Error 500: Premature end of script headers

Question 1

I get a "Premature end of script headers: contactform.cgi" error message when running the below script. What frustrates me is that I ran this as a .php on another server and it worked. However, I had to change servers and they only support CGI PHP. However, it doesn't work. I don't think the code is wrong, but take a look just in case.

I've read around and some have said it's a permissions issue. Could this be the case for me?

I know that the "display_errors" and "error_reporting" statements will display errors in the error log, but if I don't have access to the server, how can I check the logs?

#!/usr/local/bin/php

<?php

print "Content-type: text/htmlnn";
use CGI::Carp qw(fatalsToBrowser);
ini_set('display_errors',1);
error_reporting(E_ALL);

if(isset($_POST['email'])) {

//Email this form to me
$email_to = "myemail@site.com";

function died($error) {
    // your error code can go here
    echo "Oops... something's wrong. ";
    echo "Fix the error(s) below:<br /><br />";
    echo $error."<br /><br />";
    die();
}


// validation expected data exists
if(!isset($_POST['first_name']) ||
    !isset($_POST['last_name']) ||
    !isset($_POST['email']) ||
    !isset($_POST['subject']) ||
    !isset($_POST['comments'])) {
    died('There appears to be a problem with the form you submitted.');       
}


$first_name = $_POST['first_name']; // required
$last_name = $_POST['last_name']; // required
$email_from = $_POST['email']; // required
$subject = $_POST['subject']; // not required
$comments = $_POST['comments']; // required

$error_message = "";
$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+.[A-Za-z]{2,4}$/';
if(!preg_match($email_exp,$email_from)) {
$error_message .= 'The Email Address you entered does not appear to be valid.<br />';
}
$string_exp = "/^[A-Za-z .'-]+$/";
if(!preg_match($string_exp,$first_name)) {
$error_message .= 'The First Name you entered does not appear to be valid.<br />';
}
if(!preg_match($string_exp,$last_name)) {
$error_message .= 'The Last Name you entered does not appear to be valid.<br />';
}
if(strlen($comments) < 2) {
$error_message .= 'The Comments you entered do not appear to be valid.<br />';
}
if(strlen($error_message) > 0) {
died($error_message);
}


$email_message = "Form details below.nn";

function clean_string($string) {
  $bad = array("content-type","bcc:","to:","cc:","href");
  return str_replace($bad,"",$string);
}

$email_message .= "First Name: ".clean_string($first_name)."n";
$email_message .= "Last Name: ".clean_string($last_name)."n";
$email_message .= "Email: ".clean_string($email_from)."n";
$email_message .= "Subject: ".clean_string($subject)."n";
$email_message .= "Comments: ".clean_string($comments)."n";

//Email Subject (put here to include subject from form)
$email_subject = "SUBJECT | ".clean_string($subject)."";


// create email headers
$headers = 'From: '.$email_from."rn".
'Reply-To: '.$email_from."rn" .
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $email_message, $headers);
?>

<!-- include your own success html here -->

<?php
header("Location: thankyou.html");
}
?>

Question 2

It was a file permission issue.

All files on my website were set to a permission level of '644.' Once I changed the permission level to 705 (chmod 705) everything worked. Note that I changed it to 705, but 755 will also work. I also changed the folder it was in to 701 (to hide it, but still be executable by the server).

Aside: I still don't understand why my .PHP file worked on the other server when it was probably set to 644?? How could Apache execute the script without world permission?? Does Apache not need world permission?? Just a few questions I still have...

Question 3

Premature end of script headers means that webserver's timeout for CGI scripts was exceeded by your script. This is a webserver timeout and it has nothing to do with php.ini configuration. You need to look at your CGI handler configuration to increase time allowed for CGI scripts to run.

E.g. if you are using mod_fastcgi you may want to specify the following option in your Apache config: FastCgiServer -idle-timeout 600 which will give you timeout of 10 minutes. By default fastcgi provides 30 seconds. You could find some other fastcgi options here http://www.fastcgi.com/mod_fastcgi/docs/mod_fastcgi.html

Question 4

I searched SO with question to these specific server variables and found following statement here:

You are just juggling variables now. SCRIPT_FILENAME is a part of the CGI spec. It will not be available if PATH_INFO is unavailable. As for REQUEST_URI, it's apache's mod_rewrite specific. – LiraNuna

So exporting PATH_INFO variable also populates values from SCRIPT_FILENAME and SCRIPT_PATH environment variables. Please note that SCRIPT_FILENAME is needed still to point php-cgi to php input file. Below is the final script

#!/bin/bash

export REDIRECT_STATUS=200
export GATEWAY_INTERFACE="CGI/1.1"
export REQUEST_METHOD="GET"
export SCRIPT_FILENAME=/usr/local/www/owncloud/cron.php
export SCRIPT_PATH=cron.php
export PATH_INFO=$SCRIPT_FILENAME

/usr/local/bin/php-cgi

Question 5

Sorted.

I thought this would be down to permissions so I gave everything 777 thinking that would account for everything. It turns out I gave to many permissions, directories need 755 and files need 644.

Hope this helps someone else.

Question 6

PHP CLI is the command-line interface for PHP (e.g. for creating standalone applications)
PHP CGI is the common gateway interface for PHP (e.g. for web applications)

Error 500: Premature end of script headers

Answers

php,cgi