在这里我的深度。我正在整合论坛提供商' phpBB'使用我自己的网站并为phpBB本身创建外部直接消息传递系统。我正处于收到此错误的阶段:
警告:无法修改标头信息 - 已发送的标头 (输出从/home/treeves4/public_html/pm/pm/new_pm.php:25开始) /home/treeves4/public_html/pm/pm/phpBB/includes/functions.php上线 2474
非法使用$ _REQUEST。您必须使用请求类或 request_var()访问输入数据。在发现 第43行/home/treeves4/public_html/pm/pm/new_pm.php。此错误 消息由deactivated_super_global生成。
我尝试了$ _POST,但也没有用。使用$ _REQUEST_VAR不会引发任何错误,但它会破坏脚本,并且在提交信息时没有任何反应。
PHP文件:
<?php
include('config.php');
define('IN_PHPBB', true);
$phpbb_root_path = './phpBB/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup('ucp');
$_SESSION['userid'] = $user->data['user_id'];
$_SESSION['username'] = $user->data['username'];
?>
<?php
include('config.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="<?php echo $design; ?>/style.css" rel="stylesheet" title="Style" />
<title>New PM</title>
</head>
<body>
<div class="header">
<a href="<?php echo $url_home; ?>"><img src="<?php echo $design; ?>/images/logo.png" alt="Members Area" /></a>
</div>
<?php
//We check if the user is logged on
if(isset($_SESSION['username']))
{
$form = true;
$otitle = '';
$orecip = '';
$omessage = '';
//We check if the form has been sent
if(isset($_REQUEST['title'], $_REQUEST['recip'], $_REQUEST['message']))
{
$otitle = $_REQUEST['title'];
$orecip = $_REQUEST['recip'];
$omessage = $_REQUEST['message'];
//We remove slashes depending on the configuration
if(get_magic_quotes_gpc())
{
$otitle = stripslashes($otitle);
$orecip = stripslashes($orecip);
$omessage = stripslashes($omessage);
}
//We check if all the fields are filled
if($_REQUEST['title']!='' and $_REQUEST['recip']!='' and $_REQUEST['message']!='')
{
//We protect the variables
$title = mysql_real_escape_string($otitle);
$recip = mysql_real_escape_string($orecip);
$message = mysql_real_escape_string(nl2br(htmlentities($omessage, ENT_QUOTES, 'UTF-8')));
//We check if the recipient exists
$dn1 = mysql_fetch_array(mysql_query('SELECT count(user_id) as recip, user_id as recipid, (select count(*) from pm) as npm
FROM phpbb_users
WHERE username = "'.$recip.'"'));
if($dn1['recip']==1)
{
//We check if the recipient is not the actual user
if($dn1['recipid']!=$_SESSION['userid'])
{
$id = $dn1['npm']+1;
//We send the message
if(mysql_query('insert into pm (id, id2, title, user1, user2, message, timestamp, user1read, user2read)values("'.$id.'", "1", "'.$title.'", "'.$_SESSION['userid'].'", "'.$dn1['recipid'].'", "'.$message.'", "'.time().'", "yes", "no")'))
{
?>
<div class="message">The message has successfully been sent.<br />
<a href="list_pm.php">List of my Personal messages</a></div>
<?php
$form = false;
}
else
{
//Otherwise, we say that an error occured
$error = 'An error occurred while sending the message';
}
}
else
{
//Otherwise, we say the user cannot send a message to himself
$error = 'You cannot send a message to yourself.';
}
}
else
{
//Otherwise, we say the recipient does not exists
$error = 'The recipient does not exists.';
}
}
else
{
//Otherwise, we say a field is empty
$error = 'A field is empty. Please fill of the fields.';
}
}
elseif(isset($_GET['recip']))
{
//We get the username for the recipient if available
$orecip = $_GET['recip'];
}
if($form)
{
//We display a message if necessary
if(isset($error))
{
echo '<div class="message">'.$error.'</div>';
}
//We display the form
?>
<div class="content">
<h1>New Personal Message</h1>
<form action="new_pm.php" method="post">
Please fill the following form to send a Personal message.<br />
<label for="title">Title</label><input type="text" value="<?php echo htmlentities($otitle, ENT_QUOTES, 'UTF-8'); ?>" id="title" name="title" /><br />
<label for="recip">Recipient<span class="small">(Username)</span></label><input type="text" value="<?php echo htmlentities($orecip, ENT_QUOTES, 'UTF-8'); ?>" id="recip" name="recip" /><br />
<label for="message">Message</label><textarea cols="40" rows="5" id="message" name="message"><?php echo htmlentities($omessage, ENT_QUOTES, 'UTF-8'); ?></textarea><br />
<input type="submit" value="Send" />
</form>
</div>
<?php
}
}
else
{
echo '<div class="message">You must be logged to access this page.</div>';
}
?>
<div class="foot"><a href="list_pm.php">Go to my Personal messages</a> - <a href="http://www.webestools.com/">Webestools</a></div>
</body>
</html>
答案 0 :(得分:3)
@Eeji答案就是我在大多数情况下所做的事情:然而,在使用请求类是不可能的时候,有一些罕见的情况,例如当您处理现有的3.1之前的phpBB实现时并且你想升级论坛而不必乱用使用超级全局的PHP脚本,而你要么不拥有,知道或允许改变。
当出现这种情况时,您可以选择全局或以编程方式重新启用超全局:
<强>全球
打开/phpbb/config/parameters.yml文件,将 core.disable_super_globals 键从true更改为false。
<强>编程
这是一个示例代码,可用于临时启用超全局( per-request 范围):
// temporarily enable superglobals
$request->enable_super_globals();
// TODO: do your stuff here.
// disable superglobals again
$request->disable_super_globals();
您还可以阅读我在此主题上撰写的this blog post以获取更多信息。
答案 1 :(得分:1)
干杯球员,对我来说很难,但在你的帮助下到了那里。我已经包含了下面的编辑。
<?php
include('config.php');
define('IN_PHPBB', true);
$phpbb_root_path = './phpBB/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup('ucp');
$_SESSION['userid'] = $user->data['user_id'];
$_SESSION['username'] = $user->data['username'];
$gettitle = request_var('title', '0');
$getrecip = request_var('recip', '0');
$getmessage=request_var('message', '0');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="<?php echo $design; ?>/style.css" rel="stylesheet" title="Style" />
<title>New PM</title>
</head>
<body>
<div class="header">
<a href="<?php echo $url_home; ?>"><img src="<?php echo $design; ?>/images/logo.png" alt="Members Area" /></a>
</div>
<?php
//We check if the user is logged on
if(isset($_SESSION['username']))
{
$form = true;
$otitle = '';
$orecip = '';
$omessage = '';
//We check if the form has been sent
if(isset($gettitle,$getrecip,$getmessage))
{
$otitle = $gettitle;
$orecip = $getrecip;
$omessage = $getmessage;
//We remove slashes depending on the configuration
if(get_magic_quotes_gpc())
{
$otitle = stripslashes($otitle);
$orecip = stripslashes($orecip);
$omessage = stripslashes($omessage);
}
//We check if all the fields are filled
if($gettitle!='' and $getrecip!='' and $getmessage!='')
{
//We protect the variables
$title = mysql_real_escape_string($otitle);
$recip = mysql_real_escape_string($orecip);
$message = mysql_real_escape_string(nl2br(htmlentities($omessage, ENT_QUOTES, 'UTF-8')));
//We check if the recipient exists
$dn1 = mysql_fetch_array(mysql_query('SELECT count(user_id) as recip, user_id as recipid, (select count(*) from pm) as npm
FROM phpbb_users
WHERE username = "'.$recip.'"'));
if($dn1['recip']==1)
{
//We check if the recipient is not the actual user
if($dn1['recipid']!=$_SESSION['userid'])
{
$id = $dn1['npm']+1;
//We send the message
if(mysql_query('insert into pm (id, id2, title, user1, user2, message, timestamp, user1read, user2read)values("'.$id.'", "1", "'.$title.'", "'.$_SESSION['userid'].'", "'.$dn1['recipid'].'", "'.$message.'", "'.time().'", "yes", "no")'))
{
?>
<div class="message">The message has successfully been sent.<br />
<a href="list_pm.php">List of my Personal messages</a></div>
<?php
$form = false;
}
else
{
//Otherwise, we say that an error occured
$error = 'An error occurred while sending the message';
}
}
else
{
//Otherwise, we say the user cannot send a message to himself
$error = 'You cannot send a message to yourself.';
}
}
else
{
//Otherwise, we say the recipient does not exists
$error = 'The recipient does not exists.';
}
}
else
{
//Otherwise, we say a field is empty
$error = 'A field is empty. Please fill of the fields.';
}
}
elseif(isset($_GET['recip']))
{
//We get the username for the recipient if available
$orecip = $_GET['recip'];
}
if($form)
{
//We display a message if necessary
if(isset($error))
{
echo '<div class="message">'.$error.'</div>';
}
//We display the form
?>
<div class="content">
<h1>New Personal Message</h1>
<form action="new_pm.php" method="post">
Please fill the following form to send a Personal message.<br />
<label for="title">Title</label><input type="text" value="<?php echo htmlentities($otitle, ENT_QUOTES, 'UTF-8'); ?>" id="title" name="title" /><br />
<label for="recip">Recipient<span class="small">(Username)</span></label><input type="text" value="<?php echo htmlentities($orecip, ENT_QUOTES, 'UTF-8'); ?>" id="recip" name="recip" /><br />
<label for="message">Message</label><textarea cols="40" rows="5" id="message" name="message"><?php echo htmlentities($omessage, ENT_QUOTES, 'UTF-8'); ?></textarea><br />
<input type="submit" value="Send" />
</form>
</div>
<?php
}
}
else
{
echo '<div class="message">You must be logged to access this page.</div>';
}
?>
<div class="foot"><a href="list_pm.php">Go to my Personal messages</a> - <a href="http://www.webestools.com/">Webestools</a></div>
</body>
</html>
答案 2 :(得分:1)
在phpBB 3.1中已禁用超级全局变量,并且已弃用3.0.x中的request_var()函数。
相反,您应该使用request类,文档在phpBB开发维基上 - https://wiki.phpbb.com/PhpBB3.1/RFC/Request_class
答案 3 :(得分:0)
我相信在php.ini中禁用'superglobals'并且$ _GET,$ _POST和$ _REQUEST不可用。
您可以通过使用'global'关键字声明它们来将它们拉入范围,但我不确定。
select * from test;
根据您引用的错误消息:使用request_var()。
https://wiki.phpbb.com/Function.request_var
http://php.net/manual/en/reserved.variables.request.php
文档说:这是一个'超全球'或自动全局变量。这个 只是意味着它在整个脚本的所有范围内都可用。 没有必要做全局$变量;在功能中访问它 或方法。
http://php.net/manual/en/language.variables.superglobals.php