Bit out of my depth here. I'm integrating the forum provider 'phpBB' with my own site and creating an external direct messaging system to phpBB itself. I'm at the stage where I'm receiving this error:
Warning: Cannot modify header information - headers already sent by (output started at /home/treeves4/public_html/pm/pm/new_pm.php:25) in /home/treeves4/public_html/pm/pm/phpBB/includes/functions.php on line 2474
Illegal use of $_REQUEST. You must use the request class or request_var() to access input data. Found in /home/treeves4/public_html/pm/pm/new_pm.php on line 43. This error message was generated by deactivated_super_global.
I've tried $_POST and that also doesn't work. Using $_REQUEST_VAR doesn't raise any errors, but it breaks the script and nothing happens when information is submitted.
The PHP file:
<?php
include('config.php');
define('IN_PHPBB', true);
$phpbb_root_path = './phpBB/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup('ucp');
$_SESSION['userid'] = $user->data['user_id'];
$_SESSION['username'] = $user->data['username'];
?>
<?php
include('config.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="<?php echo $design; ?>/style.css" rel="stylesheet" title="Style" />
<title>New PM</title>
</head>
<body>
<div class="header">
<a href="<?php echo $url_home; ?>"><img src="<?php echo $design; ?>/images/logo.png" alt="Members Area" /></a>
</div>
<?php
//We check if the user is logged on
if(isset($_SESSION['username']))
{
$form = true;
$otitle = '';
$orecip = '';
$omessage = '';
//We check if the form has been sent
if(isset($_REQUEST['title'], $_REQUEST['recip'], $_REQUEST['message']))
{
$otitle = $_REQUEST['title'];
$orecip = $_REQUEST['recip'];
$omessage = $_REQUEST['message'];
//We remove slashes depending on the configuration
if(get_magic_quotes_gpc())
{
$otitle = stripslashes($otitle);
$orecip = stripslashes($orecip);
$omessage = stripslashes($omessage);
}
//We check if all the fields are filled
if($_REQUEST['title']!='' and $_REQUEST['recip']!='' and $_REQUEST['message']!='')
{
//We protect the variables
$title = mysql_real_escape_string($otitle);
$recip = mysql_real_escape_string($orecip);
$message = mysql_real_escape_string(nl2br(htmlentities($omessage, ENT_QUOTES, 'UTF-8')));
//We check if the recipient exists
$dn1 = mysql_fetch_array(mysql_query('SELECT count(user_id) as recip, user_id as recipid, (select count(*) from pm) as npm
FROM phpbb_users
WHERE username = "'.$recip.'"'));
if($dn1['recip']==1)
{
//We check if the recipient is not the actual user
if($dn1['recipid']!=$_SESSION['userid'])
{
$id = $dn1['npm']+1;
//We send the message
if(mysql_query('insert into pm (id, id2, title, user1, user2, message, timestamp, user1read, user2read)values("'.$id.'", "1", "'.$title.'", "'.$_SESSION['userid'].'", "'.$dn1['recipid'].'", "'.$message.'", "'.time().'", "yes", "no")'))
{
?>
<div class="message">The message has successfully been sent.<br />
<a href="list_pm.php">List of my Personal messages</a></div>
<?php
$form = false;
}
else
{
//Otherwise, we say that an error occured
$error = 'An error occurred while sending the message';
}
}
else
{
//Otherwise, we say the user cannot send a message to himself
$error = 'You cannot send a message to yourself.';
}
}
else
{
//Otherwise, we say the recipient does not exists
$error = 'The recipient does not exists.';
}
}
else
{
//Otherwise, we say a field is empty
$error = 'A field is empty. Please fill of the fields.';
}
}
elseif(isset($_GET['recip']))
{
//We get the username for the recipient if available
$orecip = $_GET['recip'];
}
if($form)
{
//We display a message if necessary
if(isset($error))
{
echo '<div class="message">'.$error.'</div>';
}
//We display the form
?>
<div class="content">
<h1>New Personal Message</h1>
<form action="new_pm.php" method="post">
Please fill the following form to send a Personal message.<br />
<label for="title">Title</label><input type="text" value="<?php echo htmlentities($otitle, ENT_QUOTES, 'UTF-8'); ?>" id="title" name="title" /><br />
<label for="recip">Recipient<span class="small">(Username)</span></label><input type="text" value="<?php echo htmlentities($orecip, ENT_QUOTES, 'UTF-8'); ?>" id="recip" name="recip" /><br />
<label for="message">Message</label><textarea cols="40" rows="5" id="message" name="message"><?php echo htmlentities($omessage, ENT_QUOTES, 'UTF-8'); ?></textarea><br />
<input type="submit" value="Send" />
</form>
</div>
<?php
}
}
else
{
echo '<div class="message">You must be logged to access this page.</div>';
}
?>
<div class="foot"><a href="list_pm.php">Go to my Personal messages</a> - <a href="http://www.webestools.com/">Webestools</a></div>
</body>
</html>
@Eeji answer is what I do in most cases: however, there are some rare scenarios when using the request class isn't possible, for example when you're dealing with existing, pre-3.1 phpBB implementations and you want to upgrade the forum without having to mess with a PHP script which uses superglobals and that you either don't own, know or are allowed to change.
When such situations arise you can choose to re-enable superglobals either globally or programmatically:
Globally
Open the
/phpbb/config/parameters.yml
file and change the core.disable_super_globals key fromtrue
tofalse
.Programmatically
This is a sample code that can be used to temporarily enable superglobals (per-request scope):
You can also read this blog post that I wrote on this topic for further info.
Super globals have been disabled in phpBB 3.1 and the
request_var()
function from 3.0.x has been deprecated.Instead you should use the
request
class, documentation is on the phpBB development wiki here - https://wiki.phpbb.com/PhpBB3.1/RFC/Request_classI believe that 'superglobals' is disabled in the php.ini and $_GET, $_POST and $_REQUEST are not available.
You might be able to pull them into scope by declaring them using the 'global' keyword, but I'm not sure.
Based on the error message you quoted: use request_var().
https://wiki.phpbb.com/Function.request_var
http://php.net/manual/en/reserved.variables.request.php
http://php.net/manual/en/language.variables.superglobals.php
Cheers guys, proved difficult for me but got there with your help. I've included the edit below.