Jump to content

Source Spillage


scottybwoy

Recommended Posts

Hi All,

I have a file called lib.session_handler and another called class.PHPApplication.php that I have not edited recently, but are called by a number of other files in my script.  Well class.PHPApplication.php is called which in turn calls lib.session_handler.

However when I run my scripts it keeps on displaying half of the source of lib.session_handler.php.  I have searcher for a open string anywhere to no avail.  Why could this be?  Here is some source if it may help :

lib.session_handler.php

[code]
require_once('constants.php');
require_once('class.DBI.php');
require_once 'DB.php';

$DEBUG = 0;

$DB_URL = "mssql://user:pass@localhost:/sessions";

$dbi =  new DBI($DB_URL);

$SESS_LIFE = get_cfg_var("session.gc_maxlifetime");

        function sess_open($save_path, $session_name) {
          return true;
        }

        function sess_close() {
          return true;
        }

        function sess_read($key) {
                global $dbi, $DEBUG, $SESS_LIFE;

                $statement = "SELECT value FROM sessions WHERE " .
                      "sesskey = '$key' AND expiry > " . time();

                $result = $dbi->query($statement);

                if ($DEBUG) echo "sess_read: $statement <br>result: $result<br>";
                $row = $result->fetchRow();
                if ($row) {
                  return $row->value;
                }

                return false;
        }

        function sess_write($key, $val) {
                global $dbi, $SESS_LIFE;

                $expiry = time() + $SESS_LIFE;
                $value = addslashes($val);

                $statement = "INSERT INTO sessions VALUES ('$key', $expiry, '$value')";
                $result = $dbi->query($statement);

                if ($DEBUG) echo "sess_write: $statement <br>result: $result<br>";

                if (! $result) {
                        $statement = "UPDATE sessions SET expiry = $expiry, value = '$value' " .
                              "WHERE sesskey = '$key' AND expiry > " . time();
                        $result = $dbi->query($statement);
                }

                return $result;
        }

        function sess_destroy($key) {
                global $dbi;

                $statement = "DELETE FROM sessions WHERE sesskey = '$key'";
                $result = $dbi->query($statement);
                if ($DEBUG) echo "sess_destroy: $statement <br>result: $result<br>";

                return $result;
        }

        function sess_gc($maxlifetime) {
                global $dbi;

                $statement = "DELETE FROM sessions WHERE expiry < " . time();
                $qid = $dbi->query($statement);
                if ($DEBUG) echo "sess_gc: $statement <br>result: $result<br>";

                return 1;
        }

        session_set_save_handler(
                "sess_open",
                "sess_close",
                "sess_read",
                "sess_write",
                "sess_destroy",
                "sess_gc");
[/code]

It prints from [code]
". time();

                $result = $dbi->query($statement);
[/code]

(notice the quote " ) right till the end.  I made a file to just call it:

[code]
<?php

require_once 'lib.session_handler.php';

?>
[/code]

Thanks in Advance.
Link to comment
Share on other sites

Hi I've narrowed this down but still can't find the error.

I made a file that just called the lib.session_handler.php so no interference from other code, and it still just spills out all the source over my page, instead of running it. Why does it do that?  It's the First block of source on my original post, and spews from the second bit of code.

Please Help  :o
Link to comment
Share on other sites

Hmm,  I think King Arther is the closest, although I tried that and it did not solve it, did you mean "(time())" those brackets, sorry am quite new to php so not entirely clear on specific syntax.

I am using the <?php ?> tags, because it just doesn't work otherwise and is better practice anyway.

And sorry RockingGroudon I did not understand what you meant by using eval, as it's not in my code anywhere.

I put in the whole code as I thaught that it may be a missing " somewhere, although I have gone through with a fine tooth comb. jEdit, shows open, closing sytax via curser.
Link to comment
Share on other sites

then you use <?PHP and ?> around your code, then i dont think there is a problem.
eval is not likely he case cause i dont think you rad this script and then execute it
and its not time() you see cause you are using it the right way
Link to comment
Share on other sites

I can't see anything wrong, but if it is printing from this line
[code]
                        $statement = "UPDATE sessions SET expiry = $expiry, value = '$value' " .
                              "WHERE sesskey = '$key' AND expiry > " . time();
[/code]
why not try putting that code all on one line, without the concatenation before the "WHERE", as you do not really need to have it split over two lines. I can't see why that would be a problem but if that's where it starts going wrong then it's worth playing around with it to see what happens.
Link to comment
Share on other sites

[quote author=king arthur link=topic=101819.msg407145#msg407145 date=1154429140]
I can't see anything wrong, but if it is printing from this line
[code]
                        $statement = "UPDATE sessions SET expiry = $expiry, value = '$value' " .
                               "WHERE sesskey = '$key' AND expiry > " . time();
[/code]
why not try putting that code all on one line, without the concatenation before the "WHERE", as you do not really need to have it split over two lines. I can't see why that would be a problem but if that's where it starts going wrong then it's worth playing around with it to see what happens.
[/quote]

Me agree but do this too dont use . to join again, cause u can just use time() in side ""
[code]
                        $statement = "UPDATE sessions SET expiry = $expiry, value = '$value' WHERE sesskey = '$key' AND expiry >  time()";
[/code]
Link to comment
Share on other sites

[quote author=RockingGroudon link=topic=101819.msg407151#msg407151 date=1154429629]
Me agree but do this too dont use . to join again, cause u can just use time() in side ""
[code]
                        $statement = "UPDATE sessions SET expiry = $expiry, value = '$value' WHERE sesskey = '$key' AND expiry >  time()";
[/code]
[/quote]

No you can't - that will just add the characters "time()" at the end of the string and the query will produce an error.
Link to comment
Share on other sites

[quote author=RockingGroudon link=topic=101819.msg406592#msg406592 date=1154366317]
there are two things,
if you use include then you need <?php and ?> tags in the pages so the execute properly
other is if you use eval then i dint read your script cause likely its the first thing here
[/quote]
I believe RockingGroudon has given you the answer.

When he says "you need <?php ?> tags in the pages", he's referring to lib.session_handler.php. The code you posted does not show <?php ?> tags in that file.

[quote=php.net]
When a file is included, parsing drops out of PHP mode and into HTML mode at the beginning of the target file, and resumes again at the end. For this reason, any code inside the target file which should be executed as PHP code must be enclosed within valid PHP start and end tags.
[/quote]

[url=http://www.php.net/include]include()[/url]
Link to comment
Share on other sites

Yeah, I should have noticed that before, however I have tried that, with the time() inside also, however it still keeps spilling over the page now halfway through the string where time is.

[code]
time";$result = $dbi->query($statement);blah,blah,blah
[/code]

Then the opening page (login.php) still displays underneath it with no errors, although it doesn't login, but thats a different problem.

It seems as if it is happening from that particular character, i.e If I put something else in the string it returns it on the page.

[code]
buggered string" . time();$result = $dbi->query($statement);blah,blah,blah
[/code]

could it be due to this character ">" or a white-space (I don't understand how whitespaces work)

Thanks for spending some time on this for me.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.