Modify image upload scripy to MP3 upload script

[derek barnstorm]

Hi, another question. I am using the following script to upload images to a database. I am pretty new to PHP, but what I would like to do is, modify the script so that it handles MP3 uploads instead of image uploads. Is that possible with this script? If so, has anyone got any ideas how I would go about it?

 

Thanks,

 

Des.

 

Script:

 

<?php
if($_SERVER[php_SELF]=="/include/profiles/upload.inc.php")
{
    header("Location: /index.php");
    exit;
}

$image_id = $_POST['image_id'];
$userfile = $_POST['userfile'];


//UPLOAD CHECK

        $connection = @mysql_connect("$db_host", "$db_user", "$db_pass") or die("Couldn't connect to database.");
        $db = @mysql_select_db($db_name, $connection) or die("Couldn't select database.");

        $sql = "SELECT * FROM $tbl_images
        WHERE image_id = \"$auth[member_id]\"
        ";

        $result = @mysql_query($sql,$connection) or die("Couldn't execute image check query.");
        $num=mysql_num_rows($result);

        if($num == "0") {
        $make_default = "yes";
        } else {
        $make_default = "no";
        }


        if($num > "5") {

        ?>
        <p><b>You may have 1 picture. Please delete your old picture
        before uploading a new one:</b></p>
        <table cellpadding="4" cellspacing="0" width="100%">

        <?

        while ($row = mysql_fetch_array($result)) {

        $location ="$row[directory]/$row[image]";
        $showimg="/$userdir/$row[url]/$row[image]";

        echo "<tr>
        <td>
            <p> <form action=\"remove_pic.php\" method=\"POST\">
        <p><input type=\"checkbox\" name=\"remove\" checked>
        <IMG SRC=\"../../thumbs/phpThumb.php?src=$showimg&w=150\" border=\"0\">
        <br><input type=\"submit\" name=\"submit\" value=\"Delete!\">
        <input type=\"hidden\" name=\"filename\" value=\"$location\">
        <input type=\"hidden\" name=\"file\" value=\"$row[image]\"></p>
        </form>

        </td>
    </tr>";
}
?>
</table>
<p><input type=button value="Cancel" onClick="history.go(-1)"></p>
<?
exit;
} else {
//END Upload check

//$acceptable_file_types used by upload() method
//
// Limit acceptable uploads based on MIME type. Common MIME types
// include: text/plain, image/gif, image/jpeg image/png

// To accept ONLY gifs's use the following
//acceptable_file_types = "image/gifs";

// Accept GIF and JPEG files
//$acceptable_file_types = "image/gif|image/jpeg|image/pjpeg";

// Accept all image files
$acceptable_file_types = "image";

// Accept ALL files (NOT recommended!)
$acceptable_file_types = "";


$connection = @mysql_connect("$db_host", "$db_user", "$db_pass") or die("Couldn't connect to database.");

$db = @mysql_select_db($db_name, $connection) or die("Couldn't select database.");

$sql = "
SELECT profile_id, directory, profile_url
FROM $tbl_profiles
WHERE profile_id = \"$auth[member_id]\"
";

$result = @mysql_query($sql,$connection) or die("Couldn't execute profile query.");
$num=mysql_num_rows($result);

while ($row = mysql_fetch_array($result)) {

$directory = $row['directory'];
$profile_url = $row['profile_url'];
$image_id = $row['profile_id'];

}
$url = "$usrdir$profile_url/";

require("fileupload.class.php");

// Path to the directory where uploaded files will be saved. MUST end
// with a trailing slash unless you use $path = "";

$path = "$directory/";



// If no extension is supplied, and the browser or PHP can not figure
// out what type of file it is, you can add a default extension

$default_extension = ".jpg"; // example: ".jpg"

// Handles identically named uploaded files.
//
// OPTIONS:
//   1 = overwrite mode
//   2 = create new with incremental extention
//   3 = do nothing if exists, highest protection

$mode = 1;


/*
**
** UPLOAD LOGIC
** --------------------------------------------------------------------
**
*/
    if (isset($_REQUEST['submitted'])) {

        /*
            A simpler way of handling the submitted upload form
            might look like this:

            $my_uploader = new uploader('en'); // errors in English

            $my_uploader->max_filesize(30000);
            $my_uploader->max_image_size(800, 800);
            $my_uploader->upload('userfile', 'image/gif', '.gif');
            $my_uploader->save_file('uploads/', 2);

            if ($my_uploader->error) {
                print($my_uploader->error . "<br><br>\n");
            } else {
                print("Thanks for uploading " . $my_uploader->file['name'] . "<br><br>\n");
            }
        */

        // Create a new instance of the class
        $my_uploader = new uploader($_POST['language']); // for error messages in french, try: uploader('fr');

        // OPTIONAL: set the max filesize of uploadable files in bytes
        $my_uploader->max_filesize(400000);

        // OPTIONAL: if you're uploading images, you can set the max pixel dimensions
        $my_uploader->max_image_size(600, 600); // max_image_size($width, $height)

        // UPLOAD the file

        if ($my_uploader->upload("userfile", $acceptable_file_types, $default_extension)) {
            $my_uploader->save_file($path, $mode);
        }

        if ($my_uploader->error) {
            echo $my_uploader->error . "<br><br>\n";

        } else {

            // Print all the array details...
            //print_r($my_uploader->file);

            // ...or print the file
            if(stristr($my_uploader->file['type'], "image")) {
                echo "<img src=\"" . $url . $my_uploader->file['name'] . "\" border=\"0\" alt=\"\">";
                ?><br><br>
                <?
                echo "<p align=\"center\">Return to <a href=\"$url\">my profile</a>.</p>";

                $newimage = $my_uploader->file['name'];
                $mydir = "$directory";
                $connection = @mysql_connect("$db_host", "$db_user", "$db_pass") or die("Couldn't connect.");

                $db = @mysql_select_db($db_name, $connection) or die("Couldn't select database.");

        $sql = "SELECT * FROM $tbl_images
        WHERE image_id = \"$auth[member_id]\" AND default_pic = \"yes\"
        ";

        $result = @mysql_query($sql,$connection) or die("Couldn't execute image default query.");
        $num=mysql_num_rows($result);

        if($num == "0") {
        $make_default = "yes";
        }

                $sql = "INSERT INTO $tbl_images
                (image_id, directory, image, url, displayname, default_pic)

                VALUES

                (\"$auth[member_id]\",\"$mydir\", \"$newimage\", \"$profile_url\", \"$auth[displayname]\", \"$make_default\")";

                $result = @mysql_query($sql,$connection) or die("<b>A fatal MySQL error occured</b>.\n<br />Query: " . $query . "<br />\nError: (" . mysql_errno() . ") " . mysql_error());

                exit;
            } else {
                $fp = fopen($path . $my_uploader->file['name'], "r");
                while(!feof($fp)) {
                    $line = fgets($fp, 255);
                    echo $line;
                }
                if ($fp) { fclose($fp); }
            }
         }
     }
}
?>
    <form enctype="multipart/form-data" action="<?= $_SERVER['PHP_SELF']; ?>" method="POST">
    <input type="hidden" name="submitted" value="true">
    <input type="hidden" name="image_id" value="<?echo $image_id ?>">
        <input name="userfile" type="file">
        <br><br>
        <input type="submit" value="Upload File">
        </form>
          <input type=button value="Cancel" onClick="history.go(-1)">

[trq]

By the looks of it....

 

// Accept ALL files (NOT recommended!)
$acceptable_file_types = "";

 

Its ready to go.

[DeathStar]

Does look like it.

 

I really suggest you do not let any file trough.

It could be a shell they upload, and lets them alter files and execute commands.

[derek barnstorm]

Okay, thanks for your replies, I think I'll try to go about it a different way.

 

Cheers,

 

Des.