Jump to content

Please help me kill this bug...

s0c0

By s0c0
in Beta Test Your Stuff!

 Share

Recommended Posts

s0c0 Regular Member

s0c0

Posted
Posted

...before I pull my hair out.  For some reason when people upload files to my server  the file pointer and other related information is not inserted into the mysql database.  This is because somehow the user_id field is not being passed into the function.  I don't get it, it works 100% of the time for me and a few other people, but I see tons of errors within the error log I created. 9 out of 10 times its because of this.

 

So please create an account at http://www.mp3crib.com (it takes less than a minute) and try uploading an mp3.  Please report specifics on any errors you receive, strange output, or anything that seems out of whack.  At this point I've lowered myself to putting the users id within a url string and the $_GET[id] is passed directly into the function.  If that doesn't work I will in fact begin pulling out my hair.  Thank you.

Link to comment
https://forums.phpfreaks.com/topic/49763-please-help-me-kill-this-bug/
Share on other sites
obsidian Member

obsidian

Posted
Posted

Hate to break it to you, but there are a lot more issues than not passing the user id through. Your login page is susceptible to XSS attacks. Your directory structure is not very secure since you're running mkdir() function calls (among others) directly from user input.

 

There are a lot of security issues with the way things are being handled currently.

s0c0 Regular Member

s0c0

Posted
  • Author
Posted

Hate to break it to you, but there are a lot more issues than not passing the user id through. Your login page is susceptible to XSS attacks. Your directory structure is not very secure since you're running mkdir() function calls (among others) directly from user input.

 

There are a lot of security issues with the way things are being handled currently.

 

Very true and I'm aware of most of the security issues.  Since this is a beta I am still more worried about functionality over security.

s0c0 Regular Member

s0c0

Posted
  • Author
Posted

Post your code here so we can take a look at it (before you start pulling your hair out). Since I've recently formatted my hard disk (of a nasty virus), I don't have any mp3's yet.

 

This is a lot of code.  I'll start with the script that does the uploading, followed by the the class it uses.

 

include($_SERVER['DOCUMENT_ROOT'].'php/userSession.php'); // checks for valid sesssion
require($_SERVER['DOCUMENT_ROOT'].'php/classes/C_Upload_Files.php'); // upload functions

if(is_null($_GET[user]) || is_null($_GET[uid]))
{
header('location:mymusic.php');
}

$err_log = fopen('/var/www/err_log/upload.log', 'at');	
global $err_log;

fwrite($err_log, date('F Y d h:i:s A').' - '.$_GET[user].' - '.$_GET[uid].' - ');
$destination = $_SERVER['DOCUMENT_ROOT'].'users/'.$_GET[user].'/';

if(isset($_FILES))
{
$error = array(); // initialize error var for processing
            
// acceptable file types
$filetypes = array ('mp3' => 'audio/mpeg','wma' => 'audio/x-ms-wma');
                    
    function okFileType($type) // function to check for accpetable file type
    {
    	global $err_log;
    	
    if(count($GLOBALS['filetypes']) < 1) // if filetype array is empty then let files through
    {
    	return true;
    }
    elseif(!in_array($type,$GLOBALS['filetypes'])) // if file type is not in array then remove it
    {
        return false;
    }
    else // let the file through
    {                        
    	return true;
    }
}
            
    function processFile($file) // function to check and move file
    {    
        $upload_file = $GLOBALS['destination'].$file['name']; // set full path/name of file to be moved
        global $err_log;
	$_GET[user] = $_GET[user];
	$_GET[uid] = $_GET[uid];
                    
        if(file_exists($upload_file)) // if file exists error out and halt
        {
        	$GLOBALS['error'][] = $file['name'].' - Filename exists - please change your image filename';
        	fwrite($err_log, 'file already exists'." \r\n");
        	echo '<p style="font-weight:bold; color:red;">The file '.$file['name'].' already exists in 
        			your profile and will not be uploaded.</p>
        			<p><a href="/upload.php">Please try again</a></p>';
        	return false;
        	exit;
        }            
        if(!move_uploaded_file($file['tmp_name'], $upload_file)) // failed to move file
        {
        	$GLOBALS['error'][] = 'File Upload Failed on '.$file['name'].' - Please try again';
        	fwrite($err_log, 'upload failed around line 104'." \r\n");
        	echo '<p style="font-weight:bold; color:red;">File upload failed on '.$file['name'].'.</p>
        			<p><a href="/upload.php">Please try again</a></p>';
        	return false;
        	exit;
        } 
        else // upload OK - change file permissions, if wma convert to mp3, insert mp3 to tbl
        {
        	
            chmod($upload_file, 0777);
            fwrite($err_log, $upload_file.' - ');	
		if(preg_match('/.wma/', $upload_file)) // if file=wma then convert to mp3
		{
			fwrite($err_log, 'WMA=True - ');
			$convertWMA_MP3 = C_Upload_Files::convertWMA_MP3($_GET[user], $upload_file); // conversion

			if($convertWMA_MP3 == true)
			{
				fwrite($err_log, 'convertWMA-MP3 - ');
			}
			else // failed - write to error log and delete the file
			{
				fwrite($err_log, 'WMA Failed - '." \r\n");
				fclose($err_log);
				unlink($upload_file);
			}

			$insertMp3 = C_Upload_Files::insertMp3($upload_file, $_GET[user], $_GET[uid]); // sql insert

			if($insertMp3 == 'NoID3') // log writing
			{
				fwrite($err_log, 'SQLInsert NoID3 - '." \r\n");
				fclose($err_log);
			}
			elseif($insertMp3 == 'ID3') // log writing
			{
				fwrite($err_log, 'SQLInsert ID3 - '." \r\n");
				fclose($err_log);	
			}
			else // failure - write to error log and delete the file
			{
				fwrite($err_log, 'SQLInsert Failure? - '." \r\n");
				fclose($err_log);
				unlink($upload_file);
			}

		}
		if(preg_match('/.mp3/', $upload_file)) // insert mp3 to tbl
		{
			fwrite($err_log, 'MP3=True - ');
			$insertMp3 = C_Upload_Files::insertMp3($upload_file, $_GET[user], $_GET[uid]);

			if($insertMp3 == 'NoID3') // log writing
			{
				fwrite($err_log, 'SQLInsert NoID3 - '." \r\n");
				fclose($err_log);
			}
			elseif($insertMp3 == 'ID3') // log writing
			{
				fwrite($err_log, 'SQLInsert ID3 - '." \r\n");
				fclose($err_log);	
			}
			elseif($insertMp3 == 'null') // failed - write to error log and delete file
			{
				fwrite($err_log, 'Null var passed - '." \r\n");
				fclose($err_log);
				unlink($upload_file);
			}
			else // failed with unknown error, write to log, and delete file
			{
				fwrite($err_log, 'unknown error - '." \r\n");
				fclose($err_log);
				unlink($upload_file);
			}
            }
        }    
}
                
// check to make sure files were uploaded
$no_files = 0;
$uploaded = array();

foreach($_FILES as $file)
{
	switch($file['error'])
    {
    	case 0: // file found
	        if($file['name'] != NULL && okFileType($file['type']) != false)
	        {
	        	if(processFile($file) == true) // process the file
	        	{
	        		$uploaded = $file['name'];
	        	}
	        }
    	break;
    
	    case (1|2): // upload too large
	    	$error[] = 'file upload is too large for '.$file['name'];
	        fwrite($err_log, 'file too large case(1|2)'." \r\n");
	    break;
	                                
	    case 4: // no file uploaded
	    break;
	                                
	    case (6|7): // no temp folder or failed write - server config errors
		    $error[] = 'internal error - flog the webmaster on '.$file['name'];
	        fwrite($err_log, 'internal server error case(6|7) '." \r\n");
	    break;
    }
}          
}

include($_SERVER['DOCUMENT_ROOT'].'popup/playlist/default.php'); // generates playlist 
header('Location:/mymusic.php');

 

include($_SERVER['DOCUMENT_ROOT'].'/php/mysqlConnection.php');

class C_Upload_Files
{
/**
* convertWMA_MP3 - converts a drm-free WMA file to MP3 file format
*
* PRE: user and upload_file are passed in, WMA file exists on server and WMA is drm-free
* POST: WMA file is converted to an MP3
* 
* DATE: 4-25-07
*/
function convertWMA_MP3 ($user, $upload_file)
{
$ncoda = exec('ncoda wma2mp3 /var/www/users/'.$user.'/'); 

if(preg_match('/ReplayGain/', $ncoda))
{
	unlink($upload_file);
	exec('rm /var/www/users/'.$user.'/*.wav');
	$upload_file = str_replace('.wma', '.mp3', $upload_file);
	return true;
}
else
{
	echo '<p>Uh oh....there was a problem with one of your WMA files.  Did you read the part 
			about DRM protected WMA files? Click here to learn the track(s) did not upload 
			[link is coming]</p>';
	unlink($upload_file);
	return false;
}	
}

/**
* insertMp3 - inserts an uploaded mp3 to music.mp3 tbl (attempts using id3 tags)
*
* PRE: mp3file, user, and uid must be passed into addMp3
* POST: data is inserted into music.mp3 tbl
* DATE: 4-25-07
*/

function insertMp3($mp3file, $user, $uid)
{
if ($user == '' || $mp3file == '' || $uid == '')
{
	echo 'Error: Null value passed to insertMp3.';
	echo $user.' '.$uid.' '.$mp3file;
	return 'null';
}
include($_SERVER['DOCUMENT_ROOT'].'/php/mysqlConnection.php');
$relpath = str_replace('/var/www/', '', $mp3file);
include($_SERVER['DOCUMENT_ROOT'].'getid3/getid3/getid3.php');

$getID3 = new getID3;
$ThisFileInfo = $getID3->analyze($mp3file);
getid3_lib::CopyTagsToComments($ThisFileInfo);
$id3title = @$ThisFileInfo['tags']['id3v2']['title'][0];  // title from ID3v2
$id3artist = @$ThisFileInfo['comments_html']['artist'][0]; // artist 
$id3genre = @$ThisFileInfo['id3v1']['genre']; //genre
$id3album = @$ThisFileInfo['id3v1']['album']; //album

if($id3title == '')
{
	$file = str_replace('/var/www/users/'.$user.'/','',$mp3file);
	$sql = "INSERT INTO mp3 (users_id, song, artist, album, genre, file) VALUES 
		('$uid','$file', 'unknown', '$id3album', '$id3genre', '$relpath')";
	mysqli_query($db, $sql);

	$log = fopen('/var/www/err_log/sql.log', 'a');
	fwrite($log, date('F Y d h:i:s A').' '.$sql." \r\n");
	fclose($log);
	return 'NoID3';
}
else
{
	$sql = "INSERT INTO mp3 (users_id, song, artist, album, genre, file) VALUES 
		('$uid','$id3title', '$id3artist', '$id3album', '$id3genre', '$relpath')";
	mysqli_query($db, $sql);
	$log = fopen('/var/www/err_log/sql.log', 'a');
	fwrite($log, date('F Y d h:i:s A').' '.$sql." \r\n");
	fclose($log);
	return 'ID3';
}
}



}

 

 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.