briand74 Posted January 7, 2008 Share Posted January 7, 2008 I have some contact form scripts on a shared webhosting server that have worked fine until they upgraded the server. I'm not sure, but they may have upgraded the version of PHP (now 4.4.7, it may have been 4.3.x). They also upgraded cpanel to ver 11. ini_set and phpinfo have been disabled, but shouldn't affect scripts in question. No errors are being reported. By the way, I'm not a programmer. I just have a website that has grown, and have taught my self enough to lift good stuff and make it work. Anyway, after a day and a half I have narrowed it down to the $_POST array is empty. The form method is post. If I change to get, what I'm expecting shows up. The web hosting tech support is useless. You can only contact them via 128 character limit online form, and in 12-24 hours you'll get back a one line answer, usually that everything is OK on their servers. Here is the url of the contact form: http://waynealumni.org/contactme.php I have some debug code in there right now. The variable $op should come back as ds after submitting. Because it's empty, the form block just keeps displaying. Since I haven't changed the code, don't know if it will help to post it here, it worked fine last week and I didn't change it. I made a small script using ini_get_all to see the php settings. Didn't see much except ini_set and phpinfo are disabled. I do have a ticket in, but don't expect much help. Short of moving my website, I was wondering if anyone has experienced a similar situation of $_POST being empty when it shouldn't, or anything else that might point me to a solution. Thanks Quote Link to comment https://forums.phpfreaks.com/topic/84795-solved-_post-superglobal-empty/ Share on other sites More sharing options...
revraz Posted January 7, 2008 Share Posted January 7, 2008 Post the Form code and the .php code (if they are seperate) so we can see if there are any obvious errors. Chances are they turned off Register Globals and you may not be assigning variables. Quote Link to comment https://forums.phpfreaks.com/topic/84795-solved-_post-superglobal-empty/#findComment-432263 Share on other sites More sharing options...
briand74 Posted January 7, 2008 Author Share Posted January 7, 2008 Here is the code, just changed my email and name: <?php $page_title = 'Contact Webmaster'; include ('./includes/header_1.htm'); ?> <h2 class="clearleft"><a id="maincontent"></a></h2> </div><div class="clear"></div> <?php //Start of the contact form $email_address = "justme@myisp.com"; $sender_name = @$_POST['sender_name']; $sender_email = @$_POST['sender_email']; $subject = "Wayne Alumni Contact"; $message = @$_POST['message']; $op = @$_POST['op']; $form_block = " <form method=\"POST\" action=\"$_SERVER[php_SELF]\"> <fieldset> <legend>To: Fred Zeppelin</legend> <label for=\"sender_name\">Name:</label> <input id=\"sender_name\" type=\"text\" name=\"sender_name\" value=\"$sender_name\" size=\"30\" /><br /> <label for=\"sender_email\">Your E-Mail:</label> <input id=\"sender_email\" type=\"text\" name=\"sender_email\" value=\"$sender_email\" size=\"30\" /><br /> <!-- <label for=\"subject\">Subject</label> <input id=\"subject\" type=\"text\" name=\"subject\" value=\"$subject\" size=\"30\" /><br /> --> <label for=\"message\">Message</label> <textarea id=\"message\" name=\"message\" cols=\"40\" rows=\"15\">$message</textarea><br /> <input class=\"hidden\" type=\"hidden\" name=\"op\" value=\"ds\" /><br /> <input class=\"submitbutton\" type=\"submit\" name=\"submit\" value=\"Send E-Mail\" /> </fieldset> </form>"; // First, make sure the form was posted from a browser. // For basic web-forms, we don't care about anything // other than requests from a browser: if(!isset($_SERVER['HTTP_USER_AGENT'])){ die("Forbidden - You are not authorized to view this page"); exit; } // Make sure the form was indeed POST'ed: // (requires your html form to use: action="post") if(!$_SERVER['REQUEST_METHOD'] == "POST"){ die("Forbidden - You are not authorized to view this page"); exit; } // Host names from where the form is authorized // to be posted from: $authHosts = array("waynealumni.org", "basketball.waynealumni.org", "soccer.waynealumni.org"); // Where have we been posted from? $fromArray = parse_url(strtolower($_SERVER['HTTP_REFERER'])); // Test to see if the $fromArray used www to get here. $wwwUsed = strpos($fromArray['host'], "www."); // Make sure the form was posted from an approved host name. if(!in_array(($wwwUsed === false ? $fromArray['host'] : substr(stristr($fromArray['host'], '.'), 1)), $authHosts)){ logBadRequest(); header("HTTP/1.0 403 Forbidden"); exit; } // Attempt to defend against header injections: $badStrings = array("Content-Type:", "MIME-Version:", "Content-Transfer-Encoding:", "bcc:", "cc:"); // Loop through each POST'ed value and test if it contains // one of the $badStrings: foreach($_POST as $k => $v){ foreach($badStrings as $v2){ if(strpos($v, $v2) !== false){ logBadRequest(); header("HTTP/1.0 403 Forbidden"); exit; } } } // Made it past spammer test, free up some memory // and continue rest of script: unset($k, $v, $v2, $badStrings, $authHosts, $fromArray, $wwwUsed); // debug section 1/5/08 bwd echo 'display_errors = ' . ini_get('display_errors') . "\n"; echo 'register_globals = ' . ini_get('register_globals') . "\n"; echo 'variables_order = ' . ini_get('variables_order') . "\n"; echo 'track_vars = ' . ini_get('track_vars') . "\n"; print "<pre>"; print_r($_POST); print "</pre>"; echo "\$op = $op <br />\n"; //bwd 1/5/08 debugging if ($op != "ds") { // they need to see the form echo "$form_block"; } else if ($op == "ds") { //This is the line of code stopping the email injection attack if(eregi("MIME-Version: ",$_POST['sender_name'].$_POST['sender_email'].$_POST['message'])){die('Connection problem, try later.'); //end of code } if ($sender_name == "") { // check value of $_POST[sender_name] $name_err = "<p class=\"error\"> Please enter your name!</p>"; $send = "no"; } if ((!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $sender_email))) { // check value of $_POST[sender_email] is valid email address $email_err = "<p class=\"error\">Sorry you have entered an invalid email address, please check and try again</p>"; $send = "no"; } //if ($sender_email == "") { //check value of $_POST[sender_email]; //$email_err = "<p class=\"error\">Please enter your e-mail address!</p>"; //$send = "no"; //} if ($message == "") { // check value of $_POST[message] $message_err = "<p class=\"error\">Please enter a message!</p>"; $send = "no"; } if (@$send != "no") { // it's ok to send so build the mail $to = "$email_address"; $subject = "$subject"; $mailheaders = "From: $sender_name\r\n"; $mailheaders .= "Reply-To: $sender_email\r\n"; $msg = "E-MAIL SENT FROM THE PAGE\r\n"; $msg .= "Sender's Name: $sender_name\r\n"; $msg .= "Sender's E-Mail: $sender_email\r\n"; $msg .= "Message: $message\r\n"; mail($to, $subject, $msg, $mailheaders); echo "<p>Thank you, $sender_name, your message has been sent. </p>"; } else if ($send == "no") { echo "$name_err"; echo "$email_err"; echo "$message_err"; echo "$form_block"; } } // Include the HTML footer. include ('./includes/footer_2.htm'); ?> Quote Link to comment https://forums.phpfreaks.com/topic/84795-solved-_post-superglobal-empty/#findComment-432272 Share on other sites More sharing options...
btherl Posted January 7, 2008 Share Posted January 7, 2008 Have you tried posting to a simple script like this: <?php var_dump($_POST); ?> If that doesn't work, then it'll fit into the 128 charater limit If it does work, then you know that the problem is in the script rather than in the webserver. Quote Link to comment https://forums.phpfreaks.com/topic/84795-solved-_post-superglobal-empty/#findComment-432291 Share on other sites More sharing options...
PFMaBiSmAd Posted January 7, 2008 Share Posted January 7, 2008 If your total post data exceeds post_max_size, then the $_POST array will be empty. Add the following and post what you get (exactly) - echo 'post_max_size = ' . ini_get('post_max_size') . "<br />\n"; Quote Link to comment https://forums.phpfreaks.com/topic/84795-solved-_post-superglobal-empty/#findComment-432292 Share on other sites More sharing options...
briand74 Posted January 7, 2008 Author Share Posted January 7, 2008 Here is the post_max_size ini setting: post_max_size = 2M Quote Link to comment https://forums.phpfreaks.com/topic/84795-solved-_post-superglobal-empty/#findComment-432296 Share on other sites More sharing options...
redarrow Posted January 7, 2008 Share Posted January 7, 2008 set it to 8m my opinion Quote Link to comment https://forums.phpfreaks.com/topic/84795-solved-_post-superglobal-empty/#findComment-432299 Share on other sites More sharing options...
cyber_ghost Posted January 7, 2008 Share Posted January 7, 2008 ok .. please see if the php.ini settings > register_globals is set to "On".. this issue about the empty $_POST[] is already one of my head ache last time..... IIS/PHP...... and after setting.. then restart the machine... this thing works for me perfectly... i hope it work for you.... hoping this help..... Quote Link to comment https://forums.phpfreaks.com/topic/84795-solved-_post-superglobal-empty/#findComment-432318 Share on other sites More sharing options...
briand74 Posted January 7, 2008 Author Share Posted January 7, 2008 I tried a simple form and then used: <?php var_dump($_POST); ?> It seems to work. I got back the fields that were posted. register_globals is off The web host is running Linux - I can't control php.ini, maybe they can increase to local setting to 8M? ini_set is disabled. Is this my best course, or is something wrong in the script? Quote Link to comment https://forums.phpfreaks.com/topic/84795-solved-_post-superglobal-empty/#findComment-432325 Share on other sites More sharing options...
redarrow Posted January 7, 2008 Share Posted January 7, 2008 register_globals is set to "On" << never have on unless you exspect no trouble and the web site is not live register_globals is a bad function in the php.ini to have set to on never do so (hackers love it) trust me mate......... just use the mysql_real_esape_string() when posting any variales....... strip_slashes might help looking quickly at your code......... Quote Link to comment https://forums.phpfreaks.com/topic/84795-solved-_post-superglobal-empty/#findComment-432327 Share on other sites More sharing options...
btherl Posted January 7, 2008 Share Posted January 7, 2008 Ok, now that you've verified that var_dump($_POST) works in another script, try it in your contact script. Test it at the very top, and also further down. That should give you enough information. What you should see is that it works at the very top, but suddenly the variables vanish further down. That means they were clobbered inbetween. You might also want to try removing the "@" from the assignments. I don't know why that would make a difference but maybe it will. You can use binary search to find where the variables are being clobbered. Quote Link to comment https://forums.phpfreaks.com/topic/84795-solved-_post-superglobal-empty/#findComment-432332 Share on other sites More sharing options...
redarrow Posted January 7, 2008 Share Posted January 7, 2008 TRY A TEST MAIL SHOT..... your php hosting company might off stopped users sending emails this has become a problam for some time now try this code to see if u are still allowed to send mail <?php $to = 'bob@barnyard.com'; $subject = 'Wakeup bob!'; $message = '<b>yo</b>, whassup?'; $headers = "From: server@barnyard.com\r\n" . 'X-Mailer: PHP/' . phpversion() . "\r\n" . "MIME-Version: 1.0\r\n" . "Content-Type: text/html; charset=utf-8\r\n" . "Content-Transfer-Encoding: 8bit\r\n\r\n"; // Send mail($to, $subject, $message, $headers); ?> it might not even be the code trust me! Quote Link to comment https://forums.phpfreaks.com/topic/84795-solved-_post-superglobal-empty/#findComment-432336 Share on other sites More sharing options...
briand74 Posted January 7, 2008 Author Share Posted January 7, 2008 Adding <?php var_dump($_POST); ?> to my script at the top showed nothing coming back. Removing the @ from the assignments also didn't help. Quote Link to comment https://forums.phpfreaks.com/topic/84795-solved-_post-superglobal-empty/#findComment-432355 Share on other sites More sharing options...
redarrow Posted January 7, 2008 Share Posted January 7, 2008 replace <form method=\"POST\" action=\"$_SERVER[php_SELF]\"> to this then try <form method=\"POST\" action=\" \"> Quote Link to comment https://forums.phpfreaks.com/topic/84795-solved-_post-superglobal-empty/#findComment-432356 Share on other sites More sharing options...
briand74 Posted January 7, 2008 Author Share Posted January 7, 2008 Great, some progress. Removing the <form method=\"POST\" action=\"$_SERVER[php_SELF]\"> and replacing with <form method=\"POST\" action=\" \"> seems to have worked. All my $_POST values come back, and the form block is replaced with the mail was sent message. If the action is blank, does it default to self, or what? I will marked this solved, but would like to understand first if anyone would care to comment. My mail is not being delivered, but it looks like a new problem. My send mail path looks wrong to me. Quote Link to comment https://forums.phpfreaks.com/topic/84795-solved-_post-superglobal-empty/#findComment-432366 Share on other sites More sharing options...
PFMaBiSmAd Posted January 7, 2008 Share Posted January 7, 2008 That is pretty wild, because the way it was, without an echo statement would have resulted in an empty action="" statement, unless there was a php error actually being generated and inserted there (you could look at the view source of the page in your browser using the old code.) An empty parameter on the action="" means the "same" page. Likewise, no action parameter at all means the same page. Quote Link to comment https://forums.phpfreaks.com/topic/84795-solved-_post-superglobal-empty/#findComment-432402 Share on other sites More sharing options...
briand74 Posted January 7, 2008 Author Share Posted January 7, 2008 Interesting, must be that the previous version of PHP on the server treated it as empty, and for some reason now it doesn't. Oh well, thanks to redarrow and everyone else that helped. Brian Quote Link to comment https://forums.phpfreaks.com/topic/84795-solved-_post-superglobal-empty/#findComment-432415 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.