The craziest error message ever !!

k994519

HI guys the error is

Security Alert! The PHP CGI cannot be accessed directly.
This PHP CGI binary was compiled with force-cgi-redirect enabled. This means that a page will only be served up if the REDIRECT_STATUS CGI variable is set, e.g. via an Apache Action directive.

For more information as to why this behaviour exists, see the manual page for CGI security.

For more information about changing this behaviour or re-enabling this webserver, consult the installation file that came with this distribution, or visit the manual page.

However I dont believe it should be a security issue

here is my code

<?php 
session_start();
header("Cache-control: private");
include_once("config.php");
include_once("forms.php");
echo ("<title>Kingston University</title>");
$page_title = "Admin: Add user";
include_once("start_page_login.php");
doCSS();

print("<CENTER><h1>Welcome to the admin page <b>".$_SESSION["login"]."</h1></b></CENTER><br>\n");
include_once("start_page_admin.php");
print subtitle("<center><H1>View questions</H1></center>");
include_once("start_page_test.php");
?>
<form method="POST" action="view_staff.php"> 
<CENTER>Enter Staff ID Number:<input type="text" name="staff">&nbsp; <input type="submit"> </CENTER>
</form>

which leads to this view_staff.php, the code is pretty self explany

the first variable staff is recied which loads up the fields below
the user can make changes to the field and clicks submit it it
should update the database but that is when i get the error message

<?php
if(isset($_POST['staff']))
	{
	 field_validator("staff", $_POST["staff"], "number", 1,7);

if( !($row =  check_id($_POST['staff'])) )

	{
    // Staff ID does not exist, create an error message: 
		$messages[]="  Staff ID does not exist please, try again";
	}			

}

if(empty($messages))
	{

	print("<BR><BR><BR><BR><BR><BR>");
	// begin the survey form.
print start_form();

// get the current survey questions from the database and display
// them to the user for voting.

print subtitle("<CENTER>Start the ***:</CENTER>");

# field_validator($field_descr, $field_data, $field_type, $min_length="", $max_length="", $field_required=1) {

				//print "staff details modified to system";

				$query3 = "select * from staff where staff_id='$staff'"; 
				$result = mysql_query($query); 
				//will work. then to put all the results in textboxes 
				// Run query:
				$result=mysql_query($query3, $link) or die("MySQL query $query failed.  Error if anyzzzz: ".mysql_error());
				$data = mysql_fetch_array($result); 

				print "<center>";

				print"<H3>Edit details of staff memeber <H3>";
				print"<table>";?> 
				<form action="<?=$_SERVER["PHP_SELF"]?>" method="POST"><?


				print"<TABLE>";
				print "<input type=\"text\" name=\"staff_id\" value=\"{$data[0]}\"><br />\n"; 
				echo "</tr>";
				echo "<input type=\"text\" name=\"first_name\" value=\"{$data[1]}\"><br />\n"; 

				echo "<input type=\"text\" name=\"last_name\" value=\"{$data[2]}\"><br />\n"; 

				echo "<input type=\"text\" name=\"faulty_id\" value=\"{$data[3]}\"><br />\n"; 

				echo "<input type=\"text\" name=\"date_started\" value=\"{$data[4]}\"><br />\n"; 

				echo"<input type=\"text\" name=\"group_id\" value=\"{$data[5]}\"><br />\n"; 
				?>
				<input name="submit" type="submit" value="Submit">");
				</TABLE>
				</center>
				</form>
			<?php
}
else 
{
		displayErrors($messages);
		echo"<CENTER>click back to try again</CENTER>";
}	


if(isset($_POST["submit"])) 
{  

     field_validator("staff_id", $_POST["staff_id"], "alphanumeric", 4, 15);

field_validator("first_name", $_POST["first_name"], "string", 4, 35);

field_validator("last_name", $_POST["last_name"], "string", 3,35);

field_validator("faulty_id", $_POST["faulty_id"], "number", 3,7);

field_validator("date_started", $_POST["date_started"], "string", 8,12 );

field_validator("group_id", $_POST["group_id"], "number", 1,2 );

// build query:
$query="SELECT staff_id FROM staff WHERE staff_id="$staff";

// Run query:
$result=mysql_query($query, $link) or die("MySQL query $query failed.  Error if any: ".mysql_error());


// If a row exists with that username, issue an error message:
	if( ($row=mysql_fetch_array($result)) )
		{
		$messages[]="staff_id\"".$_POST["staff_id"]."\" already exists.  Try another.";
		}


			$query1="update staff SET first_name='$first_name',last_name='$last_name', `faulty_id`='$faulty_id', `date_started`='$date_started', `group_id`='$group_id' WHERE staff_id='$staff'";
if(empty($messages))
{
				$result=mysql_query($query1, $link) or die ("died on updating staff details1. error returned if any:" .mysql_error()); 
print "done it"; 

}   

else 
{
		displayErrors($messages);
echo"<CENTER>click back to try again update errpr </CENTER>";
	}	
?>

k994519

Please someone help

drew010

be sure to set
cgi.force_redirect = 0
in your php.ini file.

k994519

Hi drew

Ive tried what you have said but i am still getting that error

mtimdog

Did you restart the server after you changed the php.ini file?

k994519

No......
eek
lemme try that now!!!!

k994519

Same error!!!

Please Someone help !!!!

k994519

I removed all the coding for the submit button so the button should do nothing

but it gives me the same error

PLEASE HELP

PLEASE