Jump to content

[SOLVED] Warning: session_start() [function.session-start]:

newbtophp

By newbtophp
in PHP Coding Help

 Share

Recommended Posts

newbtophp Advanced Member

newbtophp

Posted
Posted

Errors:

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent

 

If i remove it from the if statements it works fine  :-\

 

My code:

 

<?php

if (isset($_FILES['file'])) {
$file = file_get_contents($_FILES['file']['tmp_name']);
$submit = $_POST['submit'];
if($file == "") echo "No file selected";
else {


if($submit == "Decode") {

  
if (preg_match('/lock/', $file)) {

error_reporting (E_ERROR | E_WARNING | E_PARSE);

session_start();
set_magic_quotes_runtime(0);
if (function_exists('get_magic_quotes_gpc')) {
$magic_quotes_gpc = get_magic_quotes_gpc();
}
else {
$magic_quotes_gpc = ini_get('magic_quotes_gpc');
}
$register_globals = @ini_get('register_globals');


if(PHP_VERSION < '4.1.0') {
$_GET = &$HTTP_GET_VARS;
$_POST = &$HTTP_POST_VARS;
$_COOKIE = &$HTTP_COOKIE_VARS;
$_SERVER = &$HTTP_SERVER_VARS;
$_ENV = &$HTTP_ENV_VARS;
$_FILES = &$HTTP_POST_FILES;
}

if(!$register_globals || !$magic_quotes_gpc) {
@extract($_POST, EXTR_OVERWRITE);
@extract($_GET, EXTR_OVERWRITE);

if(!$register_globals && is_array($_FILES) && count($_FILES)) {
	foreach($_FILES as $key => $val) {
		$$key = $val['tmp_name'];
		${$key.'_name'} = $val['name'];
		${$key.'_size'} = $val['size'];
		${$key.'_type'} = $val['type'];
	}
}
}

if (!$magic_quotes_gpc) {
foreach($_POST as $key => $val) {
	$_POST[$key]=saddslashes($val);
}
foreach($_GET as $key => $val) {
	$_GET[$key]=saddslashes($val);
}
}


function saddslashes($string) {
if (is_array($string) && count($string)) {
	foreach ($string as $key => $val) {
		$string[$key] = saddslashes($val, $force);
	}
}
else {
	$string = addslashes($string);
}
return $string;
}


}


}
}
}
?>

Link to comment
Share on other sites
cags Member

cags

Posted
Posted

This seems to be one of the most common things posted here on the forums and I just don't get why. You cannot call any function that modifiers headers after any call or echo, print or any other funtion that outputs information. In this case it is session_start (as the error message tells you), move it to the top of the script.

 

EDIT: And check the link Crayon Violent posted. I couldn't be bothered to find the link. :)

Link to comment
Share on other sites
newbtophp Advanced Member

newbtophp

Posted
  • Author
Posted

I moved the session_start() to the top and I got:

 

Warning: copy(<?php ......
in /home/forums/public_html/index.php on line 120
lock.php file upload failed!

 

This is the part where the error apears:

 

  $_SESSION['session_key']=md5(microtime() * 1000000);
  $SessionKeyRoot=LOCKED_ROOT.$_SESSION['session_key'];
  if (!file_exists($SessionKeyRoot)) {
      mkdir($SessionKeyRoot, 0777);
  }
  $lock_copy=copy($file,$SessionKeyRoot.'/lock.dat'); //LINE 120  :-\
  if (!$lock_copy) {
  echo "lock.php file upload failed!";
  exit;
  }

 

This is the whole file (which gives the errors):

 

<?php

  define('CRACK_ROOT',dirname(__FILE__ ? __FILE__ : getenv('SCRIPT_FILENAME')));
  define('LOCKED_ROOT','/home/forums/files/');
  define('CRACK_FILE','/home/forums/public_html/lock/crack.php');

error_reporting (E_ERROR | E_WARNING | E_PARSE);

//I moved this chunk to the top to avoid the session and headers error
session_start();
set_magic_quotes_runtime(0);
if (function_exists('get_magic_quotes_gpc')) {
$magic_quotes_gpc = get_magic_quotes_gpc();
}
else {
$magic_quotes_gpc = ini_get('magic_quotes_gpc');
}
$register_globals = @ini_get('register_globals');


if(PHP_VERSION < '4.1.0') {
$_GET = &$HTTP_GET_VARS;
$_POST = &$HTTP_POST_VARS;
$_COOKIE = &$HTTP_COOKIE_VARS;
$_SERVER = &$HTTP_SERVER_VARS;
$_ENV = &$HTTP_ENV_VARS;
$_FILES = &$HTTP_POST_FILES;
}

if(!$register_globals || !$magic_quotes_gpc) {
@extract($_POST, EXTR_OVERWRITE);
@extract($_GET, EXTR_OVERWRITE);

if(!$register_globals && is_array($_FILES) && count($_FILES)) {
	foreach($_FILES as $key => $val) {
		$$key = $val['tmp_name'];
		${$key.'_name'} = $val['name'];
		${$key.'_size'} = $val['size'];
		${$key.'_type'} = $val['type'];
	}
}
}

if (!$magic_quotes_gpc) {
foreach($_POST as $key => $val) {
	$_POST[$key]=saddslashes($val);
}
foreach($_GET as $key => $val) {
	$_GET[$key]=saddslashes($val);
}
}


function saddslashes($string) {
if (is_array($string) && count($string)) {
	foreach ($string as $key => $val) {
		$string[$key] = saddslashes($val, $force);
	}
}
else {
	$string = addslashes($string);
}
return $string;
}


?>
  

<title>Welcome</title>


<form action="<?=$_SERVER["PHP_SELF"]?>" method="post" enctype="multipart/form-data" >


<input name="file" type="file" value="Upload"/>

<input type="submit" name="submit" value="Submit" />


</form>


<?php

if (isset($_FILES['file'])) {
$file = file_get_contents($_FILES['file']['tmp_name']);
$submit = $_POST['submit'];
if($file == "") echo "No file selected";
else {


if($submit == "Submit") {


//basic validation to check if its the right file i want
if (preg_match('/lock/', $file)) {


  /* empty the session */ 
  $_SESSION['key']='';
  $_SESSION['next']=false;
  $_SESSION['zlib']=false;
  $_SESSION['session_key']='';

  if ($file_size >=1024*1024) {// 1mb
      echo "files more than 1mb!";
  exit;
  }
  else if (strtolower($file_name)!="lock.php") {
  echo "<center>The uploaded file is not lock.php!";
  exit;
  }
  else {
  $_SESSION['session_key']=md5(microtime() * 1000000);
  $SessionKeyRoot=LOCKED_ROOT.$_SESSION['session_key'];
  if (!file_exists($SessionKeyRoot)) {
      mkdir($SessionKeyRoot, 0777);
  }
  $lock_copy=copy($file,$SessionKeyRoot.'/lock.dat');
  if (!$lock_copy) {
  echo "lock.php file upload failed!";
  exit;
  }
  unlink($file);
  $_SESSION['next'] = true;
  
  /* access key */ 
  ob_start();
  $lock_file=CRACK_FILE;
  include_once $SessionKeyRoot.'/lock.dat';
  $lock_lock_de=base64_decode($lock_lock);
  if (@ gzinflate($lock_lock_de)) {
  $lock_lock_de=gzinflate($lock_lock_de);
  while (1) {
  $lock_lock_de=str_replace("eval","\$lock_lock_de=",$lock_lock_de);
  eval($lock_lock_de);
  if (strtolower(substr($lock_lock_de,0,4))!="eval") break;
  }
  }
  @preg_match_all("/lock_unlock=\"(.*?)\"/i",$lock_lock_de,$PassOut);
  $_SESSION['key']=$PassOut[1][0];
  ob_end_clean();
  if ($lock_usezlib == "^") $_SESSION['zlib']=true;
  }
  

  
  echo "<center><div>lock.php uploaded successfully!</div><a href=\"lock/next.php\">click here to proceed</a>";
  }


}
}
}
?>

 

My original file works perfectly (no errors) which is:

 

<?php

  define('CRACK_ROOT',dirname(__FILE__ ? __FILE__ : getenv('SCRIPT_FILENAME')));
  define('LOCKED_ROOT','/home/forums/files/');
  define('CRACK_FILE','/home/forums/public_html/lock/crack.php');
  
error_reporting (E_ERROR | E_WARNING | E_PARSE);

session_start();
set_magic_quotes_runtime(0);
if (function_exists('get_magic_quotes_gpc')) {
$magic_quotes_gpc = get_magic_quotes_gpc();
}
else {
$magic_quotes_gpc = ini_get('magic_quotes_gpc');
}
$register_globals = @ini_get('register_globals');


if(PHP_VERSION < '4.1.0') {
$_GET = &$HTTP_GET_VARS;
$_POST = &$HTTP_POST_VARS;
$_COOKIE = &$HTTP_COOKIE_VARS;
$_SERVER = &$HTTP_SERVER_VARS;
$_ENV = &$HTTP_ENV_VARS;
$_FILES = &$HTTP_POST_FILES;
}

if(!$register_globals || !$magic_quotes_gpc) {
@extract($_POST, EXTR_OVERWRITE);
@extract($_GET, EXTR_OVERWRITE);

if(!$register_globals && is_array($_FILES) && count($_FILES)) {
	foreach($_FILES as $key => $val) {
		$$key = $val['tmp_name'];
		${$key.'_name'} = $val['name'];
		${$key.'_size'} = $val['size'];
		${$key.'_type'} = $val['type'];
	}
}
}

if (!$magic_quotes_gpc) {
foreach($_POST as $key => $val) {
	$_POST[$key]=saddslashes($val);
}
foreach($_GET as $key => $val) {
	$_GET[$key]=saddslashes($val);
}
}


function saddslashes($string) {
if (is_array($string) && count($string)) {
	foreach ($string as $key => $val) {
		$string[$key] = saddslashes($val, $force);
	}
}
else {
	$string = addslashes($string);
}
return $string;
}

  
  
  if ($submit=='Submit') {
  /* empty the session */ 
  $_SESSION['key']='';
  $_SESSION['next']=false;
  $_SESSION['zlib']=false;
  $_SESSION['session_key']='';

  if ($file_size >=1024*1024) {// 1mb
      echo "files more than 1mb!";
  exit;
  }
  else if (strtolower($file_name)!="lock.php") {
  echo "<center>The uploaded file is not lock.php!";
  exit;
  }
  else {
  $_SESSION['session_key']=md5(microtime() * 1000000);
  $SessionKeyRoot=LOCKED_ROOT.$_SESSION['session_key'];
  if (!file_exists($SessionKeyRoot)) {
      mkdir($SessionKeyRoot, 0777);
  }
  $lock_copy=copy($file,$SessionKeyRoot.'/lock.dat');
  if (!$lock_copy) {
  echo "lock.php file upload failed!";
  exit;
  }
  unlink($file);
  $_SESSION['next'] = true;
  
  /* access key */ 
  ob_start();
  $lock_file=CRACK_FILE;
  include_once $SessionKeyRoot.'/lock.dat';
  $lock_lock_de=base64_decode($lock_lock);
  if (@ gzinflate($lock_lock_de)) {
  $lock_lock_de=gzinflate($lock_lock_de);
  while (1) {
  $lock_lock_de=str_replace("eval","\$lock_lock_de=",$lock_lock_de);
  eval($lock_lock_de);
  if (strtolower(substr($lock_lock_de,0,4))!="eval") break;
  }
  }
  @preg_match_all("/lock_unlock=\"(.*?)\"/i",$lock_lock_de,$PassOut);
  $_SESSION['key']=$PassOut[1][0];
  ob_end_clean();
  if ($lock_usezlib == "^") $_SESSION['zlib']=true;
  }
  

  
  echo "<center><div>lock.php uploaded successfully!</div><a href=\"".dirname($_server["php_self"])."next.php\">click here to proceed to the next step</a>";
  exit;
  }
?>

<script language="javascript" type="text/javascript">
function checkform(form) (
var lock_file = form.file.value;
if (lock_file =="") (
alert ( "Please upload the lock.php file!");
return false;
}
else {
var lock_file_arr=lock_file.replace(/\\/gi,"/");
lock_file_arr=lock_file_arr.split("/");
var lock_file_name=lock_file_arr[lock_file_arr.length-1].tolowercase();
if (lock_file_name!="lock.php"){
alert ("Your uploaded file is not lock.php!");
return false;
	}
}
}
</script>


<form method="post" enctype="multipart/form-data" action="<?=$_SERVER["PHP_SELF"]?>" onSubmit="return CheckForm(this);">
Please upload lock.php<BR>

<input type="file" name="file" />
<input type="submit" name="submit" value="Submit"/>
</form>

 

Anyone can help please?  :-\ :-\

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.