Jump to content

tommyc325

New Members
  • Posts

    1
  • Joined

  • Last visited

    Never

Profile Information

  • Gender
    Not Telling

tommyc325's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. [code=php:0] <?php require_once('../Connections/blog_oconn.php'); if (!isset($_SESSION)) {   session_start(); } $MM_authorizedUsers = ""; $MM_donotCheckaccess = "true"; // *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {   // For security, start by assuming the visitor is NOT authorized.   $isValid = False;   // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.   // Therefore, we know that a user is NOT logged in if that Session variable is blank.   if (!empty($UserName)) {     // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.     // Parse the strings into arrays.     $arrUsers = Explode(",", $strUsers);     $arrGroups = Explode(",", $strGroups);     if (in_array($UserName, $arrUsers)) {       $isValid = true;     }     // Or, you may restrict access to only certain users based on their username.     if (in_array($UserGroup, $arrGroups)) {       $isValid = true;     }     if (($strUsers == "") && true) {       $isValid = true;     }   }   return $isValid; } $MM_restrictGoTo = "login.php?alert=no"; if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {    $MM_qsChar = "?";   $MM_referrer = $_SERVER['PHP_SELF'];   if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";   if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)   $MM_referrer .= "?" . $QUERY_STRING;   $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);   header("Location: ". $MM_restrictGoTo);   exit; } $username = $_SESSION['MM_Username']; $currentdate = date('l, F jS, Y'); if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") {   $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;   $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);   switch ($theType) {     case "text":       $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";       break;        case "long":     case "int":       $theValue = ($theValue != "") ? intval($theValue) : "NULL";       break;     case "double":       $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";       break;     case "date":       $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";       break;     case "defined":       $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;       break;   }   return $theValue; } } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) {   $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {   $insertSQL = sprintf("INSERT INTO entries (headline, `date`, content, image, `user`) VALUES (%s, %s, %s, %s, %s)",                       GetSQLValueString($_POST['headline'], "text"),                       GetSQLValueString($_POST['date'], "text"),                       GetSQLValueString($_POST['content'], "text"),                       GetSQLValueString($_POST['image'], "text"),                       GetSQLValueString($_POST['username'], "text"));   mysql_select_db($database_blog_oconn, $blog_oconn);   $Result1 = mysql_query($insertSQL, $blog_oconn) or die(mysql_error());   $insertGoTo = "entries.php";   if (isset($_SERVER['QUERY_STRING'])) {     $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";     $insertGoTo .= $_SERVER['QUERY_STRING'];   }   header(sprintf("Location: %s", $insertGoTo)); } $colname_new_blog = "-1"; if (isset($_SESSION['MM_Username'])) {   $colname_new_blog = (get_magic_quotes_gpc()) ? $_SESSION['MM_Username'] : addslashes($_SESSION['MM_Username']); } mysql_select_db($database_blog_oconn, $blog_oconn); $query_new_blog = sprintf("SELECT * FROM entries WHERE `user` = %s", GetSQLValueString($colname_new_blog, "text")); $new_blog = mysql_query($query_new_blog, $blog_oconn) or die(mysql_error()); $row_new_blog = mysql_fetch_assoc($new_blog); $totalRows_new_blog = mysql_num_rows($new_blog); /*  Image Upload Sciprt     Copyright Pbkill.com     Do Not Remove Under Penealty of Law */ $maxfilesize = 4048000000; $uploaddir = $_SERVER['DOCUMENT_ROOT'] . "/blog/uploads/"; $file = $_FILES['userfile']['tmp_name']; $filename = $_FILES['userfile']['name'];     // Make the function for upload function do_upload() {     // Valid file Mime types / extension     $allowed_types = array(         "image/jpeg" => "jpg",         // Add more types here if you like     );         // Check to see if file is an allowed extension     if(!array_key_exists($_FILES['userfile']['type'], $allowed_types)) {         die("<center><font color=\"#000000\" size=\"2\" face=\"Verdana, Arial, Helvetica, sans-serif\">Invalid file type!</font></center>");     }         // Set the maximum file size => 204800 = 200kb     $maxfilesize = 4048000000;         // Is it under the allowed Max file size?     if($_FILES['userfile']['size'] > $maxfilesize) {         die("<center><font color=\"#000000\" size=\"2\" face=\"Verdana, Arial, Helvetica, sans-serif\">File is too large!</font></center>");     }         // Where are the files going?     $uploaddir = $_SERVER['DOCUMENT_ROOT'] . "/blog/upload/";         // What is the files temporary name?     $file = $_FILES['userfile']['tmp_name'];         // What is the files actual name?     $filename = $_FILES['userfile']['name'];             // Check to see if the file allready exists?     if(file_exists($uploaddir . $filename)) {         die("<center><font color=\"#000000\" size=\"2\" face=\"Verdana, Arial, Helvetica, sans-serif\">A file with that name already exists on this server.</font></center>");     } else {         // If the file does not already exist, copy it.         copy($file, $uploaddir.$filename) or die("<center><font color=\"#000000\" size=\"2\" face=\"Verdana, Arial, Helvetica, sans-serif\">Could not copy file.</font></center>");     }     }  [/code] AND HERES MY FORM [code=php:0]   <form action="<?php echo $editFormAction; ?>" method="POST" enctype="multipart/form-data" name="form1"> <input type="hidden" name="action" value="do_upload">   <table width="630" border="0" align="center" cellpadding="3" cellspacing="3" class="content">     <tr>       <td width="199" align="right" valign="top" class="content">Headline :</td>       <td width="410" align="left" valign="middle" class="content"><label>         <input name="headline" type="text" id="headline">       </label></td>     </tr>     <tr>       <td align="right" valign="top" class="content">Content :</td>       <td align="left" valign="middle" class="content"><label>         <textarea name="content" cols="40" rows="10" id="content"></textarea>       </label></td>     </tr>             <tr>       <td align="right" valign="top" class="content">&nbsp;</td>       <td class="error">*please remember to resize your image to 300px. </td>     </tr>     <tr>       <td align="right" valign="top" class="content"><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif">Blog Image :</font></td>       <td class="content"><font color="#000000">         <input name="userfile" type="file" class="button" id="userfile">         <font color="#000000">         <input type="submit" name="Submit" value="Upload File!" class="button">         </font></font></td>     </tr>   </table>   <input name="image" type="hidden" id="image" value="http://www.alteredimage.com/blog/upload/<? echo $filename; ?>">   <input name="username" type="hidden" id="username" value="<? echo $username; ?>">   <input name="date" type="hidden" id="date" value="<? echo $currentdate; ?>">   <input type="hidden" name="MM_insert" value="form1">           </form>         <p class="error"><?php // If the form has been completed, execute the upload function (above). if($_POST['action'] == "do_upload") {     do_upload(); } ?> [/code] Everything is working other then this [code=php:0]<input name="image" type="hidden" id="image" value="http://www.alteredimage.com/blog/upload/<? echo $filename; ?>">[/code] it uploads the file and inserts this statement into my db except for the filename variable. PLEASE HELP.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.