Site has been running fine for some time. Clocked back on this afternoon and got this error message with a simple machines forum.


Notice: Only variables should be assigned by reference in /www/m/masmforum/htdocs/simple/Sources/Subs.php on line 232

Notice: Undefined index: is_admin in /www/m/masmforum/htdocs/simple/Sources/Security.php on line 556

Notice: Undefined index: permissions in /www/m/masmforum/htdocs/simple/Sources/Security.php on line 563

Warning: in_array(): Wrong datatype for second argument in /www/m/masmforum/htdocs/simple/Sources/Security.php on line 563
session_start(): Cannot send session cache limiter - headers already sent (output started at /www/m/masmforum/htdocs/simple/Sources/Subs.php:232)
Notice: Only variables should be assigned by reference in /www/m/masmforum/htdocs/simple/Sources/Subs.php on line 232


I noticed that the version of mysql has been changed to a later version.

Site has been running fine for some time. Clocked back on this afternoon and got this error message with a simple machines forum.

I noticed that the version of mysql has been changed to a later version.Wrong, it's the upgrade to PHP 4.4.0 (from 4.3.11) and the first line in your quote is the one that indicates is:Notice: Only variables should be assigned by reference in /www/m/masmforum/htdocs/simple/Sources/Subs.php on line 232This PHP upgrade does check on certain incorrect usages of references, the &variable notation stuff. You should review the code. At current language level the use of references should be needed only in very special circumstances.

You will need to upgrade your code, there is no way back. I seem to remember that there is a php.ini settings that makes php work old-style code with references.

PHP announcement: http://www.php.net/release_4_4_0.php

Richard,

Thanks for your comments. The authors issued the modification after I posted the problem in their forum.

With POWWEB, I am still less than impressed when you find out they have modified something when the software crashes on the change. Surely there is a more professional way to manage things than uninformed crashes.

It was announced a little over an hour before your post:
http://forums.powweb.com/showthread.php?t=53647

With POWWEB, I am still less than impressed when you find out they have modified something when the software crashes on the change. Surely there is a more professional way to manage things than uninformed crashes.

Could not agree more. Every system change, no matter how small, needs to be documented, very publically, and without delay. Heck, it'd be nice to get a notice by email before a change is implemented.

I think it's simply a matter of business costs. It costs them less to deal with the resulting headaches and support issues after an unannounced change, than it would to provide similar support from inquiries that would flood in, for an announced upcoming change.

Hey, just put the announcements in an area that's not heavily viewed. Then the next time I have a spontaneous LAMP break-down, I can go look for an announcement, first. Knock on wood, I don't think I've had any problems to date that weren't my own fault, but...

Figuring out the config's, especially for things like your personal php.ini file or how the global PHP settings are configured, shouldn't be work the users have to keep expending.

I think it's practically criminal, that I'll often read threads where it takes 2-10 people b*tching about nearly the same symptoms, and then eventually you'll get a gruff, brief post from an official admin (not one of the many board admin wannabees), saying, "oh yeah, we changed the version/path/perm's, we told you clearly right here in this single post (link provided), in some random thread from months ago..." etc.

Freaking tell us the truth, and tell us in advance, and communicate with your users. These are the exact same complaints you'll see for other hosts - PW is supposed to better than the others.

I mean, should the users actually have to complain about not hearing a word from the admins about on-going outages, like the one that occurred recently on a particular mail server, due to an incoming DDOS attack?! I saw many people posting, "If you'd just give us a simple update about your progress, once an hour...."

The users should not have to be making these complaints. At all. I really don't give a crap about a "happy family" message board, or other worthless talk, when a host breaks something, and won't even acknowledge what they've done.

Now, to be fair, PW is one of the best, in all the areas mentioned above, compared to the other hosts I've used over the years. You wanna talk about horror stories...

But come-on, PW, we're not asking for too much more effort. If you invested just a little more in proactive communication with your paying customers, you'd reap the benefits as a bounty.

Tell me again, exactly why is PW better than the rest? Because they provide a message board where we all scrounge around frantically trying to solve (and document) problems ourselves? I'll agree, a huge majority of the problems are simple "operator error".

But anything that is changed or broken on "your end" (PW's), you'd at least better 'fess up to, and proactively. We won't curse your name for problems you couldn't foresee - you can't help those, I understand that. But you really need to make a little more effort in the communication area.

I've been a corporate sysadmin, I know exactly why sysadmin's keep a low profile, and don't really want to engage in much communication with the average, end users. The difference is, we're directly paying you not only for stable system operation, but to communicate with us, proactively.

Kitchensink108,

Thanks for the info.


It was announced a little over an hour before your post:


This comment says it all and it does demonstrate the point of what I previously posted. Performing upgrades to improve security is a sensible thing that helps everyone but plopping them at random intervals with the effects of breaking existing software is really amateurish.

I spend most of my available time writing Intel x86 assembler and the forum I run is to support assembler programmers so its no big deal once the authors of simple machines posted the fix to simply open a PHP file, do the slight edit and FTP it back to the server but for non technical people, this type of random change is an unmitigated disaster.

At the risk of shouting, HAY, SHARE THESE SECRETS AROUND WITH SOME WARNING !!!!!!

Regards,

hutch at movsd dot com

Richard,

Thanks for your comments. The authors issued the modification after I posted the problem in their forum.

With POWWEB, I am still less than impressed when you find out they have modified something when the software crashes on the change. Surely there is a more professional way to manage things than uninformed crashes.As this was a move to a new minor version number, 4.3.x to 4.4.x, and the PHP announcement made it clear that this could break some applications, I agree that some warning ahead of time would have been fine. From what I have seen, it wasn't an absolute urgent matter, although I didn't check what kind of memory corruption could happen, and possibly wreck the server.

On the other hand I can't quite see how one gets the message out to all 80'000 account owners to read about a pending change in a timely manner, and get them to understand what to look for in the code base they are running. The brute force method may just be as effective to filter the relative few affected scripts.

I agree it would have been nice if Powweb had retained the old version for a few weeks in a separate library, and given the affected hosts the time to modify their code without breaking websites. Not quite sure if it is possible to run multiple PHP4 versions in parallel on the same webserver, PHP5 was designed for that.

It took me a long time to clue in to the fact that I needed to subscribe to the
PowWeb Announcements forum to get advance notice of anything!

I can understand short notice for security holes (would you prefer to see your
site hacked?), but it's not clear why this upgrade had to happen at short notice.
There are some issues in the PHP 4.4.0 Release Notes (http://www.php.net/ChangeLog-4.php#4.4.0) that would affect the stability of shared servers
if not running in CGI mode, but PW runs in CGI.

Possibly some blame should be attached to the PHP authors - there's no indication in
the release notes that the PHP language has changed, only that
Besides this reference problem, this release also fixes numerous other bugs, including a small security problem with our bundled shtool. All users of PHP are strongly encouraged to upgrade to this release.

Probably time to migrate to PHP5 anyway...

All right, again, to be fair, I kinda forgot there are separate forums - I always just hit forum.powweb.com, and click on <New Posts>

Just "re-discovered" the Announcements and Outages forums. I honestly didn't really know they were there, although I'm taking the blame for my own ignorance.

http://forum.powweb.com/forumdisplay.php?f=10

However, under <Forum Tools>... <Subscriptions>, there're only choices for "no email, once daily, once weekly". Horse crap - how 'bout a choice like "email me only when a new announcement is posted". I'll settle for once weekly, and hope I don't miss anything important.

Also still expect advance notice of changes, as far in advance as possible. Was someone saying the PHP upgrade notice was only issued an hour before the change?

Possibly some blame should be attached to the PHP authors - there's no indication in
the release notes that the PHP language has changed, only thatI disagree, the official PHP announcement has this wording in it:The increased middle digit was required because the fix that corrected the problem with references changed PHP's internal API. PHP 4.4.0 does not have any new features, and is solely a bugfix release.It clearly mentions a change in the API, but exactly this should have alerted Powweb that they may be crashing some websites, and that some advanced notification may be required.