[SOLVED] Upgrade to php5 makes some functions in phpBB2 not work

[HaLo2FrEeEk]

Hey, this may seem at first glance like a mysql error, but I don't think it is.  I made a MOD for my phpBB2 board a while back that will allow you to select a time frame and delete members who have been registered for equal to or greater than that time without making any posts.  It's a very handy MOD, but I recently upgraded to php5 and I think it broke something.  Here is a snippet of the code, basically this is everything that gets run when I confirm the deletion:

 

if ($mode == 'delete')
{
        // Prune code
        $deletebefore = htmlspecialchars($HTTP_POST_VARS['deletebefore']);
        $delete = strtotime($deletebefore);
        $sql = 'DELETE
                FROM     ' . USERS_TABLE . '
                WHERE    `user_posts` = 0
                AND      `user_id` <> ' . ANONYMOUS . '
                AND      `user_regdate` < ' . $delete;

        if (!$db->sql_query($sql))
        {
                message_die (GENERAL_ERROR, 'Unable to delete inactive users');
        }

        $message = $lang['U_Pruned_done_explain'] . "<br /><br />" . sprintf($lang['Click_return_U_Prune'], "<a href=\"" . append_sid("") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
        message_die(GENERAL_MESSAGE, $message);
}

 

It gives me this SQL error:

 

SQL Error : 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 5

 

I don't know if line 5 means line 5 in the php file, in the if-then statement, of the query.  Since it's an sql error I'll assume the query.  Line 5 is AND `user_regdate` < '.$delete;.  $delete is the timestamp of the amount of time the person (I) chose.  I can choose anywhere from registered today to registered 30 days ago and anyone registered longer than that will get deleted if they haven't made a post yet.  I can't see why that would cause issues, I tried pasting the query into my php myadmin like this:

 

DELETE FROM phpbb_users WHERE `user_posts` = 0 AND `user_id` <> -1 AND `user_regdate` < [timestamp]

 

And it worked fine.  In the query int he code above, USERS_TABLE is the phpbb variable for phpbb_users, and ANONYMOUS is the user id of -1, which is what's used when guests post.  That's disabled on my forum so there ae no guest posts, so I excluded that account from the search.

 

Any ideas guys?  Is there something wrong with my php?  This worked fine with php4...so what changed?

[premiso]

$HTTP_POST_VARS has long been depreciated.

 

$_POST['deletebefore']

 

Is what it should be. Use $_POST; $_GET; $_COOKIE; $_SESSIONS now instead of the $HTTP_XX_VARS

 

[HaLo2FrEeEk]

To stay within phpBB standards I have to use HTTP_POST_VARS.  It's old and has better versions, but it works still.  I wouldn't be able to submit this mod to a mod site if I non-phpbb-standard $_POST.  And that can't be the problem...I'll try it when I get home from work, but does anyone else have any ideas.

[premiso]

And that can't be the problem...

 

Really. I must not know what I am talking about. I mean, it is not like my guess was un-educated. I looked at your code and the error and saw that no data was being passed to the SQL. Which must mean, the data is not being retrieved in the first place.

 

Check your php.ini file. My bet is the item

 

register_long_arrays = Off

 

Is set to off. Turn that to On and it should allow for $HTTP_POST_VARS to work again.

 

As for why phpBB does not allow for $_POST, is beyond me. As they are requiring members to use depreciated code ($HTTP_POST_VARS has been depreciated since PHP 4.1).

[HaLo2FrEeEk]

I didn't mean to sound like you didn't know wha you were talking about, but here's the complete code for that page:

 

<?php
/***************************************************************************
*                            admin_user_prune.php
*                            -------------------
*   begin                : Tuesday, Feb 28, 2007
*   copyright            : (C) 2007 HaLo2FrEeEk, Infectionist Machinima, http://infectionist.com
*   email                : halo2freeek@gmail.com

***************************************************************************/

/***************************************************************************
*
*   This program is free software; you can redistribute it and/or modify
*   it under the terms of the GNU General Public License as published by
*   the Free Software Foundation; either version 2 of the License, or
*   (at your option) any later version.
*
***************************************************************************/

define('IN_PHPBB', 1);

if( !empty($setmodules) )
{
        $filename = basename(__FILE__);
        $module['Users']['U_Prune'] = $filename;

        return;
}

$phpbb_root_path = './../';
require($phpbb_root_path . 'extension.inc');
require('./pagestart.' . $phpEx);

//
// Set mode
//
if( isset( $HTTP_POST_VARS['mode'] ) || isset( $HTTP_GET_VARS['mode'] ) )
{
        $mode = ( isset( $HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
        $mode = htmlspecialchars($mode);
}
else
{
        $mode = '';
}

//
// Begin program
//
if ($mode == 'delete')
{
        // Prune code
        $deletebefore = htmlspecialchars($HTTP_POST_VARS['deletebefore']);
        $delete = strtotime($deletebefore);
        $sql = 'DELETE
                FROM     ' . USERS_TABLE . '
                WHERE    `user_posts` = 0
                AND      `user_id` <> ' . ANONYMOUS . '
                AND      `user_regdate` < ' . $delete;

        if (!$db->sql_query($sql))
        {
                message_die (GENERAL_ERROR, 'Unable to delete inactive users');
        }

        $message = $lang['U_Pruned_done_explain'] . "<br /><br />" . sprintf($lang['Click_return_U_Prune'], "<a href=\"" . append_sid("") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
        message_die(GENERAL_MESSAGE, $message);
}
else if ($mode == 'confirm')
{
        // Get a list of users to prune
        $deletebefore = htmlspecialchars($HTTP_POST_VARS['deletebefore']);
        $delete = strtotime($deletebefore);

        $template->set_filenames(array(
                'body' => 'admin/user_prune_confirm.tpl')
        );

        $sql = 'SELECT username, user_id
                FROM     ' . USERS_TABLE . '
                WHERE    `user_posts` = 0
                AND      `user_id` <> ' . ANONYMOUS . '
                AND      `user_regdate` < ' . $delete . '
                ORDER BY `user_id`';

        if (!($result = $db->sql_query($sql)))
        {
                message_die (GENERAL_ERROR, 'Unable to select inactive users.');

        }
        while ($row = $db->sql_fetchrow($result))
        {
                $template->assign_block_vars('prune_list', array(
                'USERNAME' => $row['username'],
                'USER_ID' => $row['user_id']
                ));
        }

        $db->sql_freeresult($result);

        $returndel = ($deletebefore != "now") ? " for more than ".substr($deletebefore, 1, strlen($deletebefore)) : " since today";
        $explain = sprintf($lang['U_Prune_conf_explain'], $returndel);

        $template->assign_vars(array(
                'L_U_PRUNE_CONF_TITLE' => $lang['U_Prune_conf'],
                'L_U_PRUNE_CONF_EXPLAIN' => $explain,
                'L_U_SERNAME' => $lang['U_sername'],
                'L_U_SER_ID' => $lang['U_ser_id'],
                'U_CONF_PRUNE' => $lang['U_Conf_prune'],
                'U_CANCEL_PRUNE' => $lang['U_Cancel_prune'],

                'S_U_PRUNE_ACTION' => append_sid("admin_user_prune.$phpEx"))
        );

        $template->pparse('body');
}
else
{
        $template->set_filenames(array(
                'body' => 'admin/user_prune_body.tpl')
        );

        $template->assign_vars(array(
                'L_U_PRUNE_TITLE' => $lang['U_Prune'],
                'L_U_PRUNE_EXPLAIN' => $lang['U_Prune_explain'],
                'L_U_PRUNE' => $lang['U_Prune'],

                'S_U_PRUNE_ACTION' => append_sid("admin_user_prune.$phpEx"))
        );
        $template->pparse('body');
}

include('./page_footer_admin.'.$phpEx);

?>

 

See at the beginning, the if(isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode'])) part, it's obviously getting the data for the mode, which means it should be able to get it for the rest.  I'll try it out with the regular $_POST call and edit this post.

 

EDIT: I changed all instances of HTTP_POST_VARS to _POST and all instances of HTTP_GET_VARS to _GET and tried it again...still no luck.  And you're right, register long arrays is off, but I read that phpbb automacitally fixes this itself.  I don't have control over my php.ini file, I'm on shared hosting.  I could get control over it, but it takes a bit of work and last time I did it I had problems.

[HaLo2FrEeEk]

Wow...

 

/feels dumb

 

I guess in php4 reusing a variable from another if statement somewhere was ok, so deletebefore was getting called from the value from the mode=confirm if statement.  In PHP5 that doesn't work.  I didn't have an actual value in my form that I was submitting that contained the deletebefore value, so it wasn't getting passed to the other if statement...I changed it and it works great now.

 

Thanks for your help.

[PFMaBiSmAd]

That makes no sense. It sounds like register_globals was/is magically setting (overwriting) a variable. After php4.2 in the year 2002, no server or php code should have register_globals on or depend on register_globals.

[HaLo2FrEeEk]

Well whether it makes sense or not, it fixed it.  This was my template code before I changed it:

 

<h1>{L_U_PRUNE_CONF_TITLE}</h1>

<p>{L_U_PRUNE_CONF_EXPLAIN}</p>

<form method="post" name="post" action="{S_U_PRUNE_ACTION}">
<table cellspacing="1" cellpadding="4" border="0" align="center" class="forumline">
<tr>
<td class="row1" align="center">
<input type="hidden" name="mode" value="" />
<input type="submit" name="prune" value="{U_CONF_PRUNE}" onclick="mode.value='delete';" class="mainoption" /> 
<input type="submit" name="prune" value="{U_CANCEL_PRUNE}" onclick="mode.value='';" class="liteoption" />
</td>
</tr>
</table>
</form>

<table width="75%" cellpadding="4" cellspacing="1" border="0" class="forumline" align="center">
<tr>
<th width="50%" height="25">{L_U_SERNAME}</th>
<th width="50%" height="25">{L_U_SER_ID}</th>
</tr>
<!-- BEGIN prune_list -->
<tr>
<td width="50%" height="25" class="row1" align="center">{prune_list.USERNAME}</td>
<td width="50%" height="25" class="row1" align="center">{prune_list.USER_ID}</td>
</tr>
<!-- END prune_list -->
</table>
<br />

 

And after:

 

<h1>{L_U_PRUNE_CONF_TITLE}</h1>

<p>{L_U_PRUNE_CONF_EXPLAIN}</p>

<form method="post" name="post" action="{S_U_PRUNE_ACTION}">
<table cellspacing="1" cellpadding="4" border="0" align="center" class="forumline">
<tr>
<td class="row1" align="center">
<input type="hidden" name="mode" value="" />
<input type="hidden" name="deletebefore" value="{GRACE}" />
<input type="submit" name="prune" value="{U_CONF_PRUNE}" onclick="mode.value='delete';" class="mainoption" /> 
<input type="submit" name="prune" value="{U_CANCEL_PRUNE}" onclick="mode.value='';" class="liteoption" />
</td>
</tr>
</table>
</form>

<table width="75%" cellpadding="4" cellspacing="1" border="0" class="forumline" align="center">
<tr>
<th width="50%" height="25">{L_U_SERNAME}</th>
<th width="50%" height="25">{L_U_SER_ID}</th>
</tr>
<!-- BEGIN prune_list -->
<tr>
<td width="50%" height="25" class="row1" align="center">{prune_list.USERNAME}</td>
<td width="50%" height="25" class="row1" align="center">{prune_list.USER_ID}</td>
</tr>
<!-- END prune_list -->
</table>
<br />

 

Notice the only thing different is the line:

 

<input type="hidden" name="deletebefore" value="{GRACE}" />

 

That passes the grace period (the time I allow 0-post users to remain without deleting them, I usually set it to a week), to the mode=delete if-then statement.

 

Before I did that it didn't work...after I did it it worked, so it was that that fixed it.