mIRC Home    About    Download    Register    News    Help

Print Thread
Joined: Feb 2003
Posts: 282
S
Fjord artisan
OP Offline
Fjord artisan
S
Joined: Feb 2003
Posts: 282
I have tried creating a function with PHP which upload a file to the server (I took a code from the internet), and uploading a file to the server using mIRC and HTTP POST (or HTTP PUT) command.
Since my knowledge in HTTP is very low I got nothing but errors:

HTTP/1.1 200 OK
Date: Mon, 14 Jun 2004 09:09:41 GMT
Server: Apache/1.3.29 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.4 FrontPage/5.0.2.2634 mod_ssl/2.8.16 OpenSSL/0.9.7a
X-Powered-By: PHP/4.3.4
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
4f
<pre>Possible file upload attack! Here's some debugging info:
Array
(
)
</pre>
0
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>501 Method Not Implemented</TITLE>
</HEAD><BODY>
<H1>Method Not Implemented</H1>
67890123456789012345678901234567890 to /index.html not supported.<P>
Invalid method in request 67890123456789012345678901234567890<P>
<HR>
<ADDRESS>Apache/1.3.29 Server at 66-193-231-225.gen.twtelecom.net Port 80</ADDRESS>
</BODY></HTML>


The PHP code is:
Code:
&lt;?php
$uploadDir = '/home/x0freeh/public_html/saragani/';
$uploadFile = $uploadDir . $_FILES['userfile']['name'];
print "&lt;pre&gt;";
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadFile))
{
    print "File is valid, and was successfully uploaded. ";
    print "Here's some more debugging info:\n";
    print_r($_FILES);
}
else
{
    print "Possible file upload attack!  Here's some debugging info:\n";
    print_r($_FILES);
}
print "&lt;/pre&gt;";
?&gt;




The mIRC code is:
Code:
alias upload {
  set %data data=1234567890123456789012345678901234567890
  sockopen upload server.com 80

}
on *:sockopen:upload: {
  if ($sockerr &gt; 0) echo 4 -a ERROR
  sockwrite -tn $sockname POST /saragani/upload.php HTTP/1.1
  sockwrite -tn $sockname Host: server.com $+ $str($crlf ,1)
  sockwrite -tn $sockname User-Agent: Mozilla/5.0
  sockwrite -tn $sockname Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
  sockwrite -tn $sockname Accept-Language: en-us
  sockwrite -tn $sockname Content-Type: application/x-www-form-urlencoded
  sockwrite -tn $sockname Content-Length: 10
  sockwrite -tn $sockname Connection: Keep-Alive
  sockwrite -tn $sockname 
  sockwrite -tn $sockname %data
  sockwrite -tn $sockname 
}



I just wanted to check if it will write the 123456789......

If anyone cam help me with the mIRC scripting I'll be happy. If anyone could also help me with the PHP scripting (Maybe I did something wrong.... I just copied the code from the net, cause I don't know PHP much) then I'll be very happy.

If it will work, then I'll be able to use a loop which will scan the text file and will write the text to the socket, so the other side will get the full file.


Please help, Thanks.

Joined: Apr 2004
Posts: 45
V
Ameglian cow
Offline
Ameglian cow
V
Joined: Apr 2004
Posts: 45
I don't know much about php, but keep in mind you can use ftp.exe (comes with windows) command line parameters to upload to a ftp server if you have one - wouldn't need sockets or anything, and would be a lot simpler to deal with.

-Venoman

Joined: Feb 2003
Posts: 282
S
Fjord artisan
OP Offline
Fjord artisan
S
Joined: Feb 2003
Posts: 282
I don't wanna use ftp, and this is for 2 major reasons:
1) not all servers support ftp, so I'm only limited to a host which support ftp uploading.

2) Other people will use the script that I'm creating (The file uploading is meant for sending information to the server). It will require me to give them the user/password for the ftp server (it will be inside the script). Giving a free access to the ftp is not a good idea at all.

Thanks for trying.

Joined: Dec 2002
Posts: 1,922
O
Hoopy frood
Offline
Hoopy frood
O
Joined: Dec 2002
Posts: 1,922
Is it going to be a real file which you want your users to pick from a file selection dialog before every upload?

Joined: Feb 2003
Posts: 282
S
Fjord artisan
OP Offline
Fjord artisan
S
Joined: Feb 2003
Posts: 282
As a matter of fact it is.
The user/the script will choose the file, and will upload it to the server.

Joined: Dec 2002
Posts: 1,922
O
Hoopy frood
Offline
Hoopy frood
O
Joined: Dec 2002
Posts: 1,922
This script uses Internet Explorer to do the actual upload. Type /upload to bring the file selection dialog.

http://members.lycos.co.uk/onln/files/IE-web-upload.txt

The code may seem difficult, especially to people who don't have experience in COM programming. If you have questions regarding specific commands, please post here.

Note: due to IE's security restrictions, it is not possible to set the filename automatically. The user has to select it every time.

Joined: Feb 2003
Posts: 282
S
Fjord artisan
OP Offline
Fjord artisan
S
Joined: Feb 2003
Posts: 282
Thanks grin

I tried it now but it locked my mIRC (don't know why).
I'll try using it again, but the main problem is that you can't choose the files authomatically. I can the same way create a script with PHP which let me choose the file, but I want it to be selected automaticaly.
Thanks

Anyway, does someone has a clue how to do it with sockets?

Thanks.

Joined: Dec 2002
Posts: 1,922
O
Hoopy frood
Offline
Hoopy frood
O
Joined: Dec 2002
Posts: 1,922
Activate this line,
  • ; !.echo -q $com(objIE,Visible,4,bool,true)
and see if the selection dialog appears (the browser window will appear altogether, though).

I'll check how to do that with sockets.

Joined: Feb 2003
Posts: 282
S
Fjord artisan
OP Offline
Fjord artisan
S
Joined: Feb 2003
Posts: 282
Thanks.

I already descovered that the browse dialog is what locking my mIRC (The dialogs is way back at the background).

I will really appreciate your help with sockets.

Thanks. smile

Joined: Dec 2002
Posts: 1,922
O
Hoopy frood
Offline
Hoopy frood
O
Joined: Dec 2002
Posts: 1,922

Joined: Feb 2003
Posts: 282
S
Fjord artisan
OP Offline
Fjord artisan
S
Joined: Feb 2003
Posts: 282
Thanks I'll try it smile

Joined: Feb 2003
Posts: 282
S
Fjord artisan
OP Offline
Fjord artisan
S
Joined: Feb 2003
Posts: 282
mmm, am I missing something??

I know that your script should work. Like the previous one you gave me, it doesn't get any errors (which is very good), but on the other hand (just like the previous one), it takes the right ammount of time to upload the file (for big files it is taking more time), and at the end of the process I get HTTP/1.1 200 OK, but thats it. The file is just not there (Even though I chmoded the directory as 777).

I though it might be the problem with the server, so I tried it on antoher server but it still doesn't work. I assume you used the PHP script above to accept the file on the server side (Which is what I'm using right now).
What do you think the problem is?

I asked the script to print the sockread information, and all I get is:

* /upload: Uploading file, please wait...
-
HTTP/1.1 200 OK
-
* /upload: [HTTP/1.1 200 OK] - Upload successful!

Joined: Feb 2003
Posts: 282
S
Fjord artisan
OP Offline
Fjord artisan
S
Joined: Feb 2003
Posts: 282
It was a problem with the PHP, and now it works.

Thank you very very much.

Now I need to understand what you did. laugh

Joined: Dec 2002
Posts: 1,922
O
Hoopy frood
Offline
Hoopy frood
O
Joined: Dec 2002
Posts: 1,922
I'm glad it works for you laugh

Yes, I tested my script with the PHP code you pasted above, and as you can see, the script uploads the file under the handle name userfile (which equals to this HTML form: <input type=file name=userfile>).

My script generates a temporary file called UPLOAD.TMP where the necessary headers enclose the file data. This file is sent right after the POST request.

If you want to sniff your browser<->server communication in order to learn what exactly is transmitted, Ethereal can help. It works like mIRC's /debug.

Again, if you have questions about specific commands, feel free to post below. And note that you have a debugging line which displays the entire response of the HTTP server.

Joined: Feb 2003
Posts: 282
S
Fjord artisan
OP Offline
Fjord artisan
S
Joined: Feb 2003
Posts: 282
Thanks. The Ethereal can realy help me understand the protocls grin


Link Copied to Clipboard