Debug text appears and messes up logins / ACP access.

[warmweer]

I think there's a conflict due to the multiple ways to access your board. Cookies are set for the first instance but then not for the other instance; and then returning to the first instance the errors appear (not the initial access).

http://ccgi.crazeeworld.plus.com/slade/
http://www.sladeforum.co.uk/
http://www.crazeeworld.plus.com/slade/forum/forum.htm

Deleting cookies and clearing browser cache solves the problem on my side but the moment I use a second way to access your board, errors reappear.

Unfortunately I don't have time ATM to investigate, but if EA117 ((who understands that stuff a lot better than I do) has a look at the 3 ways, he might have an idea.

[12stringbassist]

THANKS!

I have looked at the situation with the link from the main www.slayed.co.uk site.
The forum now only opens in a new window.
I have set the cookie domain setting to blank in the ACP.

The text still pops up when I jump around the forum. It's plain odd.

[warmweer]

On my side: no more as long as access only 1 url.
But:
2 sets of cookies of cookies are created, both with the same name but different domains:
.ccgi.crazeeworld.plus.com (with the leading dot)
and
ccgi.crazeeworld.plus.com (no leading dot)

I am getting warnings:

Code: Select all

Some cookies are misusing the recommended “SameSite“ attribute 3
Cookie “phpbb3_3nsiv_u” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite index.php
Cookie “phpbb3_3nsiv_k” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite index.php
Cookie “phpbb3_3nsiv_sid” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

[12stringbassist]

I have adjusted the top setting to insert the value .ccgi.crazeeworld.plus.com as per the knowledge base article at
https://www.phpbb.com/support/docs/en/3 ... e-settings.

I'm wondering if what I have entered is actually right?

So now I have a cookie php file in my root folder

Cookie Settings
Cookie Domain: .ccgi.crazeeworld.plus.com
Cookie Name: phpbb3_3nsiv
Cookie Path: /
Cookie Secure: unchecked

Server Settings
Force Server Vars: unchecked
Script Path: /~crazeeworld/slade
Server Name: 80
Server Port: http://

It wouldn't accept my admin login. grrrrr.
I got in with my backup admin2 account again after a couple of goes.
I ended up having to reset the password for admin.

As a precaution, I have stopped Firefox remembering my login and password and have also stopped the forum remembering members. They will have to log in with username and password for a while.

After I have done any actions I have cleared out the contents of the Cache via ACP and also in the Cache file on the server - it keeps putting a folder called production in there.

At the moment, it's again refusing to let me back in, as the text appears top of page. It says the login form is invalid.


I'm really thinking of starting the forum again from scratch in a new folder called slade2 and pointing config.php (or a copy of the existing one) at the existing database to replicate the current forum and structure. Not sure how that would work or IF it would solve the problems?
I'm terrified of losing several years worth of posts.

[warmweer]

Cookie Settings
Cookie Domain: .ccgi.crazeeworld.plus.com
Cookie Name: phpbb3_3nsiv
Cookie Path: /
Cookie Secure: unchecked

Server Settings
Force Server Vars: unchecked
Script Path: /~crazeeworld/slade
Server Name: 80
Server Port: http://

Your cookie domain could be a problem.
What's the domainname you registered. I suspect crazeeworld.plus com is which case you would use .crazeeworld.plus.com


As to Server Settings

Server Name is unknown to me (not present in Server Settings: do you mean domain name if so then it's probably crazeeworld.plus.com (and add the leading dot)? I can't image 80 being the Server Name
Server Port: since you're using http (and not https) that should be 80
Script Path is relative to your precise board root, so in that case it would be /slade

Try those settings.
Purge cache in ACP or by deleting /production in /cache) Don't worry about /production being remade - that's normal (and necessary)
Save, delete browser cookies and browser cache.

[12stringbassist]

I'll try that again... before I change anything

Cookie Settings
Cookie Domain: ccgi.crazeeworld.plus.com
Cookie Name: phpbb3_3nsiv
Cookie Path: /
Cookie Secure: unchecked

Server Settings
Force Server Vars: unchecked
Script Path: /~crazeeworld/slade
Server Name: ccgi.crazeeworld.plus.com
Server Port: 80
Server Protocol: http://

The FTP server address is ccgi.crazeeworld.plus.com (www.crazeeworld.plus.com is just my website from my provider plus net)

I have registered a domain name www.sladeforum.co.uk
Would that throw up different cookies to ccgi.crazeeworld.plus.com/slade/ ??

Any references from the www.slayed.co.uk site now open in a new window, rather than being part of that site.

[warmweer]

There is no Server Name is the Server Settings on my testboards (nor on other boards I maintain).

https://www.phpbb.com/support/docs/en/3 ... al_server/

Perhaps you should use www.sladeforum.co.uk as domain, in which case your cookie domain would be .sladeforum.co.uk

[12stringbassist]

Many thanks.
I will give that a try and see what happens.

[12stringbassist]

Ok, I've done that via the cookie php and in the ACP, purged the caches via ACP and the cache folder via FTP (it keeps making a folder called 'production' in there) and NOW it is really weird...

I log in via the URL www.sladeforum.co.uk (whether that makes any difference or not, I don't know).

If I click home on any page, it points to www.sladeforum.co.uk (and I can get the garbage text)
[phpBB Debug] PHP Warning: in file [ROOT]/phpbb/session.php on line 86: htmlspecialchars(): charset `core.modify_text_for_display_before' not supported, assuming utf-8
[phpBB Debug] PHP Warning: in file [ROOT]/phpbb/session.php on line 151: htmlspecialchars(): charset `core.modify_text_for_display_before' not supported, assuming utf-8
[phpBB Debug] PHP Warning: in file [ROOT]/phpbb/session.php on line 152: htmlspecialchars(): charset `core.modify_text_for_display_before' not supported, assuming utf-8
[phpBB Debug] PHP Warning: in file [ROOT]/phpbb/user.php on line 329: htmlspecialchars(): charset `core.modify_text_for_display_before' not supported, assuming utf-8
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4130: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3009)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4130: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3009)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4130: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3009)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4130: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3009)

If I click index it points to http://ccgi.crazeeworld.plus.com/slade/ ... 7de0ff7750
and it kicks me out. I can use the back button to get back in.

[EA117]

Yes, I too can still see the issue when logged in on your board. It's not on every page, even though the errors -- when they occur -- are in places that would be executed "for every page." So my guess would be that these warnings happen when the cached page content is generated, but then you won't see these warnings when previously-cached content is being used instead of new content being generated.

But that's still just a guess; it could also be that the still-unknown conditions causing this simply don't exist during the successful page views.

Code: Select all

[phpBB Debug] PHP Warning: in file [ROOT]/phpbb/session.php on line 86: htmlspecialchars(): charset `bb/user $user Object of the current user * @param string $default A timezone to select * @param boolean $truncate Shall we truncate the options text * * @return array Returns an array containing the options for the time selector. */' not supported, assuming utf-8
[phpBB Debug] PHP Warning: in file [ROOT]/phpbb/session.php on line 151: htmlspecialchars(): charset `bb/user $user Object of the current user * @param string $default A timezone to select * @param boolean $truncate Shall we truncate the options text * * @return array Returns an array containing the options for the time selector. */' not supported, assuming utf-8
[phpBB Debug] PHP Warning: in file [ROOT]/phpbb/session.php on line 152: htmlspecialchars(): charset `bb/user $user Object of the current user * @param string $default A timezone to select * @param boolean $truncate Shall we truncate the options text * * @return array Returns an array containing the options for the time selector. */' not supported, assuming utf-8
[phpBB Debug] PHP Warning: in file [ROOT]/phpbb/user.php on line 329: htmlspecialchars(): charset `bb/user $user Object of the current user * @param string $default A timezone to select * @param boolean $truncate Shall we truncate the options text * * @return array Returns an array containing the options for the time selector. */' not supported, assuming utf-8
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4130: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3009)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4130: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3009)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4130: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3009)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4130: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3009)

What you're seeing here is an example I caught on your site, where the "invalid character set" being passed to htmlspecialchars() is literally just a significant portion of the comment documentation block for phpbb_timezone_select() out of /includes/functions.php.

Code: Select all

/**
* Options to pick a timezone and date/time
*
* @param	\phpbb\template\template $template	phpBB template object
* @param	\phpbb\user	$user				Object of the current user
* @param	string		$default			A timezone to select
* @param	boolean		$truncate			Shall we truncate the options text
*
* @return		array		Returns an array containing the options for the time selector.
*/
function phpbb_timezone_select($template, $user, $default = '', $truncate = false)
{

i.e. It's not "data from another variable"; and it's not even code that would have executed earlier or later. Literally just comments out of the source code file. Something that phpBB or any application would have never known about or dealt with; only the PHP parser would have dealt with these lines.

I think something is wrong with how PHP code is being read and executed on the ccgi.crazeeworld.plus.com server. Or at minimum, how the server is configured to execute PHP code from the phpBB application folders on that server.

If that were happening to me, I would have to present this information to my hosting provider (PlusNet in this case), to have them try and investigate or explain it from a server PHP configuration perspective.

Because this evidence is not evidence of an "oh, the application must be doing that to itself" kind of error.

There is also some clue in the fact "this is only happening when the PHP htmlspecialchars() API is being called", since that is the only function ever cited in these warnings. As though maybe something is setup on that server to "protect" or otherwise intercept when this particular PHP function is called; but for some reason whatever it intended to do is going bad.


Everything else seems secondary to figuring out that issue.

Because when invalid "trash" data like this is being allowed to be thrown into the parameters of called PHP functions, it makes me concerned for what else is being done wrong or persisted into the database wrong until we get that issue eliminated. i.e. Are there occasions where the "trash" actually is accepted as a valid encoding, and so htmlspecialchars() decodes/encodes on that basis "because it was asked to", rather than throwing a warning & defaulting to UTF-8 like it needs to.

• Cookie settings are not what's doing this.
• Your current sladeforum.co.uk "iFrame over to ccgi.crazeeworld.plus.com" approach is not what's doing this.
• The values set for "Server URL settings" have absolutely no effect unless "Force server URL settings:" is "Yes", and it is not recommended to set this to "Yes".
• Indeed, automatic re-creation of the /production subfolder in the /cache directory is normal and required.

[12stringbassist]

Thank you so much for your help with this - it is so much appreciated.
I'll get on the PlusNet support forum and see what is said there and come back.

Force server setting is set to NO.
Do I just leave the 'production folder where it is in the FTP cache folder?

Thanks.

[warmweer]

Thank you so much for your help with this - it is so much appreciated.
I'll get on the PlusNet support forum and see what is said there and come back.

Force server setting is set to NO.
Do I just leave the 'production folder where it is in the FTP cache folder?

Thanks.

When you have no ACP access, the only way to clear board cache is by removing the /production folder from /cache. And a cache purge is always necessary after editing style files. (in fact I do it after any edit - it can't harm the board. Depending on your browser (settings) a browser cache purge may be necessary (and can't harm the board).

[12stringbassist]

It's definitely something wrong with the Plusnet server.
I just set up a test forum and that's thrown me out, too and is affected by the same text.
http://ccgi.crazeeworld.plus.com/slade2/index.php

Let's see what their support ticket comes up with..

[warmweer]

The URL doesn't seem to be a problem.
...

Cookie “phpbb3_3nsiv_k” has been rejected for invalid domain.

Added: it's a bit strange that you didn't have any problems with 3.3.2 and suddenly problems appear with 3.3.3.
BTW which php version are you using?

[EA117]

The issue was already there prior to the upgrade, and was the reason for attempting the upgrade, as stated in the SRT.

There are multiple things that need to be addressed -- the fact that phpBB itself will ultimately only handle a single domain being one of them, as well as possibly the iFrame setup needing to go away. But that all still seems secondary to figuring out the PHP execution issue.

Since in the worst case, if the solution there were to ultimately be moving to a different host, the time spent explaining and implementing solutions for this current unique host configuration would be lost.