PHP include migration (again)

Rich_B

Our hosting company (Streamline) have upgraded their servers for php5 and now my php4 coding doesnt work.
Ive looked through various php5 migration help files but cant see anything relating to the 'include()' calls i use that seem to be failing now.

its a very simple bit of code but im stuck as to what to do now. Could someone please take a look and suggest what changes I may need to make to get it to work again?

this is the section that is failing:

<?
switch ($pageid) {
case "1":
include('contactcopy.php');
/ calls old basic contact php insert /
break;
case "2":
include('contact.php');
/ calls latest contact php insert /
break;
case "3":
include('thankyou.php');
/ calls thankyou html insert /
break;
default:
echo "Page not in use - click back on your browser.";

/ back up page for email submissions, will need FTP if required/
/include('standardemail.php'); /
/ calls standard email html insert /
break;
}
?>

case "1" is never used and is only there as a backup should i need to work on case"2" while the site is live.
Users enter this page with pageid=2 which should then call the 'contact.php' include.
What happens since the server upgraded to php5 is it just skips to the default echo "Page not in use - click back on your browser."; catch.

I tried swapping out the include() calls to simplify things further and replaced them with simple echo "this is page 2"; but it still skips to the default "Page not in use".

The actually website and full coding can be seen here:
http://www.winyateshc.co.uk/prescriptions2.php?pageid=2

thanks

laserlight

I am guessing that previously, register_globals was set to On, and now it was set to Off, as is the default in PHP 5.

Instead of using $pageid, use $GET['pageid'] or $REQUEST['pageid']. Remember to check that incoming variables exist before using them with [man]isset[/man] or [man]empty[/man]. Also, remember to use <?php PHP open tags instead of the <? PHP short open tags as they may conflict with <?xml open tags.

In the future, kindly post your well indented PHP code in php bbcode tags.

Rich_B

appologies and thanks.

whats the exact syntax when replacing $pageid with $_GET['pageid']
Its so long ago since i wrote this code, and even then i just modifed some existing code to suit my needs...
like this do you mean?

<!-- start of dynamic page -->  

   <?php
    switch $_GET['pageid'] {
    case "1":
    include('contactcopy.php'); 
            /* calls  old basic contact php insert */ 
    break;
    case "2":  

      include('contact.php'); 
          /*  calls  latest contact php insert */ 
    break;
    case "3":  

    include('thankyou.php'); 
            /* calls  thankyou html insert */ 
    break;    

    default:     

	 echo "Page not in use - click back on your browser.";        

     /* back up page for email submissions, will need FTP if required*/
     /*include('standardemail.php'); */ 
        /* calls standard email html insert */ 
break;
}
   ?>     

 <!-- end of dynamic page goes here -->

laserlight

I might write that as:

<?php
$pageid = isset($_GET['pageid']) ? $_GET['pageid'] : null;
switch ($pageid) {
case "1":
    include 'contactcopy.php';
    /* calls  old basic contact php insert */
    break;
case "2":
    include 'contact.php';
    /* calls  latest contact php insert */
    break;
case "3":
    include 'thankyou.php';
    /* calls  thankyou html insert */
    break;
default:
    echo "Page not in use - click back on your browser.";

/* back up page for email submissions, will need FTP if required*/
/*include('standardemail.php'); */
/* calls standard email html insert */
}
?>

Rich_B

thanks.. that works.

now it falls over at the error checks!
Its saying all the fields have not been correctly completed even if they have.
please see http://www.winyateshc.co.uk/sendeail.php

so much for PHP5 being backwards compatible. I cant believe how much trouble this is causing, our patients are going mad as they can not submit prescription requests any longer.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<title>Prescription request - processing</title>

<script>

<!--
  active9 = new Image(26,26);
 active9.src = "RBbut9b.jpg";
 inactive9 = new Image(26,26);
 inactive9.src = "RBbut9a.jpg";
//-->

</script>
<style><!--a:hover{color:#000080; text-decoration:underline; }--></style>
<style><!--a{text-decoration:none}; //--></style>

</head>
<body>


<?php
$isformvalid = true;
if((!$visitormail == "" && (!strstr($visitormail,"@") || !strstr($visitormail,"."))) || (empty($visitor)) || (empty($visitormail)) || (empty($notes)) || (empty($dobday) || empty($dobmonth) || empty($dobyear)) ) 
{
$isformvalid = false;
include('emailerror.php'); 
   /* calls  emailerror page insert if any field is invalid */ 
}

$todayis = date("l, F j, Y, g:i a") ;

$attn = "Repeat prescription request"; 

$subject = $attn; 

$notes = stripcslashes($notes); 

$message = "$todayis [EST] \n

From: $visitor ($visitormail)\n
DOB: $dobday $dobmonth $dobyear\n

Medication: $notes \n 



Additional Info : IP = $ip \n
Browser Info: $httpagent \n
Referral : $httpref \n
";

if($isformvalid == true) { 
$from = "From: $visitormail\r\n";
mail("prescriptions@winyateshc.co.uk", $subject, $message, $from);
include('formcorrect.php'); 
   /* calls form correct page insert */ 
}
?>

</body>
</html>

laserlight

now it falls over at the error checks!

What are the errors?

so much for PHP5 being backwards compatible. I cant believe how much trouble this is causing, our patients are going mad as they can not submit prescription requests any longer.

It is (for the most part). In this case the problem is a change in the configuration setting. By default PHP 5 gives a better configuration of php.ini, but of course this means that the PHP 4 code may not work as is. You can choose to either change the setting (and potentially expose yourself to variable poisoning, in this case), or change the code (which is safer, but means more work and possibly the introduction of bugs if you are not careful).

Rich_B

screenshot of the errors

its giving false negatives here. Doesnt matter what you enter in the fields on this page http://www.winyateshc.co.uk/prescriptions2.php?pageid=2
it will always call the $isformvalid = false; include('emailerror.php');
interestingly as you can see in the screenshot no values are being passed/assigned otherwise these would be displayed in the summary where it instead states "please re-check!"

<?php
$isformvalid = true;
if((!$visitormail == "" && (!strstr($visitormail,"@") || !strstr($visitormail,"."))) || (empty($visitor)) || (empty($visitormail)) || (empty($notes)) || (empty($dobday) || empty($dobmonth) || empty($dobyear)) ) 
{
$isformvalid = false;
include('emailerror.php'); 
   /* calls  emailerror page insert if any field is invalid */ 
}

This was my first ever attempt at PHP when i wrote this years ago, a dynamic page works really well for how i need the page to perform. However im begining to wish id written it in static HTML now as i dont have enough PHP knowledge to migrate this page to php5.
i wrote this 'if' statement myself i understand what its doing but not why it no longer works.
I know there are also going to similar problems further down the page after it assigns the values inputed to the variables. Theres another 'if' statement

if($isformvalid == true) { 
$from = "From: $visitormail\r\n";
mail("prescriptions@winyateshc.co.uk", $subject, $message, $from);
include('formcorrect.php'); 
   /* calls form correct page insert */ 
}
?>

thankfully 'formcorrect.php' contains html only so there will be no further problems afterwards.

laserlight

It looks like a variant of the same problem (change in register_globals setting, original code not written to work with register_globals set to Off).

Replace $visitormail with $_POST['visitormail'], assuming the form used the post method. The same applies for the other incoming variables.

Rich_B

thanks, you are as expected absolutely correct.
I finally got a reply from Streamline.net who once i suggested what you had said about register_globals being set to off have confirmed they did switch them off at the weenend. Ive been waiting for an answer from them since monday morning while their 'experts' investigate.

ok thanks.. ill try to implement what youve said.
and then ill need to learn whats going on with the new code as i need to know how it works. Ive no idea about server side settings and how they relate though.

laserlight

Your host was wrong to change such a setting without first informing you, but before you get too upset, read the PHP manual entry on (not) Using Register Globals.

Rich_B

edit think we posted at similar times.. I am reading through the manual thanks, seems to be about initialising attributes before trying to use them, i can see the reasoning behind the changes.. *

im just working through it now.. it seems to get past the validation checks now, although ive not got it to actually work yet. (but i will).

whats the rules regarding $POST ?
for e.g below ive swapped all the incoming variables to use $POST as you said, however further down where the structure of the email itself is set out it still uses just $nameofvariable rather than $POST['nameofvariable'] which fails on syntax...
why is it different? Ive not assigned the input variable to an attribute so why dont i still need to use the $POST method?

<?php
$isformvalid = true;
if((!$_POST['visitormail'] == "" && (!strstr($_POST['visitormail'],"@") || !strstr($_POST['visitormail'],"."))) || (empty($_POST['visitor'])) || (empty($_POST['visitormail'])) || (empty($_POST['notes'])) || (empty($_POST['dobday']) || empty($_POST['dobmonth']) || empty($_POST['dobyear'])) )
{
$isformvalid = false;
include('emailerror.php');
   /* calls  emailerror page insert if any field is invalid */
}

$todayis = date("l, F j, Y, g:i a") ;

$attn = "Repeat prescription request";

$subject = $attn;

$notes = stripcslashes($_POST['notes']);

$message = "$todayis [EST] \n

From: $visitor ($visitormail)\n
DOB: $dob \n

Medication: $notes \n



Additional Info : IP = $ip \n
Browser Info: $httpagent \n
Referral : $httpref \n
";

if($isformvalid == true) {
$from = "From: $visitormail\r\n";
mail("prescriptions@winyateshc.co.uk", $subject, $message, $from);
include('formcorrect.php');
   /* calls form correct page insert */
}
?>

NogDog

There is a work-around, if you do not mind taking the same risks as are inherent with using register_globals: [man]import_request_variables/man

Weedpacket

Rich B wrote:
whats the rules regarding $_POST ?

The same as for any other variable (except that it always has global scope).

it still uses just $nameofvariable rather than $POST['nameofvariable'] which fails on syntax...

It has always been the (ridiculous) case in PHP that inside a quoted string associative array indices should not be quoted. So inside a string it's $POST[nameofvariable], not $_POST['nameofvariable'].

That said, there really ought to be some mechanism in place for checking the validity of the variable's content beyond just checking that it exists. Assigning the contents of $_POST['foo'] to $foo and then working with $foo is quite legitimate.

Rich_B

ah ok.. that wouldve simplified it a little if id assigned the inputs to variables and then called them instead.

it almost works now, the inputs are being passed around. The only problem i have now is its not actually sending the email out. Do i need to make a syntax change to my mail() call below? Ive checked over the php manual here http://www.w3schools.com/php/php_mail.asp and it still seems to meet the criteria stated.
When using the form it 'appears' to complete correctly (doesnt fall over and runs the rest of the scripts).
http://www.winyateshc.co.uk/prescriptions2.php?pageid=2 but we're not receiving the email.

<?php
$isformvalid = true;
if((!$_POST['visitormail'] == "" && (!strstr($_POST['visitormail'],"@") || !strstr($_POST['visitormail'],"."))) || (empty($_POST['visitor'])) || (empty($_POST['visitormail'])) || (empty($_POST['notes'])) || (empty($_POST['dobday']) || empty($_POST['dobmonth']) || empty($_POST['dobyear'])) )
{
$isformvalid = false;
include('emailerror.php');
   /* calls  emailerror page insert if any field is invalid */
}

$todayis = date("l, F j, Y, g:i a") ;

$attn = "Repeat prescription request";

$subject = $attn;

$notes = stripcslashes($_POST['notes']);

$message = "$todayis [EST] \n

From: $_POST[visitor] ($_POST[visitormail])\n
DOB: $dob \n

Medication: $notes \n



Additional Info : IP = $ip \n
Browser Info: $httpagent \n
Referral : $httpref \n
";

if($isformvalid == true) {
$from = "From: $_POST[visitormail]\r\n";
mail("prescriptions@winyateshc.co.uk", $subject, $message, $from);
include('formcorrect.php');
   /* calls form correct page insert */
}
?>

contents of "formcorrect.php" (this scripts displays/works correctly)

					<!-- Prescription request summary screen -->
          <tr>
	   <td valign="top">
            <p align="center">
		<font face="Arial, Helvetica, sans-serif" size="2" color="#993333">
		<b>Summary of your request</b><br/><br/>
		Date:</font> <?php echo $todayis ?>
		<br />
		<font face="Arial, Helvetica, sans-serif" size="2" color="#993333">
		Name :</font> <?php echo $_POST['visitor'] ?>
		<br />
		<font face="Arial, Helvetica, sans-serif" size="2" color="#993333">
		Date of birth:</font>
		<?php echo $_POST['dobday'] ?><?php echo $_POST['dobmonth'] ?><?php echo $_POST['dobyear'] ?>
		<br/>
		<font face="Arial, Helvetica, sans-serif" size="2" color="#993333">
		Email: </font> <?php echo $_POST['visitormail'] ?>
		<br/>
		<br/>
		<font face="Arial, Helvetica, sans-serif" size="2" color="#993333">
		Subject: </font>
		Repeat prescription request
		<br /> <br/>
		<font face="Arial, Helvetica, sans-serif" size="2" color="#993333">
		Medication requested:</font><br />
		<?php $notesout = str_replace("\r", "<br/>", $_POST['notes']);
		echo $notesout; ?>
		<br /><br/>
		<font face="Arial, Helvetica, sans-serif" size="2" color="#993333">
		IP: </font>
		<?php echo $_POST['ip'] ?> </p>

        <p></font></td>
      </tr>

Rich_B

can anyone advise please?

Rich_B

can anyone help me put a trace on this then please? so i can check what happens when it reaches the mail() call.

I can already see the attibutes contain the correct input data as they show on the summary screen. Just cant see why its not sending the email out cointaining them.

Rich_B

Ive sorted it now.