Jump to content

[SOLVED] Warning: session_start() [function.session-start]:


Recommended Posts

Errors:

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent

 

If i remove it from the if statements it works fine  :-\

 

My code:

 

<?php

if (isset($_FILES['file'])) {
$file = file_get_contents($_FILES['file']['tmp_name']);
$submit = $_POST['submit'];
if($file == "") echo "No file selected";
else {


if($submit == "Decode") {

  
if (preg_match('/lock/', $file)) {

error_reporting (E_ERROR | E_WARNING | E_PARSE);

session_start();
set_magic_quotes_runtime(0);
if (function_exists('get_magic_quotes_gpc')) {
$magic_quotes_gpc = get_magic_quotes_gpc();
}
else {
$magic_quotes_gpc = ini_get('magic_quotes_gpc');
}
$register_globals = @ini_get('register_globals');


if(PHP_VERSION < '4.1.0') {
$_GET = &$HTTP_GET_VARS;
$_POST = &$HTTP_POST_VARS;
$_COOKIE = &$HTTP_COOKIE_VARS;
$_SERVER = &$HTTP_SERVER_VARS;
$_ENV = &$HTTP_ENV_VARS;
$_FILES = &$HTTP_POST_FILES;
}

if(!$register_globals || !$magic_quotes_gpc) {
@extract($_POST, EXTR_OVERWRITE);
@extract($_GET, EXTR_OVERWRITE);

if(!$register_globals && is_array($_FILES) && count($_FILES)) {
	foreach($_FILES as $key => $val) {
		$$key = $val['tmp_name'];
		${$key.'_name'} = $val['name'];
		${$key.'_size'} = $val['size'];
		${$key.'_type'} = $val['type'];
	}
}
}

if (!$magic_quotes_gpc) {
foreach($_POST as $key => $val) {
	$_POST[$key]=saddslashes($val);
}
foreach($_GET as $key => $val) {
	$_GET[$key]=saddslashes($val);
}
}


function saddslashes($string) {
if (is_array($string) && count($string)) {
	foreach ($string as $key => $val) {
		$string[$key] = saddslashes($val, $force);
	}
}
else {
	$string = addslashes($string);
}
return $string;
}


}


}
}
}
?>

This seems to be one of the most common things posted here on the forums and I just don't get why. You cannot call any function that modifiers headers after any call or echo, print or any other funtion that outputs information. In this case it is session_start (as the error message tells you), move it to the top of the script.

 

EDIT: And check the link Crayon Violent posted. I couldn't be bothered to find the link. :)

I moved the session_start() to the top and I got:

 

Warning: copy(<?php ......
in /home/forums/public_html/index.php on line 120
lock.php file upload failed!

 

This is the part where the error apears:

 

  $_SESSION['session_key']=md5(microtime() * 1000000);
  $SessionKeyRoot=LOCKED_ROOT.$_SESSION['session_key'];
  if (!file_exists($SessionKeyRoot)) {
      mkdir($SessionKeyRoot, 0777);
  }
  $lock_copy=copy($file,$SessionKeyRoot.'/lock.dat'); //LINE 120  :-\
  if (!$lock_copy) {
  echo "lock.php file upload failed!";
  exit;
  }

 

This is the whole file (which gives the errors):

 

<?php

  define('CRACK_ROOT',dirname(__FILE__ ? __FILE__ : getenv('SCRIPT_FILENAME')));
  define('LOCKED_ROOT','/home/forums/files/');
  define('CRACK_FILE','/home/forums/public_html/lock/crack.php');

error_reporting (E_ERROR | E_WARNING | E_PARSE);

//I moved this chunk to the top to avoid the session and headers error
session_start();
set_magic_quotes_runtime(0);
if (function_exists('get_magic_quotes_gpc')) {
$magic_quotes_gpc = get_magic_quotes_gpc();
}
else {
$magic_quotes_gpc = ini_get('magic_quotes_gpc');
}
$register_globals = @ini_get('register_globals');


if(PHP_VERSION < '4.1.0') {
$_GET = &$HTTP_GET_VARS;
$_POST = &$HTTP_POST_VARS;
$_COOKIE = &$HTTP_COOKIE_VARS;
$_SERVER = &$HTTP_SERVER_VARS;
$_ENV = &$HTTP_ENV_VARS;
$_FILES = &$HTTP_POST_FILES;
}

if(!$register_globals || !$magic_quotes_gpc) {
@extract($_POST, EXTR_OVERWRITE);
@extract($_GET, EXTR_OVERWRITE);

if(!$register_globals && is_array($_FILES) && count($_FILES)) {
	foreach($_FILES as $key => $val) {
		$$key = $val['tmp_name'];
		${$key.'_name'} = $val['name'];
		${$key.'_size'} = $val['size'];
		${$key.'_type'} = $val['type'];
	}
}
}

if (!$magic_quotes_gpc) {
foreach($_POST as $key => $val) {
	$_POST[$key]=saddslashes($val);
}
foreach($_GET as $key => $val) {
	$_GET[$key]=saddslashes($val);
}
}


function saddslashes($string) {
if (is_array($string) && count($string)) {
	foreach ($string as $key => $val) {
		$string[$key] = saddslashes($val, $force);
	}
}
else {
	$string = addslashes($string);
}
return $string;
}


?>
  

<title>Welcome</title>


<form action="<?=$_SERVER["PHP_SELF"]?>" method="post" enctype="multipart/form-data" >


<input name="file" type="file" value="Upload"/>

<input type="submit" name="submit" value="Submit" />


</form>


<?php

if (isset($_FILES['file'])) {
$file = file_get_contents($_FILES['file']['tmp_name']);
$submit = $_POST['submit'];
if($file == "") echo "No file selected";
else {


if($submit == "Submit") {


//basic validation to check if its the right file i want
if (preg_match('/lock/', $file)) {


  /* empty the session */ 
  $_SESSION['key']='';
  $_SESSION['next']=false;
  $_SESSION['zlib']=false;
  $_SESSION['session_key']='';

  if ($file_size >=1024*1024) {// 1mb
      echo "files more than 1mb!";
  exit;
  }
  else if (strtolower($file_name)!="lock.php") {
  echo "<center>The uploaded file is not lock.php!";
  exit;
  }
  else {
  $_SESSION['session_key']=md5(microtime() * 1000000);
  $SessionKeyRoot=LOCKED_ROOT.$_SESSION['session_key'];
  if (!file_exists($SessionKeyRoot)) {
      mkdir($SessionKeyRoot, 0777);
  }
  $lock_copy=copy($file,$SessionKeyRoot.'/lock.dat');
  if (!$lock_copy) {
  echo "lock.php file upload failed!";
  exit;
  }
  unlink($file);
  $_SESSION['next'] = true;
  
  /* access key */ 
  ob_start();
  $lock_file=CRACK_FILE;
  include_once $SessionKeyRoot.'/lock.dat';
  $lock_lock_de=base64_decode($lock_lock);
  if (@ gzinflate($lock_lock_de)) {
  $lock_lock_de=gzinflate($lock_lock_de);
  while (1) {
  $lock_lock_de=str_replace("eval","\$lock_lock_de=",$lock_lock_de);
  eval($lock_lock_de);
  if (strtolower(substr($lock_lock_de,0,4))!="eval") break;
  }
  }
  @preg_match_all("/lock_unlock=\"(.*?)\"/i",$lock_lock_de,$PassOut);
  $_SESSION['key']=$PassOut[1][0];
  ob_end_clean();
  if ($lock_usezlib == "^") $_SESSION['zlib']=true;
  }
  

  
  echo "<center><div>lock.php uploaded successfully!</div><a href=\"lock/next.php\">click here to proceed</a>";
  }


}
}
}
?>

 

My original file works perfectly (no errors) which is:

 

<?php

  define('CRACK_ROOT',dirname(__FILE__ ? __FILE__ : getenv('SCRIPT_FILENAME')));
  define('LOCKED_ROOT','/home/forums/files/');
  define('CRACK_FILE','/home/forums/public_html/lock/crack.php');
  
error_reporting (E_ERROR | E_WARNING | E_PARSE);

session_start();
set_magic_quotes_runtime(0);
if (function_exists('get_magic_quotes_gpc')) {
$magic_quotes_gpc = get_magic_quotes_gpc();
}
else {
$magic_quotes_gpc = ini_get('magic_quotes_gpc');
}
$register_globals = @ini_get('register_globals');


if(PHP_VERSION < '4.1.0') {
$_GET = &$HTTP_GET_VARS;
$_POST = &$HTTP_POST_VARS;
$_COOKIE = &$HTTP_COOKIE_VARS;
$_SERVER = &$HTTP_SERVER_VARS;
$_ENV = &$HTTP_ENV_VARS;
$_FILES = &$HTTP_POST_FILES;
}

if(!$register_globals || !$magic_quotes_gpc) {
@extract($_POST, EXTR_OVERWRITE);
@extract($_GET, EXTR_OVERWRITE);

if(!$register_globals && is_array($_FILES) && count($_FILES)) {
	foreach($_FILES as $key => $val) {
		$$key = $val['tmp_name'];
		${$key.'_name'} = $val['name'];
		${$key.'_size'} = $val['size'];
		${$key.'_type'} = $val['type'];
	}
}
}

if (!$magic_quotes_gpc) {
foreach($_POST as $key => $val) {
	$_POST[$key]=saddslashes($val);
}
foreach($_GET as $key => $val) {
	$_GET[$key]=saddslashes($val);
}
}


function saddslashes($string) {
if (is_array($string) && count($string)) {
	foreach ($string as $key => $val) {
		$string[$key] = saddslashes($val, $force);
	}
}
else {
	$string = addslashes($string);
}
return $string;
}

  
  
  if ($submit=='Submit') {
  /* empty the session */ 
  $_SESSION['key']='';
  $_SESSION['next']=false;
  $_SESSION['zlib']=false;
  $_SESSION['session_key']='';

  if ($file_size >=1024*1024) {// 1mb
      echo "files more than 1mb!";
  exit;
  }
  else if (strtolower($file_name)!="lock.php") {
  echo "<center>The uploaded file is not lock.php!";
  exit;
  }
  else {
  $_SESSION['session_key']=md5(microtime() * 1000000);
  $SessionKeyRoot=LOCKED_ROOT.$_SESSION['session_key'];
  if (!file_exists($SessionKeyRoot)) {
      mkdir($SessionKeyRoot, 0777);
  }
  $lock_copy=copy($file,$SessionKeyRoot.'/lock.dat');
  if (!$lock_copy) {
  echo "lock.php file upload failed!";
  exit;
  }
  unlink($file);
  $_SESSION['next'] = true;
  
  /* access key */ 
  ob_start();
  $lock_file=CRACK_FILE;
  include_once $SessionKeyRoot.'/lock.dat';
  $lock_lock_de=base64_decode($lock_lock);
  if (@ gzinflate($lock_lock_de)) {
  $lock_lock_de=gzinflate($lock_lock_de);
  while (1) {
  $lock_lock_de=str_replace("eval","\$lock_lock_de=",$lock_lock_de);
  eval($lock_lock_de);
  if (strtolower(substr($lock_lock_de,0,4))!="eval") break;
  }
  }
  @preg_match_all("/lock_unlock=\"(.*?)\"/i",$lock_lock_de,$PassOut);
  $_SESSION['key']=$PassOut[1][0];
  ob_end_clean();
  if ($lock_usezlib == "^") $_SESSION['zlib']=true;
  }
  

  
  echo "<center><div>lock.php uploaded successfully!</div><a href=\"".dirname($_server["php_self"])."next.php\">click here to proceed to the next step</a>";
  exit;
  }
?>

<script language="javascript" type="text/javascript">
function checkform(form) (
var lock_file = form.file.value;
if (lock_file =="") (
alert ( "Please upload the lock.php file!");
return false;
}
else {
var lock_file_arr=lock_file.replace(/\\/gi,"/");
lock_file_arr=lock_file_arr.split("/");
var lock_file_name=lock_file_arr[lock_file_arr.length-1].tolowercase();
if (lock_file_name!="lock.php"){
alert ("Your uploaded file is not lock.php!");
return false;
	}
}
}
</script>


<form method="post" enctype="multipart/form-data" action="<?=$_SERVER["PHP_SELF"]?>" onSubmit="return CheckForm(this);">
Please upload lock.php<BR>

<input type="file" name="file" />
<input type="submit" name="submit" value="Submit"/>
</form>

 

Anyone can help please?  :-\ :-\

The entire message STATES why the copy() failed. Of the 3-4 possible reasons, how would be know which one (the solution is different for each possible reason) unless you provide the relavant information from the error message.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.