Jump to content

Uploading File

franknu

By franknu
in PHP Coding Help

Recommended Posts

franknu Regular Member

franknu

Posted
Posted

I know this a comon question but my problems is that i have somebody else make the codes for me

now i fired that person and it looks like i have a problem on a code.

 

Ok everything uploads fine. exept for the file. so here is the problem it is uploading the full path meaning

 

/administrator/img_news/C:\Documents and Settings\Administrator\Desktop\pic1.jpg

 

and it is not uploading the the file into the directory  /administrator/img_news

 

here is my code  i know it is complicated at least to me

 


$KT_relPath ="/administrator/img_news/";
//$KT_relPath = "../";
  require_once("../includes/widgets/widgets_start.php");

//	---------------------------------------------
//	Pure PHP Upload version 1.1
//	-------------------------------------------
if (phpversion() > "4.0.6") {
$HTTP_POST_FILES = &$_FILES;
}
define("MAX_SIZE",300000);
define("DESTINATION_FOLDER", "/administrator/img_news/");
define("no_error", "/administrator/menu_main.php");
define("yes_error", "/administrator/error/login_error.php");
$_accepted_extensions_ = "jpg,gif";
if(strlen($_accepted_extensions_) > 0){
$_accepted_extensions_ = @explode(",",$_accepted_extensions_);
} else {
$_accepted_extensions_ = array();
}
$_file_ = $HTTP_POST_FILES['Picture'];
if(is_uploaded_file($_file_['tmp_name']) && $HTTP_POST_FILES['Picture']['error'] == 0){
$errStr = "";
$_name_ = $_file_['name'];
$_type_ = $_file_['type'];
$_tmp_name_ = $_file_['tmp_name'];
$_size_ = $_file_['size'];
if($_size_ > MAX_SIZE && MAX_SIZE > 0){
	$errStr = "File troppo pesante";
}
$_ext_ = explode(".", $_name_);
$_ext_ = strtolower($_ext_[count($_ext_)-1]);
if(!in_array($_ext_, $_accepted_extensions_) && count($_accepted_extensions_) > 0){
	$errStr = "Estensione non valida";
}
if(!is_dir(DESTINATION_FOLDER) && is_writeable(DESTINATION_FOLDER)){
	$errStr = "Cartella di destinazione non valida";
}
if(empty($errStr)){
	if(@copy($_tmp_name_,DESTINATION_FOLDER . "/" . $_name_)){
		header("Location: " . no_error);
	} else {
		header("Location: " . yes_error);
	}
} else {
	header("Location: " . yes_error);
}
}

?>
<?php require_once('Connections/townsfinder.php'); ?><?php
//initialize the session
if (!isset($_SESSION)) {
  session_start();
  $_SESSION['MM_UserName'];
}

// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles
  $_SESSION['MM_Username'] = NULL;
  $_SESSION['MM_UserGroup'] = NULL;
  $_SESSION['PrevUrl'] = NULL;
  unset($_SESSION['MM_Username']);
  unset($_SESSION['MM_UserGroup']);
  unset($_SESSION['PrevUrl']);

  $logoutGoTo = "login.php";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}
?>
<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "News";
$MM_donotCheckaccess = "false";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && false) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}
$MM_restrictGoTo = "error/login_error.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<?php

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form2")) {
  $insertSQL = sprintf("INSERT INTO event (User_id, Headline, SmallContent, Body, Writer, `Date`, Picture, Category, Status) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['User_id'], "int"),
                       GetSQLValueString($_POST['Headline'], "text"),
                       GetSQLValueString($_POST['SmallContent'], "text"),
                       GetSQLValueString($_POST['Body'], "text"),
                       GetSQLValueString($_POST['Writer'], "text"),
                       GetSQLValueString($_POST['Date'], "date"),
                       GetSQLValueString("/administrator/img_news/". $_POST['Picture'], "text"),
                       GetSQLValueString($_POST['Category'], "text"),
                       GetSQLValueString($_POST['Status'], "text"));

  mysql_select_db($database_townsfinder, $townsfinder);
  $Result1 = mysql_query($insertSQL, $townsfinder) or die(mysql_error());

  $insertGoTo = "menu_main.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
}

mysql_select_db($database_townsfinder, $townsfinder);
$query_ver_usu = "SELECT * FROM `user` ORDER BY User_NameUsr ASC";
$ver_usu = mysql_query($query_ver_usu, $townsfinder) or die(mysql_error());
$row_ver_usu = mysql_fetch_assoc($ver_usu);
$totalRows_ver_usu = mysql_num_rows($ver_usu);
?>

 

 

Link to comment
https://forums.phpfreaks.com/topic/65614-uploading-file/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.