Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 290
  • Last Modified:

"unexpected end of file" in mirror administration script

Ok, i'm out of ideas and tired of rescripting.

I wrote a file mirroring system.  it currently doesn't have all its features (like mirror syncronizing and such) but whatever.

the first working version is done... almost.  the administration script is giving an unexpected end of file error.  i cannot figure out why.  i even got a demo of zend studio just to have it debug it for it to tell me nothing new.

the entire system can be downloaded from http://quad341.com/projects/mirror_project.zip

because this is just a project to give away (gpl) and for someone else, along with the fact that there is a small error, it's not worth much.  i appreciate any help.

the admin script in question is as follows (i would copy/paste to your editor everything below this because it is the ENTIRE script):

<?php
/********************
* mirror_admin.php
* administration script for managing
* mirrors and files
* @author Quad341
* created: 2005-03-29
*********************/
error_reporting('E_ALL');
$self = $_SERVER[PHP_SELF];
require_once "mirror_config.php";
session_start();

if ($_SESSION[login_term]=="allowed"){
      // logged in, show everything/allow access
      
      // we need to determine where the admin wants to be.
      // we'll use get variables to sort this better.  it will be logical then
      // and easier to read
      if ($_GET[section]=="mirrors"){
            // this section is all about mirror administration
            if ($_GET[action]=="add"){
                  // add a new mirror to the database
                  $body = <<<EOP
                  <a href="$self">Index</a> \ <a href="$self?section=mirrors">Mirrors</a><br>
                  <br>
                  Here you may add a mirror to the database to be used when requesting downloads.<br>
                  Currently, mirrors must host the file with the same name.<br>
                  TODO: maybe add support for other names, but that's unlikely.<br>
                  TODO: Adding ftp support so this script uploads the files.<br>
                  TODO: Do something for indirect links... probably something related to first todo
                  <br><br>
                  Complete the form and click submit to add the mirror:<br>
                  <br>
                  <form action="$self?section=mirrors" method="post">
                  <input type="hidden" name="action" value="new">
                  Mirror Name (for reference.  mentioned when used. ie. "File hosting provided by [MIRROR NAME]")<br>
                  <input type="text" name="mir_name"><br>
                  <br>
                  Base URL (file  names are added immediately after this.  this is the directory where the files are kept. ie. "http://quad341.com/files/".  requries trailing /)<br>
                  <input type="text" name="base_url"><br>
                  <br>
                  Bandwidth Limit (amount of bandwidth the mirror allocated.  Use an insanely high number if unlimited.  max ~ 1,000,000,000 terabytes)<br>
                  Put number in left and select unit on right:<br>
                  <input type="text" name="bw_limit"> <select name="bw_type">
                  <option value="0">B (Bytes)</option>
                  <option value="1">KB (KiloBytes)</option>
                  <option value="2">MB (MegaBytes)</option>
                  <option value="3" checked>GB (GigaBytes)</option>
                  <option value="4">TB (TeraBytes)</option>
                  </select><br>
                  <input type="submit" name="submit" value="Submit">
                  </form>
EOP;
            } elseif($_POST[action]=="new"){
                  // add entry to mirror database.
                  // set variables
                  $mirror_name = $_POST[mir_name];
                  $base_url = $_POST[base_url];
                  $limit_num = $_POST[bw_limit];
                  $pow = $_POST[bw_type];
                  // because of the different units, we need to multiply
                  // if you noticed, i called it pow (like power for exponents)
                  // that's because we can multiply by 1024^$pow to find the bytes
                  $bw_limit = $limit_num * pow(1024,$pow);
                  
                  // now insert
                  $mir_table = $table_prefix . "mirrors";
                  $mir_ins_query = "INSERT INTO `$mir_table` (`base_url`,`name`,`max_bw`) VALUES ('$base_url','$mirror_name','$bw_limit')";
                  $mir_ins_result = mysql_query($mir_ins_query);
                  if ($mir_ins_result){
                        $body = "<a href=\"$self\">Index</a><br><br>Mirror successfully added.";
                  } else {
                        $body = "Error: ".mysql_error();
                  }
            } elseif ($_GET[action]=="edit"){
                  // edit entry
                  $id = $_GET[id];
                  // select information
                  $mirror_table = $table_prefix . "mirrors";
                  $sel_query = "SELECT * FROM `$mirror_table` WHERE `id`='$id'";
                  $sel_result = mysql_query($sel_query);
                  if(mysql_num_rows($sel_result)<1){
                        // no entry by that id
                        $body = "<a href=\"$self\">Index</a><br><br>There is no entry by that id.";
                  } else {
                        // it's good! take advantage of php's lack of real scoping
                        while($sel_array = mysql_fetch_array($sel_result)){
                              $base_url = $sel_array[base_url];
                              $name = $sel_array[name];
                              $max_bw = $sel_array[max_bw];
                        }
                        // let's do some converting since i doubt they entered this in bytes
                        $k_bw = $max_bw/1024;
                        $m_bw = $k_bw/1024;
                        $g_bw = $m_bw/1024;
                        $t_bw = $g_bw/1024;
                        
                        // display
                        $body = <<<EOP
                        <a href="$self">Index</a> / <a href="$self?section=mirrors&id=$id">Editing $name</a>
                        <br><br><br><br>
                        Current settings:<br>
                        Name: $name<br>
                        Base Url: <a href="$base_url">$base_url</a><br>
                        <dl><dt>Bandwidth Limit</dt>
                        <dd>
                        <ul>
                        <li>Bytes: $max_bw B</li>
                        <li>KiloBytes: $k_bw KB</li>
                        <li>MegaBytes: $m_bw MB</li>
                        <li>GigaBytes: $b_bw GB</li>
                        <li>TeraBytes: $t_bw TB</li>
                        </ul>
                        </dd>
                        <br><br>
                        Edit below:<br>
                        <br>
                        <form action="$self?section=mirrors" method="post">
                        <input type="hidden" name="action" value="update">
                        <input type="hidden" name="id" value="$id">
                        Mirror Name (for reference.  mentioned when used. ie. "File hosting provided by [MIRROR NAME]")<br>
                        <input type="text" name="mir_name" value="$name"><br>
                        <br>
                        Base URL (file  names are added immediately after this.  this is the directory where the files are kept. ie. "http://quad341.com/files/".  requries trailing /)<br>
                        <input type="text" name="base_url" value="$base_url"><br>
                        <br>
                        Bandwidth Limit (amount of bandwidth the mirror allocated.  Use an insanely high number if unlimited.  max ~ 1,000,000,000 terabytes)<br>
                        Put number in left and select unit on right:<br>
                        <input type="text" name="bw_limit" value="$g_bw"> <select name="bw_type">
                        <option value="0">B (Bytes)</option>
                        <option value="1">KB (KiloBytes)</option>
                        <option value="2">MB (MegaBytes)</option>
                        <option value="3" checked>GB (GigaBytes)</option>
                        <option value="4">TB (TeraBytes)</option>
                        </select><br>
                        <input type="submit" name="submit" value="Submit">
                        </form>
EOP;
                  }
            } elseif ($_POST[action]=="update"){
                  // update the database based upon the changes
                  // set variables
                  $id = $_POST[id];
                  $mirror_name = $_POST[mir_name];
                  $base_url = $_POST[base_url];
                  $limit_num = $_POST[bw_limit];
                  $pow = $_POST[bw_type];
                  // because of the different units, we need to multiply
                  // if you noticed, i called it pow (like power for exponents)
                  // that's because we can multiply by 1024^$pow to find the bytes
                  $bw_limit = $limit_num * pow(1024,$pow);
                  
                  // now update
                  $mir_table = $table_prefix . "mirrors";
                  $update_query = "UPDATE `$mir_table` SET `base_url`='$base_url',`name`='$mirror_name',`max_bw`='$bw_limit' WHERE `id`='$id'";
                  $update_result = mysql_query($update_query);
                  if ($update_result){
                        $body = "<a href=\"$self\">Index</a><br><br>$mirror_name successfully updated.";
                  } else {
                        $body = "Error: ".mysql_error();
                  }
            } elseif ($_GET[action]=="delete"){
                  // this deletes.  prompting is a waste.  it's hard to accidentally hit
                  $id = $_GET[id];
                  // delete
                  $mir_table = $table_prefix . "mirrors";
                  $del_query = "DELETE FROM `$mir_table` WHERE `id`='$id'";
                  $del_result = mysql_query($del_query);
                  if ($del_result){
                        $body = "<a href=\"$self\">Index</a><br><br>Entry successfully deleted.";
                  } else {
                        $body = "Error: ".mysql_error();
                  }
            } else {
                  // default.  lists all mirrors with edit and delete links
                  // first check to see if there are any current mirrors.  if not,  don't make the table
                  $mir_table = $table_prefix . "mirrors";
                  $all_sel_query = "SELECT * FROM `$mir_table` WHERE 1";
                  $all_sel_result = mysql_query($all_sel_query);
                  if (mysql_num_rows($all_sel_result)<1){
                        // no entries!
                        $table = "<br><strong>No mirrors in database</strong><br>";
                  } else {
                        // there is at least one entry.
                        // define the table and the headings row
                        
                        // TODO: display current bw usage here
                        $table_header = <<<EOTH
                        <br>
                        <table width="200px" cellspacing="1" cellpadding="1" border="1">
                        <th>Mirror Name</th><th>Bandwidth Limit</th><th>Edit</th><th>Delete</th>
EOTH;
                        // now loop and populate the table.  each row is one db row
                        while ($row_array = mysql_fetch_array($all_sel_result)){
                              $id = $row_array[id];
                              $name = $row_array[name];
                              $base_url = $row_array[base_url];
                              $bw_limit = $row_array[max_bw];
                              // the following lines actually makes the row
                              $rows .= <<<EOR
                              <tr>
                              <td><a href="$base_url">$name</a></td>
                              <td>$bw_limit</td>
                              <td><a href="$self?section=mirrors&action=edit&id=$id">Edit</a></td>
                              <td><a href="$self?section=mirrors&action=delete&id=$id">Delete</a></td>
                              </tr>
EOR;                              
                        }
                        $table_footer = "</table><br>";
                        // put the table together
                        $table = $table_header . $rows . $table_footer;
                  }
                  // construct the page
                  $body = <<<EOP
                  <a href="$self">Index</a><br><br><br><br>
                  Welcome to the administration section for mirrors.<br>
                  <a href="$self?section=mirrors&action=add">Click Here to add a new mirror</a>.<br>
                  <br>
                  Below is a list of the current mirrors:<br>
                  <br>
                  $table
EOP;
            }
      } elseif($_GET[section]=="files"){
            // this section is all about file administration
            if ($_GET[action]=="new"){
                  // add a new file entry
                  $body = <<<EOP
                  <a href="$self">Index</a><br><br><br><br>
                  Fill out the form below and click submit to add the file entry.<br>
                  <br>
                  <form action="$self?section=files" method="post">
                  <input type="hidden" name="action" value="add">
                  File Name (will be displayed)<br>
                  <input type="text" name="filename"><br>
                  <br>
                  File Size (the size in bytes of the file. The script can determine this if the file is uploaded to this server):<br>
                  <table width="30%" border="0" cellspacing="0" cellpadding="1">
                  <tr>
                  <td valign="top"><input type="radio" name="size_type" value="manual" checked> <input type="text" name="file_size"></td>
                  <td valign="top">Enter the size manually (in bytes).  If the size is not exact, this might cause a server to be used more
                  or less that it could be if accurately entered, but it still will work.</td>
                  </tr>
                  <tr>
                  <td valign="top"><input type="radio" name="size_type" value="auto"> <input type="text" name="filepath"></td>
                  <td valign="top">Enter the path (reletive or absolute) to the file on the server.  This scirpt will then determine
                  the filesize and enter it for you (reccomended).  Example of the path: this script is http://site.com/mirrors/[this].
                  the download is http://site.com/files/[filename].  the path would be (no quotes) "../files/[filename]"</td>
                  </table>
                  <br>
                  <br>
                  <input type="submit" name="submit" value="Submit">
                  </form>
EOP;
            } elseif($_POST[action]=="add"){
                  // add the file to the database
                  $filename = $_POST[filename];
                  if ($_POST[size_type]=="manual"){
                        $filesize=$_POST[file_size];
                  } else {
                        $filesize=filesize($_POST[filepath]);
                  }
                  // insert
                  $files_table = $table_prefix . "files";
                  $ins_query = "INSERT INTO `$files_table` (`filename`,`filesize`) VALUES ('$filename','$filesize')";
                  $ins_result = mysql_query($ins_query);
                  if ($ins_result){
                        // it was successful, but we need to know that id number
                        // so we can tell them what the link is
                        $sel_query = "SELECT `id` FROM `$files_table` WHERE `filename`='$filename' AND `filesize`=$filesize'";
                        $sel_result = mysql_query($sel_query);
                        while($row = mysql_fetch_row($sel_result)){
                              $id=$row[0];
                        }
                        $body = "<a href=\"$self\">Index</a><br><br><br><br>
                        File entry successfully added.<br>
                        The link to download is <strong>mirror_download.php?id=$id</strong><br>
                        assuming the download script is still mirror_download.php.";
                  } else {
                        $body = "Error: ".mysql_error();
                  }
            } elseif ($_GET[action]=="edit"){
                  // edit an entry
                  $id = $_GET[id];
                  // select information
                  $file_table = $table_prefix . "files";
                  $sel_query = "SELECT * FROM `$file_table` WHERE `id`='$id'";
                  $sel_result = mysql_query($sel_query);
                  if(mysql_num_rows($sel_result)<1){
                        // no entry by that id
                        $body = "<a href="$self">Index</a><br><br>There is no entry by that id.";
                  } else {
                        // it's good! take advantage of php's lack of real scoping
                        while($sel_array = mysql_fetch_array($sel_result)){
                              $filename = $sel_array[filename];
                              $filesize = $sel_array[file_size];
                        }
                        // display and allow editting
                        $body = <<<EOP
                        <a href="$self">Index</a><br><br><br><br>
                        Current settings:<br>
                        File Name: $filename<br>
                        File Size: $filesize B<br>
                        <br>
                        <br>
                        <br>
                        Edit the form below to update this entry:<br>
                        <br>
                        <form action="$self?section=files" method="post">
                        <input type="hidden" name="action" value="update">
                        <input type="hidden" name="id" value="$id">
                        File Name (will be displayed)<br>
                        <inptut type="text" name="filename" value="$filename"><br>
                        <br>
                        File Size (the size in bytes of the file. The script can determine this if the file is uploaded to this server):<br>
                        <table width="30%" border="0" cellspacing="0" cellpadding="1">
                        <tr>
                        <td valign="top"><input type="radio" name="size_type" value="manual" checked> <input type="text" name="file_size" value="$filesize"></td>
                        <td valign="top">Enter the size manually (in bytes).  If the size is not exact, this might cause a server to be used more
                        or less that it could be if accurately entered, but it still will work.</td>
                        </tr>
                        <tr>
                        <td valign="top"><input type="radio" name="size_type" value="auto"> <input type="text" name="filepath"></td>
                        <td valign="top">Enter the path (reletive or absolute) to the file on the server.  This scirpt will then determine
                        the filesize and enter it for you (reccomended).  Example of the path: this script is http://site.com/mirrors/[this].
                        the download is http://site.com/files/[filename].  the path would be (no quotes) "../files/[filename]"</td>
                        </table>
                        <br>
                        <br>
                        <input type="submit" name="submit" value="Submit">
                        </form>
EOP;
                  }
            } elseif ($_POST[action]=="update"){
                  // update an entry
                  $id = $_POST[id];
                  $filename = $_POST[filename];
                  if ($_POST[size_type]=="manual"){
                        $filesize=$_POST[file_size];
                  } else {
                        $filesize=filesize($_POST[filepath]);
                  }
                  // update
                  $files_table = $table_prefix . "files";
                  $upd_query = "UPDATE `$files_table` SET `filename`='$filename',`filesize`='$filesize' WHERE `id`='$id'";
                  $upd_result = mysql_query($upd_query);
                  if ($upd_result){
                        // updated successfully
                        $body ="<a href=\"$self\">Index</a><br><br><br><br>
                        The link to download is <strong>mirror_download.php?id=$id</strong><br>
                        assuming the download script is still mirror_download.php.";
                  } else {
                        $body = "Error: ".mysql_error();
                  }
            } elseif($_GET[action]=="delete"){
                  // delete the entry.  no prompt
                  $id = $_GET[id];
                  // delete
                  $files_table = $table_prefix . "files";
                  $del_query = "DELETE FROM `$files_table` WHERE `id`='$id'";
                  $del_result = mysql_query($del_query);
                  if ($del_result){
                        $body = "<a href=\"$self\">Index</a><br><br><br><br>
                        Entry successfully deleted.";
                  } else {
                        $body = "Error: ".mysql_error();
                  }
            } else {
                  // default, display all
                  
                  // check if any entries first.  don't display a table if not
                  $file_table = $table_prefix . "files";
                  $all_sel_query = "SELECT * FROM `$file_table` WHERE 1";
                  $all_sel_result = mysql_query($all_sel_query);
                  if (mysql_num_rows($all_sel_result)<1){
                        // no entries!
                        $table = "<br><strong>No files in database</strong><br>";
                  } else {
                        // there is at least one entry.
                        // define the table and the headings row
                        
                        // TODO: display current bw usage here
                        $table_header = <<<EOTH
                        <br>
                        <table width="200px" cellspacing="1" cellpadding="1" border="1">
                        <th>File Name</th><th>File Size</th><th>Edit</th><th>Delete</th>
EOTH;
                        // now loop and populate the table.  each row is one db row
                        while ($row_array = mysql_fetch_array($all_sel_result)){
                              $id = $row_array[id];
                              $filename = $row_array[filename];
                              $filesize = $row_array[file_size];
                              // the following lines actually makes the row
                              $rows .= <<<EOR
                              <tr>
                              <td>$filename</a></td>
                              <td>$filesize</td>
                              <td><a href="$self?section=files&action=edit&id=$id">Edit</a></td>
                              <td><a href="$self?section=files&action=delete&id=$id">Delete</a></td>
                              </tr>
EOR;                              
                        }
                        $table_footer = "</table><br>";
                        // put the table together
                        $table = $table_header . $rows . $table_footer;
                  }
                  // construct the page
                  $body = <<<EOP
                  <a href="$self">Index</a><br><br><br><br>
                  Welcome to the administration section for files.<br>
                  <a href="$self?section=files&action=add">Click Here to add a new file entry</a>.<br>
                  <br>
                  Below is a list of the current files:<br>
                  <br>
                  $table
EOP;
            }
      } else {
            // default section where you can chose where to go
            $body = <<<EOP
            Welcome admin.<br>
            <br>
            What would you like to manage?<br>
            <a href="$self?section=mirrors">Mirrors</a><br>
            <a href="$self?section=files">Files</a>
EOP;
      }
}elseif (isset($_POST[submit])){
      // trying to log in,  verify
      
      // i should shoot myself for doing this, but it will work in a pinch:
      // this is using plain text authentication.  it's common, but bad
      // updates will use hashing to verify user and password
      
      // define the following variables for login
      // currently:  just type the values you'd like here
      $ADMIN_LOGIN="root";
      $ADMIN_PASSWORD="admin_4_mirrors";
      if ($_POST[login]==$ADMIN_LOGIN && $_POST[pass]==$ADMIN_PASSWORD){
            // authenticated.  setting session cookie and redirecting
            
            // you can modify this as you please, but change the top if to
            // match if you do
            $_SESSION[login_term]="allowed";
            // redirect
            header("Location: $self\n\n");
            die(); // to insure headers are not set again
      } else {
            // not correct login
            $body = <<<EOP
            <strong>INCORRECT LOGIN</strong><br>
            Try again<br>
            <br>
            <form action="$self" method="post">
            Login:<br>
            <input type="text" name="login"><br>
            <br>
            Password:<br>
            <input type="password" name="pass"><br>
            <br>
            <input type="submit" name="submit" value="Submit">
            </form>
EOP;
      }
} else {
      // needs to log in.  show login form
      // this needs to be done rapidly, so it will look like crap
      $body = <<<EOP
      Welcome to the mirror admin page.<br>
      <br>
      Please login to continue:<br>
      <br>
      <form action="$self" method="post">
      Login:<br>
      <input type="text" name="login"><br>
      <br>
      Password:<br>
      <input type="password" name="pass"><br>
      <br>
      <input type="submit" name="submit" value="Submit">
      </form>
EOP;
}
echo $body;
?>
0
quad341
Asked:
quad341
1 Solution
 
snoyes_jwCommented:
You have EOR; at the end of heredoc syntax on lines 208 and 402; they have extra spaces at the end of the line that must be removed.

Line 292, which reads
$body = "<a href="$self">Index</a><br><br>There is no entry by that id.";
should read like any one of the following:
$body = "<a href=" . $self . ">Index</a><br><br>There is no entry by that id.";
$body = "<a href='$self'>Index</a><br><br>There is no entry by that id.";
$body = "<a href=\"$self\">Index</a><br><br>There is no entry by that id.";

0
 
quad341Author Commented:
Thank you very much for finding these.

You have been added to the contributors.  system seems to be debugged and is still available at the link in my original post for anyone interested
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now