Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest sNews - sNews 1.7 - with its own forums - for discussion and user mods.

Author Topic: PATCHES - PHP Warning Notices with error Reporting on  (Read 4410 times)

Keyrocks

  • Doug
  • Administrator
  • ULTIMATE member
  • ******
  • Karma: 451
  • Posts: 6288
  • Semantically Challenged
    • snews.ca
PATCHES - PHP Warning Notices with error Reporting on
« on: February 11, 2012, 05:53:24 PM »

NOTE: This applies to snews 1.7.1 and all earlier versions

When developing PHP scripts offline (on your localhost virtual server) it is always a good idea to enable error reporting at the top of your PHP file so that any problems with your scripts will be identified with a PHP Warning Notice. You can enable error reporting at the top if your snews.php file by replacing error_reporting(0); (error reporting is disabled) with error_reporting(-1); or error_reporting(E_ALL); which will show all PHP errors and notices.

Sibas ran a PHP report_errors check on Feb.07.12 and found dozens of PHP Warning Notices being reported with one of his projects using snews 1.7.1. I had never done this before so I did, and came up with a number of patches to eliminate all of them.

The patches that follow in the next post(s) apply only to snews 1.7.1 and all earlier versions.

NOTE: These patches have not yet been applied to the sNews 1.7.1 Official Download package. The still need to be reviewed by the 'sNews Dudes' and will be applied once they have approved them. I'll revise this post once that has been done.  :)
« Last Edit: February 11, 2012, 09:51:54 PM by Keyrocks »
Logged
Do it now... later may not come.
-------------------------------------------------------------------------------------------------
sNews 1.6 MESU | sNews 1.6 MEMU

Keyrocks

  • Doug
  • Administrator
  • ULTIMATE member
  • ******
  • Karma: 451
  • Posts: 6288
  • Semantically Challenged
    • snews.ca
Re: PHP Warning Notices with error Reporting on
« Reply #1 on: February 11, 2012, 06:02:00 PM »

OK... the first step will be to eliminate the "Cannot modify header information" Notice as identified here by Sibas on Feb.07.12. I'll repeat the cause of the problem and the solution here as I posted it on the other thread.

In the //NOTIFICATION function, this section generates notification messages for type 2 errors, which includes META information to be included in the <head> of the template (index.php) file refreshes the page after logging in:
Code: [Select]
<?php

if (
$error == 2) {
$_SESSION[_SITE.'fatal'] = $note == '' '' '<h3>'.$title.'</h3>'.$note.$goto;
echo '<meta http-equiv="refresh" content="0; url='._SITE.$link.'/">';
return;
}

?>


The section of script in snews.php that checks the login form information when the user submits it uses notification strings with type 2 error in each of three condition states... and this is being parsed before  header('HTTP/1.1 404 Not Found'); is parsed. It must be parsed after header('HTTP/1.1 404 Not Found'); is parsed.

THE SOLUTION

So, the solution is to relocate the section of script that checks the login form information so that it is being parsed after header('HTTP/1.1 404 Not Found'); is parsed.

For sNews 1.7.1 before Feb.11.2012: If you are using sNews 1.7.1 downloaded from the official download page before February 11, 2012... find this section of script in your snews.php file and delete it:
Code: [Select]
<?php

if(isset($_POST['Loginform']) && !_ADMIN) {
$user checkUserPass($_POST['uname']);
$pass checkUserPass($_POST['pass']);
unset($_POST['uname'],$_POST['pass']);
// Patch #18 - 1.7.1 - revised string by KikkoMax
if (checkMathCaptcha() && md5($user) === s('username') && md5($pass) === s('password')) {
//if (md5($user) === s('username') && md5($pass) === s('password') && checkMathCaptcha()) {
$_SESSION[_SITE.'Logged_In'] = token();
notification(2,'','administration');
} else { die( notification(2,l('err_Login'),'login')); }
}

if(
$_POST['submit_text'] && !_ADMIN){
die (notification(2,l('error_not_logged_in'),'home'));
}

?>


Then, copy this replacement section and paste it into your snews.php file just above //TITLE (which is where function title() starts).
NOTE: This section has been slightly modified to eliminate a PHP Warning Notice.
Code: [Select]
<?php // DO NOT COPY THIS TAG

if(isset($_POST['Loginform']) && !_ADMIN) {
$user checkUserPass($_POST['uname']);
$pass checkUserPass($_POST['pass']);
unset($_POST['uname'],$_POST['pass']);
# Validates Username, Password and MatchCaptcha (if enabled)
if (md5($user) === s('username') && md5($pass) === s('password') && checkMathCaptcha()) {
# Validates Username and Password Only
//if (md5($user) === s('username') && md5($pass) === s('password')) {
$_SESSION[_SITE.'Logged_In'] = token();
notification(2,'','administration');
} else {
die( notification(2,l('err_Login'),'login'));
}
}
if(isset(
$_POST['submit_text']) && !_ADMIN){   // Added: isset() to eliminate PHP warning notice
die (notification(2,l('error_not_logged_in'),'home'));
}

// DO NOT COPY THIS TAG ?>

« Last Edit: February 12, 2012, 04:23:35 AM by Keyrocks »
Logged
Do it now... later may not come.
-------------------------------------------------------------------------------------------------
sNews 1.6 MESU | sNews 1.6 MEMU

Keyrocks

  • Doug
  • Administrator
  • ULTIMATE member
  • ******
  • Karma: 451
  • Posts: 6288
  • Semantically Challenged
    • snews.ca
Re: PHP Warning Notices with error Reporting on
« Reply #2 on: February 11, 2012, 06:28:00 PM »

These next steps will eliminate all of the other PHP Warning Notices being reported when error_reporting is enabled to show all errors in snews.php. I won't use line number to identify them all as they would only be accurate if we were searching a default, un-modified snews.php file for 1.7.1 and you would likely want to check apply these patches to all modified snews.php files you are using... including older versions of 1.6 or earlier. So I'll just use search references for snews 1.7.1 in this exercise.

1. Search for: if (!empty($_GET['category'])) and copy/paste global $articleSEF; just above it. This eliminates an Undefined variable: articleSEF Notice by defining the variable as a global variable at the start of that section of script.

2. Search for:
Code: [Select]
<?php

if(!empty(
$R['description_meta']))  $_DESCR $R['description_meta']; else $_DESCR $R['description'];

?>

... which should be about 4 lines above //TITLE (start of function title() ) in a default, un-modded snews.php (1.7.1). Replace it with this new string (excluding the PHP tags of course):
Code: [Select]
<?php

if(!empty(
$R['description_meta']))  $_DESCR $R['description_meta']; else $_DESCR = isset($R['description']);

?>

This eliminates an Undefined variable: R Notice by wrapping $R['description'] at the end of the string with PHP's isset() function to confirm that the variable does have a value defined - description - in this case.

3. Search for: function center() { and, copy/paste global $action; below it. This eliminates 23 Undefined variable: action notices by defining "action" as a global variable at the start of the function.

4. Search for: // ARTICLES, which is where function articles() starts. The first line in the function is a global string containing all of the global variables used in the function. At the end of the string, between $_XNAME and the ending semi-colon, copy/paste , $num . This eliminates 3 Undefined variable: num notices by defining "num" as a global variable at the start of the function.

5. Search for: if ($r['csef']) $uri = $r['xsef'] which is the first part of a longer string, and replace it with if (isset($r['csef'])) $uri = $r['xsef'] . This eliminates an Undefined index: csef notice by adding PHP's isset() function to the first instance of $r['csef'] to confirm that the r variable does have a value defined... in this case it is csef.

6. Search for: // ARCHIVE and, after the function's first line, add global $last; - again, this eliminates another undefined variable: notice for - in this case - last by defining the variable as a global at the start of the function.

7. Search for: // CATEGORIES FORM and just below the function's first line, add this new global variables string - global $frm_name, $categoryid, $catorder; - this eliminates 3 undefined variable notices for each of the three variables by defining them at the start of the function.

[PAUSE] By now... you are likely beginning to see a pattern here... that all of the notices are due to variables not being defined properly... and we're just defining them as wel go along. [/PAUSE]  8)

8. Search for: $frm_sef_title = $_POST['name'] and replace it with $frm_sef_title = isset($_POST['name']) - and again, we're wrapping the variable with PHP's isset() function to confirm that the value for $_POST is defined, thereby eliminating an undefined index notice for (in this case) name.

9. Search for: // ARTICLES FORM and below the first line of the function, add global $edit_option, $article_category, $r; - in this case we're defining three variables as global variables at the start of the function to eliminate another 3 Undefined variable notices that were being generated on the admin's "New Article" panel.

10. Further down in the // ARTICLES FORM function, locate these five strings:
Code: [Select]
<?php

$frm_title $_SESSION[_SITE.'temp']['title'];
$frm_sef_title cleanSEF($_SESSION[_SITE.'temp']['seftitle']);
$frm_text $_SESSION[_SITE.'temp']['text'];
$frm_meta_desc cleanSEF($_SESSION[_SITE.'temp']['description_meta']);
$frm_meta_key cleanSEF($_SESSION[_SITE.'temp']['keywords_meta']);

?>


... we need to wrap the $_SESSION variables (and their values) in all 5 strings with isset() in order to eliminate 5 Undefined index notices.
Replace them with these new strings (excluding the PHP tags, of course):
Code: [Select]
<?php

$frm_title = isset($_SESSION[_SITE.'temp']['title']); // added isset()
$frm_sef_title cleanSEF(isset($_SESSION[_SITE.'temp']['seftitle'])); // added isset()
$frm_text = isset($_SESSION[_SITE.'temp']['text']); // added isset()
$frm_meta_desc cleanSEF(isset($_SESSION[_SITE.'temp']['description_meta'])); // added isset()
$frm_meta_key cleanSEF(isset($_SESSION[_SITE.'temp']['keywords_meta'])); // added isset()

?>


11. Search snews.php for: // FILES and, after the first line of the function, add in global $file; - this eliminates an Undefined variable: file notice by defining the variable at the start of the function.

12. Search for: function retrieve and below that string (the start of the function) add in global $retrieve; - in this case to eliminate an Undefined variable: retrieve notice.
« Last Edit: February 11, 2012, 09:03:40 PM by Keyrocks »
Logged
Do it now... later may not come.
-------------------------------------------------------------------------------------------------
sNews 1.6 MESU | sNews 1.6 MEMU

Keyrocks

  • Doug
  • Administrator
  • ULTIMATE member
  • ******
  • Karma: 451
  • Posts: 6288
  • Semantically Challenged
    • snews.ca
Re: PHP Warning Notices with error Reporting on
« Reply #3 on: February 11, 2012, 08:17:18 PM »

Time Zone Setting Issue

You may also encounter a few Strict Standards PHP Warning Notices associated with:
   strtotime() [function.strtotime]:
   date() [function.date]:
In both cases, the following will accompany the Notices:
Quote
It is not safe to rely on the system's timezone settings. Please use the date.timezone setting, the TZ environment variable or the date_default_timezone_set() function In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier.

These Notices are caused by using date(s('date_format') and strtotime($r['date']) to define the values for $a_date_format in the // ARTICLES function, and $date in the // MENU ARTICLES function.

I came across a solution (contributed by daneiracleous at gmail-dot-com - January 28, 2012) at PHP.net - Manual that uses a script to automatically set the local default time zone used by the date/time functions.

REVISED: The best location for this script in snews.php is just below the // DATABASE VARIABLES function near the top of the file.
Code: [Select]
<?php // DO NOT COPY THIS TAG

if(!isset($_SESSION['timezone'])) {
    if(!isset(
$_REQUEST['offset'])) {
    
?>

    <script>
    var d = new Date()
    var offset= -d.getTimezoneOffset()/60;
    location.href = "<?php echo $_SERVER['PHP_SELF']; ?>?offset="+offset;
    </script>
    <?php
    
} else {
        
$zonelist = array('Kwajalein' => -12.00'Pacific/Midway' => -11.00'Pacific/Honolulu' => -10.00'America/Anchorage' => -9.00'America/Los_Angeles' => -8.00'America/Denver' => -7.00'America/Tegucigalpa' => -6.00'America/New_York' => -5.00'America/Caracas' => -4.30'America/Halifax' => -4.00'America/St_Johns' => -3.30'America/Argentina/Buenos_Aires' => -3.00'America/Sao_Paulo' => -3.00'Atlantic/South_Georgia' => -2.00'Atlantic/Azores' => -1.00'Europe/Dublin' => 0'Europe/Belgrade' => 1.00'Europe/Minsk' => 2.00'Asia/Kuwait' => 3.00'Asia/Tehran' => 3.30'Asia/Muscat' => 4.00'Asia/Yekaterinburg' => 5.00'Asia/Kolkata' => 5.30'Asia/Katmandu' => 5.45'Asia/Dhaka' => 6.00'Asia/Rangoon' => 6.30'Asia/Krasnoyarsk' => 7.00'Asia/Brunei' => 8.00'Asia/Seoul' => 9.00'Australia/Darwin' => 9.30'Australia/Canberra' => 10.00'Asia/Magadan' => 11.00'Pacific/Fiji' => 12.00'Pacific/Tongatapu' => 13.00);
        
$index array_keys($zonelist$_REQUEST['offset']);
        
$_SESSION['timezone'] = $index[0];
    }
}
date_default_timezone_set($_SESSION['timezone']);

// DO NOT COPY THIS TAG ?>

« Last Edit: February 12, 2012, 06:31:27 PM by Keyrocks »
Logged
Do it now... later may not come.
-------------------------------------------------------------------------------------------------
sNews 1.6 MESU | sNews 1.6 MEMU

Keyrocks

  • Doug
  • Administrator
  • ULTIMATE member
  • ******
  • Karma: 451
  • Posts: 6288
  • Semantically Challenged
    • snews.ca
Re: PATCHES - PHP Warning Notices with error Reporting on
« Reply #4 on: February 12, 2012, 04:21:21 AM »

WARNING: DO NOT APPLY THESE CHANGES - STILL BUGGY - STILL WORKING ON IT
Using the changes below will alter your database data badly - always back up your database beforehand!!!

Well... it appears we are not done getting rid of all the PHP Warning Notices yet. Sibas discovered some more.
So let's get to it... in function processing():

There are two large sets of variable = value strings and almost all of the strings in both sets need to have isset() applied in them.

First Set - starting with $action and ending with $publish_category
... replace them all with:
Code: [Select]
<?php // DO NOT COPY THIS TAG

$action clean(cleanXSS(isset($_GET['action'])));
  
$id clean(cleanXSS(isset($_GET['id'])));
  
$commentid = isset($_POST['commentid']);
  
$approved = isset($_POST['approved']) == 'on' 'True' '';
  
$name clean(entity(isset($_POST['name'])));
  
$category = !empty($_POST['define_category']) ? $_POST['define_category'] : 0;
  
$subcat = isset($_POST['subcat']);
  
$page = isset($_POST['define_page']);
  
$def_extra = isset($_POST['define_extra']);
  
$description clean(entity(isset($_POST['description'])));
  
$title clean(entity(isset($_POST['title'])));
  
$seftitle = isset($_POST['seftitle']);
$url cleanXSS(isset($_POST['url']));
$comment = isset($_POST['editedcomment']);
$text clean(isset($_POST['text']));
  
$date date('Y-m-d H:i:s');
  
$description_meta entity(isset($_POST['description_meta']));
$keywords_meta entity(isset($_POST['keywords_meta']));
  
$display_title = isset($_POST['display_title']) == 'on' 'YES' 'NO';
$display_info = isset($_POST['display_info']) == 'on' 'YES' 'NO';
  
$commentable = isset($_POST['commentable']) == 'on' 'YES' 'NO';
$freez = isset($_POST['freeze']) == 'on' 'YES' 'NO';
  
if ($freez == 'YES' && $commentable == 'YES') {
  
$commentable 'FREEZ';
  
}
$position = isset($_POST['position'])> $_POST['position'] : 1;
if ($position == 2) {
$position $_POST['cat_dependant'] == 'on' 21 2;
}
  
$publish_article = (isset($_POST['publish_article']) == 'on') ? 0;
  
$show_in_subcats = isset($_POST['show_in_subcats']) == 'on' 'YES' 'NO';
$show_on_home = (isset($_POST['show_on_home']) == 'on' || $position 1) ? 'YES' 'NO';
$publish_category = isset($_POST['publish']) == 'on' 'YES' 'NO';

// DO NOT COPY THIS TAG ?>


Second Set - under this string - if (isset($_POST['save'])) {
... starting with $website_title and ending with $allowed_img replace with:
Code: [Select]
<?php // DO NOT COPY THIS TAG

$website_title = isset($_POST['website_title']);
$home_sef = isset($_POST['home_sef']);
$website_description = isset($_POST['website_description']);
$website_keywords = isset($_POST['website_keywords']);
$website_email = isset($_POST['website_email']);
$contact_subject = isset($_POST['contact_subject']);
$language = isset($_POST['language']);
$charset = isset($_POST['charset']);
$date_format = isset($_POST['date_format']);
$article_limit = isset($_POST['article_limit']);
$rss_limit = isset($_POST['rss_limit']);
$display_page = isset($_POST['display_page']);
$display_new_on_home = isset($_POST['display_new_on_home']);
$display_pagination = isset($_POST['display_pagination']);
$num_categories = isset($_POST['num_categories']);
$show_cat_names = isset($_POST['show_cat_names']);
$approve_comments = isset($_POST['approve_comments']);
$mail_on_comments = isset($_POST['mail_on_comments']);
$comments_order = isset($_POST['comments_order']);
$comment_limit = isset($_POST['comment_limit']);
$word_filter_enable = isset($_POST['word_filter_enable']);
$word_filter_file = isset($_POST['word_filter_file']);
$word_filter_change = isset($_POST['word_filter_change']);
$enable_extras = isset($_POST['enable_extras']) == 'on' 'YES' 'NO';
$enable_comments = isset($_POST['enable_comments']) == 'on' 'YES' 'NO';
$comment_repost_timer is_numeric(isset($_POST['comment_repost_timer'])) ? $_POST['comment_repost_timer'] : '15';
$freeze_comments = isset($_POST['freeze_comments']) == 'on' 'YES' 'NO';
$file_ext = isset($_POST['file_ext']);
$allowed_file = isset($_POST['allowed_file']);
$allowed_img = isset($_POST['allowed_img']);

// DO NOT COPY THIS TAG ?>

« Last Edit: February 12, 2012, 05:50:31 PM by Keyrocks »
Logged
Do it now... later may not come.
-------------------------------------------------------------------------------------------------
sNews 1.6 MESU | sNews 1.6 MEMU