Registration, critical error Registration, critical error
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Registration, critical error

Started by cyberdyne2, March 19, 2013, 05:37:19 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

cyberdyne2

The registration process of my gallery is resulting in a critical error. Only registration appears to cause the issue, I'm not experiencing it anywhere else.

QuoteCritical error
Script called without the required parameter(s). (username)

Website is -- www.londonallstars.co.uk/gallery

Username is: testing
Password is: testing

Debug mode is enabled.

Any help greatly appreciated.
Thank you.
v.1.5.22

Αndré

Please upgrade to the latest stable release (currently cpg1.5.22) and report if the issue still exists.

cyberdyne2

I hadn't done so as the release states it is not essential. I will do so though.
Are you aware that the date for the new update is wrong on the news section?
Quote2011-08-01: cpg1.5.22 has been released. It fixes various issues, so all users of the cpg1.5.x series are encouraged to upgrade. The upgrade is not security-related.
v.1.5.22

cyberdyne2

I am about to upgrade but wanted to add that I just noticed the following in my Coppermine database logs:

QuoteWhile executing query 'SELECT cid FROM cpg_categories WHERE lft BETWEEN AND ' in include/functions.inc.php on line 54 the following error was encountered:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND' at line 1
v.1.5.22

Αndré

Quote from: cyberdyne2 on March 20, 2013, 12:30:11 PM
Are you aware that the date for the new update is wrong on the news section?
Fixed. Thanks.

cyberdyne2

#5
OK update. Process seemed to go well but still receiving error on registration:

QuoteCritical error
Script called without the required parameter(s). (username)

File: [removed]/gallery/register.php - Line: 460

Site details remain as above.
v.1.5.22

Αndré

Please open register.php, find
$user_name = trim(get_post_var('username'));
and above, add
print_r($superCage->post->_source);print_r(trim($superCage->post->getEscaped('username')));pagefooter();die();

This won't fix your issue but prints the content of POST data. After you confirm to you have applied the change I'll try again to register in your gallery to see the new output.

cyberdyne2

Change made.

My output after the change was:
Array ( [username] => NewUser [password] => password [password_verification] => password [email] => test@fu.fu [user_profile1] => none [user_profile2] => none [agree] => 1 [confirmCode] => WPTRE [submit] => Submit registration )
v.1.5.22

Αndré

Please replace the new line with
print_r($superCage->post->_source);print_r($superCage->post->getRaw('username'));pagefooter();die();

cyberdyne2

Quote from: Αndré on March 20, 2013, 02:03:32 PM
Please replace the new line with
print_r($superCage->post->_source);print_r($superCage->post->getRaw('username'));pagefooter();die();

Done.
v.1.5.22

Αndré

It seems that there's an issue with the getEscaped method, the trim function or their combination.

Please replace the new line one more time with the following lines:
    echo "<hr />trim(getEscaped): ";print_r(trim($superCage->post->getEscaped('username')));
    echo "<hr />getEscaped: ";print_r($superCage->post->getEscaped('username'));
    echo "<hr />trim(getRaw): ";print_r(trim($superCage->post->getRaw('username')));
    echo "<hr />getRaw: ";print_r($superCage->post->getRaw('username'));
    echo "<hr />";pagefooter();die();

cyberdyne2

Quote from: Αndré on March 20, 2013, 02:55:18 PM
Please replace the new line one more time with the following lines:
    echo "<hr />trim(getEscaped): ";print_r(trim($superCage->post->getEscaped('username')));
    echo "<hr />getEscaped: ";print_r($superCage->post->getEscaped('username'));
    echo "<hr />trim(getRaw): ";print_r(trim($superCage->post->getRaw('username')));
    echo "<hr />getRaw: ";print_r($superCage->post->getRaw('username'));
    echo "<hr />";pagefooter();die();


Done.
Thank you for your time André
v.1.5.22

Αndré

Output is
Quotetrim(getEscaped):
getEscaped:
trim(getRaw): André
getRaw: André
which means that the getEscaped function doesn't work for you. It does basically
return mysql_real_escape_string(htmlspecialchars($value, ENT_QUOTES));
so lets try to figure out what exactly is wrong.

Updated code:
    $_POST = $superCage->post->_source;
    echo "<hr />mysql_real_escape_string(htmlspecialchars({$_POST['username']}, ENT_QUOTES)): ".mysql_real_escape_string(htmlspecialchars($_POST['username'], ENT_QUOTES));
    echo "<hr />htmlspecialchars({$_POST['username']}, ENT_QUOTES): ".htmlspecialchars($_POST['username'], ENT_QUOTES);
    echo "<hr />htmlspecialchars({$_POST['username']}): ".htmlspecialchars($_POST['username']);
    echo "<hr />mysql_real_escape_string({$_POST['username']}): ".mysql_real_escape_string($_POST['username']);
    echo "<hr />";pagefooter();die();

cyberdyne2

Quote from: Αndré on March 20, 2013, 03:07:55 PM
Updated code:
    $_POST = $superCage->post->_source;
    echo "<hr />mysql_real_escape_string(htmlspecialchars({$_POST['username']}, ENT_QUOTES)): ".mysql_real_escape_string(htmlspecialchars($_POST['username'], ENT_QUOTES));
    echo "<hr />htmlspecialchars({$_POST['username']}, ENT_QUOTES): ".htmlspecialchars($_POST['username'], ENT_QUOTES);
    echo "<hr />htmlspecialchars({$_POST['username']}): ".htmlspecialchars($_POST['username']);
    echo "<hr />mysql_real_escape_string({$_POST['username']}): ".mysql_real_escape_string($_POST['username']);
    echo "<hr />";pagefooter();die();


I got the same results.
Update done.
v.1.5.22

Αndré

Quotemysql_real_escape_string(htmlspecialchars(André, ENT_QUOTES)):
htmlspecialchars(André, ENT_QUOTES): André
htmlspecialchars(André): André
mysql_real_escape_string(André):

If we don't use mysql_real_escape_string it works as expected. What's your PHP version? Do you find anything at the phpinfo about that function?

cyberdyne2

Quote from: Αndré on March 20, 2013, 03:16:33 PM
If we don't use mysql_real_escape_string it works as expected. What's your PHP version?

PHP Version 5.2.9

Quote from: Αndré on March 20, 2013, 03:16:33 PMDo you find anything at the phpinfo about that function?

Nothing found relating to that, no. I will look again but a search found nothing.
v.1.5.22

cyberdyne2

Can I PM you a link to a php info page ?
v.1.5.22

Αndré

Quote from: cyberdyne2 on March 20, 2013, 03:26:56 PM
Can I PM you a link to a php info page ?
I'll send you my contact details directly after this post. But as I'm not sure if I'll find anything helpful, please also ask your hosting provider what could be wrong with that function in the meanwhile.

cyberdyne2

v.1.5.22

cyberdyne2

Does this help? I don't know enough about MySql / PHP to know if this alternative code would make a difference.
Thank you.

QuotePut mysql_connect("host", "user", "pass") or die('save_failed'); before mysql_real_escape_string.

http://stackoverflow.com/questions/7803522/mysql-real-escape-string-works-in-localhost-but-not-on-webserver
v.1.5.22