problem in final revo web
I have a prob aboub sec.php
this is my sec.php
Code:<? ///////////////////////////// function writetologfile($msg) { // $today = date("m j g:i:s y"); $today = date("y_m_d"); $logfile = "../logs/".$today."_log_sql injections.txt"; $dir = ''; $savelocation=$logfile; $fp = @fopen( $savelocation,"r"); $data = @fread($fp, 800000); if (!$handle = @fopen($savelocation, "w+b")) { echo "error"; exit; } else { if(@fwrite($handle,"$msg\r\n sql injection detected\r\n$data")===false) { echo "geen error"; exit; } @fclose($handle); } } ///////////////////////////// function anti_injection($sql) { $sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql); $sql = trim($sql); $sql = strip_tags($sql); $sql = addslashes($sql); return $sql; } ///////////////////////////// function valida($campos){ foreach($campos as $c){ if(empty($c)){ echo ":: You have attempt to sql inject. Log saved and sended to the webmaster ::<br />"; $time = date("m j g:i:s y"); $ip = getenv('remote_addr'); $useragent = getenv('http_user_agent'); $referrer = getenv('http_referer'); $query = getenv('query_string'); $msg = "ip: " . $ip . " time: " . $time . " referrer: " . $referrer . " searchstring: " . $query; writetologfile($msg); return false; }else{ return true; } } } ?> [/quote] and the index.php [QUOTE]<link href="../default.css" rel="stylesheet" type="text/css" /> <body bgcolor="070707"><font color="ffffff"> <div align="center"> <p><img src="img/clan_emblem.png" width="430" height="60"><br /> </p> </div> <div align="center"> <table width="577" border="0" align="center"> <tr> <th width="174" scope="col"> </th> <th width="199" scope="col"><? include ("config.php"); include ("sec.php"); if (isset($_GET['step'])) { $argv = explode('-',$_GET['step']); settype($argv,'array'); $_GET['step'] = @$argv[0]; $_GET['url'] = @$argv[1]; $_GET['do'] = @$argv[2]; $_GET['mess'] = @$argv[3]; } $step = !isset($_GET['step']) ? home : $_GET['step'] ; if ($step == '1') { echo' <FORM METHOD=POST ACTION="?emblem=index&step=2"> <p>Enter your user ID: <input name="user" type="textfield" /> <BR /> Enter your password: <input name="pass" type="textfield" /> </p> <p><br /> <input type="submit" value="submit" /> </p> </form> '; } if ($step == '2') { $user1 = anti_injection($_POST['user']); $pass1 = anti_injection($_POST['pass']); if (valida(Array($user1,$pass1)) == TRUE) { $query = mssql_query("SELECT AID From Login Where UserID = '$user1' AND Password = '$pass1' "); while($r = mssql_fetch_array($query)){ if (mssql_num_rows($query) == 1){ $query2 = mssql_query(" SELECT Login.UserID, Login.Password, ClanMember.Grade, Clan.EmblemUrl, Clan.Name, Clan.CLID FROM ClanMember INNER JOIN Clan ON ClanMember.CLID = Clan.CLID INNER JOIN Login INNER JOIN Character ON Login.AID = Character.AID ON ClanMember.CID = Character.CID Where Login.UserID = '$user1' and Login.Password = '$pass1' and ClanMember.Grade = '1' "); if (mssql_num_rows($query2) >= '1'){ echo '<form enctype="multipart/form-data" action="?emblem=index&step=done" method="POST"> <p>Please choose a file: <input name="uploaded" type="file" /> </p> <p><br /> <input type="submit" value="Upload" /> </p><select name="clan">' ; for($i='';$i < @mssql_num_rows($query2);++$i){ $row = @mssql_fetch_row($query2); $ClanName = $row[4]; echo '<option value="'.$row[4].'">';echo $row[4];echo'</option>' ; }echo'</select></form>'; }}else { echo " ERROR GEEN CLAN ";} } } ; } ; if ($step == 'done') { $emblem = $_POST['uploaded'] ; $CLID = $_POST['clan']; $target = "upload/"; $target = $target . basename( $_FILES['uploaded']['name']) ; $ok=1; if (!($_FILES['uploaded']['size'] > '9500')) { //echo "Your file is too large.<br>"; $ok=1; if(($_FILES['uploaded']['type'] == "image/jpeg")) { $ok=1; //echo "Wrong file type.<br>"; } if(($_FILES['uploaded']['type'] == "image/GIF")) { $ok=1; //echo "Wrong file type.<br>"; } if(($_FILES['uploaded']['type'] == "image/PNG")) { $ok=1; //echo "Wrong file type.<br>"; } } else { $ok=0;} // if ($ok==0) { echo "Sorry your file was not uploaded<br />"; echo "Please check the file size or file type"; } else { if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) { echo "The file ".basename( $_FILES['uploadedfile']['name']). " has been uploaded<br />"; echo "You may close this window now"; mssql_query ("UPDATE Clan SET EmblemChecksum = EmblemChecksum + 1 WHERE Name = '$CLID'"); mssql_query ("UPDATE Clan SET EmblemUrl = 'upload/".$target."' WHERE Name = '$CLID'"); } else { echo "Sorry, there was a problem uploading your file."; }} }; ?></th> <th width="190" scope="col"> </th> </tr> </table> <p><link href="../default.css" rel="stylesheet" type="text/css" /> <div align="center"> <br /> <br /> <hr /> <? include ("config.php"); include ("sec.php"); $conn = @mssql_connect($DBHost, $DBUser, $DBPass); @mssql_select_db($DB); if (isset($_GET['step'])) { $argv = explode('-',$_GET['step']); settype($argv,'array'); $_GET['step'] = @$argv[0]; $_GET['url'] = @$argv[1]; $_GET['do'] = @$argv[2]; $_GET['mess'] = @$argv[3]; } $step = !isset($_GET['step']) ? home : $_GET['step'] ; if ($step == '1') { $user1 = anti_injection($_SESSION['UserID']); $pass1 = anti_injection($_SESSION['pass']); if (valida(Array($user1,$pass1)) == TRUE) { $query = mssql_query("SELECT AID From Login Where UserID = '$user1' AND Password = '$pass1' "); while($r = mssql_fetch_array($query)){ if (mssql_num_rows($query) == 1){ $query2 = mssql_query(" SELECT Login.UserID, Login.Password, ClanMember.Grade, Clan.EmblemUrl, Clan.Name, Clan.CLID FROM ClanMember INNER JOIN Clan ON ClanMember.CLID = Clan.CLID INNER JOIN Login INNER JOIN Character ON Login.AID = Character.AID ON ClanMember.CID = Character.CID Where Login.UserID = '$user1' and Login.Password = '$pass1' and ClanMember.Grade = '1' "); if (mssql_num_rows($query2) >= '1'){ echo '<form enctype="multipart/form-data" action="index.php?do=2&step=done" method="POST"> <p>Please choose a file: <input name="uploaded" type="file" /> </p> <p><br /> <input type="submit" value="Upload" /> </p><select name="clan">' ; for($i='';$i < @mssql_num_rows($query2);++$i){ $row = @mssql_fetch_row($query2); $ClanName = $row[4]; echo '<option value="'.$row[4].'">';echo $row[4];echo'</option>' ; }echo'</select></form>'; }}else { echo " ERROR GEEN CLAN ";} } } ; } ; if ($step == 'done') { $emblem = $_POST['uploaded'] ; $CLID = $_POST['clan']; $tmpfile = $_FILES['uploaded']['tmp_name']; $ok=1; if (!($_FILES['uploaded']['size'] > '9500')) { //echo "Your file is too large.<br>"; $ok=1; if(($_FILES['uploaded']['type'] == "image/jpeg")) { $ok=1; //echo "Wrong file type.<br>"; } if(($_FILES['uploaded']['type'] == "image/GIF")) { $ok=1; //echo "Wrong file type.<br>"; } if(($_FILES['uploaded']['type'] == "image/PNG")) { $ok=1; //echo "Wrong file type.<br>"; } } else { $ok=0;} // if ($ok==0) { echo "Sorry your file was not uploaded<br />"; echo "Please check the file size or file type"; } else { $filename = "/". sprintf("emblem_%d_%s_%s", $CLID, date("FjYgias"), $_FILES['uploaded']['name']); if(UploadFTPFile($tmpfile, "ftp.starconecta.com", "hgunz@starconecta.com", "8vghxknu", "/emblem/$filename")) { echo "The file ".basename( $_FILES['uploadedfile']['name']). " has been uploaded<br />"; echo "You may close this window now"; mssql_query ("UPDATE Clan SET EmblemChecksum = EmblemChecksum + 1 WHERE Name = '$CLID'"); mssql_query ("UPDATE Clan SET EmblemUrl = '".$filename."' WHERE Name = '$CLID'"); } else { echo "Sorry, there was a problem uploading your file."; }} }; ?> </div> <hr /> </p> </div>
how can i fix this prob?
Code:fatal error: Cannot redeclare writetologfile() (previously declared in c:\appserv\www\ew\emblem\sec.php:3) in c:\appserv\www\ew\emblem\sec.php on line 27
Reply With Quote
