Need Help with a PHP Script

Gene Steinberg

Well-known member
We are using PHP-FPM over Apache on all our domains on a Plesk 12.5 dedicated server,

All but two are using PHP 7.0.1 from the Pesk distribution without any problems.

Two, however, with XenForo forums, use a customized PHP script to access a private upgraded member area that is powered by Resource Manager. It connects to an RSS feed so members are alerted as to new posts (radio shows).

It works fine with PHP 5.6.16. But not with PHP 7.0.1. I cannot find anything anywhere that would guide me to figuring out what’s going on.

Are you able to at least point me in the right direction. I tried a Plesk tech I know and he couldn’t figure it out.

An HTTP directive is used as follows:

SetEnvIfNoCase Authorization "Basic ([a-z0-9=]+)" HTTP_AUTHORIZATION=$1

Here’s the PHP script (there are two versions, with different domains):

<?php
//this script will authenticate the user with XenAPI and show the RSS feed when logged in.
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode($_SERVER['HTTP_AUTHORIZATION']));

function curlit($url) {
$cURL = curl_init();

curl_setopt($cURL, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($cURL, CURLOPT_URL, $url);
curl_setopt($cURL, CURLOPT_HTTPGET, true);

curl_setopt($cURL, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'Accept: application/json'
));

$result = curl_exec($cURL);

curl_close($cURL);


$json = json_decode($result, true);
return $json;
}
if (!isset($_SERVER['PHP_AUTH_USER']) || empty($_SERVER['PHP_AUTH_USER'])) {
header("WWW-Authenticate: Basic realm=\"Private Area\"");
header("HTTP/1.0 401 Unauthorized");
print 'Not authorized';
exit;
} else {
$username = urlencode($_SERVER['PHP_AUTH_USER']);
$password = $_SERVER['PHP_AUTH_PW'];
// print 'Authorized';

$url = 'http://www.technightowl.com/forum/a...&username='.$username.'&password='.$password;
$curlResults = curlit($url);

if (isset($curlResults['hash'])) {
//see if this user belongs to the tech night owl plus group
$url = 'http://www.technightowl.com/forum/api.php?action=getUser&hash='.$username.':'.$curlResults['hash'];
$curlResults = curlit($url);
$primaryGroupID = $curlResults['user_group_id'];
$groupID = $curlResults['secondary_group_ids'];
$allowed = false;
$exploded = explode(',',$groupID);
foreach ($exploded as $group) {
if (($group == '3') || ($group == '4') || ($group == '5') || ($group == '8') || ($group == '9') || ($group == '10')) {
$allowed = true;
}
}
$exploded = explode(',',$primaryGroupID);
if (!$allowed) {
foreach ($exploded as $group) {
if (($group == '3') || ($group == '4') || ($group == '5') || ($group == '8') || ($group == '9') || ($group == '10')) {
$allowed = true;
}
}
}
if ($allowed) {
//user has logged in and is allowed access to the content
//display feed
header('Content-Type: application/xml; charset=utf-8');
$doc = new DOMDocument();
$doc->load('288h7su1ksh9.xml');
echo $doc->saveXML();
} else {
header("WWW-Authenticate: Basic realm=\"Private Area\"");
header("HTTP/1.0 401 Unauthorized");
print "You must be a member of The Paracast+ to access this feed.\n";
exit;
}
} else {
header("WWW-Authenticate: Basic realm=\"Private Area\"");
header("HTTP/1.0 401 Unauthorized");
print "Username or password is incorrect.\n";
exit;
}
}
?>
 
We are using PHP-FPM over Apache on all our domains on a Plesk 12.5 dedicated server,

All but two are using PHP 7.0.1 from the Pesk distribution without any problems.

Two, however, with XenForo forums, use a customized PHP script to access a private upgraded member area that is powered by Resource Manager. It connects to an RSS feed so members are alerted as to new posts (radio shows).

It works fine with PHP 5.6.16. But not with PHP 7.0.1. I cannot find anything anywhere that would guide me to figuring out what’s going on.

Are you able to at least point me in the right direction. I tried a Plesk tech I know and he couldn’t figure it out.

An HTTP directive is used as follows:

SetEnvIfNoCase Authorization "Basic ([a-z0-9=]+)" HTTP_AUTHORIZATION=$1

Here’s the PHP script (there are two versions, with different domains):

<?php
//this script will authenticate the user with XenAPI and show the RSS feed when logged in.
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode($_SERVER['HTTP_AUTHORIZATION']));

function curlit($url) {
$cURL = curl_init();

curl_setopt($cURL, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($cURL, CURLOPT_URL, $url);
curl_setopt($cURL, CURLOPT_HTTPGET, true);

curl_setopt($cURL, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'Accept: application/json'
));

$result = curl_exec($cURL);

curl_close($cURL);


$json = json_decode($result, true);
return $json;
}
if (!isset($_SERVER['PHP_AUTH_USER']) || empty($_SERVER['PHP_AUTH_USER'])) {
header("WWW-Authenticate: Basic realm=\"Private Area\"");
header("HTTP/1.0 401 Unauthorized");
print 'Not authorized';
exit;
} else {
$username = urlencode($_SERVER['PHP_AUTH_USER']);
$password = $_SERVER['PHP_AUTH_PW'];
// print 'Authorized';

$url = 'http://www.technightowl.com/forum/a...&username='.$username.'&password='.$password;
$curlResults = curlit($url);

if (isset($curlResults['hash'])) {
//see if this user belongs to the tech night owl plus group
$url = 'http://www.technightowl.com/forum/api.php?action=getUser&hash='.$username.':'.$curlResults['hash'];
$curlResults = curlit($url);
$primaryGroupID = $curlResults['user_group_id'];
$groupID = $curlResults['secondary_group_ids'];
$allowed = false;
$exploded = explode(',',$groupID);
foreach ($exploded as $group) {
if (($group == '3') || ($group == '4') || ($group == '5') || ($group == '8') || ($group == '9') || ($group == '10')) {
$allowed = true;
}
}
$exploded = explode(',',$primaryGroupID);
if (!$allowed) {
foreach ($exploded as $group) {
if (($group == '3') || ($group == '4') || ($group == '5') || ($group == '8') || ($group == '9') || ($group == '10')) {
$allowed = true;
}
}
}
if ($allowed) {
//user has logged in and is allowed access to the content
//display feed
header('Content-Type: application/xml; charset=utf-8');
$doc = new DOMDocument();
$doc->load('288h7su1ksh9.xml');
echo $doc->saveXML();
} else {
header("WWW-Authenticate: Basic realm=\"Private Area\"");
header("HTTP/1.0 401 Unauthorized");
print "You must be a member of The Paracast+ to access this feed.\n";
exit;
}
} else {
header("WWW-Authenticate: Basic realm=\"Private Area\"");
header("HTTP/1.0 401 Unauthorized");
print "Username or password is incorrect.\n";
exit;
}
}
?>

Are any errors being logged in your error log?
 
None that I can see.

Someone who saw the script wrote in the Plesk forum about PHP 7: "Notice that behavior for both list() and foreach have changed."

However, that takes me into territory way, way beyond my ability to deal with.

So if someone could help me alter the portions of the script that apply to those commands and make them PHP 7 savvy, maybe that would solve it. Anyone?
 
None that I can see.

Someone who saw the script wrote in the Plesk forum about PHP 7: "Notice that behavior for both list() and foreach have changed."

However, that takes me into territory way, way beyond my ability to deal with.

So if someone could help me alter the portions of the script that apply to those commands and make them PHP 7 savvy, maybe that would solve it. Anyone?

If you want to send me a PM with a username, password, and link to access this file on your live site I can take a look at what the issue may be
 
I sent you by PM, as requested, the information to login to the server and one of the live forums. I also gave you admin access so you can probe around and figure out what's going on.

I await your further response. Thanks for offering.
 
Or maybe not. Jake, you haven't logged in since Thursday evidently. If you aren't able to assist, fine. Just please let me know. Thanks.
 
I did get help. But not from Jake, who logged in once and disappeared.

It appears my script is designed to connect to a third-party XenForo script known as api.php from Xen API (http://www.xenapi.net).

According to a Plesk tech who helped me figure it out, when you try to login to our feed with the api.php file installed:

There were multiple errors in that file such as:

Fatal error: 'break' not in the 'loop' or 'switch' context on line 248
Fatal error: 'break' not in the 'loop' or 'switch' context on line 475

and so on.

Commenting out this sections didn't change functionality, but our login script worked perfectly in PHP 7.0.1.
 
I did get help. But not from Jake, who logged in once and disappeared.

I'd hardly say that I disappeared. You gave me an account without access, and then gave the permissions and replied at 1am wondering why I hadn't responded and after that I've been busy.
 
I gave you full access as of 7:19 PM Mountain Time last Thursday. At least you could have responded to my messages stating when you'd check it out. The problem is solved. Please lose the server login credentials I gave you. Thank you.
 
Just know that PHP7 is PAIN. It breaks all kinds of stuff. PHP7 literally breaks EVERY sufficiently complex piece of software written in PHP.

It will be awesome in 3-4 years when everyone has gotten over the speedbumps and embraced it, but trying to adapt to it right now? You are firmly in the Early Adopter camp.
 
I've had very few problems, actually, with the stuff I do. The worst was the now-resolved issue with an open source XenForo API file.

At least so far.
 
Just know that PHP7 is PAIN. It breaks all kinds of stuff. PHP7 literally breaks EVERY sufficiently complex piece of software written in PHP.
That's not true. It didn't break XenForo.

It required some small tweaks, but I wouldn't go as far as to say it broke it.
 
Just to expand on this. We also have several popular WordPress-based sites, and I had to tweak a couple of plugins here and there for compatibility with PHP 7, but it wasn't all that difficult. Now all of our key sites on my server are using PHP 7.0.1. Performance is measurably better with all sites.
 
Back
Top Bottom