All my pages have a shutdown function that sends me an email with the page parameters. I have used it to fix problems on several pages. But one page keeps crashing but does not show any calling parameters. If I call the page with no parameters, it works fine. I have tried following all the links on the page and they do not cause any errors. In writing this post, I realize that the page allows a file to be uploaded. Perhaps someone is uploading some malicious file that causes the page to crash. The caller is in India, airtelbroadband.in. But if that were the case, the shutdown function would pass the file in my email because it is passed to the same page as a POST.
Here is the call to my shutdown function
register_shutdown_function('shutdown', $_SERVER['REQUEST_URI'],file_get_contents("php://input"));
error_reporting(E_ERROR);
And here is the shutdown function
function shutdown($pagename,$post){
$last_error = error_get_last();
if($last_error['type'] === E_ERROR){
mail ("[email protected]", "ERROR REPORT", "https:/mydomain.com$pagename post->$post<-","From: " . "[email protected]");
}
}
and here is the content of the email I get:
https:/mydomain.com/gpx_waypoint_edit.php post-><-
Nothing useful. When this function has worked, I get the parameters that crash a page in my email and I am able to fix them. This is the only page that crashes and I get no hints.
I mentioned that this page can upload a file. Here is the code that does the upload. Are there checks I should put in here?
<form enctype='multipart/form-data' action="<?echo $PHP_SELF?>" method='post'>
<input type='hidden' name='MAX_FILE_SIZE' value='100000' />
<input name="toProcess" type="file"><br>
Number of New Waypoints <input type="text" name="lines" size="5"><br>
<input type='submit' value='Submit' />
</form>
<?
if (is_uploaded_file($_FILES['toProcess']['tmp_name'])) $filename = $_FILES['toProcess']['tmp_name'];
else $filename == "";
?>
One final note. I do not run a SQL database so all the injection attacks that I get can't do much. I just sent them a 403 message so they can't do anything.
Basically I can't figure out why this page is crashing. If anyone can help my understanding I would appreciate it.
You're not really getting the full picture of what is happening in your code because your email doesn't include the actual exception message, and you're not logging it either.
You could include the error in the email something like this:
$message .= "\n" . print_r( $last_error, true );
For extra robustness you should configure PHP to log all errors, warnings and notices to a log file on the server which you can examine for clues whenever you have problems. See this guide for details about how to set that up.