Registration, critical error

cyberdyne2 · March 19, 2013, 05:37:19 PM

The registration process of my gallery is resulting in a critical error. Only registration appears to cause the issue, I'm not experiencing it anywhere else.

QuoteCritical error
Script called without the required parameter(s). (username)

Website is -- www.londonallstars.co.uk/gallery

Username is: testing
Password is: testing

Debug mode is enabled.

Any help greatly appreciated.
Thank you.

Αndré · March 20, 2013, 09:17:48 AM

Please upgrade to the latest stable release (currently cpg1.5.22) and report if the issue still exists.

cyberdyne2 · March 20, 2013, 12:30:11 PM

I hadn't done so as the release states it is not essential. I will do so though.
Are you aware that the date for the new update is wrong on the news section?

Quote2011-08-01: cpg1.5.22 has been released. It fixes various issues, so all users of the cpg1.5.x series are encouraged to upgrade. The upgrade is not security-related.

cyberdyne2 · March 20, 2013, 01:10:35 PM

I am about to upgrade but wanted to add that I just noticed the following in my Coppermine database logs:

QuoteWhile executing query 'SELECT cid FROM cpg_categories WHERE lft BETWEEN AND ' in include/functions.inc.php on line 54 the following error was encountered:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND' at line 1

Αndré · March 20, 2013, 01:24:25 PM

Quote from: cyberdyne2 on March 20, 2013, 12:30:11 PM
Are you aware that the date for the new update is wrong on the news section?

Fixed. Thanks.

cyberdyne2 · March 20, 2013, 01:39:17 PM

OK update. Process seemed to go well but still receiving error on registration:

QuoteCritical error
Script called without the required parameter(s). (username)

File: [removed]/gallery/register.php - Line: 460

Site details remain as above.

Αndré · March 20, 2013, 01:58:26 PM

Please open register.php, find

Code Select

$user_name = trim(get_post_var('username'));
and above, add

Code Select

print_r($superCage->post->_source);print_r(trim($superCage->post->getEscaped('username')));pagefooter();die();

This won't fix your issue but prints the content of POST data. After you confirm to you have applied the change I'll try again to register in your gallery to see the new output.

cyberdyne2 · March 20, 2013, 02:02:27 PM

Change made.

My output after the change was:

Code Select

Array ( [username] => NewUser [password] => password [password_verification] => password [email] => test@fu.fu [user_profile1] => none [user_profile2] => none [agree] => 1 [confirmCode] => WPTRE [submit] => Submit registration )

Αndré · March 20, 2013, 02:03:32 PM

Please replace the new line with

Code Select

print_r($superCage->post->_source);print_r($superCage->post->getRaw('username'));pagefooter();die();

cyberdyne2 · March 20, 2013, 02:04:51 PM

Quote from: Αndré on March 20, 2013, 02:03:32 PM
Please replace the new line with
Code Select Expand
print_r($superCage->post->_source);print_r($superCage->post->getRaw('username'));pagefooter();die();

Done.

Αndré · March 20, 2013, 02:55:18 PM

It seems that there's an issue with the getEscaped method, the trim function or their combination.

Please replace the new line one more time with the following lines:

Code Select

    echo "<hr />trim(getEscaped): ";print_r(trim($superCage->post->getEscaped('username')));
    echo "<hr />getEscaped: ";print_r($superCage->post->getEscaped('username'));
    echo "<hr />trim(getRaw): ";print_r(trim($superCage->post->getRaw('username')));
    echo "<hr />getRaw: ";print_r($superCage->post->getRaw('username'));
    echo "<hr />";pagefooter();die();

cyberdyne2 · March 20, 2013, 02:58:00 PM

Quote from: Αndré on March 20, 2013, 02:55:18 PM
Please replace the new line one more time with the following lines:
Code Select Expand
echo "<hr />trim(getEscaped): ";print_r(trim($superCage->post->getEscaped('username'))); echo "<hr />getEscaped: ";print_r($superCage->post->getEscaped('username')); echo "<hr />trim(getRaw): ";print_r(trim($superCage->post->getRaw('username'))); echo "<hr />getRaw: ";print_r($superCage->post->getRaw('username')); echo "<hr />";pagefooter();die();

Done.
Thank you for your time André

Αndré · March 20, 2013, 03:07:55 PM

Output is

Quotetrim(getEscaped):
getEscaped:
trim(getRaw): André
getRaw: André

which means that the getEscaped function doesn't work for you. It does basically

Code Select

return mysql_real_escape_string(htmlspecialchars($value, ENT_QUOTES));
so lets try to figure out what exactly is wrong.

Updated code:

Code Select

    $_POST = $superCage->post->_source;
    echo "<hr />mysql_real_escape_string(htmlspecialchars({$_POST['username']}, ENT_QUOTES)): ".mysql_real_escape_string(htmlspecialchars($_POST['username'], ENT_QUOTES));
    echo "<hr />htmlspecialchars({$_POST['username']}, ENT_QUOTES): ".htmlspecialchars($_POST['username'], ENT_QUOTES);
    echo "<hr />htmlspecialchars({$_POST['username']}): ".htmlspecialchars($_POST['username']);
    echo "<hr />mysql_real_escape_string({$_POST['username']}): ".mysql_real_escape_string($_POST['username']);
    echo "<hr />";pagefooter();die();

cyberdyne2 · March 20, 2013, 03:09:40 PM

Quote from: Αndré on March 20, 2013, 03:07:55 PM
Updated code:
Code Select Expand
$_POST = $superCage->post->_source; echo "<hr />mysql_real_escape_string(htmlspecialchars({$_POST['username']}, ENT_QUOTES)): ".mysql_real_escape_string(htmlspecialchars($_POST['username'], ENT_QUOTES)); echo "<hr />htmlspecialchars({$_POST['username']}, ENT_QUOTES): ".htmlspecialchars($_POST['username'], ENT_QUOTES); echo "<hr />htmlspecialchars({$_POST['username']}): ".htmlspecialchars($_POST['username']); echo "<hr />mysql_real_escape_string({$_POST['username']}): ".mysql_real_escape_string($_POST['username']); echo "<hr />";pagefooter();die();

I got the same results.
Update done.

Αndré · March 20, 2013, 03:16:33 PM

Quotemysql_real_escape_string(htmlspecialchars(André, ENT_QUOTES)):
htmlspecialchars(André, ENT_QUOTES): André
htmlspecialchars(André): André
mysql_real_escape_string(André):

If we don't use mysql_real_escape_string it works as expected. What's your PHP version? Do you find anything at the phpinfo about that function?

cyberdyne2 · March 20, 2013, 03:20:23 PM

Quote from: Αndré on March 20, 2013, 03:16:33 PM
If we don't use mysql_real_escape_string it works as expected. What's your PHP version?

PHP Version 5.2.9

Quote from: Αndré on March 20, 2013, 03:16:33 PMDo you find anything at the phpinfo about that function?

Nothing found relating to that, no. I will look again but a search found nothing.

cyberdyne2 · March 20, 2013, 03:26:56 PM

Can I PM you a link to a php info page ?

Αndré · March 20, 2013, 03:31:22 PM

Quote from: cyberdyne2 on March 20, 2013, 03:26:56 PM
Can I PM you a link to a php info page ?

I'll send you my contact details directly after this post. But as I'm not sure if I'll find anything helpful, please also ask your hosting provider what could be wrong with that function in the meanwhile.

cyberdyne2 · March 20, 2013, 03:32:19 PM

OK, will do. Thank you André

cyberdyne2 · March 20, 2013, 04:03:54 PM

Does this help? I don't know enough about MySql / PHP to know if this alternative code would make a difference.
Thank you.

QuotePut mysql_connect("host", "user", "pass") or die('save_failed'); before mysql_real_escape_string.

http://stackoverflow.com/questions/7803522/mysql-real-escape-string-works-in-localhost-but-not-on-webserver

coppermine-gallery.com/forum

News:

Registration, critical error

cyberdyne2

Αndré

cyberdyne2

cyberdyne2

Αndré

cyberdyne2

Αndré

cyberdyne2

Αndré

cyberdyne2

Αndré

cyberdyne2

Αndré

cyberdyne2

Αndré

cyberdyne2

cyberdyne2

Αndré

cyberdyne2

cyberdyne2