Jump to content


Photo

Source Spillage


  • Please log in to reply
12 replies to this topic

#1 scottybwoy

scottybwoy
  • Members
  • PipPipPip
  • Advanced Member
  • 532 posts
  • LocationUK

Posted 25 July 2006 - 04:17 PM

Hi All,

I have a file called lib.session_handler and another called class.PHPApplication.php that I have not edited recently, but are called by a number of other files in my script.  Well class.PHPApplication.php is called which in turn calls lib.session_handler.

However when I run my scripts it keeps on displaying half of the source of lib.session_handler.php.  I have searcher for a open string anywhere to no avail.  Why could this be?  Here is some source if it may help :

lib.session_handler.php

require_once('constants.php');
require_once('class.DBI.php');
require_once 'DB.php';

$DEBUG = 0;

$DB_URL = "mssql://user:pass@localhost:/sessions";

$dbi =  new DBI($DB_URL);

$SESS_LIFE = get_cfg_var("session.gc_maxlifetime");

        function sess_open($save_path, $session_name) {
           return true;
        }

        function sess_close() {
           return true;
        }

        function sess_read($key) {
                global $dbi, $DEBUG, $SESS_LIFE;

                $statement = "SELECT value FROM sessions WHERE " .
                       "sesskey = '$key' AND expiry > " . time();

                $result = $dbi->query($statement);

                if ($DEBUG) echo "sess_read: $statement <br>result: $result<br>";
                $row = $result->fetchRow();
                if ($row) {
                   return $row->value;
                }

                return false;
        }

        function sess_write($key, $val) {
                global $dbi, $SESS_LIFE;

                $expiry = time() + $SESS_LIFE;
                $value = addslashes($val);

                $statement = "INSERT INTO sessions VALUES ('$key', $expiry, '$value')";
                $result = $dbi->query($statement);

                if ($DEBUG) echo "sess_write: $statement <br>result: $result<br>";

                if (! $result) {
                        $statement = "UPDATE sessions SET expiry = $expiry, value = '$value' " .
                               "WHERE sesskey = '$key' AND expiry > " . time();
                        $result = $dbi->query($statement);
                }

                return $result;
        }

        function sess_destroy($key) {
                global $dbi;

                $statement = "DELETE FROM sessions WHERE sesskey = '$key'";
                $result = $dbi->query($statement);
                if ($DEBUG) echo "sess_destroy: $statement <br>result: $result<br>";

                return $result;
        }

        function sess_gc($maxlifetime) {
                global $dbi;

                $statement = "DELETE FROM sessions WHERE expiry < " . time();
                $qid = $dbi->query($statement);
                if ($DEBUG) echo "sess_gc: $statement <br>result: $result<br>";

                return 1;
        }

        session_set_save_handler(
                "sess_open",
                "sess_close",
                "sess_read",
                "sess_write",
                "sess_destroy",
                "sess_gc");

It prints from
". time();

                $result = $dbi->query($statement);

(notice the quote " ) right till the end.  I made a file to just call it:

<?php

require_once 'lib.session_handler.php';

?>

Thanks in Advance.

#2 scottybwoy

scottybwoy
  • Members
  • PipPipPip
  • Advanced Member
  • 532 posts
  • LocationUK

Posted 31 July 2006 - 03:58 PM

Hi I've narrowed this down but still can't find the error.

I made a file that just called the lib.session_handler.php so no interference from other code, and it still just spills out all the source over my page, instead of running it. Why does it do that?  It's the First block of source on my original post, and spews from the second bit of code.

Please Help  :o

#3 king arthur

king arthur
  • Members
  • PipPipPip
  • Advanced Member
  • 335 posts
  • LocationUK HQ

Posted 31 July 2006 - 04:47 PM

Not 100% sure but you might need to put the time() function call in brackets when it's in the middle of a string.
Sir Isaac Newton said "If I have seen farther, it is by standing on the shoulders of giants". But it is not recorded as to whether he said it before or after he was hit on the head by a falling apple.

#4 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 31 July 2006 - 04:54 PM

Please post the code of the smallest example that causes your problem.

Ken

#5 Chetan

Chetan
  • Members
  • PipPipPip
  • Advanced Member
  • 162 posts
  • LocationIndia

Posted 31 July 2006 - 05:18 PM

there are two things,
if you use include then you need <?php and ?> tags in the pages so the execute properly
other is if you use eval then i dint read your script cause likely its the first thing here
I am a PHP Guru, ask me questions if you want to

#6 scottybwoy

scottybwoy
  • Members
  • PipPipPip
  • Advanced Member
  • 532 posts
  • LocationUK

Posted 01 August 2006 - 10:22 AM

Hmm,  I think King Arther is the closest, although I tried that and it did not solve it, did you mean "(time())" those brackets, sorry am quite new to php so not entirely clear on specific syntax.

I am using the <?php ?> tags, because it just doesn't work otherwise and is better practice anyway.

And sorry RockingGroudon I did not understand what you meant by using eval, as it's not in my code anywhere.

I put in the whole code as I thaught that it may be a missing " somewhere, although I have gone through with a fine tooth comb. jEdit, shows open, closing sytax via curser.

#7 Chetan

Chetan
  • Members
  • PipPipPip
  • Advanced Member
  • 162 posts
  • LocationIndia

Posted 01 August 2006 - 10:28 AM

then you use <?PHP and ?> around your code, then i dont think there is a problem.
eval is not likely he case cause i dont think you rad this script and then execute it
and its not time() you see cause you are using it the right way
I am a PHP Guru, ask me questions if you want to

#8 king arthur

king arthur
  • Members
  • PipPipPip
  • Advanced Member
  • 335 posts
  • LocationUK HQ

Posted 01 August 2006 - 10:45 AM

I can't see anything wrong, but if it is printing from this line
                        $statement = "UPDATE sessions SET expiry = $expiry, value = '$value' " .
                               "WHERE sesskey = '$key' AND expiry > " . time();
why not try putting that code all on one line, without the concatenation before the "WHERE", as you do not really need to have it split over two lines. I can't see why that would be a problem but if that's where it starts going wrong then it's worth playing around with it to see what happens.
Sir Isaac Newton said "If I have seen farther, it is by standing on the shoulders of giants". But it is not recorded as to whether he said it before or after he was hit on the head by a falling apple.

#9 Chetan

Chetan
  • Members
  • PipPipPip
  • Advanced Member
  • 162 posts
  • LocationIndia

Posted 01 August 2006 - 10:53 AM

I can't see anything wrong, but if it is printing from this line

                        $statement = "UPDATE sessions SET expiry = $expiry, value = '$value' " .
                               "WHERE sesskey = '$key' AND expiry > " . time();
why not try putting that code all on one line, without the concatenation before the "WHERE", as you do not really need to have it split over two lines. I can't see why that would be a problem but if that's where it starts going wrong then it's worth playing around with it to see what happens.


Me agree but do this too dont use . to join again, cause u can just use time() in side ""
                        $statement = "UPDATE sessions SET expiry = $expiry, value = '$value' WHERE sesskey = '$key' AND expiry >  time()";

I am a PHP Guru, ask me questions if you want to

#10 king arthur

king arthur
  • Members
  • PipPipPip
  • Advanced Member
  • 335 posts
  • LocationUK HQ

Posted 01 August 2006 - 12:11 PM

Me agree but do this too dont use . to join again, cause u can just use time() in side ""

                        $statement = "UPDATE sessions SET expiry = $expiry, value = '$value' WHERE sesskey = '$key' AND expiry >  time()";


No you can't - that will just add the characters "time()" at the end of the string and the query will produce an error.
Sir Isaac Newton said "If I have seen farther, it is by standing on the shoulders of giants". But it is not recorded as to whether he said it before or after he was hit on the head by a falling apple.

#11 shoz

shoz
  • Staff Alumni
  • Advanced Member
  • 600 posts

Posted 01 August 2006 - 12:30 PM

there are two things,
if you use include then you need <?php and ?> tags in the pages so the execute properly
other is if you use eval then i dint read your script cause likely its the first thing here

I believe RockingGroudon has given you the answer.

When he says "you need <?php ?> tags in the pages", he's referring to lib.session_handler.php. The code you posted does not show <?php ?> tags in that file.

When a file is included, parsing drops out of PHP mode and into HTML mode at the beginning of the target file, and resumes again at the end. For this reason, any code inside the target file which should be executed as PHP code must be enclosed within valid PHP start and end tags.


include()

#12 scottybwoy

scottybwoy
  • Members
  • PipPipPip
  • Advanced Member
  • 532 posts
  • LocationUK

Posted 01 August 2006 - 12:38 PM

Yeah, I should have noticed that before, however I have tried that, with the time() inside also, however it still keeps spilling over the page now halfway through the string where time is.

time";$result = $dbi->query($statement);blah,blah,blah

Then the opening page (login.php) still displays underneath it with no errors, although it doesn't login, but thats a different problem.

It seems as if it is happening from that particular character, i.e If I put something else in the string it returns it on the page.

buggered string" . time();$result = $dbi->query($statement);blah,blah,blah

could it be due to this character ">" or a white-space (I don't understand how whitespaces work)

Thanks for spending some time on this for me.

#13 scottybwoy

scottybwoy
  • Members
  • PipPipPip
  • Advanced Member
  • 532 posts
  • LocationUK

Posted 01 August 2006 - 12:42 PM

Sorry, I brushed that commment aside, as I usually always use the <?php ?> tags and assumed it was already there.  Have checked it now and corrected it.  Thanks for your time once more.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users