Jump to content

I'm having a bit of a problem with my Upload Form...


Mesden

Recommended Posts

Fatal error: Cannot redeclare showuploadform() (previously declared in /hsphere/local/home/aaron21/sc2x.net/file-upload.php:70) in /hsphere/local/home/aaron21/sc2x.net/file-upload.php on line 70The link is here: http://www.sc2x.net/upload.phpI read the Note on Line 70 but it's a little vague, so I thought I'd post the problem here and see if I got any useful information:<?php##################################################################### File Upload Form 1.1##################################################################### For updates visit http://www.zubrag.com/scripts/######################################################################################################################################### SETTINGS START####################################################################// Folder to upload files to. Must end with slash /define('DESTINATION_FOLDER','/sc2x.net/rp/');// Maximum allowed file size, Kb// Set to zero to allow any sizedefine('MAX_FILE_SIZE', 0);// Upload success URL. User will be redirected to this page after upload.define('SUCCESS_URL','http://www.sc2x.net/success.php');// Allowed file extensions. Will only allow these extensions if not empty.// Example: $exts = array('avi','mov','doc');$exts = array('SC2Replay');// rename file after upload? false - leave original, true - rename to some unique filenamedefine('RENAME_FILE', true);// put a string to append to the uploaded file name (after extension);// this will reduce the risk of being hacked by uploading potentially unsafe files;// sample strings: aaa, my, etc.define('APPEND_STRING', '');// Need uploads log? Logs would be saved in the MySql database.define('DO_LOG', true);// MySql data (in case you want to save uploads log)define('DB_HOST','mysql18.ixwebhosting.com'); // host, usually localhostdefine('DB_DATABASE','Aaron21_Upload'); // database namedefine('DB_USERNAME','Aaron21_Uplaod'); // usernamedefine('DB_PASSWORD','Bailey001'); // password/* NOTE: when using log, you have to create mysql table first for this script.Copy paste following into your mysql admin tool (like PhpMyAdmin) to create tableIf you are on cPanel, then prefix _uploads_log on line 205 with your username, so it would be like myusername_uploads_logCREATE TABLE _uploads_log ( log_id int(11) unsigned NOT NULL auto_increment, log_filename varchar(128) default '', log_size int(10) default 0, log_ip varchar(24) default '', log_date timestamp, PRIMARY KEY (log_id), KEY (log_filename));*/####################################################################### END OF SETTINGS. DO NOT CHANGE BELOW####################################################################// Allow script to work long enough to upload big files (in seconds, 2 days by default)@set_time_limit(172800);// following may need to be uncommented in case of problems// ini_set("session.gc_maxlifetime","10800");function showUploadForm($message='') { $max_file_size_tag = ''; if (MAX_FILE_SIZE > 0) { // convert to bytes $max_file_size_tag = "<input name='MAX_FILE_SIZE' value='".(MAX_FILE_SIZE*1024)."' type='hidden' >\n"; } // Load form template include ('file-upload.php');}// errors list$errors = array();$message = '';// we should not exceed php.ini max file size$ini_maxsize = ini_get('upload_max_filesize');if (!is_numeric($ini_maxsize)) { if (strpos($ini_maxsize, 'M') !== false) $ini_maxsize = intval($ini_maxsize)*1024*1024; elseif (strpos($ini_maxsize, 'K') !== false) $ini_maxsize = intval($ini_maxsize)*1024; elseif (strpos($ini_maxsize, 'G') !== false) $ini_maxsize = intval($ini_maxsize)*1024*1024*1024;}if ($ini_maxsize < MAX_FILE_SIZE*1024) { $errors[] = "Alert! Maximum upload file size in php.ini (upload_max_filesize) is less than script's MAX_FILE_SIZE";}// show upload formif (!isset($_POST['submit'])) { showUploadForm(join('',$errors));}// process file uploadelse { while(true) { // make sure destination folder exists if (!@file_exists(DESTINATION_FOLDER)) { $errors[] = "Destination folder does not exist or no permissions to see it."; break; } // check for upload errors $error_code = $_FILES['filename']['error']; if ($error_code != UPLOAD_ERR_OK) { switch($error_code) { case UPLOAD_ERR_INI_SIZE: // uploaded file exceeds the upload_max_filesize directive in php.ini $errors[] = "File is too big (1)."; break; case UPLOAD_ERR_FORM_SIZE: // uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form $errors[] = "File is too big (2)."; break; case UPLOAD_ERR_PARTIAL: // uploaded file was only partially uploaded. $errors[] = "Could not upload file (1)."; break; case UPLOAD_ERR_NO_FILE: // No file was uploaded $errors[] = "Could not upload file (2)."; break; case UPLOAD_ERR_NO_TMP_DIR: // Missing a temporary folder $errors[] = "Could not upload file (3)."; break; case UPLOAD_ERR_CANT_WRITE: // Failed to write file to disk $errors[] = "Could not upload file (4)."; break; case 8: // File upload stopped by extension $errors[] = "Could not upload file (5)."; break; } // switch // leave the while loop break; } // get file name (not including path) $filename = @basename($_FILES['filename']['name']); // filename of temp uploaded file $tmp_filename = $_FILES['filename']['tmp_name']; $file_ext = @strtolower(@strrchr($filename,".")); if (@strpos($file_ext,'.') === false) { // no dot? strange $errors[] = "Suspicious file name or could not determine file extension."; break; } $file_ext = @substr($file_ext, 1); // remove dot // check file type if needed if (count($exts)) { /// some day maybe check also $_FILES['user_file']['type'] if (!@in_array($file_ext, $exts)) { $errors[] = "Files of this type are not allowed for upload."; break; } } // destination filename, rename if set to $dest_filename = $filename; if (RENAME_FILE) { $dest_filename = md5(uniqid(rand(), true)) . '.' . $file_ext; } // append predefined string for safety $dest_filename = $dest_filename . APPEND_STRING; // get size $filesize = intval($_FILES["filename"]["size"]); // filesize($tmp_filename); // make sure file size is ok if (MAX_FILE_SIZE > 0 && MAX_FILE_SIZE*1024 < $filesize) { $errors[] = "File is too big (3)."; break; } if (!@move_uploaded_file($tmp_filename , DESTINATION_FOLDER . $dest_filename)) { $errors[] = "Could not upload file (6)."; break; } if (DO_LOG) { // Establish DB connection $link = @mysql_connect(DB_HOST, DB_USERNAME, DB_PASSWORD); if (!$link) { $errors[] = "Could not connect to mysql."; break; } $res = @mysql_select_db(DB_DATABASE, $link); if (!$res) { $errors[] = "Could not select database."; break; } $m_ip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']); $m_size = $filesize; $m_fname = mysql_real_escape_string($dest_filename); $sql = "insert into _uploads_log (log_filename,log_size,log_ip) values ('$m_fname','$m_size','$m_ip')"; $res = @mysql_query($sql); if (!$res) { $errors[] = "Could not run query."; break; } @mysql_free_result($res); @mysql_close($link); } // if (DO_LOG) // redirect to upload success url header('Location: ' . SUCCESS_URL); die(); break; } // while(true) // Errors. Show upload form. $message = join('',$errors); showUploadForm($message);}?>

Link to comment
Share on other sites

It means that the function showuploadform() is being declared twice, often caused by including more than one file, both of which contain the function.

Link to comment
Share on other sites

It means that the function showuploadform() is being declared twice, often caused by including more than one file, both of which contain the function.
So how would I fix that issue..? No matter which file I try to upload I still get the same error...
Link to comment
Share on other sites

Well, you are declaring the function, and also including one file (I only saw on on scanning the code anyway), so check if the file you are including also contains the function declaration. If it does, remove one of them (the one in the code in your first post seems the best choice).

Link to comment
Share on other sites

Well, you are declaring the function, and also including one file (I only saw on on scanning the code anyway), so check if the file you are including also contains the function declaration. If it does, remove one of them (the one in the code in your first post seems the best choice).
Im not that great at PHP so I dont quite follow what you mean. I just got a script off the internet and followed its instructions and this happened...
Link to comment
Share on other sites

You have

include ('file-upload.php');

but in the original code, it's

include ('file-upload.html');

In other words, it appears you're including the form to the form itself, thereby causing the error. You need to inclde the page where the form is, i.e.

include ('upload.php');

BTW, seeing that this is not a commercial site, and you're not restrained by deadlines, why not try to make an upload script yourself? It would likely work better for you. If you're concerned with security, post your code, and we'll see if we can find any vulnerabilities.

Link to comment
Share on other sites

You have
include ('file-upload.php');

but in the original code, it's

include ('file-upload.html');

In other words, it appears you're including the form to the form itself, thereby causing the error. You need to inclde the page where the form is, i.e.

include ('upload.php');

BTW, seeing that this is not a commercial site, and you're not restrained by deadlines, why not try to make an upload script yourself? It would likely work better for you. If you're concerned with security, post your code, and we'll see if we can find any vulnerabilities.

Changing the include from file-upload.php to upload.php just seems to refresh the upload form and send me to file-upload.php
Link to comment
Share on other sites

Changing the include from file-upload.php to upload.php just seems to refresh the upload form and send me to file-upload.php
If no file was uploaded, or there's something wrong with the upload file, that's exacly what should happen. The question is what happened... is your DB set up appropriately? Does it already have the fields the file demands? Does your upload form do anything with the $message variable?(If you ask me "what's that?", it's time to scrap this, and create a script yourself)
Link to comment
Share on other sites

If no file was uploaded, or there's something wrong with the upload file, that's exacly what should happen. The question is what happened... is your DB set up appropriately? Does it already have the fields the file demands? Does your upload form do anything with the $message variable?(If you ask me "what's that?", it's time to scrap this, and create a script yourself)
Yeah, okay. Ditching this script and went with the tutorial on W3Schools, but the uploader must be seeing something:Parse error: syntax error, unexpected '{' in /hsphere/local/home/aaron21/sc2x.net/file-upload.php on line 18All that's on Line 18 is a {
<?phpif ($_FILES["file"]["error"] > 0)  {  echo "Error: " . $_FILES["file"]["error"] . "<br />";  }else  {  echo "Upload: " . $_FILES["file"]["name"] . "<br />";  echo "Type: " . $_FILES["file"]["type"] . "<br />";  echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";  echo "Stored in: " . $_FILES["file"]["tmp_name"];  }?><?phpif ((($_FILES["file"]["type"] == "SC2Replay")&& ($_FILES["file"]["size"] < 1000000))  {  if ($_FILES["file"]["error"] > 0)	{	echo "Error: " . $_FILES["file"]["error"] . "<br />";	}  else	{	echo "Upload: " . $_FILES["file"]["name"] . "<br />";	echo "Type: " . $_FILES["file"]["type"] . "<br />";	echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";	echo "Stored in: " . $_FILES["file"]["tmp_name"];	}  }else  {  echo "Invalid file";  }?><?phpif ((($_FILES["file"]["type"] == "SC2Replay")&& ($_FILES["file"]["size"] < 1000000))  {  if ($_FILES["file"]["error"] > 0)	{	echo "Return Code: " . $_FILES["file"]["error"] . "<br />";	}  else	{	echo "Upload: " . $_FILES["file"]["name"] . "<br />";	echo "Type: " . $_FILES["file"]["type"] . "<br />";	echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";	echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";	if (file_exists("upload/" . $_FILES["file"]["name"]))	  {	  echo $_FILES["file"]["name"] . " already exists. ";	  }	else	  {	  move_uploaded_file($_FILES["file"]["tmp_name"],	  "upload/" . $_FILES["file"]["name"]);	  echo "Stored in: " . "rp/" . $_FILES["file"]["name"];	  }	}  }else  {  echo "Invalid file";  }?>

Link to comment
Share on other sites

You're missing a ")" in your if statement above. Further down, you have the same error.

Link to comment
Share on other sites

Whenever you have a parser error, the reason is usually shortly before the error's location - it was either your if, or the end of the last echo. Your echo is fine, so...Have you considered getting yourself a PHP editor? I'd reccomend NetBeans, because it will alert you of parser errors (and a few others) as you type.

Link to comment
Share on other sites

Disregard the statement below. Figured it out. Had to change the file type to application/octet-stream

I see it. Geez I never would have spotted that...
Successful connection, I think... Either it's ignoring the Coding implemented or it's referencing that all files I'm uploading are invalid, even the ones ending in a .SC2Replay extension. If it's a successful connection then I'm somehow able to upload .png, .jpeg, .avi, .php (< Dangerous), and any file over 1MB. But it seems to be ignoring the Coding implemented in the PHP File. For starters it's supposed to reject anything that doesn't end in a .SC2Replay extension, but successfully uploads a .png. Upload: Black.pngType: image/pngSize: 10.7265625 KbStored in: /tmp/phpDdd46l Invalid file Invalid fileIt also doesn't seem to be saving the file in the RP directory as implicated in the coding...
Link to comment
Share on other sites

Why do you have two copies of the upload checks anyway? The first one doesn't copy the file from the temp dir to the real one, and the second one does.Also, note that "type" doesn't refer to the "extension" of the file, but to its MIME type. To get the extension, you need something like pathinfo(), i.e.

if (pathinfo($_FILES["file"]["name"], PATHINFO_EXTENSION) === 'SC2Replay')

Link to comment
Share on other sites

Why do you have two copies of the upload checks anyway? The first one doesn't copy the file from the temp dir to the real one, and the second one does.Also, note that "type" doesn't refer to the "extension" of the file, but to its MIME type. To get the extension, you need something like pathinfo(), i.e.
if (pathinfo($_FILES["file"]["name"], PATHINFO_EXTENSION) === 'SC2Replay')

Yeah I changed the File Type to application/octet-stream. It seems to be uploading only the .SC2Replay File now and nothing else. Hopefully it only references that one file extension and not any type of application...
Link to comment
Share on other sites

Why do you have two copies of the upload checks anyway? The first one doesn't copy the file from the temp dir to the real one, and the second one does.Also, note that "type" doesn't refer to the "extension" of the file, but to its MIME type. To get the extension, you need something like pathinfo(), i.e.
if (pathinfo($_FILES["file"]["name"], PATHINFO_EXTENSION) === 'SC2Replay')

Typo.
Link to comment
Share on other sites

Upload: Decena (23).SC2ReplayType: application/octet-streamSize: 213.9130859375 KbTemp file: /tmp/phpINAMwyDecena (23).SC2Replay already exists.Works like a charm. Now what should I refer to for these "security measures" to prevent someone from uploading a potential trojan to the website.

Link to comment
Share on other sites

That's not what I meant when I said "security" earlier on... you can't prevent anyone from uploading a trojan. As long as the file has an extension "SC2Replay", and is within the defined size limits, it can contain anything. But either way, those files are not supposed to be executed directly, but by StarCraft 2, so if there's a trojan that triggers itself when parsed by SC2, that's Blizzard's problem, not yours. If you want to go the extra mile for the sake of going the extra mile, you'll have to study the SC2Replay format in a greather detail, understand the common bytes of it (one which are always present in such a file), and check for them in PHP.What I meant by security before was if, for example, you were somehow letting people write in arbitrary locations, or override other people's files. What you're currently doing is you're denying to upload files if they already exist. That's fine, but an alternative approach is to give the file a random name with the real extension, thereby letting multiple users upload a file named in the same fashion.

Link to comment
Share on other sites

That's not what I meant when I said "security" earlier on... you can't prevent anyone from uploading a trojan. As long as the file has an extension "SC2Replay", and is within the defined size limits, it can contain anything. But either way, those files are not supposed to be executed directly, but by StarCraft 2, so if there's a trojan that triggers itself when parsed by SC2, that's Blizzard's problem, not yours. If you want to go the extra mile for the sake of going the extra mile, you'll have to study the SC2Replay format in a greather detail, understand the common bytes of it (one which are always present in such a file), and check for them in PHP.What I meant by security before was if, for example, you were somehow letting people write in arbitrary locations, or override other people's files. What you're currently doing is you're denying to upload files if they already exist. That's fine, but an alternative approach is to give the file a random name with the real extension, thereby letting multiple users upload a file named in the same fashion.
Alright. The next thing I need to discuss is, I have a parser for the SC2Replay file. One is an excutable JAR File, the other is a BAT File. When I run the Replay File through the Batch or JAR File, it parses the Replay, giving me the Duration, the Players who were in that Game, their Race, their Player Color, Etc. What I know is that this can be done with PHP, probably through some kind of Javascript applet. When I upload the Replay File to the website, I need it to be processed through the Parser and display the replay's information on the website. Would you be able to push me in the right direction, or link me to a website that can guide me through this process? I'm not asking for you to do it for me, otherwise I'd never learn. I just can't seem to find anything on Google.
Link to comment
Share on other sites

Oh... so the SC2Replay is a zip file with another file extension, and a fixed tree structure?! Nice... you can easily verify if the file is a SC2Replay file then. Just see if it loads successfully with the ZIP extension, and has the desired files in it.To execute programs, you need to use one of the program execution functions. They are disabled on most hosts though, so unless the server is your own, you'll probably be unable to do it so easily.If they are disabled, the best you can do is have the file resubmitted to another PHP on your own server that can then execute the stuff, and return the data to your other PHP, which you can then save for further use.

Link to comment
Share on other sites

Oh... so the SC2Replay is a zip file with another file extension, and a fixed tree structure?! Nice... you can easily verify if the file is a SC2Replay file then. Just see if it loads successfully with the ZIP extension, and has the desired files in it.To execute programs, you need to use one of the program execution functions. They are disabled on most hosts though, so unless the server is your own, you'll probably be unable to do it easily.If they are disabled, the best you can do is have the file resubmitted to another PHP on your own server that can then execute the stuff, and return the data to your other PHP, which you can then save for further use.
You may have misunderstood. The SC2Replay File is a File itself. You play a game on Starcraft 2, it saves it on Battle.Net and you can save it onto your Computer as a .SC2Replay File. You can't do anything with the SC2 Replay File except upload it to a Parser to extract it's information. What I want to do is when the User uploads the Replay to the website, I need it to be processed through the Parser, which is a completely seperate program, which then extracts it's information and displays it on the website.If that's not possible I need some way of parsing the replay file, like http://www.sc2rc.com.
Link to comment
Share on other sites

Oh... yeah. Sorry... then (again) you can't check if the SC2Replay is correct, unless you put it out to the parser - if it's not a valid SC2Replay file, the parser should fail parsing it.And to execute the parser, you'll have to use the same program execution functions I mentioned above, since this is after all a separate program.

Link to comment
Share on other sites

Ahh but this Parser isn't a .exe or anything...WARP is a recursive acronym which means "WARP is A Replay Parser". As you already might have suggested due to the recursive project name, WARP is licensed under the GNU GPL license.The aim of WARP is to provide a management software for game replays and demos. The current plan aims at a "simple" parsing of Starcraft 2 replay files, but in the future, a sophisticated plugin system will provide support for various file types, especially for RTS games.With the aid of WARP, you will be able to receive detailed information on your or your opponent's games, which helps you improve your tactics or other skills. The project's goal is to provide statistics and neatly showing them in well-arranged plots.Feel free to create an account and report bugs or propose enhancements for WARP.RequirementsWARP needs Java Runtime Environment (JRE) of at least version 6 to be installed.InstallationDownload WARPExtract itRun warp.bat on Windows machines or warp.sh on Linux/Mac OS X machines, respectively.If you experience problems, check the Troubleshooting article.FeaturesWARP is an easy to use replay manager. It allows you to rename files and to quickly peek into the saved games. Sorting and filtering the replay list for specific attributes, for example player names, the save date, and much more, make it easy to gather the information you are looking for.Additionally, WARP will support a variety of replay formats, making it capable to handle several games with a single application.As a bonus, WARP is entirely written in Java, thus being platform independent.Supported replay formats include:SC2Replay files

Link to comment
Share on other sites

Additionally, if I went to a website like SC2RC.com and looked up their coding, this is what I'd get for the Upload Page. Methinks they use Javascript to work their Parser magic.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"	"http://www.w3.org/TR/html4/strict.dtd"> <html> <head> 	<title>Starcraft 2 Replay Center</title> 		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> 	<meta name='description' content='Starcraft 2 Replay Center is the top resource for uploading and sharing your sc2 replays.' /> 	<meta name='keywords' content='sc2 replays, starcraft 2 replays' /> 	<meta name='robots' content='index,follow,archive' />  	<link rel="stylesheet" type="text/css" href="http://www.sc2rc.com/newsc2rc/main.css" /> 	<link rel="icon" href="/favicon.png" type="image/png"> </head> <body id="homepage"> <div id="headerbar"><div id="headerbar-inner"> <p class="news"><strong>April 23</strong> - Parsing Engine updated for Patch 9. Read about it <a style="color:#ccc;" href="http://www.sc2rc.com/forums/viewtopic.php?f=3&t=6">in the forums.</a></p> <p class="other"><a href="http://www.twitter.com/sc2replaycenter" target="_blank"><img src="/images/twitter.png" alt="Follow us on twitter" /></a></p> </div></div> 	<div id="sitewrapper"> 				<div id="masthead"> 			<h1>Starcraft 2 Replays - Upload</h1> 			<img src="http://www.sc2rc.com/newsc2rc/images/logo.png" alt="Starcraft 2 Replay Center" /> 			<img id="headad" src="/wordmark.png" alt="Upload and share your sc2 video game esport replays" /> 		</div> 				 		<ul id="navigation"> 			<li><a class="active" href="/" title="Starcraft II Replays Homepage">Home</a></li> 			<li><a href="/index.php/replay/browse" title="Browse SC2 Replays">Browse Replays</a></li> 			<li class="last"><a href="/index.php/replay/upload" title="Upload your SC2 Replays">Upload Replay</a></li> 			<li><a href="/forums/" title="Discuss Starcraft 2 in our Forums">Forums</a></li> 			<li><a href="http://sc2.curse.com/" title="Starcraft 2 Maps">Starcraft 2 Maps</a></li> 			<li class="last"><a href="http://sc2mapster.com/" title="Starcraft 2 Map Editor">Starcraft 2 Map Editor</a></li> 		</ul> 				<div id="content-wrapper"> 			<div style="width: 440px; float: left;"> 			<div class="contentbox" style="width: 400px;float: left;margin-bottom: 20px;"> 				<h1>Step One - Choose Replay</h1> 				<p>It's very simple to upload your sc2 replay to our site. Use the choose file button to pick the replay you want from your computer, and our site will extract the information from it when it's finished uploading.</p><br /> 				<p>Don't forget to put a description on your Starcraft 2 replay so it will get viewed more!</p> 				<br /><br /><br /> 				<p>You did not select a file to upload.</p><form action="http://www.sc2rc.com/index.php/replay/do_upload" method="post" enctype="multipart/form-data">  <input type="file" name="userfile" size="20" />  <br /><br />  <input type="submit" value="Upload Replay" />  </form><br /><br /> 			</div> 			</div>  		</div> 				<div id="footer"> 			©2010 SC2 Replay Center  - webmaster@sc2rc.com<br /> 			<div style="font-size: 11px;"> 			Starcraft, Starcraft 2, Diablo, World of Warcraft, and other Blizzard video games are registered  trademarks of Blizzard Entertainment.<br /> 			Starcraft 2 Replay Center is a SC2 Replay file hosting site only. We do not plan on supporting other video games. Do not e-mail us regarding this.			</div> 		</div> 	</div> 	<script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script> <script type="text/javascript"> try {var pageTracker = _gat._getTracker("UA-15145636-1");pageTracker._trackPageview();} catch(err) {}</script> </body> </html>

Link to comment
Share on other sites

That's the problem - the parser is written in JAVA, and not PHP. To execute JAVA, you need to run the JRE, which is a windows executable file. That's actually what the bat file (which is an executable file too btw) does - it calls the JRE and points it to the JAR file.The alternative is to find another parser (or write your own) in PHP. The guys at sc2rc.com probably have their own parser, or have an environment which lets them use the program execution functions.[edit]They have their own parser - check it out[/edit]

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...