Jump to content

Archived

This topic is now archived and is closed to further replies.

scottybwoy

Source Spillage

Recommended Posts

Hi All,

I have a file called lib.session_handler and another called class.PHPApplication.php that I have not edited recently, but are called by a number of other files in my script.  Well class.PHPApplication.php is called which in turn calls lib.session_handler.

However when I run my scripts it keeps on displaying half of the source of lib.session_handler.php.  I have searcher for a open string anywhere to no avail.  Why could this be?  Here is some source if it may help :

lib.session_handler.php

[code]
require_once('constants.php');
require_once('class.DBI.php');
require_once 'DB.php';

$DEBUG = 0;

$DB_URL = "mssql://user:pass@localhost:/sessions";

$dbi =  new DBI($DB_URL);

$SESS_LIFE = get_cfg_var("session.gc_maxlifetime");

        function sess_open($save_path, $session_name) {
          return true;
        }

        function sess_close() {
          return true;
        }

        function sess_read($key) {
                global $dbi, $DEBUG, $SESS_LIFE;

                $statement = "SELECT value FROM sessions WHERE " .
                      "sesskey = '$key' AND expiry > " . time();

                $result = $dbi->query($statement);

                if ($DEBUG) echo "sess_read: $statement <br>result: $result<br>";
                $row = $result->fetchRow();
                if ($row) {
                  return $row->value;
                }

                return false;
        }

        function sess_write($key, $val) {
                global $dbi, $SESS_LIFE;

                $expiry = time() + $SESS_LIFE;
                $value = addslashes($val);

                $statement = "INSERT INTO sessions VALUES ('$key', $expiry, '$value')";
                $result = $dbi->query($statement);

                if ($DEBUG) echo "sess_write: $statement <br>result: $result<br>";

                if (! $result) {
                        $statement = "UPDATE sessions SET expiry = $expiry, value = '$value' " .
                              "WHERE sesskey = '$key' AND expiry > " . time();
                        $result = $dbi->query($statement);
                }

                return $result;
        }

        function sess_destroy($key) {
                global $dbi;

                $statement = "DELETE FROM sessions WHERE sesskey = '$key'";
                $result = $dbi->query($statement);
                if ($DEBUG) echo "sess_destroy: $statement <br>result: $result<br>";

                return $result;
        }

        function sess_gc($maxlifetime) {
                global $dbi;

                $statement = "DELETE FROM sessions WHERE expiry < " . time();
                $qid = $dbi->query($statement);
                if ($DEBUG) echo "sess_gc: $statement <br>result: $result<br>";

                return 1;
        }

        session_set_save_handler(
                "sess_open",
                "sess_close",
                "sess_read",
                "sess_write",
                "sess_destroy",
                "sess_gc");
[/code]

It prints from [code]
". time();

                $result = $dbi->query($statement);
[/code]

(notice the quote " ) right till the end.  I made a file to just call it:

[code]
<?php

require_once 'lib.session_handler.php';

?>
[/code]

Thanks in Advance.

Share this post


Link to post
Share on other sites
Hi I've narrowed this down but still can't find the error.

I made a file that just called the lib.session_handler.php so no interference from other code, and it still just spills out all the source over my page, instead of running it. Why does it do that?  It's the First block of source on my original post, and spews from the second bit of code.

Please Help  :o

Share this post


Link to post
Share on other sites
Not 100% sure but you might need to put the time() function call in brackets when it's in the middle of a string.

Share this post


Link to post
Share on other sites
Please post the code of the smallest example that causes your problem.

Ken

Share this post


Link to post
Share on other sites
there are two things,
if you use include then you need <?php and ?> tags in the pages so the execute properly
other is if you use eval then i dint read your script cause likely its the first thing here

Share this post


Link to post
Share on other sites
Hmm,  I think King Arther is the closest, although I tried that and it did not solve it, did you mean "(time())" those brackets, sorry am quite new to php so not entirely clear on specific syntax.

I am using the <?php ?> tags, because it just doesn't work otherwise and is better practice anyway.

And sorry RockingGroudon I did not understand what you meant by using eval, as it's not in my code anywhere.

I put in the whole code as I thaught that it may be a missing " somewhere, although I have gone through with a fine tooth comb. jEdit, shows open, closing sytax via curser.

Share this post


Link to post
Share on other sites
then you use <?PHP and ?> around your code, then i dont think there is a problem.
eval is not likely he case cause i dont think you rad this script and then execute it
and its not time() you see cause you are using it the right way

Share this post


Link to post
Share on other sites
I can't see anything wrong, but if it is printing from this line
[code]
                        $statement = "UPDATE sessions SET expiry = $expiry, value = '$value' " .
                              "WHERE sesskey = '$key' AND expiry > " . time();
[/code]
why not try putting that code all on one line, without the concatenation before the "WHERE", as you do not really need to have it split over two lines. I can't see why that would be a problem but if that's where it starts going wrong then it's worth playing around with it to see what happens.

Share this post


Link to post
Share on other sites
[quote author=king arthur link=topic=101819.msg407145#msg407145 date=1154429140]
I can't see anything wrong, but if it is printing from this line
[code]
                        $statement = "UPDATE sessions SET expiry = $expiry, value = '$value' " .
                               "WHERE sesskey = '$key' AND expiry > " . time();
[/code]
why not try putting that code all on one line, without the concatenation before the "WHERE", as you do not really need to have it split over two lines. I can't see why that would be a problem but if that's where it starts going wrong then it's worth playing around with it to see what happens.
[/quote]

Me agree but do this too dont use . to join again, cause u can just use time() in side ""
[code]
                        $statement = "UPDATE sessions SET expiry = $expiry, value = '$value' WHERE sesskey = '$key' AND expiry >  time()";
[/code]

Share this post


Link to post
Share on other sites
[quote author=RockingGroudon link=topic=101819.msg407151#msg407151 date=1154429629]
Me agree but do this too dont use . to join again, cause u can just use time() in side ""
[code]
                        $statement = "UPDATE sessions SET expiry = $expiry, value = '$value' WHERE sesskey = '$key' AND expiry >  time()";
[/code]
[/quote]

No you can't - that will just add the characters "time()" at the end of the string and the query will produce an error.

Share this post


Link to post
Share on other sites
[quote author=RockingGroudon link=topic=101819.msg406592#msg406592 date=1154366317]
there are two things,
if you use include then you need <?php and ?> tags in the pages so the execute properly
other is if you use eval then i dint read your script cause likely its the first thing here
[/quote]
I believe RockingGroudon has given you the answer.

When he says "you need <?php ?> tags in the pages", he's referring to lib.session_handler.php. The code you posted does not show <?php ?> tags in that file.

[quote=php.net]
When a file is included, parsing drops out of PHP mode and into HTML mode at the beginning of the target file, and resumes again at the end. For this reason, any code inside the target file which should be executed as PHP code must be enclosed within valid PHP start and end tags.
[/quote]

[url=http://www.php.net/include]include()[/url]

Share this post


Link to post
Share on other sites
Yeah, I should have noticed that before, however I have tried that, with the time() inside also, however it still keeps spilling over the page now halfway through the string where time is.

[code]
time";$result = $dbi->query($statement);blah,blah,blah
[/code]

Then the opening page (login.php) still displays underneath it with no errors, although it doesn't login, but thats a different problem.

It seems as if it is happening from that particular character, i.e If I put something else in the string it returns it on the page.

[code]
buggered string" . time();$result = $dbi->query($statement);blah,blah,blah
[/code]

could it be due to this character ">" or a white-space (I don't understand how whitespaces work)

Thanks for spending some time on this for me.

Share this post


Link to post
Share on other sites
Sorry, I brushed that commment aside, as I usually always use the <?php ?> tags and assumed it was already there.  Have checked it now and corrected it.  Thanks for your time once more.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.