Jump to content

IF statement assistance


jay7981

Recommended Posts

Hello all,

I wrote a script that will upload an avatar to a users profile and to do this the user has to get a randomly generated pin that is stored to thier profile info in a MySQL db what i am trying to accomplish with this code is once the form is submitted this code checks the database to see if the ID is there and that the pin matches if so then it continues to upload the file if not it stops displays an error and the upload form. For some reason the script continues to upload even when i input fake values that are not in the DB .... i know its something simple that im jsut over looking so perhaps a fresh set of eyes will help...

 

<?php
include './config.php';
include './access.php';
// Receiving variables
@$steamid = addslashes($_POST['steamid']);
@$pin = addslashes($_POST['pin']);
@$avatar_Name1 = $_FILES['avatar']['name'];
@$avatar_Size = $_FILES['avatar']['size'];
@$avatar_Temp = $_FILES['avatar']['tmp_name'];
@$avatar_Mime_Type = $_FILES['avatar']['type'];

@$ava_strQuery1 = "SELECT * FROM $member_table WHERE authid='$steamid' AND private_pin='$pin'";
@$ava_host1 = "$hostname";
@$ava_user1 = "$username";
@$ava_pw1 = "$password";
@$ava_db1 = "$database";
$ava_link1 = mysql_connect($ava_host1, $ava_user1, $ava_pw1);
if (!$ava_link1) {
die('Could not connect: ' . mysql_error());
}
$ava_db_selected1 = mysql_select_db($ava_db1, $ava_link1);
if (!$ava_db_selected1) {
die ('Can not use $ava_db1 : ' . mysql_error());
}
//upload file and insert new record if ID and PIN match
$ava_result1 = mysql_query($ava_strQuery1);
if (!$ava_result1) {
function findexts ($avatar_Name1) 
{ 
$filename = strtolower($avatar_Name1) ; 
$exts = split("[/\\.]", $avatar_Name1) ; 
$n = count($exts)-1; 
$exts = $exts[$n]; 
return $exts; 
}
$ext = findexts ($_FILES['avatar']['name']) ;
$ran = rand () ;
$ran2 = $ran.".";
$avatar_Name = $ran2.$ext;

//Checking/Making Folder
function RecursiveMkdir($path)
{
   if (!file_exists($path)) 
   { 
      RecursiveMkdir(dirname($path));
      mkdir($path, 0777);
    }
  }


// Validation
if (strlen($steamid) <15)
{
die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid steamid <br>(ex: STEAM_0:0:00000)</font></p><p align='center'><a href='avatar.php'>BACK</a></p>");
}
if (strlen($steamid) >20)
{
die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid steamid <br>(ex: STEAM_0:0:00000)</font></p><p align='center'><a href='avatar.php'>BACK</a></p>");
}

if (strlen($steamid) == 0 )
{
die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid steamid <br>(ex: STEAM_0:0:00000)</font></p><p align='center'><a href='avatar.php'>BACK</a></p>");
}

if (strlen($pin) !=12)
{
die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid pin<br>Dont have a pin? click <a href='#'>here</a></font></p><p align='center'><a href='avatar.php'>BACK</a></p>");
}

if (strlen($pin) == 0 )
{
die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid pin<br>Dont have a pin? click <a href='#'>here</a></font></p><p align='center'><a href='avatar.php'>BACK</a></p>");
}

if( $avatar_Size == 0)
{
die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please select an image that is 50KB or less in size and its type is .jpg, .gif, or .png</font></p><p align='center'><a href='avatar_upload.php'>BACK</a></p>");
}
if( $avatar_Size >51200)
{

//delete file 
unlink($avatar_Temp);
die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please select an image that is 50KB or less in size and its type is .jpg, .gif, or .png</font></p><p align='center'><a href='avatar_upload.php'>BACK</a></p>");
}
if( $avatar_Mime_Type != "image/gif" AND $avatar_Mime_Type != "image/jpeg" AND $avatar_Mime_Type != "image/pjpeg" AND $avatar_Mime_Type != "image/png" AND $avatar_Mime_Type != "image/x-png")
{
unlink($avatar_Temp);
die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please select an image that is 50KB or less in size and its type is .jpg, .gif, or .png</font></p><p align='center'><a href='avatar_upload.php'>BACK</a></p>");
}
$uploadFile = "avatars/".$avatar_Name ;
if (!is_dir(dirname($uploadFile)))
  {
    @RecursiveMkdir(dirname($uploadFile)); 
  }
else
  {
  @chmod(dirname($uploadFile), 0777);
  }
@move_uploaded_file( $avatar_Temp , $uploadFile); 
chmod($uploadFile, 0644);
$avatar_URL = "*************/".$avatar_Name ;

//saving record to MySQL database
@$ava_strQuery = "UPDATE $member_table SET avatar ='$avatar_Name' WHERE authid='$steamid' AND private_pin='$pin'";
@$ava_host = "$hostname";
@$ava_user = "$username";
@$ava_pw = "$password";
@$ava_db = "$database";
$ava_link = mysql_connect($ava_host, $ava_user, $ava_pw);
if (!$ava_link) {
die('Could not connect: ' . mysql_error());
}
$ava_db_selected = mysql_select_db($ava_db, $ava_link);
if (!$ava_db_selected) {
die ('Can not use $ava_db : ' . mysql_error());
}

//insert new record
$ava_result = mysql_query($ava_strQuery);
if (!$ava_result) {
die('Invalid query: ' . mysql_error());
}
mysql_close($ava_link);

echo("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Image uploaded OK!</font></p><p align='center'></p>");
echo "<div align='center'>";
echo "<p><img src=$avatar_URL></p>";
include ('./includes/avatar_upload.php');
echo "</div>";
}else{ //if ID and PIN dont match display error and form
echo "Wrong SteamID/Pin Please Try Again...";
echo "<br />";
include ('./includes/avatar_upload.php');
}
mysql_close($ava_link1);
?>

Link to comment
Share on other sites

ok did as suggested and got no syntax errors ... i tried to upload using false info again and it displayed the error "Wrong SteamID/Pin Please Try Again..." as it should have but then i tried to upload using correct info and it still gave me the error "Wrong SteamID/Pin Please Try Again...", very perplexing ....

Link to comment
Share on other sites

the sql statement is working fine its the IF statement that is having issues ...  I indented the code as asked and have marked the IF statements that are having issues ...

 

<?php
include './config.php';
include './access.php';


// Receiving variables
$steamid = addslashes($_POST['steamid']);
$pin = addslashes($_POST['pin']);
$avatar_Name1 = $_FILES['avatar']['name'];
$avatar_Size = $_FILES['avatar']['size'];
$avatar_Temp = $_FILES['avatar']['tmp_name'];
$avatar_Mime_Type = $_FILES['avatar']['type'];
$ava_strQuery1 = "SELECT * FROM $member_table WHERE authid='$steamid' AND private_pin='$pin'";
$ava_host1 = "$hostname";
$ava_user1 = "$username";
$ava_pw1 = "$password";
$ava_db1 = "$database";
$ava_link1 = mysql_connect($ava_host1, $ava_user1, $ava_pw1);

if (!$ava_link1)
{
	die('Could not connect: ' . mysql_error());
}

$ava_db_selected1 = mysql_select_db($ava_db1, $ava_link1);

if (!$ava_db_selected1)
{
	die ('Can not use $ava_db1 : ' . mysql_error());
}

//insert new record if ID and PIN match
$ava_result1 = mysql_query($ava_strQuery1);

                           //this is the first IF statement
                          //If the result is true then continue if not goto else statement

if (!$ava_result1)
{

	// -- Function Name : findexts
	// -- Params : $avatar_Name1
	// -- Purpose : pull the extension
	function findexts ($avatar_Name1)
	{
		$filename = strtolower($avatar_Name1) ;
		$exts = split("[/\\.]", $avatar_Name1) ;
		$n = count($exts)-1;
		$exts = $exts[$n];
		return $exts;
	}

	$ext = findexts ($_FILES['avatar']['name']) ;
	$ran = rand () ;
	$ran2 = $ran.".";
	$avatar_Name = $ran2.$ext;


	//Checking/Making Folder
	function RecursiveMkdir($path)
	{

		if (!file_exists($path))
		{
			RecursiveMkdir(dirname($path));
			mkdir($path, 0777);
		}

	}

	// Validation

	if (strlen($steamid) <15)
	{
		die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid steamid <br>(ex: STEAM_0:0:00000)</font></p><p align='center'><a href='avatar.php'>BACK</a></p>");
	}


	if (strlen($steamid) >20)
	{
		die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid steamid <br>(ex: STEAM_0:0:00000)</font></p><p align='center'><a href='avatar.php'>BACK</a></p>");
	}


	if (strlen($steamid) == 0 )
	{
		die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid steamid <br>(ex: STEAM_0:0:00000)</font></p><p align='center'><a href='avatar.php'>BACK</a></p>");
	}


	if (strlen($pin) !=12)
	{
		die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid pin<br>Dont have a pin? click <a href='#'>here</a></font></p><p align='center'><a href='avatar.php'>BACK</a></p>");
	}


	if (strlen($pin) == 0 )
	{
		die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid pin<br>Dont have a pin? click <a href='#'>here</a></font></p><p align='center'><a href='avatar.php'>BACK</a></p>");
	}


	if( $avatar_Size == 0)
	{
		die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please select an image that is 50KB or less in size and its type is .jpg, .gif, or .png</font></p><p align='center'><a href='avatar_upload.php'>BACK</a></p>");
	}


	if( $avatar_Size >51200)
	{
		//delete file 
		unlink($avatar_Temp);
		die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please select an image that is 50KB or less in size and its type is .jpg, .gif, or .png</font></p><p align='center'><a href='avatar_upload.php'>BACK</a></p>");
	}


	if( $avatar_Mime_Type != "image/gif" AND $avatar_Mime_Type != "image/jpeg" AND $avatar_Mime_Type != "image/pjpeg" AND $avatar_Mime_Type != "image/png" AND $avatar_Mime_Type != "image/x-png")
	{
		unlink($avatar_Temp);
		die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please select an image that is 50KB or less in size and its type is .jpg, .gif, or .png</font></p><p align='center'><a href='avatar_upload.php'>BACK</a></p>");
	}

	$uploadFile = "avatars/".$avatar_Name ;

	if (!is_dir(dirname($uploadFile)))
	{
		RecursiveMkdir(dirname($uploadFile));
	}
	else
	{
		chmod(dirname($uploadFile), 0777);
	}

	move_uploaded_file( $avatar_Temp , $uploadFile);
	chmod($uploadFile, 0644);
	$avatar_URL = "*****************".$avatar_Name ;


	//saving record to MySQL database
	$ava_strQuery = "UPDATE $member_table SET avatar ='$avatar_Name' WHERE authid='$steamid' AND private_pin='$pin'";
	$ava_host = "$hostname";
	$ava_user = "$username";
	$ava_pw = "$password";
	$ava_db = "$database";
	$ava_link = mysql_connect($ava_host, $ava_user, $ava_pw);

	if (!$ava_link)
	{
		die('Could not connect: ' . mysql_error());
	}

	$ava_db_selected = mysql_select_db($ava_db, $ava_link);

	if (!$ava_db_selected)
	{
		die ('Can not use $ava_db : ' . mysql_error());
	}

	//insert new record
	$ava_result = mysql_query($ava_strQuery);

	if (!$ava_result)
	{
		die('Invalid query: ' . mysql_error());
	}

	mysql_close($ava_link);
	echo("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Image uploaded OK!</font></p><p align='center'></p>");
	echo "<div align='center'>";
	echo "<p><img src=$avatar_URL></p>";
	include ('./includes/avatar_upload.php');
	echo "</div>";
}
                              //this is the else from the 1st IF statement
else 
{
	//if ID and PIN dont match display error and form
	echo "Wrong SteamID/Pin Please Try Again...";
	echo "<br />";
	include ('./includes/avatar_upload.php');
}

mysql_close($ava_link1);
?>

Link to comment
Share on other sites

well i did as you suggested and found that the first query is not selecting the database.......

 

No database selected IN SELECT * FROM my table WHERE authid='xxxxxxxxxx' AND private_pin='xxxxxxxxx'

 

i dont understand both querys are using the same connection info from the included ./config.php file ... the second one works but the first one does not.

 

                $ava_strQuery1 = "SELECT * FROM $member_table WHERE authid='$steamid' AND private_pin='$pin'";
$ava_host1 = "$hostname";
$ava_user1 = "$username";
$ava_pw1 = "$password";
$ava_db1 = "$database";
$ava_link1 = mysql_connect($ava_host1, $ava_user1, $ava_pw1);
$ava_result1 = mysql_query($ava_strQuery1) or die(mysql_error() . " IN $ava_strQuery1");

if (!$ava_link1)
{
	die('Could not connect: ' . mysql_error());
}

$ava_db_selected1 = mysql_select_db($ava_db1, $ava_link1);

if (!$ava_db_selected1)
{
	die ('Can not use $ava_db1 : ' . mysql_error());
}

//insert new record if ID and PIN match
$ava_result1 = mysql_query($ava_strQuery1);

Link to comment
Share on other sites

in your code. you perform a mysql_query before selecting a database. then you select a database before the next query.

 

first connect and query, but no database has been selected yet:


$ava_link1 = mysql_connect($ava_host1, $ava_user1, $ava_pw1);
$ava_result1 = mysql_query($ava_strQuery1) or die(mysql_error() . " IN $ava_strQuery1");

 

that's why the error No database selected

Link to comment
Share on other sites

ok so i fixed the issue with it not selecting the DB but it is still processing the rest of the script no matter what is submitted to it ...

 

the script should halt when the information passed to t dont match what is in the DB, and if it does match then process the rest.

 

here is the fixed code:

<?php
include './config.php';
include './access.php';


// Receiving variables
$steamid = addslashes($_POST['steamid']);
$pin = addslashes($_POST['pin']);
$avatar_Name1 = $_FILES['avatar']['name'];
$avatar_Size = $_FILES['avatar']['size'];
$avatar_Temp = $_FILES['avatar']['tmp_name'];
$avatar_Mime_Type = $_FILES['avatar']['type'];
$ava_strQuery1 = "SELECT * FROM $member_table WHERE authid='$steamid' AND private_pin='$pin'";
$ava_host1 = "$hostname";
$ava_user1 = "$username";
$ava_pw1 = "$password";
$ava_db1 = "$database";
$ava_link1 = mysql_connect($ava_host1, $ava_user1, $ava_pw1);
$ava_db_selected1 = mysql_select_db($ava_db1, $ava_link1);
$ava_result1 = mysql_query($ava_strQuery1) or die(mysql_error() . " IN $ava_strQuery1");

if (!$ava_link1)
{
	die('Could not connect: ' . mysql_error());
}elseif (!$ava_db_selected1)
{
	die ('Can not use $ava_db1 : ' . mysql_error());
}

//insert new record if ID and PIN match
$ava_result1 = mysql_query($ava_strQuery1);

if (!$ava_result1)
{
	//if ID and PIN dont match display error and form
	echo "Wrong SteamID/Pin Please Try Again...";
	echo "<br />";
	include ('./includes/avatar_upload.php');

}
else
{
	function findexts ($avatar_Name1)
	{
		$filename = strtolower($avatar_Name1) ;
		$exts = split("[/\\.]", $avatar_Name1) ;
		$n = count($exts)-1;
		$exts = $exts[$n];
		return $exts;
	}

	$ext = findexts ($_FILES['avatar']['name']) ;
	$ran = rand () ;
	$ran2 = $ran.".";
	$avatar_Name = $ran2.$ext;


	//Checking/Making Folder
	function RecursiveMkdir($path)
	{

		if (!file_exists($path))
		{
			RecursiveMkdir(dirname($path));
			mkdir($path, 0777);
		}

	}

	// Validation

	if (strlen($steamid) <15)
	{
		die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid steamid <br>(ex: STEAM_0:0:00000)</font></p><p align='center'><a href='avatar.php'>BACK</a></p>");
	}


	if (strlen($steamid) >20)
	{
		die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid steamid <br>(ex: STEAM_0:0:00000)</font></p><p align='center'><a href='avatar.php'>BACK</a></p>");
	}


	if (strlen($steamid) == 0 )
	{
		die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid steamid <br>(ex: STEAM_0:0:00000)</font></p><p align='center'><a href='avatar.php'>BACK</a></p>");
	}


	if (strlen($pin) !=12)
	{
		die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid pin<br>Dont have a pin? click <a href='#'>here</a></font></p><p align='center'><a href='avatar.php'>BACK</a></p>");
	}


	if (strlen($pin) == 0 )
	{
		die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please enter a valid pin<br>Dont have a pin? click <a href='#'>here</a></font></p><p align='center'><a href='avatar.php'>BACK</a></p>");
	}


	if( $avatar_Size == 0)
	{
		die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please select an image that is 50KB or less in size and its type is .jpg, .gif, or .png</font></p><p align='center'><a href='avatar_upload.php'>BACK</a></p>");
	}


	if( $avatar_Size >51200)
	{
		//delete file 
		unlink($avatar_Temp);
		die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please select an image that is 50KB or less in size and its type is .jpg, .gif, or .png</font></p><p align='center'><a href='avatar_upload.php'>BACK</a></p>");
	}


	if( $avatar_Mime_Type != "image/gif" AND $avatar_Mime_Type != "image/jpeg" AND $avatar_Mime_Type != "image/pjpeg" AND $avatar_Mime_Type != "image/png" AND $avatar_Mime_Type != "image/x-png")
	{
		unlink($avatar_Temp);
		die("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Please select an image that is 50KB or less in size and its type is .jpg, .gif, or .png</font></p><p align='center'><a href='avatar_upload.php'>BACK</a></p>");
	}

	$uploadFile = "avatars/".$avatar_Name ;

	if (!is_dir(dirname($uploadFile)))
	{
		RecursiveMkdir(dirname($uploadFile));
	}
	else
	{
		chmod(dirname($uploadFile), 0777);
	}

	move_uploaded_file( $avatar_Temp , $uploadFile);
	chmod($uploadFile, 0644);
	$avatar_URL = "****************".$avatar_Name ;


	//saving record to MySQL database
	$ava_strQuery = "UPDATE $member_table SET avatar ='$avatar_Name' WHERE authid='$steamid' AND private_pin='$pin'";
	$ava_host = "$hostname";
	$ava_user = "$username";
	$ava_pw = "$password";
	$ava_db = "$database";
	$ava_link = mysql_connect($ava_host, $ava_user, $ava_pw);

	if (!$ava_link)
	{
		die('Could not connect: ' . mysql_error());
	}

	$ava_db_selected = mysql_select_db($ava_db, $ava_link);

	if (!$ava_db_selected)
	{
		die ('Can not use $ava_db : ' . mysql_error());
	}

	//insert new record
	$ava_result = mysql_query($ava_strQuery);

	if (!$ava_result)
	{
		die('Invalid query: ' . mysql_error());
	}

	mysql_close($ava_link);
	echo("<p align='center'><font face='Arial' size='3' color='#66CCFF'>Image uploaded OK!</font></p><p align='center'></p>");
	echo "<div align='center'>";
	echo "<p><img src=$avatar_URL></p>";
	include ('./includes/avatar_upload.php');
	echo "</div>";
}

mysql_close($ava_link1);
?>

Link to comment
Share on other sites

ok so as of now this script is only showing the first error "Wrong SteamID/Pin Please Try Again..." no matter what is passed to it ... so i tried defining a new var $verify = $row['authid'];  and changed if (!$ava_result1) to if ($verify == ""), and still the same result ... so i am at a total loss here ... for anyone new to reading this .. here is the what its supposed to work ...

 

1 User puts info into form and submits (steam ID, pin, image file)

2a this script should check the db for the steamid and pin combo if they match then continue

2b if they dont match then stop and display an error and the form again.

 

all its doing is 2b and i cannot for the life of me find where i messed up.

Link to comment
Share on other sites

This if statement is not testing what you think it's testing

<?php

$ava_result1 = mysql_query($ava_strQuery1);

if (!$ava_result1)
{
	//if ID and PIN dont match display error and form
	echo "Wrong SteamID/Pin Please Try Again...";
	echo "<br />";
	include ('./includes/avatar_upload.php');

}
?>

When you get a "false" return from a mysql_query() function call it means that the query had a syntax error, not that it didn't return anything. What you need to do is to see if the query returned any results:

<?php
if (mysql_num_rows($ava_result1) == 0) {

	//if ID and PIN dont match display error and form
	echo "Wrong SteamID/Pin Please Try Again...";
	echo "<br />";
	include ('./includes/avatar_upload.php');

}
?>

 

Ken

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.