hhawkins Posted November 5, 2007 Share Posted November 5, 2007 I have taken over this code/website from a previous developer and am just getting more in depth with PHP and SQL. So I need some help, after much searching I have not found a similar issue. The point here is to display an error based on an error code which gets passed to another page. I am receiving this error - Call to a member function query() on a non-object in ...inc_sql.php on line 27 This line - if(!$this->result = $this->dbconn->query($sql)) header("Location: message.php?error=sqlcmd&errno=".$this->dbconn->errno); The $sql variable is storing a query that determines page content based on a database. The code snippet- <?PHP //global $dbc; $dbc = new DBI; if (realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME'])) exit('This file can not be accessed directly...'); class DBI { public $dbconn, $nfreed; private $result, $threads; function __construct() { if(basename($_SERVER['SCRIPT_NAME'])=="message.php" && $_GET['error']) return ""; $this->nfreed=false; $sqlhost = "IP"; //$sqlhost = "localhost"; @$this->dbconn = new mysqli($sqlhost, "user", "password", "database"); if(mysqli_connect_errno()) header("Location: message.php?error=sqlserver"); //die("Critical Error: ".mysqli_connect_error()); } function query($sql, $flag = MYSQLI_STORE_RESULT) { //echo("<p>".$sql."</p>"); if($this->nfreed) {$this->free();} if(!$this->result = $this->dbconn->query($sql)) header("Location: message.php?error=sqlcmd&errno=".$this->dbconn->errno); //die("<pre>Mysql Error: ".$this->dbconn->error."</pre>"); $this->nfreed=true; return $result; } function get_threads() { global $threads; if($threads==""){ ereg ("Threads: (...)", $this->dbconn->stat(), $regs); $threads = trim($regs[1]); } return $threads; } Any help is greatly appreciated. Quote Link to comment Share on other sites More sharing options...
PHP_PhREEEk Posted November 5, 2007 Share Posted November 5, 2007 Just wondering if the error isn't actually being triggered from the script that's actually calling this method? You might have a function (outside of this class) that is calling this method, and you might have forgot to pass $dbc to it with: global $dbc; That, more often than not, causes those 'Call to a member function whatever() on a non-object in' errors. Check your scripts that are utilizing this class. PhREEEk Quote Link to comment Share on other sites More sharing options...
hhawkins Posted November 6, 2007 Author Share Posted November 6, 2007 I was thinking that it was related to some global variable but I can't find what or where. The error is coming up on this page - https://www.URL.com/message.php?error=accountlocked When the user has some type of login error, instead of coming up with the associated error message. I was thinking it may be the error or errno I can't see where the errno on that line is declared global or otherwise. I really don't understand what that piece of code is doing where the error is. Even if I uncomment the debug code, and comment out the header....section - I still come up with the same error. This is the message.php code <? $error_st = "<h2 style='color:red'>Sorry, an error has occurred!</h2><b>"; $error_end = "</b><br><br>We apologize for the inconvenience.<br><a href='index.php'>Click here to return to the homepage</a>"; $submit_st = "<h2>Submit Completed</h2>"; switch ($_GET['error']) { case "accountlocked": $data = "<h2>Your account has been locked due to invalid login attempts.</h2>Please call 1-800-967-7929 to have your account unfrozen."; break; case "usernamemade": $data = "<h2>A username has already been set up for this account number.</h2>Click <a href='index.php'>here</a> to return to the homepage."; break; case "usernamerouting": $data = "<h2>The account number (or username) that you have entered was the routing number instead of your intended account number or username.</h2>Click <a href='index.php'>here</a> to return to the homepage."; break; case "newmemblank": $data = "<h2>Error: One or more fields in the membership application was left blank.</h2>Click your browser's 'back' button to fill in those fields."; break; case "invalidticket": $data = "<h2>Error: Ticket does not exist or is no longer open.</h2>"; break; case "mcwdown": $data = $error_st."Home Banking is currently under maintenance. Please try again later. <br><br>".$error_end; break; case "mcws1": case "mcws2": $stage = preg_replace("/[^0-9]/", "",$_GET['error']); $data = $error_st."Home Banking is currently under maintenance. Please try again later. <br><br>Error: MCW unreachable at stage {$stage}".$error_end; break; case "mcws3": $data = $error_st."Home Banking is currently under maintenance. Please try again later. <br><br>Error: MCW returned an error report".$error_end; break; case "sqlserver": $data = $error_st."E-branch is currently under maintenance. Please try again later. <br><br>Error: SQL server down</b><br><br>We apologize for the inconvenience."; break; case "sqlcmd": $data = $error_st."Error: An invalid SQL command was run.".$error_end; if($_GET['errno']=="2013") $data = $error_st."Home Banking is currently under maintenance. Please try again later. We apologize for any inconvenience during this time.<br><br>Error: SQL-timeout".$error_end; break; } switch ($_GET['added']) { case "ad": $data = $submit_st."Your classified ad has been submitted and will be reviewed for posting.<br><a href='services_class.php'>Return to classified ads section.</a>"; break; } switch ($_GET['change_un']){ case "error": switch ($_GET['error']){ case "taken": $data = "<h2>Username change error</h2>Username has already been taken."; break; case "format": $data = "<h2>Username change error</h2>Username is in an invalid format (please read the guidelines below)."; break; } case "true": include_once("../inc/inc_sqlpull.php"); //$data .= $auth->getusername(); $data .= <<< TMPDATA <h2>Change Username</h2> Because of the relaunch, we need you to update your username:<br> <font color="red"><ul><li>The username must be at least five characters long and contain at least one letter, or</li> <li>type in your existing account number to use your account number as your username permanently.</li> </ul></font> <form action="message.php?change_un=save" method="post"> New Username: <input type="text" name="username_change" width="24"> <br><input type="submit" value="Change Username and Continue"> </form> TMPDATA; break; case "save": require_once("../inc/inc_sqlpull.php"); $username=trim($input->post->textbox('username_change'));$account = $auth->getusername(); if(!$auth->isuser() || $account=="" || $username=="") exit("<h2>Error: User not logged in to make a username change. Please contact one of our technical support representatives at PHONE."); if($username != $account && (!preg_match("/[a-z]/i",$username) || strlen($username) < 5 || preg_match("/[^a-z0-9]/i",$_POST['username_change']))) {header("Location: message.php?change_un=error&error=format");exit;} if($username=="272485767") {header("Location: message.php?change_un=error&error=format");exit;} $result = $dbc->odata("Select * from usernames where username='{$username}'"); if($result->username) {header("Location: message.php?change_un=error&error=taken");exit;} $dbc->dbconn->query("insert into usernames (account, username) values ('{$account}','{$username}')"); header("Location:homebanking.php");exit; break; } if(!$data) {header("Location: index.php");exit;} $title=""; include("index.php"); ?> Quote Link to comment Share on other sites More sharing options...
PHP_PhREEEk Posted November 6, 2007 Share Posted November 6, 2007 Ok, first off, I reformatted your script so it's slightly more readable and we can understand the logical flow. I found a few potential errors and fixed them, so please save this file and replace message.php with it. <?php $error_st = "<h2 style='color:red'>Sorry, an error has occurred!</h2><b>"; $error_end = "</b><br><br>We apologize for the inconvenience.<br><a href='index.php'>Click here to return to the homepage</a>"; $submit_st = "<h2>Submit Completed</h2>"; switch ($_GET['error']) { case "accountlocked": $data = "<h2>Your account has been locked due to invalid login attempts.</h2>Please call 1-800-967-7929 to have your account unfrozen."; break; case "usernamemade": $data = "<h2>A username has already been set up for this account number.</h2>Click <a href='index.php'>here</a> to return to the homepage."; break; case "usernamerouting": $data = "<h2>The account number (or username) that you have entered was the routing number instead of your intended account number or username.</h2>Click <a href='index.php'>here</a> to return to the homepage."; break; case "newmemblank": $data = "<h2>Error: One or more fields in the membership application was left blank.</h2>Click your browser's 'back' button to fill in those fields."; break; case "invalidticket": $data = "<h2>Error: Ticket does not exist or is no longer open.</h2>"; break; case "mcwdown": $data = $error_st."Home Banking is currently under maintenance. Please try again later. <br><br>".$error_end; break; case "mcws1": case "mcws2": $stage = preg_replace("/[^0-9]/", "",$_GET['error']); $data = $error_st."Home Banking is currently under maintenance. Please try again later. <br><br>Error: MCW unreachable at stage {$stage}".$error_end; break; case "mcws3": $data = $error_st."Home Banking is currently under maintenance. Please try again later. <br><br>Error: MCW returned an error report".$error_end; break; case "sqlserver": $data = $error_st."E-branch is currently under maintenance. Please try again later. <br><br>Error: SQL server down</b><br><br>We apologize for the inconvenience."; break; case "sqlcmd": $data = $error_st."Error: An invalid SQL command was run.".$error_end; if($_GET['errno']=="2013") { $data = $error_st."Home Banking is currently under maintenance. Please try again later. We apologize for any inconvenience during this time.<br><br>Error: SQL-timeout".$error_end; } break; } switch ($_GET['added']) { case "ad": $data = $submit_st."Your classified ad has been submitted and will be reviewed for posting.<br><a href='services_class.php'>Return to classified ads section.</a>"; break; } switch ($_GET['change_un']) { case "error": switch ($_GET['error']){ case "taken": $data = "<h2>Username change error</h2>Username has already been taken."; break; case "format": $data = "<h2>Username change error</h2>Username is in an invalid format (please read the guidelines below)."; break; } case "true": include_once("../inc/inc_sqlpull.php"); //$data .= $auth->getusername(); $data .= "<<< TMPDATA <h2>Change Username</h2> Because of the relaunch, we need you to update your username:<br> <font color=\"red\"><ul><li>The username must be at least five characters long and contain at least one letter, or</li> <li>type in your existing account number to use your account number as your username permanently.</li> </ul></font> <form action=\"message.php?change_un=save\" method=\"post\"> New Username: <input type=\"text\" name=\"username_change\" width=\"24\"> <br><input type=\"submit\" value=\"Change Username and Continue\"> </form> TMPDATA"; break; case "save": require_once("../inc/inc_sqlpull.php"); $username=trim($input->post->textbox('username_change'));$account = $auth->getusername(); if(!$auth->isuser() || $account=="" || $username=="") { exit("<h2>Error: User not logged in to make a username change. Please contact one of our technical support representatives at PHONE."); } if( $username != $account && (!preg_match("/[a-z]/i",$username) || strlen($username) < 5 || preg_match("/[^a-z0-9]/i",$_POST['username_change'])) ) { header("Location: message.php?change_un=error&error=format"); exit; } if($username=="272485767") { header("Location: message.php?change_un=error&error=format"); exit; } $result = $dbc->odata("Select * from usernames where username='{$username}'"); if($result->username) { header("Location: message.php?change_un=error&error=taken"); exit; } $dbc->dbconn->query("insert into usernames (account, username) values ('{$account}','{$username}')"); header("Location:homebanking.php"); exit; break; } if(!$data) { header("Location: index.php"); exit; } $title=""; include("index.php"); ?> Test this script and see if the error goes away. If not, then we need to look elsewhere... Within this script, the only place objects are called upon is in the "save" case within switch ($_GET['change_un']). But let's see where we are after fixing up this script. PhREEEk Quote Link to comment Share on other sites More sharing options...
hhawkins Posted November 6, 2007 Author Share Posted November 6, 2007 I did do that and the same error is coming up. I was looking at some of the error messages though and there is one that works and displays correctly. switch ($_GET['added']) { case "ad": $data = $submit_st."Your classified ad has been submitted and will be reviewed for posting.<br><a href='services_class.php'>Return to classified ads section.</a>"; break; } I was thinking it was related to the "$submit_st." portion so I tried adding that to no avail. Thanks for your help Quote Link to comment Share on other sites More sharing options...
PHP_PhREEEk Posted November 6, 2007 Share Posted November 6, 2007 Try this script as message.php <?php $error_st = "<h2 style='color:red'>Sorry, an error has occurred!</h2><b>"; $error_end = "</b><br><br>We apologize for the inconvenience.<br><a href='index.php'>Click here to return to the homepage</a>"; $submit_st = "<h2>Submit Completed</h2>"; require_once("../inc/inc_sqlpull.php"); switch ($_GET['error']) { case "accountlocked": $data = "<h2>Your account has been locked due to invalid login attempts.</h2>Please call 1-800-967-7929 to have your account unfrozen."; break; case "usernamemade": $data = "<h2>A username has already been set up for this account number.</h2>Click <a href='index.php'>here</a> to return to the homepage."; break; case "usernamerouting": $data = "<h2>The account number (or username) that you have entered was the routing number instead of your intended account number or username.</h2>Click <a href='index.php'>here</a> to return to the homepage."; break; case "newmemblank": $data = "<h2>Error: One or more fields in the membership application was left blank.</h2>Click your browser's 'back' button to fill in those fields."; break; case "invalidticket": $data = "<h2>Error: Ticket does not exist or is no longer open.</h2>"; break; case "mcwdown": $data = $error_st."Home Banking is currently under maintenance. Please try again later. <br><br>".$error_end; break; case "mcws1": case "mcws2": $stage = preg_replace("/[^0-9]/", "",$_GET['error']); $data = $error_st."Home Banking is currently under maintenance. Please try again later. <br><br>Error: MCW unreachable at stage {$stage}".$error_end; break; case "mcws3": $data = $error_st."Home Banking is currently under maintenance. Please try again later. <br><br>Error: MCW returned an error report".$error_end; break; case "sqlserver": $data = $error_st."E-branch is currently under maintenance. Please try again later. <br><br>Error: SQL server down</b><br><br>We apologize for the inconvenience."; break; case "sqlcmd": $data = $error_st."Error: An invalid SQL command was run.".$error_end; if($_GET['errno']=="2013") { $data = $error_st."Home Banking is currently under maintenance. Please try again later. We apologize for any inconvenience during this time.<br><br>Error: SQL-timeout".$error_end; } break; } switch ($_GET['added']) { case "ad": $data = $submit_st."Your classified ad has been submitted and will be reviewed for posting.<br><a href='services_class.php'>Return to classified ads section.</a>"; break; } switch ($_GET['change_un']) { case "error": switch ($_GET['error']){ case "taken": $data = "<h2>Username change error</h2>Username has already been taken."; break; case "format": $data = "<h2>Username change error</h2>Username is in an invalid format (please read the guidelines below)."; break; } case "true": //$data .= $auth->getusername(); $data .= "<<< TMPDATA <h2>Change Username</h2> Because of the relaunch, we need you to update your username:<br> <font color=\"red\"><ul><li>The username must be at least five characters long and contain at least one letter, or</li> <li>type in your existing account number to use your account number as your username permanently.</li> </ul></font> <form action=\"message.php?change_un=save\" method=\"post\"> New Username: <input type=\"text\" name=\"username_change\" width=\"24\"> <br><input type=\"submit\" value=\"Change Username and Continue\"> </form> TMPDATA"; break; case "save": $username=trim($input->post->textbox('username_change'));$account = $auth->getusername(); if(!$auth->isuser() || $account=="" || $username=="") { exit("<h2>Error: User not logged in to make a username change. Please contact one of our technical support representatives at PHONE."); } if( $username != $account && (!preg_match("/[a-z]/i",$username) || strlen($username) < 5 || preg_match("/[^a-z0-9]/i",$_POST['username_change'])) ) { header("Location: message.php?change_un=error&error=format"); exit; } if($username=="272485767") { header("Location: message.php?change_un=error&error=format"); exit; } $result = $dbc->odata("Select * from usernames where username='{$username}'"); if($result->username) { header("Location: message.php?change_un=error&error=taken"); exit; } $dbc->dbconn->query("insert into usernames (account, username) values ('{$account}','{$username}')"); header("Location:homebanking.php"); exit; break; } if(!$data) { header("Location: index.php"); exit; } $title=""; include("index.php"); ?> PhREEEk Quote Link to comment Share on other sites More sharing options...
hhawkins Posted November 8, 2007 Author Share Posted November 8, 2007 I tried that but the message still comes up. However, instead of coming up in the left section of the page with my index header it comes up as the entire page, with no other info, I am looking at the code of some of the other supporting pages to look for missing tags or quotes etc. Quote Link to comment Share on other sites More sharing options...
PHP_PhREEEk Posted November 8, 2007 Share Posted November 8, 2007 Ok, that tells us that message.php is clear. Please keep that last code posted as the 'working' code. All I did was delete multiple REQUIRE's and put it once at the top of the script. So now that means that the error is being generated when inc_sqlpull.php is included. Please post that entire script. PhREEEk Quote Link to comment Share on other sites More sharing options...
hhawkins Posted November 8, 2007 Author Share Posted November 8, 2007 How do you get the code color coded?? I was looking at this code earlier, I thought I saw one problem but when I attempted to fix it, but it didn't fix the issue. <? if (realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME'])) exit('This file can not be accessed directly...'); GLOBAL $title, $thisname, $auth, $pagename,$thisname,$input,$footer_diag; $start_page_render = microtime(true); require_once(dirname(__FILE__)."/inc_sql.php"); require_once(dirname(__FILE__)."/class_input.php"); $thisname = strtolower(basename($_SERVER['SCRIPT_NAME'])); if(!$pagename) $pagename = basename($_SERVER['SCRIPT_NAME'], ".php"); require_once(dirname(__FILE__)."/class_auth.php"); require_once(dirname(__FILE__)."/class_personalize.php"); require_once(dirname(__FILE__)."/class_cads.php"); if (isset($_GET['refresh'])) { session_write_close(); header("Location: {$thisname}"); } if(!$data && $pagename!="index" && $pagename!="contact_us" && $pagename!="helplogin") { $pagedata = $dbc->odata("SELECT content,rightcolumn,title,expand,catagory FROM webpages WHERE pagename='{$pagename}'"); if($pagedata->catagory) $pagelight = $pagedata->catagory; $dbc->free(); $data = $pagedata->content; $rightpanel = $pagedata->rightcolumn; $title = $pagedata->title; if($pagedata->expand=="1" ||$pagedata->expand=="true") $expand=1; $dbc->dbconn->query("UPDATE webpages SET views = webpages.views+1 WHERE pagename='{$pagename}'"); } if($auth->isadmin()) require_once(dirname(__FILE__)."/edit.php"); function hotread($form) { global $dbc; $limit="1"; if ($form=="promos") $limit="2"; while ($rows = $dbc->odata("SELECT content,title,link FROM hotread WHERE form='{$form}' ORDER BY timestart DESC LIMIT 0,".$limit)) { $content = $rows->content; $title = $rows->title; $link = $rows->link; if($link==true and $form=="news") $addlink = "<br><a href='{$link}'>Read More</a>"; if($link==true and $form=="promos") $addlink = "<br><a href='{$link}'>Learn More</a>"; echo "<h2>{$title}</h2>{$content}{$addlink}"; } $dbc->free(); } FUNCTION rfcu_alert() { global $auth; $_SESSION['stopHB'] = "false"; if (file_exists( realpath(dirname(__FILE__).'/xml/alert.xml') )) { $xml = simplexml_load_file(realpath(dirname(__FILE__).'/xml/alert.xml')); ClassTypeCast($xml,'stdClass'); $heading = $xml->alert->heading; $body = $xml->alert->body; if($auth->isuser() && $xml->alert->stopHB == "true") $_SESSION['stopHB'] = "true"; } else return ""; if (!dateexpire($xml->alert->start_date, $xml->alert->start_time)) return ""; if (dateexpire($xml->alert->end_date, $xml->alert->end_time)) return ""; ?> <div style="padding:2px 0 4px 2px;margin:0;font-size:90%;background:rgb(95%,95%,80%);width:99%"> <div style="padding: 0 0 12px 12px;border:1px;border-style:solid;border-color:rgb(85%,75%,60%);"> <h3 style="padding:9px 9px 9px 2px;margin:0;color:red;"><img src="../../ico_alert.gif"> <?=$heading?></h3> <p style="font-size:0.8em;padding: 0px 12px 0px 22px;margin:0px;"><?=$body?></p> </div></div> <? } Function dateexpire($date, $time) { $year = substr($date, 0, 4);$month = substr($date, 5, 2);$day = substr($date, 8, 2); $yearsuf = substr($date, 2, 2); $local2 = date('Y-m-d'); if ($date == $local2) if(timeexpire($time)) return true; if ($local2 > $date) return true; return false; } Function timeexpire($time) { $hour = substr($date, 0, 2);$min = substr($date, 2, 2); $time2 = date("H:i" ,strtotime($time)); $local2 = date("H:i"); if ($local2 > $time2) return true; return false; } function ClassTypeCast(&$obj,$class_type){ if(class_exists($class_type,true)){ $toreplace="/(^|*O:[0-9]+:\"[^\"]+\":/i"; $obj=unserialize(preg_replace($toreplace,"\\1"."O:" . strlen($class_type).":\"" . $class_type."\":", serialize($obj))); } } function nowebsite($str, $rep="") { return preg_replace("/^(http(s|):\/\/|)(www.|)([a-zA-Z1-9_-]+)[.]([a-zA-Z1-9]{2,4})(\/[a-zA-Z0-9_\-%.]*){0,}$/i", $rep, $str); } function img_resize($path,$w=0,$h=0,$quality=100,$save=''){ $image_data=@getimagesize($path); $image_type=$image_data[2]; $gd_ext=array('','jpg'); if($image_type!=2) return false; if($save=='') header('Content-type: '.$image_data['mime']); else $save=eregi_replace('%ext',$gd_ext[$image_type],$save); if($w!=0){ $rapporto=$image_data[0]/$w; if($h!=0){ if($image_data[1]/$rapporto>$h) $rapporto=$image_data[1]/$h; } } elseif($h!=0){ $tmp_h=$image_data[1]/$h; } else{ return false; } $thumb_w=$image_data[0]/$rapporto; $thumb_h=$image_data[1]/$rapporto; if($image_type==1) $img_src=@imagecreatefromgif($path); elseif($image_type==2) $img_src=@imagecreatefromjpeg($path); $img_thumb=@imagecreatetruecolor($thumb_w,$thumb_h); $result=@imagecopyresampled($img_thumb,$img_src,0,0,0,0,$thumb_w,$thumb_h,$image_data[0],$image_data[1]); if(!$img_src||!$img_thumb||!$result) return false; if($image_type==1) $result=@imagegif($img_thumb,$save); elseif($image_type==2) $result=@imagejpeg($img_thumb,$save,$quality); return $result; } ?> Quote Link to comment Share on other sites More sharing options...
PHP_PhREEEk Posted November 8, 2007 Share Posted November 8, 2007 I'm assuming that was inc_sqlpull.php Here is the file reformatted, save it and test for parse errors. I think you only get the code coloring when you use <?php instead of just <? Well, it's hard to tell if our error is in here, because this file then includes 5 more files!! : passes out : hehe Please post up inc_sql.php and class_input.php Let's get those formatted, and then we're going to start doing some var_dumping to see wtf's going on... = ) PhREEEk <?php if( realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME']) ) { exit('This file can not be accessed directly...'); } GLOBAL $title, $thisname, $auth, $pagename, $thisname, $input, $footer_diag; $start_page_render = microtime(true); require_once(dirname(__FILE__)."/inc_sql.php"); require_once(dirname(__FILE__)."/class_input.php"); $thisname = strtolower(basename($_SERVER['SCRIPT_NAME'])); if( !$pagename ) { $pagename = basename($_SERVER['SCRIPT_NAME'], ".php"); } require_once(dirname(__FILE__)."/class_auth.php"); require_once(dirname(__FILE__)."/class_personalize.php"); require_once(dirname(__FILE__)."/class_cads.php"); if ( isset($_GET['refresh']) ) { session_write_close(); header("Location: {$thisname}"); } if( !$data && $pagename!="index" && $pagename!="contact_us" && $pagename!="helplogin" ) { $pagedata = $dbc->odata("SELECT content,rightcolumn,title,expand,catagory FROM webpages WHERE pagename='{$pagename}'"); if( $pagedata->catagory ) { $pagelight = $pagedata->catagory; } $dbc->free(); $data = $pagedata->content; $rightpanel = $pagedata->rightcolumn; $title = $pagedata->title; if($pagedata->expand=="1" ||$pagedata->expand=="true") { $expand=1; } $dbc->dbconn->query("UPDATE webpages SET views = webpages.views+1 WHERE pagename='{$pagename}'"); } if( $auth->isadmin() ) { require_once(dirname(__FILE__)."/edit.php"); } function hotread($form) { global $dbc; $limit="1"; if( $form=="promos" ) { $limit="2"; } while( $rows = $dbc->odata("SELECT content,title,link FROM hotread WHERE form='{$form}' ORDER BY timestart DESC LIMIT 0,".$limit) ) { $content = $rows->content; $title = $rows->title; $link = $rows->link; if( $link==true and $form=="news" ) { $addlink = "<br><a href='{$link}'>Read More</a>"; } if( $link==true and $form=="promos" ) { $addlink = "<br><a href='{$link}'>Learn More</a>"; } echo "<h2>{$title}</h2>{$content}{$addlink}"; } $dbc->free(); } FUNCTION rfcu_alert() { global $auth; $_SESSION['stopHB'] = "false"; if( file_exists( realpath(dirname(__FILE__).'/xml/alert.xml') ) ) { $xml = simplexml_load_file(realpath(dirname(__FILE__).'/xml/alert.xml')); ClassTypeCast($xml,'stdClass'); $heading = $xml->alert->heading; $body = $xml->alert->body; if( $auth->isuser() && $xml->alert->stopHB == "true" ) { $_SESSION['stopHB'] = "true"; } } else { return ""; } if ( !dateexpire($xml->alert->start_date, $xml->alert->start_time) ) { return ""; } if ( dateexpire($xml->alert->end_date, $xml->alert->end_time) ) { return ""; } echo"<div style=\"padding:2px 0 4px 2px;margin:0;font-size:90%;background:rgb(95%,95%,80%);width:99%\"> <div style=\"padding: 0 0 12px 12px;border:1px;border-style:solid;border-color:rgb(85%,75%,60%);\"> <h3 style=\"padding:9px 9px 9px 2px;margin:0;color:red;\"><img src=\"../../ico_alert.gif\">$heading</h3> <p style=\"font-size:0.8em;padding: 0px 12px 0px 22px;margin:0px;\">$body</p> </div></div>"; } Function dateexpire($date, $time) { $year = substr($date, 0, 4); $month = substr($date, 5, 2); $day = substr($date, 8, 2); $yearsuf = substr($date, 2, 2); $local2 = date('Y-m-d'); if( $date == $local2 ) { if( timeexpire($time) ) { return true; } if( $local2 > $date ) { return true; } return false; } Function timeexpire($time) { $hour = substr($date, 0, 2); $min = substr($date, 2, 2); $time2 = date("H:i" ,strtotime($time)); $local2 = date("H:i"); if( $local2 > $time2 ) { return true; } return false; } function ClassTypeCast(&$obj,$class_type){ if( class_exists($class_type,true) ) { $toreplace="/(^|*O:[0-9]+:\"[^\"]+\":/i"; $obj=unserialize(preg_replace($toreplace,"\\1"."O:" . strlen($class_type).":\"" . $class_type."\":", serialize($obj))); } } function nowebsite($str, $rep="") { return preg_replace("/^(http(s|):\/\/|)(www.|)([a-zA-Z1-9_-]+)[.]([a-zA-Z1-9]{2,4})(\/[a-zA-Z0-9_\-%.]*){0,}$/i", $rep, $str); } function img_resize($path,$w=0,$h=0,$quality=100,$save='') { $image_data=@getimagesize($path); $image_type=$image_data[2]; $gd_ext=array('','jpg'); if( $image_type!=2 ) { return false; } if( $save=='' ) { header('Content-type: '.$image_data['mime']); } else { $save=eregi_replace('%ext',$gd_ext[$image_type],$save); } if( $w!=0 ) { $rapporto=$image_data[0]/$w; if( $h!=0 ) { if( $image_data[1]/$rapporto>$h ) { $rapporto=$image_data[1]/$h; } } } elseif( $h!=0 ) { $tmp_h=$image_data[1]/$h; } else { return false; } $thumb_w=$image_data[0]/$rapporto; $thumb_h=$image_data[1]/$rapporto; if( $image_type==1 ) { $img_src=@imagecreatefromgif($path); } elseif( $image_type==2 ) { $img_src=@imagecreatefromjpeg($path); } $img_thumb=@imagecreatetruecolor($thumb_w,$thumb_h); $result=@imagecopyresampled($img_thumb,$img_src,0,0,0,0,$thumb_w,$thumb_h,$image_data[0],$image_data[1]); if( !$img_src||!$img_thumb||!$result ) { return false; } if( $image_type==1 ) { $result=@imagegif($img_thumb,$save); } elseif( $image_type==2 ) { $result=@imagejpeg($img_thumb,$save,$quality); } return $result; } ?> Quote Link to comment Share on other sites More sharing options...
hhawkins Posted November 12, 2007 Author Share Posted November 12, 2007 There was a parse error on line 178. in the inc_sqlpull.php function hotread($form) { global $dbc; I am wondering maybe I should just move or create new error code on the pages where they would be generated. I wonder if the previous person created this site using something like Joomla or Mambo? Here is the inc_sql.php <?php global $dbc, $errno, $error; $dbc = new DBI; if (realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME'])) exit('This file can not be accessed directly...'); class DBI { public $dbconn, $nfreed; private $result, $threads; function __construct() { if(basename($_SERVER['SCRIPT_NAME'])=="message.php" && $_GET['error']) return ""; $this->nfreed=false; $sqlhost = "IP"; //$sqlhost = "localhost"; @$this->dbconn = new mysqli($sqlhost, "USER", "PASS.", "DATABASE"); //rf ////$this->dbconn->query("SET @@wait_timeout=12"); if(mysqli_connect_errno()) header("Location: message.php?error=sqlserver"); //die("Critical Error: ".mysqli_connect_error()); } function query($sql, $flag = MYSQLI_STORE_RESULT) { //echo("<p>".$sql."</p>"); if($this->nfreed) {$this->free();} if(!$this->result = $this->dbconn->query($sql))header("Location: message.php?error=sqlcmd&errno=".$this->dbconn->errno); //die("<pre>Mysql Error: ".$this->dbconn->error."</pre>"); $this->nfreed=true; return $result; } function get_threads() { global $threads; if($threads==""){ ereg ("Threads: (...)", $this->dbconn->stat(), $regs); $threads = trim($regs[1]); } return $threads; } function odata($sql) { static $res, $oldsql; if($sql != $oldsql) {$res = $this->query($sql);$oldsql=$sql;} return $this->result->fetch_object(); } function sodata($sql) { $res = $this->dbconn->query($sql); return $res->fetch_object(); } function adata($sql) { static $res, $oldsql; if($sql != $oldsql) {$res = $this->query($sql);$oldsql=$sql;} return $this->result->fetch_assoc(); } public function free() { $this->nfreed=false; $this->result->free(); } public function quote_smart($value){ if (get_magic_quotes_gpc()) $value = stripslashes($value); if($value == '') $value = 'NULL'; else if (!is_numeric($value) || $value[0] == '0') $value = "'" . $this->dbconn->real_escape_string($value) . "'"; //Quote if not integer return $value; } }; // mysqli_real_escape_string($str); ?> Quote Link to comment Share on other sites More sharing options...
hhawkins Posted November 12, 2007 Author Share Posted November 12, 2007 Okay I fixed that there was missing bracket in the new sqlpull you provided so now I am back to the original error. Quote Link to comment Share on other sites More sharing options...
PHP_PhREEEk Posted November 12, 2007 Share Posted November 12, 2007 inc_sql.php reformatted. I don't know why, but after the closing brace for the class DBI, there was a semi-colon... I removed it. Test this script for parse errors (shouldn't be any this time, much smaller script), and see if removing the semi-colon did anything for us. PhREEEk <?php global $dbc, $errno, $error; $dbc = new DBI; if ( realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME']) ) { exit('This file can not be accessed directly...'); } class DBI { public $dbconn, $nfreed; private $result, $threads; function __construct() { if( basename($_SERVER['SCRIPT_NAME'])=="message.php" && $_GET['error'] ) { return ""; } $this->nfreed=false; $sqlhost = "IP"; //$sqlhost = "localhost"; @$this->dbconn = new mysqli($sqlhost, "USER", "PASS.", "DATABASE"); //rf ////$this->dbconn->query("SET @@wait_timeout=12"); if( mysqli_connect_errno() ) { header("Location: message.php?error=sqlserver"); } //die("Critical Error: ".mysqli_connect_error()); } function query($sql, $flag = MYSQLI_STORE_RESULT) { //echo("<p>".$sql."</p>"); if( $this->nfreed ) { $this->free(); } if( !$this->result = $this->dbconn->query($sql) ) { header("Location: message.php?error=sqlcmd&errno=".$this->dbconn->errno); } //die("<pre>Mysql Error: ".$this->dbconn->error."</pre>"); $this->nfreed=true; return $result; } function get_threads() { global $threads; if($threads==""){ ereg ("Threads: (...)", $this->dbconn->stat(), $regs); $threads = trim($regs[1]); } return $threads; } function odata($sql) { static $res, $oldsql; if($sql != $oldsql) {$res = $this->query($sql);$oldsql=$sql;} return $this->result->fetch_object(); } function sodata($sql) { $res = $this->dbconn->query($sql); return $res->fetch_object(); } function adata($sql) { static $res, $oldsql; if( $sql != $oldsql ) { $res = $this->query($sql);$oldsql=$sql; } return $this->result->fetch_assoc(); } public function free() { $this->nfreed=false; $this->result->free(); } public function quote_smart($value) { if ( get_magic_quotes_gpc() ) { $value = stripslashes($value); } if( $value == '' ) { $value = 'NULL'; } else if ( !is_numeric($value) || $value[0] == '0' ) { $value = "'" . $this->dbconn->real_escape_string($value) . "'"; //Quote if not integer } return $value; } } ?> Quote Link to comment Share on other sites More sharing options...
hhawkins Posted November 12, 2007 Author Share Posted November 12, 2007 Okay same error coming up- Here is the class_input which looks good to me - <?php $input = new input(); class input { public $get, $post; public function __construct() { $this->get = new gets(); $this->post = new posts(); $this->session = new sessions(); } public function getid() {return $this->get->smallint('id');} } class cleaner { private $sqltoggle,$dbc; function sqlfilter(&$dbc) { $this->dbc =& $dbc; $this->sqltoggle = true; } function t($val){ $val = RemoveXSS($val); $val = stripslashes($val); //$val = str_replace(trim(" \\ "),trim(" \ "),$val); if($this->sqltoggle==true) {$val=htmlspecialchars($val);$val = $this->dbc->quote_smart($val);} else{ //$val = stripslashes($val); } $val = preg_replace("/(shit[a-zA-Z]{0,3})|crap(y|)|fuck[a-zA-Z]{0,3}|damn[a-zA-Z]{0,3}|freaking/i", "(filtered)", $val); return $val; } function textarea($varname) { $var = $this->getvar($varname); $var = preg_replace("/(<script)/i", "", $var); $var = preg_replace("/(<style)/i", "", $var); $var = substr($var,0,76000); return $this->t($var); } function textbox($varname) { $var = $this->getvar($varname); //if(!is_string($this->$var) && isset($this->$var)) die("Invalid input"); $var = preg_replace("/[^A-Za-z0-9 _@$#+=%?\/!.\-]/", "", $var); $var = substr($var,0,100); //$var = strip_tags($var); return $this->t($var); } function field($varname) { $var = $this->getvar($varname); $var = preg_replace("/[^A-Za-z0-9_\/$,\.-]/", "", $var); $var = substr($var,0,64); return $this->t($var); } function password($varname) { $var = $this->getvar($varname); //$var = preg_replace("/[^A-Za-z0-9_!\"#%&()+,-/;<=>?[\]^_`{|}*', -]/", "", $var); //$var = preg_replace("/[^A-Za-z0-9_, -]/", "", $var); $var = substr($var,0,54); return $var; } function smallint($varname) { $var = $this->getvar($varname); //if(!is_numeric($this->$var) && isset($this->$var)) die("Invalid input"); $var = preg_replace("/[^0-9]/", "", $var); $var = substr($var,0,32); return $this->t($var); } } class gets extends cleaner { public function getvar($var) {return $_GET[$var]; } } class sessions extends cleaner { public function getvar($var) {return $_SESSION[$var]; } } class posts extends cleaner { public function getvar($var) { return $_POST[$var]; } } [code] function RemoveXSS($val) { // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed // this prevents some character re-spacing such as <java\0script> // note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs $val = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $val); // straight replacements, the user should never need these since they're normal characters // this prevents like <IMG SRC=@avascript:alert('XSS')> $search = 'abcdefghijklmnopqrstuvwxyz'; $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; $search .= '1234567890!@#$%^&*()'; $search .= '~`";:?+/={}[]-_|\'\\'; for ($i = 0; $i < strlen($search); $i++) { // ;? matches the ;, which is optional // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars // @ @ search for the hex values $val = preg_replace('/(&#[x|X]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ; // @ @ 0{0,7} matches '0' zero to seven times $val = preg_replace('/(�{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ; } // now the only remaining whitespace attacks are \t, \n, and \r $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta ', 'xml', 'blink', 'link', '<style', 'script', 'embed', '<object', 'iframe', '<frame', 'frameset', 'ilayer', '<layer', 'bgsound', '<title', '<base'); $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload'); $ra = array_merge($ra1, $ra2); $found = true; // keep replacing as long as the previous round replaced something while ($found == true) { $val_before = $val; for ($i = 0; $i < sizeof($ra); $i++) { $pattern = '/'; for ($j = 0; $j < strlen($ra[$i]); $j++) { if ($j > 0) { $pattern .= '('; $pattern .= '(&#[x|X]0{0,8}([9][a][b]);?)?'; $pattern .= '|(�{0,8}([9][10][13]);?)?'; $pattern .= ')?'; } $pattern .= $ra[$i][$j]; } $pattern .= '/i'; $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); // add in <> to nerf the tag $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags if ($val_before == $val) { // no replacements were made, so exit the loop $found = false; } } } return $val; } [/code] Quote Link to comment Share on other sites More sharing options...
PHP_PhREEEk Posted November 12, 2007 Share Posted November 12, 2007 Within inc_sqlpull.php, at the top of the script where the requires are, issue a die() statement after each require, and let me know if the error appears at all. ex.; <?php if( realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME']) ) { exit('This file can not be accessed directly...'); } GLOBAL $title, $thisname, $auth, $pagename, $thisname, $input, $footer_diag; $start_page_render = microtime(true); require_once(dirname(__FILE__)."/inc_sql.php"); die("Died here..."); require_once(dirname(__FILE__)."/class_input.php"); $thisname = strtolower(basename($_SERVER['SCRIPT_NAME'])); if( !$pagename ) { $pagename = basename($_SERVER['SCRIPT_NAME'], ".php"); } require_once(dirname(__FILE__)."/class_auth.php"); require_once(dirname(__FILE__)."/class_personalize.php"); require_once(dirname(__FILE__)."/class_cads.php"); Run the script. If prints to screen "Died here..", then remove that die() and drop it down one require: <?php if( realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME']) ) { exit('This file can not be accessed directly...'); } GLOBAL $title, $thisname, $auth, $pagename, $thisname, $input, $footer_diag; $start_page_render = microtime(true); require_once(dirname(__FILE__)."/inc_sql.php"); require_once(dirname(__FILE__)."/class_input.php"); die("Died here..."); $thisname = strtolower(basename($_SERVER['SCRIPT_NAME'])); if( !$pagename ) { $pagename = basename($_SERVER['SCRIPT_NAME'], ".php"); } require_once(dirname(__FILE__)."/class_auth.php"); require_once(dirname(__FILE__)."/class_personalize.php"); require_once(dirname(__FILE__)."/class_cads.php"); Do that all the way down the requires, and let me know if the object error appears. PhREEEk Quote Link to comment Share on other sites More sharing options...
hhawkins Posted November 12, 2007 Author Share Posted November 12, 2007 The error did not come up - but for each require it did display - Died here... Quote Link to comment Share on other sites More sharing options...
PHP_PhREEEk Posted November 13, 2007 Share Posted November 13, 2007 Ok, so let's see what's really going on with inc_sqlpull.php... Rename inc_sqlpull.php as inc_sqlpull.OLD. Save this script as inc_sqlpull.php. Instructions: Run once, post results. We should see any POST or GET items being sent to the script, and then we see which variables being declared as GLOBAL actually have any value(s) up front, then again after all of the requires are pulled in. We also check the state of the object $dbc. The first time we check it, it shouldn't exist. The second time, it should be seen as an object. Ok, after posting those results, our script will have died at "Die 1", which is after all the requires. You had reported that all of the requires loaded without the error showing up. Comment out or remove Die 1, re-run the script. We are now testing the first IF condition. A new function has been added that should echo the function name of any function(s) invoked. So the IF section we are testing should run through and echo out any functions being called. If "Die 2" is printed to screen, then this IF and any functions it called are so far good to go. Comment out or remove Die 2, re-run script. Same exact thing will occur for the next IF section. Repeat process for Die 3. At some point, the error is going to appear... we need to keep track of what succeeded up to that point, then we can zero in where it began failing. PhREEEk <?php if( realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME']) ) { exit('This file can not be accessed directly...'); } echo"/* POST data<br /><pre>"; print_r($_POST); echo"</pre><br />/* End POST data<br />"; echo"/* GET data<br /><pre>"; print_r($_GET); echo"</pre><br />/* End GET data<br />"; GLOBAL $title, $thisname, $auth, $pagename, $input, $footer_diag; echo"/* Begin var_dump 1<br />"; var_dump($title, $thisname, $auth, $pagename, $input, $footer_diag, $dbc); echo"/* End var_dump 1<br />"; $start_page_render = microtime(true); require_once(dirname(__FILE__)."/inc_sql.php"); require_once(dirname(__FILE__)."/class_input.php"); $thisname = strtolower(basename($_SERVER['SCRIPT_NAME'])); if( !$pagename ) { $pagename = basename($_SERVER['SCRIPT_NAME'], ".php"); } require_once(dirname(__FILE__)."/class_auth.php"); require_once(dirname(__FILE__)."/class_personalize.php"); require_once(dirname(__FILE__)."/class_cads.php"); echo"/* Begin var_dump 2<br />"; var_dump($title, $thisname, $auth, $pagename, $input, $footer_diag, $dbc); echo"/* End var_dump 2<br />"; die("Die 1"); if ( isset($_GET['refresh']) ) { session_write_close(); header("Location: {$thisname}"); } die("Die 2"); if( !$data && $pagename!="index" && $pagename!="contact_us" && $pagename!="helplogin" ) { $pagedata = $dbc->odata("SELECT content,rightcolumn,title,expand,catagory FROM webpages WHERE pagename='{$pagename}'"); if( $pagedata->catagory ) { $pagelight = $pagedata->catagory; } $dbc->free(); $data = $pagedata->content; $rightpanel = $pagedata->rightcolumn; $title = $pagedata->title; if($pagedata->expand=="1" ||$pagedata->expand=="true") { $expand=1; } $dbc->dbconn->query("UPDATE webpages SET views = webpages.views+1 WHERE pagename='{$pagename}'"); } die("Die 3"); if( $auth->isadmin() ) { require_once(dirname(__FILE__)."/edit.php"); } function hotread($form) { debugger('hotread'); global $dbc; $limit="1"; if( $form=="promos" ) { $limit="2"; } while( $rows = $dbc->odata("SELECT content,title,link FROM hotread WHERE form='{$form}' ORDER BY timestart DESC LIMIT 0,".$limit) ) { $content = $rows->content; $title = $rows->title; $link = $rows->link; if( $link==true and $form=="news" ) { $addlink = "<br><a href='{$link}'>Read More</a>"; } if( $link==true and $form=="promos" ) { $addlink = "<br><a href='{$link}'>Learn More</a>"; } echo "<h2>{$title}</h2>{$content}{$addlink}"; } $dbc->free(); } FUNCTION rfcu_alert() { debugger('rfcu_alert'); global $auth; $_SESSION['stopHB'] = "false"; if( file_exists( realpath(dirname(__FILE__).'/xml/alert.xml') ) ) { $xml = simplexml_load_file(realpath(dirname(__FILE__).'/xml/alert.xml')); ClassTypeCast($xml,'stdClass'); $heading = $xml->alert->heading; $body = $xml->alert->body; if( $auth->isuser() && $xml->alert->stopHB == "true" ) { $_SESSION['stopHB'] = "true"; } } else { return ""; } if ( !dateexpire($xml->alert->start_date, $xml->alert->start_time) ) { return ""; } if ( dateexpire($xml->alert->end_date, $xml->alert->end_time) ) { return ""; } echo"<div style=\"padding:2px 0 4px 2px;margin:0;font-size:90%;background:rgb(95%,95%,80%);width:99%\"> <div style=\"padding: 0 0 12px 12px;border:1px;border-style:solid;border-color:rgb(85%,75%,60%);\"> <h3 style=\"padding:9px 9px 9px 2px;margin:0;color:red;\"><img src=\"../../ico_alert.gif\">$heading</h3> <p style=\"font-size:0.8em;padding: 0px 12px 0px 22px;margin:0px;\">$body</p> </div></div>"; } Function dateexpire($date, $time) { debugger('dateexpire'); $year = substr($date, 0, 4); $month = substr($date, 5, 2); $day = substr($date, 8, 2); $yearsuf = substr($date, 2, 2); $local2 = date('Y-m-d'); if( $date == $local2 ) { if( timeexpire($time) ) { return true; } if( $local2 > $date ) { return true; } return false; } } Function timeexpire($time) { debugger('timeexpire'); $hour = substr($date, 0, 2); $min = substr($date, 2, 2); $time2 = date("H:i" ,strtotime($time)); $local2 = date("H:i"); if( $local2 > $time2 ) { return true; } return false; } function ClassTypeCast(&$obj,$class_type){ debugger('ClassTypeCast'); if( class_exists($class_type,true) ) { $toreplace="/(^|*O:[0-9]+:\"[^\"]+\":/i"; $obj=unserialize(preg_replace($toreplace,"\\1"."O:" . strlen($class_type).":\"" . $class_type."\":", serialize($obj))); } } function nowebsite($str, $rep="") { debugger('nowebsite'); return preg_replace("/^(http(s|):\/\/|)(www.|)([a-zA-Z1-9_-]+)[.]([a-zA-Z1-9]{2,4})(\/[a-zA-Z0-9_\-%.]*){0,}$/i", $rep, $str); } function img_resize($path,$w=0,$h=0,$quality=100,$save='') { debugger('img_resize'); $image_data=@getimagesize($path); $image_type=$image_data[2]; $gd_ext=array('','jpg'); if( $image_type!=2 ) { return false; } if( $save=='' ) { header('Content-type: '.$image_data['mime']); } else { $save=eregi_replace('%ext',$gd_ext[$image_type],$save); } if( $w!=0 ) { $rapporto=$image_data[0]/$w; if( $h!=0 ) { if( $image_data[1]/$rapporto>$h ) { $rapporto=$image_data[1]/$h; } } } elseif( $h!=0 ) { $tmp_h=$image_data[1]/$h; } else { return false; } $thumb_w=$image_data[0]/$rapporto; $thumb_h=$image_data[1]/$rapporto; if( $image_type==1 ) { $img_src=@imagecreatefromgif($path); } elseif( $image_type==2 ) { $img_src=@imagecreatefromjpeg($path); } $img_thumb=@imagecreatetruecolor($thumb_w,$thumb_h); $result=@imagecopyresampled($img_thumb,$img_src,0,0,0,0,$thumb_w,$thumb_h,$image_data[0],$image_data[1]); if( !$img_src||!$img_thumb||!$result ) { return false; } if( $image_type==1 ) { $result=@imagegif($img_thumb,$save); } elseif( $image_type==2 ) { $result=@imagejpeg($img_thumb,$save,$quality); } return $result; } function debugger($func_name) { echo "Starting function: <strong>$func_name</strong><br />"; } ?> Quote Link to comment Share on other sites More sharing options...
hhawkins Posted November 13, 2007 Author Share Posted November 13, 2007 Here is what happened, now this is in my test environment, but the test environment was acting the same as the live. /* POST data Array ( ) /* End POST data /* GET data Array ( ) /* End GET data /* Begin var_dump 1 NULL NULL NULL NULL NULL NULL NULL /* End var_dump 1 Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /www/cccu/inc/inc_sqlpull.php:6) in /www/cccu/inc/class_auth.php on line 21 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /www/cccu/inc/inc_sqlpull.php:6) in /www/cccu/inc/class_auth.php on line 21 /* Begin var_dump 2 NULL string(9) "index.php" object(auth)#7 (5) { ["key:private"]=> string(32) "5cf211035f3bd4e414067168bc0b1f08" ["env:private"]=> string(13) "IPADDRESS" ["input:private"]=> &object(input)#3 (3) { ["get"]=> object(gets)#4 (2) { ["sqltoggle:private"]=> NULL ["dbc:private"]=> NULL } ["post"]=> object(posts)#5 (2) { ["sqltoggle:private"]=> NULL ["dbc:private"]=> NULL } ["session"]=> object(sessions)#6 (2) { ["sqltoggle:private"]=> NULL ["dbc:private"]=> NULL } } ["vtoken"]=> string(20) "e8520f10b2f20aa4bb28" ["httpsloc"]=> NULL } string(5) "index" object(input)#3 (3) { ["get"]=> object(gets)#4 (2) { ["sqltoggle:private"]=> NULL ["dbc:private"]=> NULL } ["post"]=> object(posts)#5 (2) { ["sqltoggle:private"]=> NULL ["dbc:private"]=> NULL } ["session"]=> object(sessions)#6 (2) { ["sqltoggle:private"]=> NULL ["dbc:private"]=> NULL } } NULL object(DBI)#1 (4) { ["dbconn"]=> object(mysqli)#2 (0) { } ["nfreed"]=> bool(false) ["result:private"]=> NULL ["threads:private"]=> NULL } /* End var_dump 2 Die 1 Quote Link to comment Share on other sites More sharing options...
PHP_PhREEEk Posted November 13, 2007 Share Posted November 13, 2007 The header errors are to be expected, because our var_dumps and echoes are outputting to the browser. I've formatted the 2nd var_dump, and posting it so we can keep track of things: $title => ( NULL ) $thisname => ( string(9) "index.php" ) $auth => ( object(auth)#7 (5) { ["key:private"]=> string(32) "5cf211035f3bd4e414067168bc0b1f08" ["env:private"]=> string(13) "IPADDRESS" ["input:private"]=> &object(input)#3 (3) { ["get"]=> object(gets)#4 (2) { ["sqltoggle:private"]=> NULL ["dbc:private"]=> NULL } ["post"]=> object(posts)#5 (2) { ["sqltoggle:private"]=> NULL ["dbc:private"]=> NULL } ["session"]=> object(sessions)#6 (2) { ["sqltoggle:private"]=> NULL ["dbc:private"]=> NULL } } ["vtoken"]=> string(20) "e8520f10b2f20aa4bb28" ["httpsloc"]=> NULL } ) $pagename => ( string(5) "index" ) $input => ( object(input)#3 (3) { ["get"]=> object(gets)#4 (2) { ["sqltoggle:private"]=> NULL ["dbc:private"]=> NULL } ["post"]=> object(posts)#5 (2) { ["sqltoggle:private"]=> NULL ["dbc:private"]=> NULL } ["session"]=> object(sessions)#6 (2) { ["sqltoggle:private"]=> NULL ["dbc:private"]=> NULL } } ) $footer_diag => ( NULL ) $dbc => ( object(DBI)#1 (4) { ["dbconn"]=> object(mysqli)#2 (0) { } ["nfreed"]=> bool(false) ["result:private"]=> NULL ["threads:private"]=> NULL } ) Ok, so var_dump 1 produced all NULLs, dump 2 produced the above. Curiously, the last object, $dbc, shows that ["dbconn"] is completely empty. Since OOP is not my forte, I don't know whether that's the problem or not... Anyways, ignore the header errors (they don't stop the script). Comment out die 1 and run the script again. We need to eventually trigger the object error. PhREEEk Quote Link to comment Share on other sites More sharing options...
hhawkins Posted November 15, 2007 Author Share Posted November 15, 2007 It did make it to the die 2. So I will comment that out and try again Quote Link to comment Share on other sites More sharing options...
hhawkins Posted November 15, 2007 Author Share Posted November 15, 2007 Okay it made it through all the die's But one thing I noticed - /* End POST data /* GET data Array ( [error] => newmemblank ) /* End GET data Quote Link to comment Share on other sites More sharing options...
hhawkins Posted November 16, 2007 Author Share Posted November 16, 2007 Well I look at this today and realize the [error] is just generated by the code and not an actual error. Anyway that page appears to be fine. This is how the page comes up with the debugging code. Which makes me think it isn't the sqlpull that is causing the error. Quote Link to comment Share on other sites More sharing options...
PHP_PhREEEk Posted November 16, 2007 Share Posted November 16, 2007 The image isn't coming through. Did you link it to a publicly available server? PhREEEk Quote Link to comment Share on other sites More sharing options...
hhawkins Posted November 16, 2007 Author Share Posted November 16, 2007 Quote Link to comment Share on other sites More sharing options...
PHP_PhREEEk Posted November 16, 2007 Share Posted November 16, 2007 Are you using the newly formatted inc_sql.php? If so, line 35 is this: if( !$this->result = $this->dbconn->query($sql) ) { Note dbconn referenced Note in the globals var_dump: $dbc => ( object(DBI)#1 (4) { ["dbconn"]=> object(mysqli)#2 (0) { } And I said it was strange that dbconn had no value. I think that is where the problem is... PhREEEk Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.