Jump to content

image upload


monkeymade

Recommended Posts

I have been using this script for a while, and up untill recently it was working... it just came to my attention that it is no longer working, I am hoping someone here can tell me why.... ???

[code]<?PHP
IF ($B1)
{
$db = mysql_connect("localhost", $dbusername, $dbuserpassword);
mysql_select_db($dbase,$db) or die("unable to select database");
$result = mysql_query("SELECT username FROM $tb3 WHERE unum = '$myunum'",$db) or die(mysql_error());
$usename = mysql_result($result,0,"username");
$filesize = $_FILES['F1']['size'];
$filetype = $_FILES['F1']['type'];
IF (($filesize <= 120000) AND ($filetype == 'image/pjpeg') OR ($filetype == 'image/jpeg'))
{
$nameuse = "$usename.jpg";
// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
// of $_FILES.
$uploaddir = '/home/mhost/public_html/mtgorank/players/';
$uploadfile = $uploaddir . $nameuse;
if (move_uploaded_file($_FILES['F1']['tmp_name'], $uploadfile))
{
$db = mysql_connect("localhost", $dbusername, $dbuserpassword);
mysql_select_db($dbase,$db) or die("unable to select database");
$result = mysql_query("UPDATE $tb3 SET pic = 'yes' WHERE unum = '$myunum'",$db) or die(mysql_error());
echo "File is valid, and was successfully uploaded.\n";
}
else
{
echo "Possible file upload attack!";
}
}
IF (($filetype != 'image/pjpeg') AND ($filetype != 'image/jpeg'))
{
echo "Your Image is the wrong file type, it must be a jpg image<BR>your image is $filetype";
}
IF ($filesize > 102000)
{
echo "Your Image is to large to upload";
}
}
?>

[/code]
Link to comment
Share on other sites

it's image upload... why use SQL? you can do that with plain old PhP, easier, quicker, more efficient, less errored...
try this maybe?

[code]
<?php
function GetFile() {
$num = 0;
while(file_exists($num . ".jpg")){
$num++;
}
return $num;
}
$num2 = 0;
$e = "";
while ($num2 < GetFile()) {
$e .= "Image number: #$num2<br><a href=$num2.jpg><img src='$num2.jpg' width=180 height=180 title='click for full size'></a><br>";
$e .= fread(fopen("$num2.txt", "r"), filesize("$num2.txt"));
$e .= "<br><hr><br>";
$num2++;
}

if(!isset($img_name)) {
echo "
<html>
<head>
<title>Picture Uploader</title>
</head>
<body>
" . $e . "
<br>
<hr>

NOTE: Security is taken very seriously here, it is tight enough to cause one small bug, while filename.jpg and filename.gif are acceptable<br>
file.name.jpg and file.name.gif are NOT, sorry for the inconvinience.. just deal with it.<br>
<u>Rules For Uploading</u>:<br>
<p>
<li> .jpg's and .gif's only<br>
<li> picture must be 150kb (153600 Bytes) or less
</p>
<br>
<form method=POST action=test2.php enctype=multipart/form-data>
<p>File to upload:<br>
<table border=0 cellspacing=0 cellpadding=0>
<tr>
<td colspan=2><input type=file name=img size=20></td>
</tr><tr>
<td><textarea name=\"comment\" cols=15 rows=5></textarea></td><td>Image Comments</td>
</tr><tr>
<td><input type=\"submit\" name=\"submit\" value=\"Upload\"></td><td><input type=reset value=Clear></td>
</tr></table>
</form>
<br>
<form name=del action=del.php method=post>
<input type=text name=numba>Image Number<br>
<input type=password name=password>Deletion password<br>
<input type=submit value=delete><br>
</form>
</body>
</html>";
}
else {
$a = strstr($img_name, ".");
if ($a != ".jpg" && $a != ".gif") {
echo "only formats accepted are .jpg and .gif!<input type='button' value='back' onclick='history.go(-1)'>";
} elseif ($img_size > 153600) {
echo "Cannot upload above a 150kb file (153600 bytes)<input type='button' value='back' onclick='history.go(-1)'>";
} else {
$log = "";
$abpath = "./";
$moo = GetFile();
@copy($img, "$abpath/" . $moo . ".jpg") or $log .= "Couldn't copy file to server<br><input type='button' value='back' onclick='history.go(-1)'>";
if (file_exists("$abpath/" . $moo . ".jpg")) {
$log .= "File was uploaded<br><input type='button' value='back' onclick='history.go(-1)'>";
$fp = fopen($moo . ".txt", "a");
fwrite($fp, $_POST["comment"]);
fclose($fp);
}
echo $log;
}
}
?>
[/code]

del.php:
[code]
<?php
$ps = $_POST["password"];
$psw = "*******";  //--- replace *'s with your pass
$imagenumber = $_POST["numba"];
if ($ps != $psw) {
echo "incorrect password";
} elseif(!file_exists($imagenumber . ".jpg")) {
echo "Invalid Id #";
} else {
unlink($imagenumber . ".jpg");
unlink($imagenumber . ".txt");
$num = $imagenumber;
$num++;
while(file_exists($num . ".jpg")){
$num++;
}
$num2 = $imagenumber;
$num2++;
if (file_exists($num2 . ".jpg")) {
while($num2 < $num) {
$num3 = $num2;
$num3--;
rename($num2 . ".jpg", $num3 . ".jpg");
rename($num2 . ".txt", $num3 . ".txt");
$num2++;
}
}
echo "Succesful.";
}
?>
[/code]
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.