after this post. But as I'm not sure if I'll find anything helpful, please also ask your hosting provider what could be wrong with that function in the meanwhile.
Title: Re: Registration, critical error
Post by: cyberdyne2 on March 20, 2013, 03:32:19 pm
OK, will do. Thank you André
Title: Re: Registration, critical error
Post by: cyberdyne2 on March 20, 2013, 04:03:54 pm
Does this help? I don't know enough about MySql / PHP to know if this alternative code would make a difference.
Thank you.

Quote
Put mysql_connect("host", "user", "pass") or die('save_failed'); before mysql_real_escape_string.

http://stackoverflow.com/questions/7803522/mysql-real-escape-string-works-in-localhost-but-not-on-webserver
Title: Re: Registration, critical error
Post by: cyberdyne2 on March 20, 2013, 05:53:01 pm
I had no luck with the server host unfortunately André. Their reply was as follows:
Quote
I am not aware of any server changes that would have affected this function, and we have not had any similar reports of problems with this function from other users on that shared server. If it does not affect site functionality or security in anyway, I would suggest you stick with the alternate approach that was show to work in the support thread while you are establishing if there is a cause in the application for this.
Reading the link referenced at http://stackoverflow.com/questions/7803522/mysql-real-escape-string-works-in-localhost-but-not-on-webserver I am wondering if you would need to make sure you are opening the database connection prior to calling the 'mysql_real_escape_string'. You might want to check if you
are connecting via localhost or by the external IP. If you are using the external IP, maybe switching to localhost might make a difference?

Any idea where I can get help to fix this please?
Title: Re: Registration, critical error
Post by: Αndré on March 20, 2013, 07:34:52 pm
Coppermine is already connected to the database at this point, so I don't think it will solve your issue. But you could try to add $CONFIG['LINK_ID'] as link_identifier to the mysql_real_escape_string function in include/inspekt.php. This means, find
Code: [Select]
            return mysql_real_escape_string(htmlspecialchars($value, ENT_QUOTES));and replace with
Code: [Select]
            global $CONFIG;
            return mysql_real_escape_string(htmlspecialchars($value, ENT_QUOTES), $CONFIG['LINK_ID']);
(untested).
Title: Re: Re: Registration, critical error
Post by: cyberdyne2 on March 20, 2013, 07:51:04 pm
Coppermine is already connected to the database at this point, so I don't think it will solve your issue. But you could try to add $CONFIG['LINK_ID'] as link_identifier to the mysql_real_escape_string function in include/inspekt.php. This means, find
Code: [Select]
            return mysql_real_escape_string(htmlspecialchars($value, ENT_QUOTES));and replace with
Code: [Select]
            global $CONFIG;
            return mysql_real_escape_string(htmlspecialchars($value, ENT_QUOTES), $CONFIG['LINK_ID']);
(untested).

Αndré, thank you so much, this did in fact solve the problem and all seems well now.
Again, thank you very much for your time.
Title: Re: Registration, critical error
Post by: Αndré on March 20, 2013, 07:57:23 pm
It seems that you're the first problem facing this issue. However, as I don't think it will harm anything, this change will probably be a part of the next release of cpg1.5.x.
Title: Re: Re: Registration, critical error
Post by: cyberdyne2 on March 20, 2013, 07:59:31 pm
It seems that you're the first problem facing this issue. However, as I don't think it will harm anything, this change will probably be a part of the next release of cpg1.5.x.

I'm glad to hear that if nothing else I manage to uncover a possible bug :)

If possible, would you be able to remove my directory name (between /home/ and public_html/) from my previous post please?
http://forum.coppermine-gallery.net/index.php/topic,76112.msg367364.html#msg367364

Thank you
Title: Re: Registration, critical error
Post by: Αndré on March 20, 2013, 08:02:40 pm
Path removed.
Title: Re: Re: Registration, critical error
Post by: cyberdyne2 on March 20, 2013, 08:03:55 pm
Path removed.

Thank you André, have a good reast of the week ;)
Title: Re: Registration, critical error
Post by: Αndré on April 10, 2013, 01:37:07 pm
Committed fix in SVN revision 8550.
Title: Re: Registration, critical error
Post by: Αndré on May 22, 2013, 01:23:32 pm
As the above change breaks the installer for me, I replaced the code with
Code: [Select]
            global $CONFIG;
            if ($CONFIG['LINK_ID']) {
                return mysql_real_escape_string(htmlspecialchars($value, ENT_QUOTES), $CONFIG['LINK_ID']);
            } else {
                return mysql_real_escape_string(htmlspecialchars($value, ENT_QUOTES));
            }
in SVN revision 8573.