Uploading a File.

[supanoob]

well, i want to allow users to upload an image.

so far this is what i have

[code]if ($step == 1)
{
if ($REQUEST_METHOD == "POST")
{



   
    $uploaddir =  $_SERVER['DOCUMENT_ROOT'] . "/images/";
   
   

    $pext = getFileExtension($imgfile_name);
    $pext = strtolower($pext);
    if (($pext != "jpg")  && ($pext != "jpeg")  && ($pext != "bmp")  && ($pext != "dib")  && ($pext != "png"))
    {
        print "<h1>ERROR</h1>Image Extension Unknown.<br>";
        print "<p>Please upload only images with the extensions .jpg, .jpeg, .bmp, .dib and .pngONLY<br><br>";
        print "The file you uploaded had the following extension: $pext</p>\n";

        unlink($imgfile);
        exit();
    }



    $imgsize = GetImageSize($imgfile);


    if (($imgsize[0] > 250) || ($imgsize[1] > 200))
    {

        $tmpimg = tempnam("/tmp", "MKUP");



        system("djpeg $imgfile >$tmpimg");
       

        system("pnmscale -xy 250 200 $tmpimg | cjpeg -smoo 10 -qual 50 >$imgfile");


        unlink($tmpimg);

    }

    $final_filename = str_replace(" ", "_", $imgfile_name);
    $newfile = $uploaddir . "/$final_filename";
   

    if (is_uploaded_file($imgfile))
    {


      if (!copy($imgfile,"$newfile"))
      {

          print "Error Uploading File.";
          exit();
      }
    }

    unlink($imgfile);

   
    print("<img src=\"$final_filename\">");


}
}[/code]

now the actual form they use is:

[code]          <form action="playdes.php?step=1" method="POST" enctype="multipart/form-data">
          <input type="hidden" name="MAX_FILE_SIZE" value="50000">
          <p>Upload Image: <input type="file" name="imgfile"><br>
          <font size="1">Click browse to upload a local file</font><br>
          <br>
          <input type="submit" value="Upload Image">
          </form>[/code]

the problem is whenever i go to test the form, i get the following error message:
[quote]
Fatal error: Call to undefined function: getfileextension() in /home/content/A/r/c/ArchAngel390/html/playdes.php on line 42[/quote]

and i cant understand why can someone shed a little light upon the problem?

[Ninjakreborn]

The function isn't set
use something like
if (is_function($getFileExtension)) {
echo "This is a function";
}else {
echo "This is not a function";
}
try this out for a test first, find out if the function even exists.
If that turns out else, then something is wrong, if the function exists, then make sure it's included properly if it's in an extra page.

[supanoob]

it comes up with the same thing :S

[Ninjakreborn]

Then the function isn't set, are you using it in an include, if so use require_once()
instead o
because it won't runt hte script unless it's included.
Then go to the other page where your function exists, and test the script there, the one I showed you, if it says it doesn't exist, even if you use it on the same page where the function is, then something is wrong with the function itself, in that case display the function here.

[kenrbnsn]

getFileExtension() is not a predefined PHP function and I don't see it defined anywhere in your code.

You could write your own. Something like:
[code]<?php
function getFileExtension($fn) {
  $x = pathinfo($fn);
  return($x['extension']);
}?>[/code]

Ken

[redarrow]

Look at the code to learn how to set a function ok.
good luck.


test.php

<?php

include("test_result.php");
?>

<table border="4" align="center">
<td>
A user i no has the age of <?php get_age($age) ?>

</td>
</table>




test_result.php
<?php

$age=10;

function get_age($age) {

if($age > 9) {

echo "9";

}
}
?>

[supanoob]

FFS, i have the funtion file now. and now i get this error

[quote]Possible file upload attack: filename ''.
Fatal error: Call to undefined function: getfileextension() in /home/content/A/r/c/ArchAngel390/html/playsub.php on line 118[/quote]

the whole of my php code for my actual action is below:

[code]<?php
session_start();

//this code is compyright to supanoob http://www.twottk.com
// to use this code you must have his permission to gain
// permission please mail him at webmaster@twottk.com
require_once('header.php');
require_once('imgfile_name.php');
if (!$_SESSION['valid_user'])

{ echo 'you are not logged in';

die();
}
$user=$_SESSION['valid_user'];

$query="select playerid, rank, jail, postcount, race, posx, won, lost, wonid, lostid, posy, arm1, race, facd, fach, face, arm2, arm3, arm4, jailreason, user, wep1, wep2, wep3, wep4, name, email, win, lose, total, gold, fatigue, maxfat, power, speed, dex, intel, health, maxhealth, gender from players where user='$user'";
$result=mysql_query($query);
if (!$result)
{
die (mysql_error());
}

$num_rows=mysql_num_rows($result);

$row=mysql_fetch_array($result);
$rank=($row['rank']);
$jail=($row['jail']);
$jailreason=($row['jailreason']);
$playerid=($row['playerid']);
$name=($row['name']);
$gold=($row['gold']);
$user=($row['user']);
$password=($row['password']);
$fatigue=($row['fatigue']);
$maxfat=($row['maxfat']);
$power=($row['power']);
$speed=($row['speed']);
$dex=($row['dex']);
$intel=($row['intel']);
$health=($row['health']);
$maxhealth=($row['maxhealth']);
$gender=($row['gender']);
$win=($row['win']);
$lose=($row['lose']);
$total=($row['total']);
$race=($row['race']);
$wep1=($row['wep1']);
$wep2=($row['wep2']);
$wep3=($row['wep3']);
$wep4=($row['wep4']);
$arm1=($row['arm1']);
$arm2=($row['arm2']);
$arm3=($row['arm3']);
$arm4=($row['arm4']);
$face=($row['face']);
$fach=($row['fach']);
$facd=($row['facd']);
$chardes=($row['chardes']);
$realname=($row['realname']);
$age=($row['age']);
$description=($row['description']);
$hobbies=($row['hobbies']);
$imgurl=($row['imgurl']);
$posx=($row['posx']);
$posy=($row['posy']);
$won=($row['won']);
$wonid=($row['wonid']);
$lost=($row['lost']);
$lostid=($row['lostid']);
$postcount=($row['postcount']);

$_SESSION['valid_user'] = $user;

if ($jail > 0)
{
echo "you are in jail for $jail more days, the reason being:<br /> $jailreason";

die();
}

if ($step == 0)
{
$realname=$_POST['realname'];
$age=$_POST['age'];
$description2=$_POST['description'];
$hobbies=$_POST['hobbies'];
$imgurl=$_POST['imgurl'];

$sql2="UPDATE players SET realname='$realname', age='$age', description='$description2', hobbies='$hobbies', imgurl='$imgurl' WHERE user='$user'";
if(mysql_query($sql2));
}



if ($step == 1)
{
if ($REQUEST_METHOD == "POST")
{

    /* SUBMITTED INFORMATION - use what you need
    * temporary filename (pointer): $imgfile
    * original filename          : $imgfile_name
    * size of uploaded file      : $imgfile_size
    * mime-type of uploaded file  : $imgfile_type
    */

    /*== upload directory where the file will be stored
          relative to where script is run ==*/
   
    $uploaddir =  $_SERVER['DOCUMENT_ROOT'] . "/images/";
   
   
    /*== get file extension (fn at bottom of script) ==*/
    /*== checks to see if image file, if not do not allow upload ==*/
    $pext = getFileExtension($imgfile_name);
    $pext = strtolower($pext);
    if (($pext != "jpg")  && ($pext != "jpeg")  && ($pext != "bmp")  && ($pext != "dib")  && ($pext != "png"))
    {
        print "<h1>ERROR</h1>Image Extension Unknown.<br>";
        print "<p>Please upload only images with the extensions .jpg, .jpeg, .bmp, .dib and .pngONLY<br><br>";
        print "The file you uploaded had the following extension: $pext</p>\n";

        /*== delete uploaded file ==*/
        unlink($imgfile);
        exit();
    }


    //-- RE-SIZING UPLOADED IMAGE

    /*== only resize if the image is larger than 250 x 200 ==*/
    $imgsize = GetImageSize($imgfile);

    /*== check size  0=width, 1=height ==*/
    if (($imgsize[0] > 250) || ($imgsize[1] > 200))
    {
        /*== temp image file -- use "tempnam()" to generate the temp
            file name. This is done so if multiple people access the
            script at once they won't ruin each other's temp file ==*/
        $tmpimg = tempnam("/tmp", "MKUP");

        /*== RESIZE PROCESS
            1. decompress jpeg image to pnm file (a raw image type)
            2. scale pnm image
            3. compress pnm file to jpeg image
        ==*/
       
        /*== Step 1: djpeg decompresses jpeg to pnm ==*/
        system("djpeg $imgfile >$tmpimg");
       

        /*== Steps 2&3: scale image using pnmscale and then
            pipe into cjpeg to output jpeg file ==*/
        system("pnmscale -xy 250 200 $tmpimg | cjpeg -smoo 10 -qual 50 >$imgfile");

        /*== remove temp image ==*/
        unlink($tmpimg);

    }

    /*== setup final file location and name ==*/
    /*== change spaces to underscores in filename  ==*/
    $final_filename = str_replace(" ", "_", $imgfile_name);
    $newfile = $uploaddir . "/$final_filename";
   
    /*== do extra security check to prevent malicious abuse==*/
    if (is_uploaded_file($imgfile))
    {

      /*== move file to proper directory ==*/
      if (!copy($imgfile,"$newfile"))
      {
          /*== if an error occurs the file could not
              be written, read or possibly does not exist ==*/
          print "Error Uploading File.";
          exit();
      }
    }

    /*== delete the temporary uploaded file ==*/
    unlink($imgfile);

   
    print("<img src=\"$final_filename\">");

    /*== DO WHATEVER ELSE YOU WANT
        SUCH AS INSERT DATA INTO A DATABASE  ==*/

}
}

?>

[/code]

and my function is below:

[code]<?php
session_start();

if (is_uploaded_file($_FILES['userfile']['imgfile_name'])) {
  echo "File ". $_FILES['userfile']['name'] ." uploaded successfully.\n";
  echo "Displaying contents\n";
  readfile($_FILES['userfile']['imgfile_name']);
} else {
  echo "Possible file upload attack: ";
  echo "filename '". $_FILES['userfile']['imgfile_name'] . "'.";
}

?> [/code]

[supanoob]

bump

[supanoob]

any help?

[kenrbnsn]

See my reply #4

Ken