Help cache GD image

[djkee]

Hello everyone, i have been writing this script for some time but i have hard time making it cache the image and then display that same image except if the user types new=1 in the url leading to the script.

 

Basically the script looks for the user to supply the userID in the URL and then goes to the database and pulls how many games the user played and their username.

 

I just need it to create an image if one does not exist in the directory i specify and use that image as a cached image but if somebody uses new=1 then generate a new image from the database.

 

URL Example:

http://www.mywebsite.com/usig.php?bg=2&uid=1&new=1

 

Could somebody please help me i have been pulling my hair all day

 

 

<?php

#the first line tells PHP that it is returning an image
#header("Content-type: image/png");
#this line defines the directory that GD will find the fonts
putenv('GDFONTPATH=' . realpath('.'));
$font = "myfont";
#These lines load background images based on the url
#I'm only allowing bgh1 through bgh10.png to be loaded.
if (isset($_GET['bg']) && !empty($_GET['bg'])) {
    if ($_GET['bg'] > 10) {
        $bg = 10;
    } else if ($_GET['bg'] < 1) {
        $bg = 1;
    } else {
        $bg = nukeNum($_GET['bg']);
    }
    $filename = 'bgh' . $bg . '.png';
} else {
    $filename = 'bgh1.png';
}

#the image will show two messages on two lines based on the url
$uid = $_GET['uid'];
$usernamet = "hello" . $row['username'];
#$uid = mysql_real_escape_string($_GET['uid'])
#$message2 = $_GET['message2'];


#$image_path = "../image-cache/logo_".$width."x".$height.".png";
$image_path = '/home/user/public_html/ubars/signumber' . $uid. '.png';

if (isset($_GET['new']) && !empty($_GET['new'])) {
    if ($_GET['new'] = 1) {
        readfile($image_path);
    } else {
    // create a new image using GD functions



// Make a MySQL Connection
mysql_connect("localhost", "username1", "mypassword") or die(mysql_error());
mysql_select_db("my_database") or die(mysql_error());

// Retrieve all the data from the "AMCMS_users" table
$result = mysql_query("SELECT * FROM AMCMS_users where `userkey` = '$uid'")
or die(mysql_error());  

// store the record of the "AMCMS_users" table into $row
$row = mysql_fetch_array( $result );
// Print out the contents of the entry 

  //This stops SQL Injection in POST vars
  foreach ($_POST as $key => $value) {
    $_POST[$key] = mysql_real_escape_string($value);
  }

  //This stops SQL Injection in GET vars
  foreach ($_GET as $key => $value) {
    $_GET[$key] = mysql_real_escape_string($value);
  } 

#background is a variable storing the image
$background = imagecreatefrompng($filename);

#white is a color allocated for our image
$white = imagecolorallocate($background, 0, 0, 0);

$usernamet = "Username: " . $row['username'];
$gplays = "Games Played: " . $row[gamesplayed];

#these two functions create the two lines of text on our image
#(image variable, text size, text angle,x,y,color,font-name,text)
imagettftext($background,15,0,10,15,$white,$font,$usernamet);
imagettftext($background,15,0,10,32,$white,$font,$gplays);

$save = '/home/user/public_html/ubars/signumber' . $uid. '.png';  

#this spits out our image to thr browser
$im = imagepng($background, $save);
imagepng($background);

}
}

#this is my regular expression function I love to only allow numbers
function nukeNum($value) {
    return ereg_replace("[^0-9]", "", $value);
}

?>

 

Thank Everyone

P.S.

Let me know if there is major vulnerabilities i missed, i am not very good with php security

[.josh]

well as far as the security...looks like you need to "nukeNum" $uid

[djkee]

Thank you

I will fix the security issue but i still cant find a way to cache the image

 

Help please