jay7981 Posted February 21, 2011 Share Posted February 21, 2011 Hello all, I wrote a script that will upload an avatar to a users profile and to do this the user has to get a randomly generated pin that is stored to thier profile info in a MySQL db what i am trying to accomplish with this code is once the form is submitted this code checks the database to see if the ID is there and that the pin matches if so then it continues to upload the file if not it stops displays an error and the upload form. For some reason the script continues to upload even when i input fake values that are not in the DB .... i know its something simple that im jsut over looking so perhaps a fresh set of eyes will help... <?php include './config.php'; include './access.php'; // Receiving variables @$steamid = addslashes($_POST['steamid']); @$pin = addslashes($_POST['pin']); @$avatar_Name1 = $_FILES['avatar']['name']; @$avatar_Size = $_FILES['avatar']['size']; @$avatar_Temp = $_FILES['avatar']['tmp_name']; @$avatar_Mime_Type = $_FILES['avatar']['type']; @$ava_strQuery1 = "SELECT * FROM $member_table WHERE authid='$steamid' AND private_pin='$pin'"; @$ava_host1 = "$hostname"; @$ava_user1 = "$username"; @$ava_pw1 = "$password"; @$ava_db1 = "$database"; $ava_link1 = mysql_connect($ava_host1, $ava_user1, $ava_pw1); if (!$ava_link1) { die('Could not connect: ' . mysql_error()); } $ava_db_selected1 = mysql_select_db($ava_db1, $ava_link1); if (!$ava_db_selected1) { die ('Can not use $ava_db1 : ' . mysql_error()); } //upload file and insert new record if ID and PIN match $ava_result1 = mysql_query($ava_strQuery1); if (!$ava_result1) { function findexts ($avatar_Name1) { $filename = strtolower($avatar_Name1) ; $exts = split("[/\\.]", $avatar_Name1) ; $n = count($exts)-1; $exts = $exts[$n]; return $exts; } $ext = findexts ($_FILES['avatar']['name']) ; $ran = rand () ; $ran2 = $ran."."; $avatar_Name = $ran2.$ext; //Checking/Making Folder function RecursiveMkdir($path) { if (!file_exists($path)) { RecursiveMkdir(dirname($path)); mkdir($path, 0777); } } // Validation if (strlen($steamid) <15) { die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid steamid <br>(ex: STEAM_0:0:00000)</font></p><p align='center'><a href='avatar.php'>BACK</a></p>"); } if (strlen($steamid) >20) { die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid steamid <br>(ex: STEAM_0:0:00000)</font></p><p align='center'><a href='avatar.php'>BACK</a></p>"); } if (strlen($steamid) == 0 ) { die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid steamid <br>(ex: STEAM_0:0:00000)</font></p><p align='center'><a href='avatar.php'>BACK</a></p>"); } if (strlen($pin) !=12) { die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid pin<br>Dont have a pin? click <a href='#'>here</a></font></p><p align='center'><a href='avatar.php'>BACK</a></p>"); } if (strlen($pin) == 0 ) { die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid pin<br>Dont have a pin? click <a href='#'>here</a></font></p><p align='center'><a href='avatar.php'>BACK</a></p>"); } if( $avatar_Size == 0) { die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please select an image that is 50KB or less in size and its type is .jpg, .gif, or .png</font></p><p align='center'><a href='avatar_upload.php'>BACK</a></p>"); } if( $avatar_Size >51200) { //delete file unlink($avatar_Temp); die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please select an image that is 50KB or less in size and its type is .jpg, .gif, or .png</font></p><p align='center'><a href='avatar_upload.php'>BACK</a></p>"); } if( $avatar_Mime_Type != "image/gif" AND $avatar_Mime_Type != "image/jpeg" AND $avatar_Mime_Type != "image/pjpeg" AND $avatar_Mime_Type != "image/png" AND $avatar_Mime_Type != "image/x-png") { unlink($avatar_Temp); die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please select an image that is 50KB or less in size and its type is .jpg, .gif, or .png</font></p><p align='center'><a href='avatar_upload.php'>BACK</a></p>"); } $uploadFile = "avatars/".$avatar_Name ; if (!is_dir(dirname($uploadFile))) { @RecursiveMkdir(dirname($uploadFile)); } else { @chmod(dirname($uploadFile), 0777); } @move_uploaded_file( $avatar_Temp , $uploadFile); chmod($uploadFile, 0644); $avatar_URL = "*************/".$avatar_Name ; //saving record to MySQL database @$ava_strQuery = "UPDATE $member_table SET avatar ='$avatar_Name' WHERE authid='$steamid' AND private_pin='$pin'"; @$ava_host = "$hostname"; @$ava_user = "$username"; @$ava_pw = "$password"; @$ava_db = "$database"; $ava_link = mysql_connect($ava_host, $ava_user, $ava_pw); if (!$ava_link) { die('Could not connect: ' . mysql_error()); } $ava_db_selected = mysql_select_db($ava_db, $ava_link); if (!$ava_db_selected) { die ('Can not use $ava_db : ' . mysql_error()); } //insert new record $ava_result = mysql_query($ava_strQuery); if (!$ava_result) { die('Invalid query: ' . mysql_error()); } mysql_close($ava_link); echo("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Image uploaded OK!</font></p><p align='center'></p>"); echo "<div align='center'>"; echo "<p><img src=$avatar_URL></p>"; include ('./includes/avatar_upload.php'); echo "</div>"; }else{ //if ID and PIN dont match display error and form echo "Wrong SteamID/Pin Please Try Again..."; echo "<br />"; include ('./includes/avatar_upload.php'); } mysql_close($ava_link1); ?> Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted February 21, 2011 Share Posted February 21, 2011 First, remove all "@" characters from the lines. This character suppresses error messages and when you're developing code, you want to see all errors. Once you do that, see if you have any errors. Ken Quote Link to comment Share on other sites More sharing options...
jay7981 Posted February 21, 2011 Author Share Posted February 21, 2011 ok did as suggested and got no syntax errors ... i tried to upload using false info again and it displayed the error "Wrong SteamID/Pin Please Try Again..." as it should have but then i tried to upload using correct info and it still gave me the error "Wrong SteamID/Pin Please Try Again...", very perplexing .... Quote Link to comment Share on other sites More sharing options...
jay7981 Posted February 21, 2011 Author Share Posted February 21, 2011 bump ... any ideas? Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted February 21, 2011 Share Posted February 21, 2011 i suggest that you indent your code so the logic is more apparent. also, check that the sql statement ran: $ava_result1 = mysql_query($ava_strQuery1) or die(mysql_error() . " IN $ava_strQuery1"); and echo the SQL to see what it looks like. Quote Link to comment Share on other sites More sharing options...
jay7981 Posted February 21, 2011 Author Share Posted February 21, 2011 the sql statement is working fine its the IF statement that is having issues ... I indented the code as asked and have marked the IF statements that are having issues ... <?php include './config.php'; include './access.php'; // Receiving variables $steamid = addslashes($_POST['steamid']); $pin = addslashes($_POST['pin']); $avatar_Name1 = $_FILES['avatar']['name']; $avatar_Size = $_FILES['avatar']['size']; $avatar_Temp = $_FILES['avatar']['tmp_name']; $avatar_Mime_Type = $_FILES['avatar']['type']; $ava_strQuery1 = "SELECT * FROM $member_table WHERE authid='$steamid' AND private_pin='$pin'"; $ava_host1 = "$hostname"; $ava_user1 = "$username"; $ava_pw1 = "$password"; $ava_db1 = "$database"; $ava_link1 = mysql_connect($ava_host1, $ava_user1, $ava_pw1); if (!$ava_link1) { die('Could not connect: ' . mysql_error()); } $ava_db_selected1 = mysql_select_db($ava_db1, $ava_link1); if (!$ava_db_selected1) { die ('Can not use $ava_db1 : ' . mysql_error()); } //insert new record if ID and PIN match $ava_result1 = mysql_query($ava_strQuery1); //this is the first IF statement //If the result is true then continue if not goto else statement if (!$ava_result1) { // -- Function Name : findexts // -- Params : $avatar_Name1 // -- Purpose : pull the extension function findexts ($avatar_Name1) { $filename = strtolower($avatar_Name1) ; $exts = split("[/\\.]", $avatar_Name1) ; $n = count($exts)-1; $exts = $exts[$n]; return $exts; } $ext = findexts ($_FILES['avatar']['name']) ; $ran = rand () ; $ran2 = $ran."."; $avatar_Name = $ran2.$ext; //Checking/Making Folder function RecursiveMkdir($path) { if (!file_exists($path)) { RecursiveMkdir(dirname($path)); mkdir($path, 0777); } } // Validation if (strlen($steamid) <15) { die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid steamid <br>(ex: STEAM_0:0:00000)</font></p><p align='center'><a href='avatar.php'>BACK</a></p>"); } if (strlen($steamid) >20) { die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid steamid <br>(ex: STEAM_0:0:00000)</font></p><p align='center'><a href='avatar.php'>BACK</a></p>"); } if (strlen($steamid) == 0 ) { die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid steamid <br>(ex: STEAM_0:0:00000)</font></p><p align='center'><a href='avatar.php'>BACK</a></p>"); } if (strlen($pin) !=12) { die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid pin<br>Dont have a pin? click <a href='#'>here</a></font></p><p align='center'><a href='avatar.php'>BACK</a></p>"); } if (strlen($pin) == 0 ) { die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid pin<br>Dont have a pin? click <a href='#'>here</a></font></p><p align='center'><a href='avatar.php'>BACK</a></p>"); } if( $avatar_Size == 0) { die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please select an image that is 50KB or less in size and its type is .jpg, .gif, or .png</font></p><p align='center'><a href='avatar_upload.php'>BACK</a></p>"); } if( $avatar_Size >51200) { //delete file unlink($avatar_Temp); die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please select an image that is 50KB or less in size and its type is .jpg, .gif, or .png</font></p><p align='center'><a href='avatar_upload.php'>BACK</a></p>"); } if( $avatar_Mime_Type != "image/gif" AND $avatar_Mime_Type != "image/jpeg" AND $avatar_Mime_Type != "image/pjpeg" AND $avatar_Mime_Type != "image/png" AND $avatar_Mime_Type != "image/x-png") { unlink($avatar_Temp); die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please select an image that is 50KB or less in size and its type is .jpg, .gif, or .png</font></p><p align='center'><a href='avatar_upload.php'>BACK</a></p>"); } $uploadFile = "avatars/".$avatar_Name ; if (!is_dir(dirname($uploadFile))) { RecursiveMkdir(dirname($uploadFile)); } else { chmod(dirname($uploadFile), 0777); } move_uploaded_file( $avatar_Temp , $uploadFile); chmod($uploadFile, 0644); $avatar_URL = "*****************".$avatar_Name ; //saving record to MySQL database $ava_strQuery = "UPDATE $member_table SET avatar ='$avatar_Name' WHERE authid='$steamid' AND private_pin='$pin'"; $ava_host = "$hostname"; $ava_user = "$username"; $ava_pw = "$password"; $ava_db = "$database"; $ava_link = mysql_connect($ava_host, $ava_user, $ava_pw); if (!$ava_link) { die('Could not connect: ' . mysql_error()); } $ava_db_selected = mysql_select_db($ava_db, $ava_link); if (!$ava_db_selected) { die ('Can not use $ava_db : ' . mysql_error()); } //insert new record $ava_result = mysql_query($ava_strQuery); if (!$ava_result) { die('Invalid query: ' . mysql_error()); } mysql_close($ava_link); echo("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Image uploaded OK!</font></p><p align='center'></p>"); echo "<div align='center'>"; echo "<p><img src=$avatar_URL></p>"; include ('./includes/avatar_upload.php'); echo "</div>"; } //this is the else from the 1st IF statement else { //if ID and PIN dont match display error and form echo "Wrong SteamID/Pin Please Try Again..."; echo "<br />"; include ('./includes/avatar_upload.php'); } mysql_close($ava_link1); ?> Quote Link to comment Share on other sites More sharing options...
jay7981 Posted February 21, 2011 Author Share Posted February 21, 2011 well i did as you suggested and found that the first query is not selecting the database....... No database selected IN SELECT * FROM my table WHERE authid='xxxxxxxxxx' AND private_pin='xxxxxxxxx' i dont understand both querys are using the same connection info from the included ./config.php file ... the second one works but the first one does not. $ava_strQuery1 = "SELECT * FROM $member_table WHERE authid='$steamid' AND private_pin='$pin'"; $ava_host1 = "$hostname"; $ava_user1 = "$username"; $ava_pw1 = "$password"; $ava_db1 = "$database"; $ava_link1 = mysql_connect($ava_host1, $ava_user1, $ava_pw1); $ava_result1 = mysql_query($ava_strQuery1) or die(mysql_error() . " IN $ava_strQuery1"); if (!$ava_link1) { die('Could not connect: ' . mysql_error()); } $ava_db_selected1 = mysql_select_db($ava_db1, $ava_link1); if (!$ava_db_selected1) { die ('Can not use $ava_db1 : ' . mysql_error()); } //insert new record if ID and PIN match $ava_result1 = mysql_query($ava_strQuery1); Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted February 21, 2011 Share Posted February 21, 2011 the database is selected after the first one, before the second one. Quote Link to comment Share on other sites More sharing options...
jay7981 Posted February 21, 2011 Author Share Posted February 21, 2011 huh? Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted February 21, 2011 Share Posted February 21, 2011 in your code. you perform a mysql_query before selecting a database. then you select a database before the next query. first connect and query, but no database has been selected yet: $ava_link1 = mysql_connect($ava_host1, $ava_user1, $ava_pw1); $ava_result1 = mysql_query($ava_strQuery1) or die(mysql_error() . " IN $ava_strQuery1"); that's why the error No database selected Quote Link to comment Share on other sites More sharing options...
jay7981 Posted February 23, 2011 Author Share Posted February 23, 2011 ok so i fixed the issue with it not selecting the DB but it is still processing the rest of the script no matter what is submitted to it ... the script should halt when the information passed to t dont match what is in the DB, and if it does match then process the rest. here is the fixed code: <?php include './config.php'; include './access.php'; // Receiving variables $steamid = addslashes($_POST['steamid']); $pin = addslashes($_POST['pin']); $avatar_Name1 = $_FILES['avatar']['name']; $avatar_Size = $_FILES['avatar']['size']; $avatar_Temp = $_FILES['avatar']['tmp_name']; $avatar_Mime_Type = $_FILES['avatar']['type']; $ava_strQuery1 = "SELECT * FROM $member_table WHERE authid='$steamid' AND private_pin='$pin'"; $ava_host1 = "$hostname"; $ava_user1 = "$username"; $ava_pw1 = "$password"; $ava_db1 = "$database"; $ava_link1 = mysql_connect($ava_host1, $ava_user1, $ava_pw1); $ava_db_selected1 = mysql_select_db($ava_db1, $ava_link1); $ava_result1 = mysql_query($ava_strQuery1) or die(mysql_error() . " IN $ava_strQuery1"); if (!$ava_link1) { die('Could not connect: ' . mysql_error()); }elseif (!$ava_db_selected1) { die ('Can not use $ava_db1 : ' . mysql_error()); } //insert new record if ID and PIN match $ava_result1 = mysql_query($ava_strQuery1); if (!$ava_result1) { //if ID and PIN dont match display error and form echo "Wrong SteamID/Pin Please Try Again..."; echo "<br />"; include ('./includes/avatar_upload.php'); } else { function findexts ($avatar_Name1) { $filename = strtolower($avatar_Name1) ; $exts = split("[/\\.]", $avatar_Name1) ; $n = count($exts)-1; $exts = $exts[$n]; return $exts; } $ext = findexts ($_FILES['avatar']['name']) ; $ran = rand () ; $ran2 = $ran."."; $avatar_Name = $ran2.$ext; //Checking/Making Folder function RecursiveMkdir($path) { if (!file_exists($path)) { RecursiveMkdir(dirname($path)); mkdir($path, 0777); } } // Validation if (strlen($steamid) <15) { die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid steamid <br>(ex: STEAM_0:0:00000)</font></p><p align='center'><a href='avatar.php'>BACK</a></p>"); } if (strlen($steamid) >20) { die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid steamid <br>(ex: STEAM_0:0:00000)</font></p><p align='center'><a href='avatar.php'>BACK</a></p>"); } if (strlen($steamid) == 0 ) { die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid steamid <br>(ex: STEAM_0:0:00000)</font></p><p align='center'><a href='avatar.php'>BACK</a></p>"); } if (strlen($pin) !=12) { die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid pin<br>Dont have a pin? click <a href='#'>here</a></font></p><p align='center'><a href='avatar.php'>BACK</a></p>"); } if (strlen($pin) == 0 ) { die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid pin<br>Dont have a pin? click <a href='#'>here</a></font></p><p align='center'><a href='avatar.php'>BACK</a></p>"); } if( $avatar_Size == 0) { die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please select an image that is 50KB or less in size and its type is .jpg, .gif, or .png</font></p><p align='center'><a href='avatar_upload.php'>BACK</a></p>"); } if( $avatar_Size >51200) { //delete file unlink($avatar_Temp); die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please select an image that is 50KB or less in size and its type is .jpg, .gif, or .png</font></p><p align='center'><a href='avatar_upload.php'>BACK</a></p>"); } if( $avatar_Mime_Type != "image/gif" AND $avatar_Mime_Type != "image/jpeg" AND $avatar_Mime_Type != "image/pjpeg" AND $avatar_Mime_Type != "image/png" AND $avatar_Mime_Type != "image/x-png") { unlink($avatar_Temp); die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please select an image that is 50KB or less in size and its type is .jpg, .gif, or .png</font></p><p align='center'><a href='avatar_upload.php'>BACK</a></p>"); } $uploadFile = "avatars/".$avatar_Name ; if (!is_dir(dirname($uploadFile))) { RecursiveMkdir(dirname($uploadFile)); } else { chmod(dirname($uploadFile), 0777); } move_uploaded_file( $avatar_Temp , $uploadFile); chmod($uploadFile, 0644); $avatar_URL = "****************".$avatar_Name ; //saving record to MySQL database $ava_strQuery = "UPDATE $member_table SET avatar ='$avatar_Name' WHERE authid='$steamid' AND private_pin='$pin'"; $ava_host = "$hostname"; $ava_user = "$username"; $ava_pw = "$password"; $ava_db = "$database"; $ava_link = mysql_connect($ava_host, $ava_user, $ava_pw); if (!$ava_link) { die('Could not connect: ' . mysql_error()); } $ava_db_selected = mysql_select_db($ava_db, $ava_link); if (!$ava_db_selected) { die ('Can not use $ava_db : ' . mysql_error()); } //insert new record $ava_result = mysql_query($ava_strQuery); if (!$ava_result) { die('Invalid query: ' . mysql_error()); } mysql_close($ava_link); echo("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Image uploaded OK!</font></p><p align='center'></p>"); echo "<div align='center'>"; echo "<p><img src=$avatar_URL></p>"; include ('./includes/avatar_upload.php'); echo "</div>"; } mysql_close($ava_link1); ?> Quote Link to comment Share on other sites More sharing options...
jay7981 Posted February 23, 2011 Author Share Posted February 23, 2011 bumb ... any ideas ive looked at this code 500 times or more Quote Link to comment Share on other sites More sharing options...
jay7981 Posted February 23, 2011 Author Share Posted February 23, 2011 ok so as of now this script is only showing the first error "Wrong SteamID/Pin Please Try Again..." no matter what is passed to it ... so i tried defining a new var $verify = $row['authid']; and changed if (!$ava_result1) to if ($verify == ""), and still the same result ... so i am at a total loss here ... for anyone new to reading this .. here is the what its supposed to work ... 1 User puts info into form and submits (steam ID, pin, image file) 2a this script should check the db for the steamid and pin combo if they match then continue 2b if they dont match then stop and display an error and the form again. all its doing is 2b and i cannot for the life of me find where i messed up. Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted February 23, 2011 Share Posted February 23, 2011 This if statement is not testing what you think it's testing <?php $ava_result1 = mysql_query($ava_strQuery1); if (!$ava_result1) { //if ID and PIN dont match display error and form echo "Wrong SteamID/Pin Please Try Again..."; echo "<br />"; include ('./includes/avatar_upload.php'); } ?> When you get a "false" return from a mysql_query() function call it means that the query had a syntax error, not that it didn't return anything. What you need to do is to see if the query returned any results: <?php if (mysql_num_rows($ava_result1) == 0) { //if ID and PIN dont match display error and form echo "Wrong SteamID/Pin Please Try Again..."; echo "<br />"; include ('./includes/avatar_upload.php'); } ?> Ken Quote Link to comment Share on other sites More sharing options...
jay7981 Posted February 23, 2011 Author Share Posted February 23, 2011 and now i feel like a dummy ... thanks for the help that totally solved the issue now it works like a charm. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.