Im currently creating a site for a University project but struggling with the file directories and image uploading. I've managed to get a profile image visible and working but the aim is to allow users to upload many images, which will be visible on their profile page. The image files appear in the main directory instead of in "images/". Also Although they are recognised in the database they don't appear on the profile page of the user... Also within 'functions.php' this function is used to call the images onto a profile page. What does '$user.jpg' need to be replaced with in order to show all the images uploaded by one specific user?
Below are the two PHP files concerned with the image upload process. Firstly 'function.php'.
<?php
$dbhost = '...';
$dbname = '...';
$dbuser = '...';
$dbpass = '...';
$appname = "...";
$link = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname, $link) or die(mysql_error());
function createTable($name, $query)
{
if (tableExists($name))
{
echo "Table '$name' already exists<br />";
}
else
{
queryMysql("CREATE TABLE $name($query)");
echo "Table '$name' created<br />";
}
}
function tableExists($name)
{
$result = queryMysql("SHOW TABLES LIKE '$name'");
return mysql_num_rows($result);
}
function queryMysql($query)
{
$result = mysql_query($query) or die(mysql_error());
return $result;
}
function destroySession()
{
$_SESSION=array();
if (session_id() != "" || isset($_COOKIE[session_name()]))
setcookie(session_name(), '', time()-2592000, '/');
session_destroy();
}
function sanitizeString($var)
{
$var = strip_tags($var);
$var = htmlentities($var);
$var = stripslashes($var);
return mysql_real_escape_string($var);
}
function log_image_upload($Filename, $Location, $Time) {
//add in sanitization code in here for all variables being parsed.
mysql_query("INSERT INTO `images` (`filename`, `location`, `time`) VALUES ('$Filename', '$Location', '$Time')");
}
function showProfile($user)
{
if (file_exists("$user.jpg"))
echo "<img src='$user.jpg' border='1' align='left' />";
$result = queryMysql("SELECT * FROM rnprofiles WHERE user='$user'");
if (mysql_num_rows($result))
{
$row = mysql_fetch_row($result);
echo stripslashes($row[1]) . "<br clear=left /><br />";
}
}
?>
And secondly 'profile.php' is below
?php // rnprofile.php
include_once 'rnheader.php';
if (!isset($_SESSION['user']))
die("<br /><br />You need to login to view this page");
$user = $_SESSION['user'];
echo "<h3>Edit your Profile</h3>";
?>
</br>
<?php
if (isset($_POST['text']))
{
$text = sanitizeString($_POST['text']);
$text = preg_replace('/\s\s+/', ' ', $text);
$query = "SELECT * FROM rnprofiles WHERE user='$user'";
if (mysql_num_rows(queryMysql($query)))
{
queryMysql("UPDATE rnprofiles SET text='$text'
where user='$user'");
}
else
{
$query = "INSERT INTO rnprofiles VALUES('$user', '$text')";
queryMysql($query);
}
}
else
{
$query = "SELECT * FROM rnprofiles WHERE user='$user'";
$result = queryMysql($query);
if (mysql_num_rows($result))
{
$row = mysql_fetch_row($result);
$text = stripslashes($row[1]);
}
else $text = "";
}
$text = stripslashes(preg_replace('/\s\s+/', ' ', $text));
if (isset($_FILES["image"]["name"]))
{
$FolderName = 'simple/'; // Setting the upload directory
$CurrentTime = time(); // Time of upload (UNIX)
$Filename = $user."_".$CurrentTime.".jpg"; // Filename of the file
$saveto = $Foldername.$Filename; // Will look something like"images/alex_1365249148.jpg"
move_uploaded_file($_FILES["image"]["tmp_name"], $saveto);
$typeok = TRUE;
switch($_FILES["image"]["type"])
{
case "image/gif": $src = imagecreatefromgif($saveto); break;
case "image/jpeg": // Both regular and progressive jpegs
case "image/pjpeg": $src = imagecreatefromjpeg($saveto); break;
case "image/png": $src = imagecreatefrompng($saveto); break;
default: $typeok = FALSE; break;
}
if ($typeok)
{
list($w, $h) = getimagesize($saveto);
$max = 150;
$tw = $w;
$th = $h;
if ($w > $h && $max < $w)
{
$th = $max / $w * $h;
$tw = $max;
}
elseif ($h > $w && $max < $h)
{
$tw = $max / $h * $w;
$th = $max;
}
elseif ($max < $w)
{
$tw = $th = $max;
}
$tmp = imagecreatetruecolor($tw, $th);
imagecopyresampled($tmp, $src, 0, 0, 0, 0, $tw, $th, $w, $h);
imageconvolution($tmp, array( // Sharpen image
array(-1, -1, -1),
array(-1, 16, -1),
array(-1, -1, -1)
), 8, 0);
imagejpeg($tmp, $saveto);
log_image_upload($Filename, $saveto, $CurrentTime); // Logging the image upload into MySQL
imagedestroy($tmp);
imagedestroy($src);
}
}
showProfile($user);
echo <<<_END
<form method='post' action='rnprofile.php'
enctype='multipart/form-data'>
Enter or edit your status and/or upload an image:<br />
<textarea name='text' cols='50' rows='4'>$text</textarea><br />
Image: <input type='file' name='image' size='14' maxlength='32' />
<input type='submit' value='Save Profile' />
</pre></form>
_END;
?>
Any help would be much appreciated! thanks.