Error 500: Premature end of script headers

Question

I get a "Premature end of script headers: contactform.cgi" error message when running the below script. What frustrates me is that I ran this as a .php on another server and it worked. However, I had to change servers and they only support CGI PHP. However, it doesn't work. I don't think the code is wrong, but take a look just in case.

I've read around and some have said it's a permissions issue. Could this be the case for me?

I know that the "display_errors" and "error_reporting" statements will display errors in the error log, but if I don't have access to the server, how can I check the logs?

#!/usr/local/bin/php

<?php

print "Content-type: text/html\n\n";
use CGI::Carp qw(fatalsToBrowser);
ini_set('display_errors',1);
error_reporting(E_ALL);

if(isset($_POST['email'])) {

//Email this form to me
$email_to = "[email protected]";

function died($error) {
    // your error code can go here
    echo "Oops... something's wrong. ";
    echo "Fix the error(s) below:<br /><br />";
    echo $error."<br /><br />";
    die();
}


// validation expected data exists
if(!isset($_POST['first_name']) ||
    !isset($_POST['last_name']) ||
    !isset($_POST['email']) ||
    !isset($_POST['subject']) ||
    !isset($_POST['comments'])) {
    died('There appears to be a problem with the form you submitted.');       
}


$first_name = $_POST['first_name']; // required
$last_name = $_POST['last_name']; // required
$email_from = $_POST['email']; // required
$subject = $_POST['subject']; // not required
$comments = $_POST['comments']; // required

$error_message = "";
$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
if(!preg_match($email_exp,$email_from)) {
$error_message .= 'The Email Address you entered does not appear to be valid.<br />';
}
$string_exp = "/^[A-Za-z .'-]+$/";
if(!preg_match($string_exp,$first_name)) {
$error_message .= 'The First Name you entered does not appear to be valid.<br />';
}
if(!preg_match($string_exp,$last_name)) {
$error_message .= 'The Last Name you entered does not appear to be valid.<br />';
}
if(strlen($comments) < 2) {
$error_message .= 'The Comments you entered do not appear to be valid.<br />';
}
if(strlen($error_message) > 0) {
died($error_message);
}


$email_message = "Form details below.\n\n";

function clean_string($string) {
  $bad = array("content-type","bcc:","to:","cc:","href");
  return str_replace($bad,"",$string);
}

$email_message .= "First Name: ".clean_string($first_name)."\n";
$email_message .= "Last Name: ".clean_string($last_name)."\n";
$email_message .= "Email: ".clean_string($email_from)."\n";
$email_message .= "Subject: ".clean_string($subject)."\n";
$email_message .= "Comments: ".clean_string($comments)."\n";

//Email Subject (put here to include subject from form)
$email_subject = "SUBJECT | ".clean_string($subject)."";


// create email headers
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $email_message, $headers);
?>

<!-- include your own success html here -->

<?php
header("Location: thankyou.html");
}
?>

Answer 1

It was a file permission issue.

All files on my website were set to a permission level of '644.' Once I changed the permission level to 705 (chmod 705) everything worked. Note that I changed it to 705, but 755 will also work. I also changed the folder it was in to 701 (to hide it, but still be executable by the server).

_{Aside: I still don't understand why my .PHP file worked on the other server when it was probably set to 644?? How could Apache execute the script without world permission?? Does Apache not need world permission?? Just a few questions I still have...}

Answer 2

The "Premature end of script headers" error message is probably the most loathed and common error message you'll find. What the error actually means, is that the script stopped for whatever reason before it returned any output to the web server. A common cause of this for script writers is to fail to set a content type before printing output code. In Perl for example, before printing any HTML it is necessary to tell the Perl script to set the content type to text/html, this is done by sending a header, like so:

print "Content-type: text/html\n\n";

(source; http://htmlfixit.com/cgi-tutes/tutorial_Common_Web_dev_error_messages_and_what_they_mean.php#premature

Answer 3

I experienced this problem today, but unfortunately none of the suggestions here helped. The only problem was that I didn't see ANY errors.. I literally had to do an strace -p <process_id> on the Apache thread to spot the headers being written and Apache crashing on the next line; Somewhere in my PHP code I was setting a header with over 12KB of data.

The lesson here is that in some cases, Apache crashing with a HTTP error 500 - Premature end of script-failure can be the result of having too long or overflowing HTTP headers.

Debug your headers for length if you have this same problems because most (if not all) web servers have HTTP header limits.

PS: This reply has some info on header sizes.