retsell
09-20-2008, 01:13 PM
I am working on the upgrade from VB 3.0 (yeah, I know) to 3.7.3, and changing servers from php4 to php5. With VB3.0 I had integrated a java applet called MyUpload which allowed you to upload multiple files at once (without using multiple file boxes.) Everything worked great with it. Now I'm having trouble making it work on the new setup. When the applet submits the photos to the php handler, I keep getting a "Not logged in" error. Here's the temp setup, I've stripped everything out of it I could to try and find what's causing the problem: EVERYTHING WORKS FINE IF YOU ARE LOGGED IN WITH COOKIES (Remember me or logged in to admincp.) It's something with sessions that is getting messed up (I'm not completely clear how vb tracks them.)
Photo upload applet (included in a template):
<script type="text/javascript">
document.write('<applet name="uploadApplet" code="javaatwork.myuploader.UploadApplet.class" \
archive="myuploader-standard-signed-v19.jar, labels.jar" width="400" height="250">');
document.write('<param name="uploadURL" value="attach_upload.php?$session[sessionurl]">');
document.write('<param name="cookie" value="' + document.cookie + '">');
document.write('<param name="uploadDirectories" value="false">');
document.write('<param name="showHTTPResponse" value="true">');
document.write('<param name="showThumbNailsInApplet" value="true">');
document.write('<param name="showThumbNailsInFileDialog" value="true">');
document.write('</applet>');
</script>
Here is attach_upload.php which the applet submits the files, if I comment out the include line, it works fine, otherwise the http response is not logged in. I need to include global.php for uses not in the file currently (database functions, file functions, user permissions) so removing it is not an option:
<?php
// ####################### SET PHP ENVIRONMENT ###########################
error_reporting(E_ALL & ~E_NOTICE);
// #################### DEFINE IMPORTANT CONSTANTS #######################
define('THIS_SCRIPT', 'attach_upload');
// ######################### REQUIRE BACK-END ############################
require_once('./global.php');
// ################################################## #####################
// ######################## START MAIN SCRIPT ############################
// ################################################## #####################
$lf = new logfile();
$lf->write("begin");
foreach ($_FILES["userfile"]["error"] as $key => $error) {
if ($error == UPLOAD_ERR_OK) {
$tmp_name = $_FILES["userfile"]["tmp_name"][$key];
$name = $_FILES["userfile"]["name"][$key];
$filesize = $_FILES["userfile"]["size"][$key];
$fileext = strtolower(strrchr($name, '.'));
$lf->write("name - $name");
move_uploaded_file($tmp_name, "./attachments/temp/$name");
}
}
class logfile{
function write($the_string )
{
if( $fh = @fopen( "./attachments/temp/logfile.txt", "a+" ) )
{
fputs( $fh, $the_string, strlen($the_string) );
fclose( $fh );
return( true );
}
else
{
return( false );
}
}
}
?>
And here is the HTTP response:
HTTP/1.1 200 OK
Date: Fri, 19 Sep 2008 11:59:43 GMT
Server: Apache/2.2.8 (Fedora)
X-Powered-By: PHP/5.2.6
Set-Cookie: bbsessionhash=81b8593540c2c3be001bb0a06ab996a7; path=/; HttpOnly
Set-Cookie: bblastactivity=0; expires=Sat, 19-Sep-2009 11:59:44 GMT; path=/
Cache-Control: private
Pragma: private
X-UA-Compatible: IE=7
Content-Length: 7321
Connection: close
Content-Type: text/html; charset=ISO-8859-1
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<meta name="generator" content="vBulletin 3.7.3" />
<meta name="keywords" content="vbulletin,forum,bbs,discussion,jelsoft,bulletin board" />
<meta name="description" content="This is a discussion forum powered by vBulletin. To find out about vBulletin, go to http://www.vbulletin.com/ ." />
<!-- CSS Stylesheet -->
<style type="text/css" id="vbulletin_css">
/**
* vBulletin 3.7.3 CSS
* Style: 'Default Style'; Style ID: 1
*/
@import url("clientscript/vbulletin_css/style-ff8030dd-00001.css");
</style>
<link rel="stylesheet" type="text/css" href="clientscript/vbulletin_important.css?v=373" />
<!-- / CSS Stylesheet -->
<script type="text/javascript" src="clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=373"></script>
<script type="text/javascript" src="clientscript/yui/connection/connection-min.js?v=373"></script>
<script type="text/javascript">
<!--
var SESSIONURL = "";
var SECURITYTOKEN = "guest";
var IMGDIR_MISC = "images/misc";
var vb_disable_ajax = parseInt("0", 10);
// -->
</script>
<script type="text/javascript" src="clientscript/vbulletin_global.js?v=373"></script>
<link rel="alternate" type="application/rss+xml" title="Contractor's Area RSS Feed" href="external.php?type=RSS2" />
<title>Contractor's Area</title>
</head>
<body>
<!-- logo -->
<a name="top"></a>
<table border="0" width="95%" cellpadding="0" cellspacing="0" align="center">
<tr>
<td align="left"><a href="index.php"><img src="images/misc/cms_header.gif" border="0" alt="Contractor's Area" /></a></td>
<td align="right" id="header_right_cell">
</td>
</tr>
</table>
<!-- /logo -->
<!-- content table -->
<!-- open content container -->
<div align="center">
<div class="page" style="width:95%; text-align:left">
<div style="padding:0px 25px 0px 25px" align="left">
<br /><br /><br />
<table class="tborder" cellpadding="6" cellspacing="1" border="0" width="70%" align="center">
<tr>
<td class="tcat">CMS Message</td>
</tr>
<tr>
<td class="panelsurround" align="center">
<div class="panel">
<div align="left">
<script type="text/javascript" src="clientscript/vbulletin_md5.js?v=373"></script>
<form action="login.php?do=login" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">
<input type="hidden" name="do" value="login" />
<input type="hidden" name="url" value="/attach_upload.php?&userid=3&postid=13453&threadid= 12654&securitytoken=1221825575-470c176311f0327681046e540998776e983fba22" />
<input type="hidden" name="vb_login_md5password" />
<input type="hidden" name="vb_login_md5password_utf" />
<input type="hidden" name="s" value="" />
<input type="hidden" name="securitytoken" value="guest" />
<!-- permission error message - user not logged in -->
<div class="smallfont"><h3>Contractor Web Instructions can be found here : <a href="http://www.classicmortgageservices.net/contractors/web instructions html version.htm" target="_blank">Contractor Instructions</a><br><br></h3>
You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:</div>
<ol>
<li class="smallfont">You are not logged in. Fill in the form at the bottom of this page and try again.</li>
<li class="smallfont">You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?</li>
<li class="smallfont">If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.</li>
</ol>
<fieldset class="fieldset">
<legend>Log in</legend>
<table cellpadding="0" cellspacing="3" border="0" align="center">
<tr>
<td>User Name:<br /><input type="text" class="bginput" name="vb_login_username" size="50" accesskey="u" tabindex="1" /></td>
</tr>
<tr>
<td>Password:<br /><input type="password" class="bginput" name="vb_login_password" size="50" tabindex="1" /></td>
</tr>
<tr>
<td>
<span style="float:right"><a href="login.php?do=lostpw">Forgotten Your Password?</a></span>
<label for="cb_cookieuser"><input type="checkbox" name="cookieuser" value="1" id="cb_cookieuser" tabindex="1" />Remember Me?</label>
</td>
</tr>
<tr>
<td align="right">
<input type="submit" class="button" value="Log in" accesskey="s" tabindex="1" />
<input type="reset" class="button" value="Reset Fields" accesskey="r" tabindex="1" />
</td>
</tr>
</table>
</fieldset>
<div class="smallfont">The administrator may have required you to <a href="register.php?do=signup">register</a> before you can view this page.</div>
</form>
<!-- / permission error message - user not logged in -->
</div>
</div>
<!--
<div style="margin-top:6px">
<input type="submit" class="button" value="Go Back" accesskey="s" onclick="history.back(1); return false" />
</div>
-->
</td>
</tr>
</table>
<br />
<!-- forum jump -->
<table cellpadding="0" cellspacing="0" border="0" align="center">
<tr>
<td></td>
</tr>
</table>
<!-- / forum jump -->
<br />
<br />
<div class="smallfont" align="center">All times are GMT -6. The time now is <span class="time">05:59 AM</span>.</div>
<br />
</div>
</div>
</div>
<!-- / close content container -->
<!-- /content area table -->
<form action="index.php" method="get">
<table cellpadding="6" cellspacing="0" border="0" width="95%" class="page" align="center">
<tr>
<td class="tfoot" align="right" width="100%">
<div class="smallfont">
<strong>
<a href="sendmessage.php" rel="nofollow" accesskey="9">Contact Us</a> -
<a href="http://www.classicmortgageservices.net">Classic Mortgage Services</a> -
<a href="#top" onclick="self.scrollTo(0, 0); return false;">Top</a>
</strong>
</div>
</td>
</tr>
</table>
<br />
<div align="center">
<div class="smallfont" align="center">
<!-- Do not remove this copyright notice -->
Powered by vBulletin® Version 3.7.3<br />Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
<!-- Do not remove this copyright notice -->
</div>
<div class="smallfont" align="center">
<!-- Do not remove <img src="http://72.167.250.140/cron.php?rand=111491" alt="" width="1" height="1" border="0" /> or your scheduled tasks will cease to function -->
<img src="http://72.167.250.140/cron.php?rand=111491" alt="" width="1" height="1" border="0" />
<!-- Do not remove <img src="http://72.167.250.140/cron.php?rand=111491" alt="" width="1" height="1" border="0" /> or your scheduled tasks will cease to function -->
</div>
</div>
</form>
<script type="text/javascript">
<!--
// Main vBulletin Javascript Initialization
vBulletin_init();
//-->
</script>
</body>
</html>Sep 19, 2008 7:02:35 AM - HTTPUploadTask - upload() - HTTP/1.1 200 OK
Any help is greatly appreciated of course.
Photo upload applet (included in a template):
<script type="text/javascript">
document.write('<applet name="uploadApplet" code="javaatwork.myuploader.UploadApplet.class" \
archive="myuploader-standard-signed-v19.jar, labels.jar" width="400" height="250">');
document.write('<param name="uploadURL" value="attach_upload.php?$session[sessionurl]">');
document.write('<param name="cookie" value="' + document.cookie + '">');
document.write('<param name="uploadDirectories" value="false">');
document.write('<param name="showHTTPResponse" value="true">');
document.write('<param name="showThumbNailsInApplet" value="true">');
document.write('<param name="showThumbNailsInFileDialog" value="true">');
document.write('</applet>');
</script>
Here is attach_upload.php which the applet submits the files, if I comment out the include line, it works fine, otherwise the http response is not logged in. I need to include global.php for uses not in the file currently (database functions, file functions, user permissions) so removing it is not an option:
<?php
// ####################### SET PHP ENVIRONMENT ###########################
error_reporting(E_ALL & ~E_NOTICE);
// #################### DEFINE IMPORTANT CONSTANTS #######################
define('THIS_SCRIPT', 'attach_upload');
// ######################### REQUIRE BACK-END ############################
require_once('./global.php');
// ################################################## #####################
// ######################## START MAIN SCRIPT ############################
// ################################################## #####################
$lf = new logfile();
$lf->write("begin");
foreach ($_FILES["userfile"]["error"] as $key => $error) {
if ($error == UPLOAD_ERR_OK) {
$tmp_name = $_FILES["userfile"]["tmp_name"][$key];
$name = $_FILES["userfile"]["name"][$key];
$filesize = $_FILES["userfile"]["size"][$key];
$fileext = strtolower(strrchr($name, '.'));
$lf->write("name - $name");
move_uploaded_file($tmp_name, "./attachments/temp/$name");
}
}
class logfile{
function write($the_string )
{
if( $fh = @fopen( "./attachments/temp/logfile.txt", "a+" ) )
{
fputs( $fh, $the_string, strlen($the_string) );
fclose( $fh );
return( true );
}
else
{
return( false );
}
}
}
?>
And here is the HTTP response:
HTTP/1.1 200 OK
Date: Fri, 19 Sep 2008 11:59:43 GMT
Server: Apache/2.2.8 (Fedora)
X-Powered-By: PHP/5.2.6
Set-Cookie: bbsessionhash=81b8593540c2c3be001bb0a06ab996a7; path=/; HttpOnly
Set-Cookie: bblastactivity=0; expires=Sat, 19-Sep-2009 11:59:44 GMT; path=/
Cache-Control: private
Pragma: private
X-UA-Compatible: IE=7
Content-Length: 7321
Connection: close
Content-Type: text/html; charset=ISO-8859-1
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<meta name="generator" content="vBulletin 3.7.3" />
<meta name="keywords" content="vbulletin,forum,bbs,discussion,jelsoft,bulletin board" />
<meta name="description" content="This is a discussion forum powered by vBulletin. To find out about vBulletin, go to http://www.vbulletin.com/ ." />
<!-- CSS Stylesheet -->
<style type="text/css" id="vbulletin_css">
/**
* vBulletin 3.7.3 CSS
* Style: 'Default Style'; Style ID: 1
*/
@import url("clientscript/vbulletin_css/style-ff8030dd-00001.css");
</style>
<link rel="stylesheet" type="text/css" href="clientscript/vbulletin_important.css?v=373" />
<!-- / CSS Stylesheet -->
<script type="text/javascript" src="clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=373"></script>
<script type="text/javascript" src="clientscript/yui/connection/connection-min.js?v=373"></script>
<script type="text/javascript">
<!--
var SESSIONURL = "";
var SECURITYTOKEN = "guest";
var IMGDIR_MISC = "images/misc";
var vb_disable_ajax = parseInt("0", 10);
// -->
</script>
<script type="text/javascript" src="clientscript/vbulletin_global.js?v=373"></script>
<link rel="alternate" type="application/rss+xml" title="Contractor's Area RSS Feed" href="external.php?type=RSS2" />
<title>Contractor's Area</title>
</head>
<body>
<!-- logo -->
<a name="top"></a>
<table border="0" width="95%" cellpadding="0" cellspacing="0" align="center">
<tr>
<td align="left"><a href="index.php"><img src="images/misc/cms_header.gif" border="0" alt="Contractor's Area" /></a></td>
<td align="right" id="header_right_cell">
</td>
</tr>
</table>
<!-- /logo -->
<!-- content table -->
<!-- open content container -->
<div align="center">
<div class="page" style="width:95%; text-align:left">
<div style="padding:0px 25px 0px 25px" align="left">
<br /><br /><br />
<table class="tborder" cellpadding="6" cellspacing="1" border="0" width="70%" align="center">
<tr>
<td class="tcat">CMS Message</td>
</tr>
<tr>
<td class="panelsurround" align="center">
<div class="panel">
<div align="left">
<script type="text/javascript" src="clientscript/vbulletin_md5.js?v=373"></script>
<form action="login.php?do=login" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">
<input type="hidden" name="do" value="login" />
<input type="hidden" name="url" value="/attach_upload.php?&userid=3&postid=13453&threadid= 12654&securitytoken=1221825575-470c176311f0327681046e540998776e983fba22" />
<input type="hidden" name="vb_login_md5password" />
<input type="hidden" name="vb_login_md5password_utf" />
<input type="hidden" name="s" value="" />
<input type="hidden" name="securitytoken" value="guest" />
<!-- permission error message - user not logged in -->
<div class="smallfont"><h3>Contractor Web Instructions can be found here : <a href="http://www.classicmortgageservices.net/contractors/web instructions html version.htm" target="_blank">Contractor Instructions</a><br><br></h3>
You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:</div>
<ol>
<li class="smallfont">You are not logged in. Fill in the form at the bottom of this page and try again.</li>
<li class="smallfont">You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?</li>
<li class="smallfont">If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.</li>
</ol>
<fieldset class="fieldset">
<legend>Log in</legend>
<table cellpadding="0" cellspacing="3" border="0" align="center">
<tr>
<td>User Name:<br /><input type="text" class="bginput" name="vb_login_username" size="50" accesskey="u" tabindex="1" /></td>
</tr>
<tr>
<td>Password:<br /><input type="password" class="bginput" name="vb_login_password" size="50" tabindex="1" /></td>
</tr>
<tr>
<td>
<span style="float:right"><a href="login.php?do=lostpw">Forgotten Your Password?</a></span>
<label for="cb_cookieuser"><input type="checkbox" name="cookieuser" value="1" id="cb_cookieuser" tabindex="1" />Remember Me?</label>
</td>
</tr>
<tr>
<td align="right">
<input type="submit" class="button" value="Log in" accesskey="s" tabindex="1" />
<input type="reset" class="button" value="Reset Fields" accesskey="r" tabindex="1" />
</td>
</tr>
</table>
</fieldset>
<div class="smallfont">The administrator may have required you to <a href="register.php?do=signup">register</a> before you can view this page.</div>
</form>
<!-- / permission error message - user not logged in -->
</div>
</div>
<!--
<div style="margin-top:6px">
<input type="submit" class="button" value="Go Back" accesskey="s" onclick="history.back(1); return false" />
</div>
-->
</td>
</tr>
</table>
<br />
<!-- forum jump -->
<table cellpadding="0" cellspacing="0" border="0" align="center">
<tr>
<td></td>
</tr>
</table>
<!-- / forum jump -->
<br />
<br />
<div class="smallfont" align="center">All times are GMT -6. The time now is <span class="time">05:59 AM</span>.</div>
<br />
</div>
</div>
</div>
<!-- / close content container -->
<!-- /content area table -->
<form action="index.php" method="get">
<table cellpadding="6" cellspacing="0" border="0" width="95%" class="page" align="center">
<tr>
<td class="tfoot" align="right" width="100%">
<div class="smallfont">
<strong>
<a href="sendmessage.php" rel="nofollow" accesskey="9">Contact Us</a> -
<a href="http://www.classicmortgageservices.net">Classic Mortgage Services</a> -
<a href="#top" onclick="self.scrollTo(0, 0); return false;">Top</a>
</strong>
</div>
</td>
</tr>
</table>
<br />
<div align="center">
<div class="smallfont" align="center">
<!-- Do not remove this copyright notice -->
Powered by vBulletin® Version 3.7.3<br />Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
<!-- Do not remove this copyright notice -->
</div>
<div class="smallfont" align="center">
<!-- Do not remove <img src="http://72.167.250.140/cron.php?rand=111491" alt="" width="1" height="1" border="0" /> or your scheduled tasks will cease to function -->
<img src="http://72.167.250.140/cron.php?rand=111491" alt="" width="1" height="1" border="0" />
<!-- Do not remove <img src="http://72.167.250.140/cron.php?rand=111491" alt="" width="1" height="1" border="0" /> or your scheduled tasks will cease to function -->
</div>
</div>
</form>
<script type="text/javascript">
<!--
// Main vBulletin Javascript Initialization
vBulletin_init();
//-->
</script>
</body>
</html>Sep 19, 2008 7:02:35 AM - HTTPUploadTask - upload() - HTTP/1.1 200 OK
Any help is greatly appreciated of course.