update profile picture

andy_b_1502 · August 27, 2012

<?PHP
session_start();
if(!isset($_SESSION['id']) || !isset($_SESSION['valid_user']) || $_SESSION['valid_user'] != "yes") {
$_SESSION = array();
session_destroy();
header("Location: index.php");	
exit();
}

include ('php only scripts/db.php');
$id = $_GET['id'];

$query ="SELECT * FROM companies WHERE id = '$id'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);

?>
<!DOCTYPE html>
  <head>
    <title>Removalspace.com</title>
<style type="text/css">
<!--
body {
background-image: url(styles/downloaded%20styles/todo/todo/images/bg.png);

}
-->
</style>
<link href="styles/downloaded styles/todo/todo/css/style.css" rel="stylesheet" type="text/css" />
<link rel="stylesheet" type="text/css" href="styles/downloaded styles/todo/todo/css/style9.css" />
    <link rel="stylesheet" type="text/css" href="styles/downloaded styles/todo/todo/css/demo.css" />    
        <link href='http://fonts.googleapis.com/css?family=Terminal+Dosis' rel='stylesheet' type='text/css' />
        <style type="text/css">
<!--
.Stile1 {color: #333333}
-->
        </style>
<script type="text/javascript">

  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-31656176-1']);
  _gaq.push(['_trackPageview']);

  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  })();

</script>
</head>
  
<body>
<!--start container -->
<div id="container">
<header>
    <nav>   
      <div id="logo"><a href="index.php"><img src="images/header2.png" alt="Logo here" width="219" height="161" /></a>      </div>
      
      <div id="search-top"><img src="styles/downloaded styles/todo/todo/images/quote-right.png" alt="images" /><span class="cursive">1st part of postcode  here</span><img src="styles/downloaded styles/todo/todo/images/quote-left.png" alt="images" />
        <form method="post" action="search.php">
  <input type="text" name="strSearch" onFocus="if(this.value=='Search Area')this.value='';" onBlur="if(this.value=='')this.value='Search Area';" value="Search Area"  id="search-field"/>
  <input type="submit" value="" id="search-btn"/>
  </form>
        <p> </p>
        <p> </p>
        <p><em style="font-size: 9px">e.g first two letters and number</em>:</p>
      </div>  
      <div id="nav_social"><a href="http://www.facebook.com/pages/Removalspace/181434181939226"><img src="styles/downloaded styles/todo/todo/images/facebook_32.png" alt="Become a fan" width="32" height="32" /></a><a href="#"><img src="styles/downloaded styles/todo/todo/images/twitter_32.png" alt="Follows on Twitter" /></a><a href="id=183427956&trk=tab_pro"><img src="styles/downloaded styles/todo/todo/images/linkedin_32.png" alt="Linked in" /></a><a href="contact.php"><img src="styles/downloaded styles/todo/todo/images/email_32.png" alt="Contact" width="32" height="32" /></a><!-- Place this tag where you want the +1 button to render -->
<g:plusone size="small" annotation="inline"></g:plusone>

<!-- Place this render call where appropriate -->
<script type="text/javascript">
  (function() {
    var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true;
    po.src = 'https://apis.google.com/js/plusone.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s);
  })();
</script> </div>
  </nav>
  
  </header>


<p><figure><a href="removals.php">Search Removals</a></figure> |</p>
<p><figure><a href="storage.php">Search Storage</a></figure> |</p>
<p><figure><a href="register00.php">Add Listing</a></figure> |</p>
<p><figure><a href="about.php">About</a></figure> |</p>
<p><figure><a href="contact.php">Contact</a></figure> |</p>
<p><figure><a href="login00.php">Login</a></figure></p>
<div class="content">
  <!--star main --> 
  
  <main></main>
    <!--end main -->
    <!--start middle -->
    <middle>    
      <div class="section_slogan"><table>
	<tr>
		<td valign="top"><div class="abox">
      <figure>
      <fcapion>
     <h1><img src="images/thumbs/<?PHP echo $row['upload']; ?>" alt="logo"/></h1>
      </fcaption></figure></div></td>
            
		<td valign="top">
			<div class="abox">
      <figure>
      <fcapion>
     <h1><?PHP 
			echo $row['street1'] . 
			"<br>" . $row['street2'] . 
			"<br>" . $row['city'] . "," .  $row['postcode'] .  
			"<br>phone: " . $row['phone'] .  
			"<br>email: " . $row['email'] . 
			"<br>website: " . $row['website']  ; 
			?></h1>
      </fcaption></figure>
</div>
		</td>			
	</tr>
        <tr>
		<td><div class="abox">
      <figure>
      <fcapion>
     <h1><?PHP echo nl2br($row['premiumuser_description']); ?></h1>
      </fcaption></figure>
</div></td>
	</tr></table>
        <?PHP
/* create an email validation function */
function validateEmailAddress($email) {
return filter_var($email, FILTER_VALIDATE_EMAIL) && preg_match('/@.+\./', $email);
}
/**
* CALLBACK - determine if the provided postcode is valid.
*
* @param string $postcode
* @return bool TRUE if valid, FALSE otherwise
* @author George Edwards
*/
function is_valid_uk_postcode($postcode) {
    $pattern = "/^([A-PR-UWYZ0-9][A-HK-Y0-9][AEHMNPRTVXY0-9]?[ABEHMNPRVWXY0-9]? {1,2}[0-9][ABD-HJLN-UW-Z]{2}|GIR 0AA)$/";

    if (preg_match($pattern, $postcode)) {
        return TRUE;
    }

    $this->validation->set_message('is_valid_uk_postcode', 'That is not a valid %s.');
    return FALSE;
}
/* FUNCTION TO CREATE SALT */
function createSalt() {
$string = md5(uniqid(rand(), true));
return substr($string, 0, 3);
}
/* check if form was submitted */
if (isset($_POST['Submit'])){
$error_message = "";
/* This is the directory where images will be saved */
$target = "/home/users/web/b109/ipg.removalspacecom/images/COMPANIES/"; 
$target = $target . basename( $_FILES['upload']['name']); 
/* include validation script */
include ('php only scripts/validation.php');
$uploadDir = 'images/COMPANIES'; /* main picture folder */
$max_height = 450;	/* 	largest height you allowed; 0 means any */
$max_width = 450; /*  largest width you allowed; 0 means any */
$max_file = 2000000;  /*  set the max file size in bytes */
$image_overwrite = 1;	 /* 0 means overwite; 1 means new name */
/* add or delete allowed image types */
$allowed_type01 = array(	"image/gif", 	"image/pjpeg", "image/jpeg", "image/png", "image/x-png", "image/jpg");
$do_thumb = 1;	 /*  1 make thumbnails; 0 means do NOT make */
$thumbDir = "/images/thumbs";  /*  thumbnail folder */
$thumb_prefix = "";  /*  prefix for thumbnails */
$thumb_width = 90; /*  max thumb width */
$thumb_height = 70;	// max thumb height
 //Writes the photo to the server 
if(move_uploaded_file($_FILES['upload']['tmp_name'], $target)) { 
	/* HERE IS WHERE WE WILL DO THE ACTUAL RESIZING */ 
	/* THESE SIX PARAMETERS MAY BE CHANGED TO SUIT YOUR NEEDS */
	$upload = $_FILES['upload']['name'];
	$o_path ="images/COMPANIES/";
	$s_path = "images/thumbs/";
	$file = $upload;
	$save = $file;
	$t_w = 200;
	$t_h = 150;
	/* DO NOT CHANGE THIS NEXT LINE */
	Resize_Image($save,$file,$t_w,$t_h,$s_path,$o_path);
}else{ 
	//Gives and error if its not 
	$error_message .= "Sorry, there was a problem uploading your file."; 
}
/* PREPARE DATA FOR INSERTION INTO TABLE */
//Writes the information to the database 
if(strlen(trim($error_message)) <1){  
	$salt = createsalt();
	$username = trim($_POST['username']);
	$password = trim($_POST['password']);
	$hash = hash('sha256', $salt, $password);
	$approved = 0; 
	$company_name = mysql_real_escape_string(trim($_POST['company_name']));
	$website = mysql_real_escape_string(trim($_POST['website']));
	$contact_name = mysql_real_escape_string(trim($_POST['contact_name']));
	$location = mysql_real_escape_string(trim($_POST['location']));
	$postcode = mysql_real_escape_string(trim($_POST['postcode']));
	$street1 = mysql_real_escape_string(trim($_POST['street1']));
	$street2 = mysql_real_escape_string(trim($_POST['street2']));
	$city = mysql_real_escape_string(trim($_POST['city']));
	$phone = mysql_real_escape_string(trim($_POST['phone']));
	$phone2 = mysql_real_escape_string(trim($_POST['phone2']));
	$email = mysql_real_escape_string(trim($_POST['email']));
	$premiumuser_description = mysql_real_escape_string(trim($_POST['premiumuser_description']));
	$salt = mysql_real_escape_string($salt);
	$upload = mysql_real_escape_string($upload);	
	$query ="INSERT INTO `companies` (company_name, what_services, website, contact_name, location, postcode, street1, street2, city, phone,phone2, email, premiumuser_description, username, password, salt, approved, upload) VALUES ('$company_name', '$what_services', '$website', '$contact_name', '$location', '$postcode', '$street1', '$street2', '$city', '$phone', '$phone2', '$email', '$premiumuser_description', '$username', '$hash', '$salt', '$approved', '$upload')";
	$result = mysql_query($query) or die(mysql_error());
	if ($result) {

		}

	/* at this point we can send an email to the admin as well as the user.  DO NOT send the user's password to ANYONE!!!! */ 
}
}//if (isset($_POST['submit']))
?>

<?php
if (!empty($error_message)){ echo $error_message; }
?>

<div class="abox">
      <figure>
      <fcapion>
     <h1><hr>
<form action="view02.php" method="get" enctype="multipart/form-data" class="cursive">
<table width="316" border="0">
	<tr>
		<td colspan="2"><h1>Edit Your details </h1><p>fill out the form with your details...</p></td>
    </tr>
	<tr>
		<td> </td>
		<td><p> </p>
		<p>Click submit to update...</p><p>  </p></td>
	</tr>
	<tr>
		<td> </td>
		<td><p> </p><p></p><p><input type="hidden" name="id" value="<?php echo $row['id']; ?>"/><p>  </p></td>
	</tr>
	<tr>
		<td>Website:</td>
		<td><p> </p><p><input name="website" type="text" id="website" /></p>
    			<p>  </p></td>
	</tr>
	<tr>
		<td>Primary Number:</td>
		<td><p> </p><p><input name="phone" type="text" id="phone" /></p>
		<p>  </p></td>
	</tr>
	<tr>
		<td>Secondary Number:</td>
		<td><p> </p>
		<p><input name="phone2" type="text" id="phone2" /></p>
              <p> </p></td>
	</tr>
	<tr>
		<td>Company Description:</td>
		<td><p><em>Write a description of what your company does, the services it offers and any additional information here.</em> </p>
		<p><textarea rows="10" cols="100" name="premiumuser_description" id="premiumuser_description"></textarea></p>
		<p> </p></td>
	</tr>
	<tr>
	  <td> </td>
	  </tr>
	<tr>
		<td colspan="2"><input type="submit" name="submit" value="submit" /></td>
	</tr>
</table>
</form></h1>
      </fcaption></figure>
</div>
      </div>
    </middle>
</div>
<!--end middle -->
<!--start footer -->
<footer>  
  <div id="footer"></div>
</footer>
<!--end footer -->
</div>
<!--end container -->
  </body>

Hi everyone. Please may i have some help understanding how to update images on users profiles. or have the user rather change their image how they please?

Currently the above page is there profile, they may change all the details on it.

The resize code for the images is in there used from the register file. currently the only way to get an image is by uploading when they register. but for some reason, multiple images are being used for different profiles after they register? it's like its overriding one image for another? i know they have been uploaded as they are in the file manager in my host cpanel but it assigns sometimes, the same image from another profile?

If users had the ability to change this image it would make things easier to fix.

If anyone knows a easier/better way for this please let me know.

Christian F. · August 27, 2012

You'll want to start here: http://php.net/manual/en/features.file-upload.php

When you've understood the basic premise of how to accomplish this, then you'll need to look into validating not only the form data, but also the files themselves. As allowing users to upload files unchecked means that they can upload PHP scripts to your host, and thus gain complete access to your entire system.

andy_b_1502 · August 29, 2012

My code should validate the info and update shouldn't it? i have the upload browse button but it doesn't upload or seem to do anything? i have an admin panel where these images have to be approved too so any malicious things should get picked up here.

<?PHP
session_start();
if(!isset($_SESSION['id']) || !isset($_SESSION['valid_user']) || $_SESSION['valid_user'] != "yes") {
$_SESSION = array();
session_destroy();
header("Location: index.php");	
exit();
}

include ('php only scripts/db.php');
$id = $_GET['id'];

$query ="SELECT * FROM companies WHERE id = '$id'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);

?>
<!DOCTYPE html>
  <head>
    <title>Removalspace.com</title>
<style type="text/css">
<!--
body {
background-image: url(styles/downloaded%20styles/todo/todo/images/bg.png);

}
-->
</style>
<link href="styles/downloaded styles/todo/todo/css/style.css" rel="stylesheet" type="text/css" />
<link rel="stylesheet" type="text/css" href="styles/downloaded styles/todo/todo/css/style9.css" />
    <link rel="stylesheet" type="text/css" href="styles/downloaded styles/todo/todo/css/demo.css" />    
        <link href='http://fonts.googleapis.com/css?family=Terminal+Dosis' rel='stylesheet' type='text/css' />
        <style type="text/css">
<!--
.Stile1 {color: #333333}
-->
        </style>
<script type="text/javascript">

  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-31656176-1']);
  _gaq.push(['_trackPageview']);

  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  })();

</script>
</head>
  
<body>
<!--start container -->
<div id="container">
<header>
    <nav>   
      <div id="logo"><a href="index.php"><img src="images/header2.png" alt="Logo here" width="219" height="161" /></a>      </div>
      
      <div id="search-top"><img src="styles/downloaded styles/todo/todo/images/quote-right.png" alt="images" /><span class="cursive">1st part of postcode  here</span><img src="styles/downloaded styles/todo/todo/images/quote-left.png" alt="images" />
        <form method="post" action="search.php">
  <input type="text" name="strSearch" onFocus="if(this.value=='Search Area')this.value='';" onBlur="if(this.value=='')this.value='Search Area';" value="Search Area"  id="search-field"/>
  <input type="submit" value="" id="search-btn"/>
  </form>
        <p> </p>
        <p> </p>
        <p><em style="font-size: 9px">e.g first two letters and number</em>:</p>
      </div>  
      <div id="nav_social"><a href="http://www.facebook.com/pages/Removalspace/181434181939226"><img src="styles/downloaded styles/todo/todo/images/facebook_32.png" alt="Become a fan" width="32" height="32" /></a><a href="#"><img src="styles/downloaded styles/todo/todo/images/twitter_32.png" alt="Follows on Twitter" /></a><a href="id=183427956&trk=tab_pro"><img src="styles/downloaded styles/todo/todo/images/linkedin_32.png" alt="Linked in" /></a><a href="contact.php"><img src="styles/downloaded styles/todo/todo/images/email_32.png" alt="Contact" width="32" height="32" /></a><!-- Place this tag where you want the +1 button to render -->
<g:plusone size="small" annotation="inline"></g:plusone>

<!-- Place this render call where appropriate -->
<script type="text/javascript">
  (function() {
    var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true;
    po.src = 'https://apis.google.com/js/plusone.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s);
  })();
</script> </div>
  </nav>
  
  </header>


<p><figure><a href="removals.php">Search Removals</a></figure> |</p>
<p><figure><a href="storage.php">Search Storage</a></figure> |</p>
<p><figure><a href="register00.php">Add Listing</a></figure> |</p>
<p><figure><a href="about.php">About</a></figure> |</p>
<p><figure><a href="contact.php">Contact</a></figure> |</p>
<p><figure><a href="login00.php">Login</a></figure></p>
<div class="content">
  <!--star main --> 
  
  <main></main>
    <!--end main -->
    <!--start middle -->
    <middle>    
      <div class="section_slogan"><table>
	<tr>
		<td valign="top"><div class="abox">
      <figure>
      <fcapion>
     <h1><img src="images/thumbs/<?PHP echo $row['upload']; ?>" alt="logo"/></h1>
      </fcaption></figure></div></td>
            
		<td valign="top">
			<div class="abox">
      <figure>
      <fcapion>
     <h1><?PHP 
			echo $row['street1'] . 
			"<br>" . $row['street2'] . 
			"<br>" . $row['city'] . "," .  $row['postcode'] .  
			"<br>phone: " . $row['phone'] .  
			"<br>email: " . $row['email'] . 
			"<br>website: " . $row['website']  ; 
			?></h1>
      </fcaption></figure>
</div>
		</td>			
	</tr>
        <tr>
		<td><div class="abox">
      <figure>
      <fcapion>
     <h1><?PHP echo nl2br($row['premiumuser_description']); ?></h1>
      </fcaption></figure>
</div></td>
	</tr></table>
        <?PHP
/* create an email validation function */
function validateEmailAddress($email) {
return filter_var($email, FILTER_VALIDATE_EMAIL) && preg_match('/@.+\./', $email);
}
/**
* CALLBACK - determine if the provided postcode is valid.
*
* @param string $postcode
* @return bool TRUE if valid, FALSE otherwise
* @author George Edwards
*/
function is_valid_uk_postcode($postcode) {
    $pattern = "/^([A-PR-UWYZ0-9][A-HK-Y0-9][AEHMNPRTVXY0-9]?[ABEHMNPRVWXY0-9]? {1,2}[0-9][ABD-HJLN-UW-Z]{2}|GIR 0AA)$/";

    if (preg_match($pattern, $postcode)) {
        return TRUE;
    }

    $this->validation->set_message('is_valid_uk_postcode', 'That is not a valid %s.');
    return FALSE;
}
/* FUNCTION TO CREATE SALT */
function createSalt() {
$string = md5(uniqid(rand(), true));
return substr($string, 0, 3);
}
/* check if form was submitted */
if (isset($_POST['Submit'])){
$error_message = "";
/* This is the directory where images will be saved */
$target = "***correct-path***"; 
$target = $target . basename( $_FILES['upload']['name']); 
/* include validation script */
include ('php only scripts/validation.php');
$uploadDir = '***correct-path***'; /* main picture folder */
$max_height = 450;	/* 	largest height you allowed; 0 means any */
$max_width = 450; /*  largest width you allowed; 0 means any */
$max_file = 2000000;  /*  set the max file size in bytes */
$image_overwrite = 1;	 /* 0 means overwite; 1 means new name */
/* add or delete allowed image types */
$allowed_type01 = array(	"image/gif", 	"image/pjpeg", "image/jpeg", "image/png", "image/x-png", "image/jpg");
$do_thumb = 1;	 /*  1 make thumbnails; 0 means do NOT make */
$thumbDir = "/images/thumbs";  /*  thumbnail folder */
$thumb_prefix = "";  /*  prefix for thumbnails */
$thumb_width = 90; /*  max thumb width */
$thumb_height = 70;	// max thumb height
 //Writes the photo to the server 
if(move_uploaded_file($_FILES['upload']['tmp_name'], $target)) { 
	/* HERE IS WHERE WE WILL DO THE ACTUAL RESIZING */ 
	/* THESE SIX PARAMETERS MAY BE CHANGED TO SUIT YOUR NEEDS */
	$upload = $_FILES['upload']['name'];
	$o_path ="path***";
	$s_path = "path***";
	$file = $upload;
	$save = $file;
	$t_w = 200;
	$t_h = 150;
	/* DO NOT CHANGE THIS NEXT LINE */
	Resize_Image($save,$file,$t_w,$t_h,$s_path,$o_path);
}else{ 
	//Gives and error if its not 
	$error_message .= "Sorry, there was a problem uploading your file."; 
}
/* PREPARE DATA FOR INSERTION INTO TABLE */
//Writes the information to the database 
if(strlen(trim($error_message)) <1){  
	$salt = createsalt();
	$username = trim($_POST['username']);
	$password = trim($_POST['password']);
	$hash = hash('sha256', $salt, $password);
	$approved = 0; 
	$company_name = mysql_real_escape_string(trim($_POST['company_name']));
	$website = mysql_real_escape_string(trim($_POST['website']));
	$contact_name = mysql_real_escape_string(trim($_POST['contact_name']));
	$location = mysql_real_escape_string(trim($_POST['location']));
	$postcode = mysql_real_escape_string(trim($_POST['postcode']));
	$street1 = mysql_real_escape_string(trim($_POST['street1']));
	$street2 = mysql_real_escape_string(trim($_POST['street2']));
	$city = mysql_real_escape_string(trim($_POST['city']));
	$phone = mysql_real_escape_string(trim($_POST['phone']));
	$phone2 = mysql_real_escape_string(trim($_POST['phone2']));
	$email = mysql_real_escape_string(trim($_POST['email']));
	$premiumuser_description = mysql_real_escape_string(trim($_POST['premiumuser_description']));
	$salt = mysql_real_escape_string($salt);
	$upload = mysql_real_escape_string($upload);	
	$query ="INSERT INTO `db_name` (company_name, what_services, website, contact_name, location, postcode, street1, street2, city, phone,phone2, email, premiumuser_description, username, password, salt, approved, upload) VALUES ('$company_name', '$what_services', '$website', '$contact_name', '$location', '$postcode', '$street1', '$street2', '$city', '$phone', '$phone2', '$email', '$premiumuser_description', '$username', '$hash', '$salt', '$approved', '$upload')";
	$result = mysql_query($query) or die(mysql_error());
	if ($result) {

		}

	/* at this point we can send an email to the admin as well as the user.  DO NOT send the user's password to ANYONE!!!! */ 
}
}//if (isset($_POST['submit']))
?>

<?php
if (!empty($error_message)){ echo $error_message; }
?>

<div class="abox">
      <figure>
      <fcapion>
     <h1><hr>
<form action="view02.php" method="get" enctype="multipart/form-data" class="cursive">
<table width="316" border="0">
	<tr>
		<td colspan="2"><h1>Edit Your details </h1><p>fill out the form with your details...</p></td>
    </tr>
	<tr>
		<td> </td>
		<td><p> </p>
		<p>Click submit to update...</p><p>  </p></td>
	</tr>
	<tr>
		<td> </td>
		<td><p> </p><p></p><p><input type="hidden" name="id" value="<?php echo $row['id']; ?>"/><p>  </p></td>
	</tr>
	<tr>
		<td>Website:</td>
		<td><p> </p><p><input name="website" type="text" id="website" /></p>
    			<p>  </p></td>
	</tr>
	<tr>
		<td>Primary Number:</td>
		<td><p> </p><p><input name="phone" type="text" id="phone" /></p>
		<p>  </p></td>
	</tr>
	<tr>
		<td>Secondary Number:</td>
		<td><p> </p>
		<p><input name="phone2" type="text" id="phone2" /></p>
              <p> </p></td>
	</tr>
	<tr>
		<td>Company Description:</td>
		<td><p><em>Write a description of what your company does, the services it offers and any additional information here.</em> </p>
		<p><textarea rows="10" cols="100" name="premiumuser_description" id="premiumuser_description"></textarea></p>
		<p> </p></td>
	</tr>
        <tr>
		<td>Images:</td>
		<td><p><em>Upload your company images here.</em> </p>
		<p><input name="upload" type="file" class="style7" id="upload"></p>
		<p> </p></td>
	</tr>
	<tr>
	  <td><p> </p></td>
	  </tr>
	<tr>
		<td colspan="2"><input type="submit" name="submit" value="submit" /></td>
	</tr>
</table>
</form></h1>
      </fcaption></figure>
</div>
      </div>
    </middle>
</div>
<!--end middle -->
<!--start footer -->
<footer>  
  <div id="footer"></div>
</footer>
<!--end footer -->
</div>
<!--end container -->
  </body>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.min.js"></script>
</html>

Christian F. · August 29, 2012

Please cut down your code to a minimum, so that we can see the problem without having to wade through hundreds of lines of irrelevant code. Might even help you spot the problem yourself, in fact.

White_Lily · August 29, 2012

Hi.

Believe it or not but i had a similar problem only my problem was that the image wasnt being moved to the directory.

However, if i understood correctly what you are trying to do is allow people to not only pick an avatar at registration, but also enable them to "update" or change their avatar through their profile area?

I have built this concept on my own site! If you wanted to see it click below:

http://janedealsart.co.uk/register.php

I am still developing security wise, but the whole concept is finished so far.

If i read correct you are trying to do what i have already done.

Once youve registered go to Login -> click "go to profile" should it succeed. -> then once on your profile click "options" there will be a list of options including: Update Avatar, and Update Banner.

Is this pretty much much what you are trying to do?

andy_b_1502 · August 30, 2012

Yes White_Lily that's right. All other information is being updated using

if (count($setArray) > 0 {

$setstr = join (', ', $setArray);

$query = "UPDATE "tablename" SET $setstr WHERE id = $id";

mysql_query($query);

echo mysql_error();

}

But the image doesn't change or add to the database as a thumb anywhere or anything? is there any certain way i need to update images? or should this method work?

MMDE · August 30, 2012

Yes White_Lily that's right. All other information is being updated using

if (count($setArray) > 0 {

$setstr = join (', ', $setArray);

$query = "UPDATE "tablename" SET $setstr WHERE id = $id";

mysql_query($query);

echo mysql_error();

}

But the image doesn't change or add to the database as a thumb anywhere or anything? is there any certain way i need to update images? or should this method work?

Do this instead:

echo $query;
mysql_query($query) or die(mysql_error());

Check the HTML source in case there is a lot of HTML interfering and tell us what it says now. We need to know the actual query you use.

White_Lily · August 30, 2012

echoing the query will not work. there are certain things that need to be done in order to get the image moved to a directory, and the path in the database.

Here is my form code:


<?php


   session_start();


   include '../../cms/inc/conf.php';
   include '../../cms/inc/connect.php';
   $id = $_GET['id'];
   $page = $_SESSION['username'];


   $sql = "SELECT * FROM users WHERE id = '$id'";
   $result = mysql_query($sql);
   
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
   <head>
      <title><?php echo $GLOBALS["siteName"]." - ".$page; ?></title>
      <link rel="stylesheet" type="text/css" href="<?php echo $GLOBALS['siteUrl'] ?>/css/design.css">
      <link rel="stylesheet" type="text/css" href="<?php echo $GLOBALS['siteUrl'] ?>/css/profile.css">
      <link rel="stylesheet" type="text/css" href="<?php echo $GLOBALS['siteUrl'] ?>/css/options.css">
   </head>
   <body>
      <div class="wrapper">
         <div class="header">
            <img src="<?php echo $GLOBALS["siteUrl"] ?>/images/logo.png" />
         <>
         <div class="content">
            <div class="left_content">
               <div class="navigation">
                  <?php
                  
                     include '../../inc/members_navigation_include.php';
                  
                  ?>
               <>
            <>
            <div class="middle">
               <?php
                  
                  include "../profile_select.php";
                  
               ?>
                  <form enctype="multipart/form-data" action="avatarprocess.php?id=<?php echo $id; ?>" method="POST">
                     <label>Avatar:</label>
                     <input type="file" name="avatar" class="on_click" /><br><br>
                     <input type="submit" name="submit" class="buttons" value="Change Avatar" />
                  </form>
               <?php
                  mysql_close($con);
               
               ?>
            <>            
         <>
         <div class="clear"><>
         <div class="footer">
            <div class="link-push">
               <div class="footer-navigation">
                  <?php
                  
                     $sql = "SELECT * FROM m_pages";
                     $result = mysql_query($sql);
                     if($result)
                     {
                        echo "  |  ";
                        while ($db_field = mysql_fetch_assoc($result))
                        {
                           echo ("<a href='".$GLOBALS['siteUrl'].'/'.$db_field['page_filename']."'>" . $db_field['page_name'] . "</a>");
                           echo "  |  ";
                        }
                     }
                     else
                     {
                        echo "<p>No pages found.</p>";
                     }
                     mysql_close($con);
                  
                  ?>
               <>
            <>
            <div class="copy">
               <?php echo $GLOBALS["copy"]; ?>
            <>
            <div class="creator">
               Site created by: <?php echo $GLOBALS["creator"]; ?>
            <>
         <>
      <>
   </body>
</html>

and her is the php handler:


<?php


   session_start();


   include '../../cms/inc/conf.php';
   include '../../cms/inc/connect.php';
   $id = $_GET['id'];
   $page = $_SESSION['username'];


?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
   <head>
      <title><?php echo $GLOBALS["siteName"]." - ".$page; ?></title>
      <link rel="stylesheet" type="text/css" href="<?php echo $GLOBALS['siteUrl'] ?>/css/design.css">
      <link rel="stylesheet" type="text/css" href="<?php echo $GLOBALS['siteUrl'] ?>/css/profile.css">
      <link rel="stylesheet" type="text/css" href="<?php echo $GLOBALS['siteUrl'] ?>/css/options.css">
   </head>
   <body>
      <div class="wrapper">
         <div class="header">
            <img src="<?php echo $GLOBALS["siteUrl"] ?>/images/logo.png" />
         <>
         <div class="content">
            <div class="left_content">
               <div class="navigation">
                  <?php
                  
                     include '../../inc/members_navigation_include.php';
                  
                  ?>
               <>
            <>
            <div class="middle">
               <?php
               
                  $target = "{$_SERVER['DOCUMENT_ROOT']}/images/uploads/";
                  $target .= basename($_FILES['avatar']['name']);
                  
                  $pic = ($_FILES['avatar']['name']);
                  
                  $update = "UPDATE users SET avatar = '$pic' WHERE id = '$id'";
                  $result = mysql_query($update);
                  
                  if(($result) == true)
                  {
                     echo "<p>Database updated.</p><br>";
                     
                     if(move_uploaded_file($_FILES['avatar']['tmp_name'], $target))
                     {
                        echo "<p>The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory</p>";
                     }
                     else
                     {
                        echo "<p>Sorry, there was a problem uploading your file.</p>";
                     }
                  }
                  else
                  {
                     echo "<p>Database was not updated.</p>";
                  }
                  
               ?>
            <>            
         <>
         <div class="clear"><>
         <div class="footer">
            <div class="link-push">
               <div class="footer-navigation">
                  <?php
                  
                     $sql = "SELECT * FROM m_pages";
                     $result = mysql_query($sql);
                     if($result)
                     {
                        echo "  |  ";
                        while ($db_field = mysql_fetch_assoc($result))
                        {
                           echo ("<a href='".$GLOBALS['siteUrl'].'/'.$db_field['page_filename']."'>" . $db_field['page_name'] . "</a>");
                           echo "  |  ";
                        }
                     }
                     else
                     {
                        echo "<p>No pages found.</p>";
                     }
                     mysql_close($con);
                  
                  ?>
               <>
            <>
            <div class="copy">
               <!--<p>Copyright © <?php//=date('Y'); ?> Knights of The Keep</p>-->
               <?php echo $GLOBALS["copy"]; ?>
            <>
            <div class="creator">
               Site created by: <?php echo $GLOBALS["creator"]; ?>
            <>
         <>
      <>
   </body>
</html>

PS: "<>" = div closing tag.

also: most of the code youll want ot look at are in the headers and "middle" classes

MMDE · August 30, 2012

Could you tell us the exact query that you end up with, by doing what I said in my last post?

It will make it much easier to debug and we can much more easily see where the problem is.

White_Lily · August 30, 2012

The query in my code simply echos the file name that is in the database under the "avatar" column that is being updated.

White_Lily · August 30, 2012

In order for the code to display the image should it of been in a directory you need to get it to call the file path (in my case http://janedealsaart.co.uk/image/uploads/ and then the file name, "avatar.jpg")

now - should the file name be in the database correctly and the image moved to the correct directory, then the image specified by the script should show.

MMDE · August 30, 2012

The query in my code simply echos the file name that is in the database under the "avatar" column that is being updated.

It SHOULD echo the entire query you want to use, and it SHOULD echo an error if there is any in the MySQL query. If your query doesn't work and you want us to help you fix it, please provide the query. >_>

White_Lily · August 30, 2012

My code works fine, its this topics creators code that is the problem, im just trying ot show him how i did it, then hopefully he can just take it and change it to suit the site hes creating.

andy_b_1502 · August 31, 2012

In order for the code to display the image should it of been in a directory you need to get it to call the file path (in my case http://janedealsaart.co.uk/image/uploads/ and then the file name, "avatar.jpg")

now - should the file name be in the database correctly and the image moved to the correct directory, then the image specified by the script should show.

The image (which is uploaded when user's register) IS displayed.

It is displayed on their profiles. The information on their profiles should/can be edited so they can change what they like. Text can be edited by using UPDATE.

Are you saying that the path where the image is dropped into is incorrect?

Here's the scenario:

User logs in > scrolls down to see "edit details" > clicks browse (finds the image they want) > then clicks submit.

------ The new image should replace the old one. This works fine with the text but nothing for images.

What do i need to edit/change for it to work with images? it firstly needs to put the image into images/COMPANIES <<< where they are firstly sent. then it resizes with a script and drops newly created thumbnail into images/THUMBS. To be used on the website.

SO do i have to SELECT from thumbs or COMPANIES? lost.

andy_b_1502 · September 11, 2012

Sorry guys still having a little trouble with this.

<?php

include ('php only scripts/db.php');
$id = intval($_GET['id']);                                     // guarantee it's a harmless number value

if (isset($_GET['website']) && $_GET['website']) {             // does the GET value exists and has it a value ?
    $website = mysql_real_escape_string($_GET['website']);     //       get its value and escape it
    $setArray[] = "website = '$website'";                      //       ok to update this field in the query so store it
}
if (isset($_GET['phone']) && $_GET['phone']) {
    $phone = mysql_real_escape_string($_GET['phone']);
    $setArray[] = "phone = '$phone'";
}
if (isset($_GET['phone2']) && $_GET['phone2']) {
    $phone2 = mysql_real_escape_string($_GET['phone2']);
    $setArray[] = "phone2 = '$phone2'";
}
if (isset($_GET['premiumuser_description']) && $_GET['premiumuser_description']) {
    $premiumuser_description = mysql_real_escape_string($_GET['premiumuser_description']);
    $setArray[] = "premiumuser_description = '$premiumuser_description'";
}
if (isset($_GET['username']) && $_GET['username']) {
    $username = mysql_real_escape_string($_GET['username']);
    $setArray[] = "username = '$username'";
}
if (isset($_GET['password']) && $_GET['password']) { // These are the same so you'd need to make them different if your comparing the password to ensure they entered it correctly ex: $_GET['password1'] for another field in your form
    $password= mysql_real_escape_string($_GET['password']); // This is fine if the 2 values above are first compared
    $setArray[] = "password = SHA('$password')"; // If they are compared and validation checks out then just do the query to update the password here..
}
if (isset($_GET['upload']) && $_GET['upload']) {
    $upload = mysql_real_escape_string($_GET['upload']);
    $setArray[] = "upload = '$upload'";
}
/* check if form was submitted */
if (isset($_POST['Submit'])){
$error_message = "";
/* This is the directory where images will be saved */
$target = "/home/users/web/b109/ipg.removalspacecom/images/COMPANIES/"; 
$target = $target . basename( $_FILES['upload']['name']); 
/* include validation script */
include ('php only scripts/validation.php');
$uploadDir = 'images/COMPANIES'; /* main picture folder */
$max_height = 450;	/* 	largest height you allowed; 0 means any */
$max_width = 450; /*  largest width you allowed; 0 means any */
$max_file = 2000000;  /*  set the max file size in bytes */
$image_overwrite = 1;	 /* 0 means overwite; 1 means new name */
/* add or delete allowed image types */
$allowed_type01 = array(	"image/gif", "image/pjpeg", "image/jpeg", "image/png", "image/x-png", "image/jpg");
$do_thumb = 1;	 /*  1 make thumbnails; 0 means do NOT make */
$thumbDir = "/images/thumbs";  /*  thumbnail folder */
$thumb_prefix = "";  /*  prefix for thumbnails */
$thumb_width = 90; /*  max thumb width */
$thumb_height = 70;	// max thumb height
 //Writes the photo to the server 
if(move_uploaded_file($_FILES['upload']['tmp_name'], $target)) { 
	/* HERE IS WHERE WE WILL DO THE ACTUAL RESIZING */ 
	/* THESE SIX PARAMETERS MAY BE CHANGED TO SUIT YOUR NEEDS */
	$upload = $_FILES['upload']['name'];
	$o_path ="images/COMPANIES/";
	$s_path = "images/thumbs/";
	$file = $upload;
	$save = $file;
	$t_w = 200;
	$t_h = 150;
	/* DO NOT CHANGE THIS NEXT LINE */
	Resize_Image($save,$file,$t_w,$t_h,$s_path,$o_path);
}else{ 
	//Gives and error if its not 
	$error_message .= "Sorry, there was a problem uploading your file."; 
}}


if (count($setArray) > 0) {                                     // do we have at least on field to update?
    $setstr = join (', ', $setArray);                           // form a comma separated string of our updates
    $query = "UPDATE companies SET $setstr WHERE id = $id";     // update it
    echo $query;
    mysql_query($query) or die(mysql_error());
}
header("Location: view01.php?id=" . $id); 
exit(0);

?>

That is the code that handles and updates the form. When testing the browse> select image> update. It DOES seem to change the image BUT it doesn't change it to what is selected, instead just replaces the original image with nothing?

How do i get it to change to the selected image?

Many thanks.

andy_b_1502 · September 11, 2012

Further testing reveals that if i upload an image that is already in the companies and thumbs folder i.e the image that was used to register the company (it firstly goes into the images/COMPANIES folder then it gets resized and moved as a thumbnail to images/thumbs folder. It uploads fine. But if i were to add a new image not in any of these folders previously then the image doesn't upload, all it does is refreshes the page and goes back to the users profile with there company logo not shown.

Im assuming that the code to upload the image and then update is wrong somewhere, could someone please take a quick look and set me right. I will try to further test this but i cant see where i'm going wrong? it seems to be trying to update but theres a missing link in the chain somewhere? :/

andy_b_1502 · September 16, 2012

Bump.

Sign In

update profile picture

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information