Jump to content

[SOLVED] Warning: session_start() [function.session-start]:

newbtophp

By newbtophp
in PHP Coding Help

Recommended Posts

newbtophp Advanced Member

newbtophp

Posted
Posted

Errors:

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent

 

If i remove it from the if statements it works fine  :-\

 

My code:

 

<?php

if (isset($_FILES['file'])) {
$file = file_get_contents($_FILES['file']['tmp_name']);
$submit = $_POST['submit'];
if($file == "") echo "No file selected";
else {


if($submit == "Decode") {

  
if (preg_match('/lock/', $file)) {

error_reporting (E_ERROR | E_WARNING | E_PARSE);

session_start();
set_magic_quotes_runtime(0);
if (function_exists('get_magic_quotes_gpc')) {
$magic_quotes_gpc = get_magic_quotes_gpc();
}
else {
$magic_quotes_gpc = ini_get('magic_quotes_gpc');
}
$register_globals = @ini_get('register_globals');


if(PHP_VERSION < '4.1.0') {
$_GET = &$HTTP_GET_VARS;
$_POST = &$HTTP_POST_VARS;
$_COOKIE = &$HTTP_COOKIE_VARS;
$_SERVER = &$HTTP_SERVER_VARS;
$_ENV = &$HTTP_ENV_VARS;
$_FILES = &$HTTP_POST_FILES;
}

if(!$register_globals || !$magic_quotes_gpc) {
@extract($_POST, EXTR_OVERWRITE);
@extract($_GET, EXTR_OVERWRITE);

if(!$register_globals && is_array($_FILES) && count($_FILES)) {
	foreach($_FILES as $key => $val) {
		$$key = $val['tmp_name'];
		${$key.'_name'} = $val['name'];
		${$key.'_size'} = $val['size'];
		${$key.'_type'} = $val['type'];
	}
}
}

if (!$magic_quotes_gpc) {
foreach($_POST as $key => $val) {
	$_POST[$key]=saddslashes($val);
}
foreach($_GET as $key => $val) {
	$_GET[$key]=saddslashes($val);
}
}


function saddslashes($string) {
if (is_array($string) && count($string)) {
	foreach ($string as $key => $val) {
		$string[$key] = saddslashes($val, $force);
	}
}
else {
	$string = addslashes($string);
}
return $string;
}


}


}
}
}
?>

cags Member

cags

Posted
Posted

This seems to be one of the most common things posted here on the forums and I just don't get why. You cannot call any function that modifiers headers after any call or echo, print or any other funtion that outputs information. In this case it is session_start (as the error message tells you), move it to the top of the script.

 

EDIT: And check the link Crayon Violent posted. I couldn't be bothered to find the link. :)

newbtophp Advanced Member

newbtophp

Posted
  • Author
Posted

I moved the session_start() to the top and I got:

 

Warning: copy(<?php ......
in /home/forums/public_html/index.php on line 120
lock.php file upload failed!

 

This is the part where the error apears:

 

  $_SESSION['session_key']=md5(microtime() * 1000000);
  $SessionKeyRoot=LOCKED_ROOT.$_SESSION['session_key'];
  if (!file_exists($SessionKeyRoot)) {
      mkdir($SessionKeyRoot, 0777);
  }
  $lock_copy=copy($file,$SessionKeyRoot.'/lock.dat'); //LINE 120  :-\
  if (!$lock_copy) {
  echo "lock.php file upload failed!";
  exit;
  }

 

This is the whole file (which gives the errors):

 

<?php

  define('CRACK_ROOT',dirname(__FILE__ ? __FILE__ : getenv('SCRIPT_FILENAME')));
  define('LOCKED_ROOT','/home/forums/files/');
  define('CRACK_FILE','/home/forums/public_html/lock/crack.php');

error_reporting (E_ERROR | E_WARNING | E_PARSE);

//I moved this chunk to the top to avoid the session and headers error
session_start();
set_magic_quotes_runtime(0);
if (function_exists('get_magic_quotes_gpc')) {
$magic_quotes_gpc = get_magic_quotes_gpc();
}
else {
$magic_quotes_gpc = ini_get('magic_quotes_gpc');
}
$register_globals = @ini_get('register_globals');


if(PHP_VERSION < '4.1.0') {
$_GET = &$HTTP_GET_VARS;
$_POST = &$HTTP_POST_VARS;
$_COOKIE = &$HTTP_COOKIE_VARS;
$_SERVER = &$HTTP_SERVER_VARS;
$_ENV = &$HTTP_ENV_VARS;
$_FILES = &$HTTP_POST_FILES;
}

if(!$register_globals || !$magic_quotes_gpc) {
@extract($_POST, EXTR_OVERWRITE);
@extract($_GET, EXTR_OVERWRITE);

if(!$register_globals && is_array($_FILES) && count($_FILES)) {
	foreach($_FILES as $key => $val) {
		$$key = $val['tmp_name'];
		${$key.'_name'} = $val['name'];
		${$key.'_size'} = $val['size'];
		${$key.'_type'} = $val['type'];
	}
}
}

if (!$magic_quotes_gpc) {
foreach($_POST as $key => $val) {
	$_POST[$key]=saddslashes($val);
}
foreach($_GET as $key => $val) {
	$_GET[$key]=saddslashes($val);
}
}


function saddslashes($string) {
if (is_array($string) && count($string)) {
	foreach ($string as $key => $val) {
		$string[$key] = saddslashes($val, $force);
	}
}
else {
	$string = addslashes($string);
}
return $string;
}


?>
  

<title>Welcome</title>


<form action="<?=$_SERVER["PHP_SELF"]?>" method="post" enctype="multipart/form-data" >


<input name="file" type="file" value="Upload"/>

<input type="submit" name="submit" value="Submit" />


</form>


<?php

if (isset($_FILES['file'])) {
$file = file_get_contents($_FILES['file']['tmp_name']);
$submit = $_POST['submit'];
if($file == "") echo "No file selected";
else {


if($submit == "Submit") {


//basic validation to check if its the right file i want
if (preg_match('/lock/', $file)) {


  /* empty the session */ 
  $_SESSION['key']='';
  $_SESSION['next']=false;
  $_SESSION['zlib']=false;
  $_SESSION['session_key']='';

  if ($file_size >=1024*1024) {// 1mb
      echo "files more than 1mb!";
  exit;
  }
  else if (strtolower($file_name)!="lock.php") {
  echo "<center>The uploaded file is not lock.php!";
  exit;
  }
  else {
  $_SESSION['session_key']=md5(microtime() * 1000000);
  $SessionKeyRoot=LOCKED_ROOT.$_SESSION['session_key'];
  if (!file_exists($SessionKeyRoot)) {
      mkdir($SessionKeyRoot, 0777);
  }
  $lock_copy=copy($file,$SessionKeyRoot.'/lock.dat');
  if (!$lock_copy) {
  echo "lock.php file upload failed!";
  exit;
  }
  unlink($file);
  $_SESSION['next'] = true;
  
  /* access key */ 
  ob_start();
  $lock_file=CRACK_FILE;
  include_once $SessionKeyRoot.'/lock.dat';
  $lock_lock_de=base64_decode($lock_lock);
  if (@ gzinflate($lock_lock_de)) {
  $lock_lock_de=gzinflate($lock_lock_de);
  while (1) {
  $lock_lock_de=str_replace("eval","\$lock_lock_de=",$lock_lock_de);
  eval($lock_lock_de);
  if (strtolower(substr($lock_lock_de,0,4))!="eval") break;
  }
  }
  @preg_match_all("/lock_unlock=\"(.*?)\"/i",$lock_lock_de,$PassOut);
  $_SESSION['key']=$PassOut[1][0];
  ob_end_clean();
  if ($lock_usezlib == "^") $_SESSION['zlib']=true;
  }
  

  
  echo "<center><div>lock.php uploaded successfully!</div><a href=\"lock/next.php\">click here to proceed</a>";
  }


}
}
}
?>

 

My original file works perfectly (no errors) which is:

 

<?php

  define('CRACK_ROOT',dirname(__FILE__ ? __FILE__ : getenv('SCRIPT_FILENAME')));
  define('LOCKED_ROOT','/home/forums/files/');
  define('CRACK_FILE','/home/forums/public_html/lock/crack.php');
  
error_reporting (E_ERROR | E_WARNING | E_PARSE);

session_start();
set_magic_quotes_runtime(0);
if (function_exists('get_magic_quotes_gpc')) {
$magic_quotes_gpc = get_magic_quotes_gpc();
}
else {
$magic_quotes_gpc = ini_get('magic_quotes_gpc');
}
$register_globals = @ini_get('register_globals');


if(PHP_VERSION < '4.1.0') {
$_GET = &$HTTP_GET_VARS;
$_POST = &$HTTP_POST_VARS;
$_COOKIE = &$HTTP_COOKIE_VARS;
$_SERVER = &$HTTP_SERVER_VARS;
$_ENV = &$HTTP_ENV_VARS;
$_FILES = &$HTTP_POST_FILES;
}

if(!$register_globals || !$magic_quotes_gpc) {
@extract($_POST, EXTR_OVERWRITE);
@extract($_GET, EXTR_OVERWRITE);

if(!$register_globals && is_array($_FILES) && count($_FILES)) {
	foreach($_FILES as $key => $val) {
		$$key = $val['tmp_name'];
		${$key.'_name'} = $val['name'];
		${$key.'_size'} = $val['size'];
		${$key.'_type'} = $val['type'];
	}
}
}

if (!$magic_quotes_gpc) {
foreach($_POST as $key => $val) {
	$_POST[$key]=saddslashes($val);
}
foreach($_GET as $key => $val) {
	$_GET[$key]=saddslashes($val);
}
}


function saddslashes($string) {
if (is_array($string) && count($string)) {
	foreach ($string as $key => $val) {
		$string[$key] = saddslashes($val, $force);
	}
}
else {
	$string = addslashes($string);
}
return $string;
}

  
  
  if ($submit=='Submit') {
  /* empty the session */ 
  $_SESSION['key']='';
  $_SESSION['next']=false;
  $_SESSION['zlib']=false;
  $_SESSION['session_key']='';

  if ($file_size >=1024*1024) {// 1mb
      echo "files more than 1mb!";
  exit;
  }
  else if (strtolower($file_name)!="lock.php") {
  echo "<center>The uploaded file is not lock.php!";
  exit;
  }
  else {
  $_SESSION['session_key']=md5(microtime() * 1000000);
  $SessionKeyRoot=LOCKED_ROOT.$_SESSION['session_key'];
  if (!file_exists($SessionKeyRoot)) {
      mkdir($SessionKeyRoot, 0777);
  }
  $lock_copy=copy($file,$SessionKeyRoot.'/lock.dat');
  if (!$lock_copy) {
  echo "lock.php file upload failed!";
  exit;
  }
  unlink($file);
  $_SESSION['next'] = true;
  
  /* access key */ 
  ob_start();
  $lock_file=CRACK_FILE;
  include_once $SessionKeyRoot.'/lock.dat';
  $lock_lock_de=base64_decode($lock_lock);
  if (@ gzinflate($lock_lock_de)) {
  $lock_lock_de=gzinflate($lock_lock_de);
  while (1) {
  $lock_lock_de=str_replace("eval","\$lock_lock_de=",$lock_lock_de);
  eval($lock_lock_de);
  if (strtolower(substr($lock_lock_de,0,4))!="eval") break;
  }
  }
  @preg_match_all("/lock_unlock=\"(.*?)\"/i",$lock_lock_de,$PassOut);
  $_SESSION['key']=$PassOut[1][0];
  ob_end_clean();
  if ($lock_usezlib == "^") $_SESSION['zlib']=true;
  }
  

  
  echo "<center><div>lock.php uploaded successfully!</div><a href=\"".dirname($_server["php_self"])."next.php\">click here to proceed to the next step</a>";
  exit;
  }
?>

<script language="javascript" type="text/javascript">
function checkform(form) (
var lock_file = form.file.value;
if (lock_file =="") (
alert ( "Please upload the lock.php file!");
return false;
}
else {
var lock_file_arr=lock_file.replace(/\\/gi,"/");
lock_file_arr=lock_file_arr.split("/");
var lock_file_name=lock_file_arr[lock_file_arr.length-1].tolowercase();
if (lock_file_name!="lock.php"){
alert ("Your uploaded file is not lock.php!");
return false;
	}
}
}
</script>


<form method="post" enctype="multipart/form-data" action="<?=$_SERVER["PHP_SELF"]?>" onSubmit="return CheckForm(this);">
Please upload lock.php<BR>

<input type="file" name="file" />
<input type="submit" name="submit" value="Submit"/>
</form>

 

Anyone can help please?  :-\ :-\

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

The entire message STATES why the copy() failed. Of the 3-4 possible reasons, how would be know which one (the solution is different for each possible reason) unless you provide the relavant information from the error message.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.