[BUG] PHP 8.3 Compatibility Issues #433
Description
Piler 1.4.8 – PHP 8.3 Compatibility Issues & Missing apply_user_auth_session() in IMAP Login Path
Environment
- Piler version: 1.4.8-2e863b0 (
.debpackage from GitHub releases) - OS: Ubuntu 24.04 LTS (Proxmox LXC)
- PHP version: 8.3
- Auth method: IMAP with
CUSTOM_EMAIL_QUERY_FUNCTION
Summary
Several issues were found when running Piler 1.4.8 with PHP 8.3 and IMAP authentication. PHP 8.x is stricter about type handling than earlier versions, causing fatal errors that previously only produced warnings or were silently ignored.
Issue 1: count(null) Fatal Error in misc.php:624
File: system/misc.php, function get_q_string()
When $arr is passed as null instead of an array, count(null) throws a TypeError in PHP 8.x.
Error:
PHP Fatal error: Uncaught TypeError: count(): Argument #1 ($value) must be of type Countable|array, null given in /var/piler/www/system/misc.php:624
Current code:
function get_q_string($arr = []) {
$q = str_repeat("?,", count($arr));Suggested fix:
function get_q_string($arr = []) {
if(!is_array($arr)) { return ""; }
$q = str_repeat("?,", count($arr));Issue 2: Undefined array key in auth.php IMAP login path
File: model/user/auth.php, function checkLoginAgainstIMAP()
When CUSTOM_EMAIL_QUERY_FUNCTION returns an empty or unexpected result, accessing $emails[0] without an isset check causes a PHP warning/error.
Error:
PHP Warning: Undefined array key 0 in /var/piler/www/model/user/auth.php on line 413
Current code (approx. line 413):
$data = $this->fix_user_data($username, $emails[0], $emails, 0);Suggested fix:
$data = $this->fix_user_data($username, (isset($emails[0]) ? $emails[0] : $username), $emails ?? [], 0);Issue 3: Undefined array key in auth.php fallback login
File: model/user/auth.php, function fix_user_data() / checkFallbackLogin()
The variable $email can be empty, causing explode("@", $email) to produce an array without index 1.
Error:
PHP Warning: Undefined array key 1 in /var/piler/www/model/user/auth.php on line 379
Current code:
$a = explode("@", $email);
$data['domain'] = $a[1];Suggested fix:
$a = explode("@", isset($email) && $email !== '' ? $email : $username);
$data['domain'] = isset($a[1]) ? $a[1] : '';Issue 4: apply_user_auth_session() not called in IMAP login path
File: model/user/auth.php, function checkLoginAgainstIMAP()
The function apply_user_auth_session($data) is called in both the fallback login path (line ~137) and the LDAP login path (line ~549), but it is not called in the IMAP login path (checkLoginAgainstIMAP). This means session variables like emails, username, realname, domain, etc. are never properly set after IMAP authentication.
As a result, the user's email addresses do not appear on the Settings page after login ("None found"), because the Settings controller reads from $session->get("emails"), which is only set by apply_user_auth_session().
Suggested fix – add to checkLoginAgainstIMAP() before $session->set("auth_data", $data);:
$this->apply_user_auth_session($data);Issue 5: postinstall.sh does not create piler.conf
When installing via the .deb package, the dpkg -i postinst script generates piler.key and piler.pem, but running /usr/libexec/piler/postinstall.sh afterwards aborts because the key file already exists. After working around this (by temporarily renaming piler.key), the postinstall script completes but does not generate /etc/piler/piler.conf. Only piler.conf.dist exists. This causes all piler services to fail on startup.
Suggested fix: Either the .deb postinst should not generate the key file (leaving it to postinstall.sh), or postinstall.sh should create piler.conf from piler.conf.dist with the user-provided values, even if piler.key already exists.
Issue 6: postinstall.sh references missing template file
At the end of the postinstall script, line 394 references a file that does not exist in the .deb package:
/usr/libexec/piler/postinstall.sh: line 394: /usr/libexec/piler/config-site.php.in: No such file or directory
As a result, /etc/piler/config-site.php remains empty, and the web UI cannot connect to the database until DB_PASSWORD is manually added to the config.