monkeymade Posted January 30, 2007 Share Posted January 30, 2007 I have been using this script for a while, and up untill recently it was working... it just came to my attention that it is no longer working, I am hoping someone here can tell me why.... ???[code]<?PHPIF ($B1) {$db = mysql_connect("localhost", $dbusername, $dbuserpassword);mysql_select_db($dbase,$db) or die("unable to select database");$result = mysql_query("SELECT username FROM $tb3 WHERE unum = '$myunum'",$db) or die(mysql_error());$usename = mysql_result($result,0,"username");$filesize = $_FILES['F1']['size']; $filetype = $_FILES['F1']['type']; IF (($filesize <= 120000) AND ($filetype == 'image/pjpeg') OR ($filetype == 'image/jpeg')) { $nameuse = "$usename.jpg"; // In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead // of $_FILES. $uploaddir = '/home/mhost/public_html/mtgorank/players/'; $uploadfile = $uploaddir . $nameuse; if (move_uploaded_file($_FILES['F1']['tmp_name'], $uploadfile)) { $db = mysql_connect("localhost", $dbusername, $dbuserpassword); mysql_select_db($dbase,$db) or die("unable to select database"); $result = mysql_query("UPDATE $tb3 SET pic = 'yes' WHERE unum = '$myunum'",$db) or die(mysql_error()); echo "File is valid, and was successfully uploaded.\n"; } else { echo "Possible file upload attack!"; } }IF (($filetype != 'image/pjpeg') AND ($filetype != 'image/jpeg')) { echo "Your Image is the wrong file type, it must be a jpg image<BR>your image is $filetype"; }IF ($filesize > 102000) { echo "Your Image is to large to upload"; }}?>[/code] Quote Link to comment Share on other sites More sharing options...
Jessica Posted January 30, 2007 Share Posted January 30, 2007 We need to know what's not working. Errors, etc? Quote Link to comment Share on other sites More sharing options...
monkeymade Posted January 30, 2007 Author Share Posted January 30, 2007 oh sorry, the page opens, what I get though is:Possible file upload attack!Which tells me that the file isn't being moved, but I don't know why.... Quote Link to comment Share on other sites More sharing options...
monkeymade Posted January 31, 2007 Author Share Posted January 31, 2007 ??? I've been looking this same script over for a while, I still can't figure it out ??? Quote Link to comment Share on other sites More sharing options...
monkeymade Posted January 31, 2007 Author Share Posted January 31, 2007 guessing no one knows whats wrong here? Quote Link to comment Share on other sites More sharing options...
True`Logic Posted January 31, 2007 Share Posted January 31, 2007 it's image upload... why use SQL? you can do that with plain old PhP, easier, quicker, more efficient, less errored...try this maybe?[code]<?phpfunction GetFile() { $num = 0; while(file_exists($num . ".jpg")){ $num++; } return $num;}$num2 = 0;$e = "";while ($num2 < GetFile()) { $e .= "Image number: #$num2<br><a href=$num2.jpg><img src='$num2.jpg' width=180 height=180 title='click for full size'></a><br>"; $e .= fread(fopen("$num2.txt", "r"), filesize("$num2.txt")); $e .= "<br><hr><br>"; $num2++;}if(!isset($img_name)) {echo "<html><head><title>Picture Uploader</title></head><body>" . $e . "<br><hr>NOTE: Security is taken very seriously here, it is tight enough to cause one small bug, while filename.jpg and filename.gif are acceptable<br>file.name.jpg and file.name.gif are NOT, sorry for the inconvinience.. just deal with it.<br><u>Rules For Uploading</u>:<br><p><li> .jpg's and .gif's only<br><li> picture must be 150kb (153600 Bytes) or less</p><br><form method=POST action=test2.php enctype=multipart/form-data><p>File to upload:<br><table border=0 cellspacing=0 cellpadding=0><tr><td colspan=2><input type=file name=img size=20></td></tr><tr><td><textarea name=\"comment\" cols=15 rows=5></textarea></td><td>Image Comments</td></tr><tr><td><input type=\"submit\" name=\"submit\" value=\"Upload\"></td><td><input type=reset value=Clear></td></tr></table></form><br><form name=del action=del.php method=post><input type=text name=numba>Image Number<br><input type=password name=password>Deletion password<br><input type=submit value=delete><br></form></body></html>";}else { $a = strstr($img_name, "."); if ($a != ".jpg" && $a != ".gif") { echo "only formats accepted are .jpg and .gif!<input type='button' value='back' onclick='history.go(-1)'>"; } elseif ($img_size > 153600) { echo "Cannot upload above a 150kb file (153600 bytes)<input type='button' value='back' onclick='history.go(-1)'>"; } else { $log = ""; $abpath = "./"; $moo = GetFile(); @copy($img, "$abpath/" . $moo . ".jpg") or $log .= "Couldn't copy file to server<br><input type='button' value='back' onclick='history.go(-1)'>"; if (file_exists("$abpath/" . $moo . ".jpg")) { $log .= "File was uploaded<br><input type='button' value='back' onclick='history.go(-1)'>"; $fp = fopen($moo . ".txt", "a"); fwrite($fp, $_POST["comment"]); fclose($fp); } echo $log; }}?>[/code]del.php:[code]<?php$ps = $_POST["password"];$psw = "*******"; //--- replace *'s with your pass $imagenumber = $_POST["numba"];if ($ps != $psw) {echo "incorrect password";} elseif(!file_exists($imagenumber . ".jpg")) {echo "Invalid Id #";} else {unlink($imagenumber . ".jpg");unlink($imagenumber . ".txt");$num = $imagenumber;$num++;while(file_exists($num . ".jpg")){$num++;}$num2 = $imagenumber;$num2++;if (file_exists($num2 . ".jpg")) {while($num2 < $num) {$num3 = $num2;$num3--;rename($num2 . ".jpg", $num3 . ".jpg");rename($num2 . ".txt", $num3 . ".txt");$num2++;}}echo "Succesful.";}?>[/code] Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.