Jump to content

I copied the codes exactly, why is one not working?

djfox

By djfox
in PHP Coding Help

 Share

Recommended Posts

djfox Regular Member

djfox

Posted
Posted

I have a set of codes to upload an image file to my server. This one set of codes for the art gallery works. I copied these codes to use for uploading image files for a store`s website. The ONLY difference between them is the displayed design of the pages and their redirecting links and the store`s files are under a subfolder. Why doesn`t the store`s codes work?

 

The Art Gallery Codes

 

submit.php

<?php
//Date: February 24 2007
//For: www.secrettrance.net
//Description: Upload New Trance

include("dbcon.php");
require_once "design.php";
require_once "auth.php";
require_once "includes/defines.php";

$Title = "Secret Trance: Upload New Trance";

require_once "header.php";
require_once "hidestatus.php";

if (!isLoggedIn()) {
Redirect("index.php");
}
?>

<table border=0 width=100%><? //2 
?>
<tr>
<td>
<table border=0 width=100% bgcolor="000000"><? //3
?>
<tr>
<td background="<? echo $boxbanner; ?>"><b>Upload New Trance</b>
<tr>
<td background="<? echo $boxback; ?>">
<?php
if( $suspend < 1){
?>
<form enctype="multipart/form-data" action="upload.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="3000000" />
<b>Image File:</b> <a href="javascript:void(0)" ONCLICK="open('help1.php','miniwin','toolbar=0, location=0,directories=0, status=0,menubar=0, scrollbars=0,resizable=0, width=300,height=300')">?</a>
<br><input name="userfile" style="font-size: 13px; background-color: #000000; border: 0px;" type="file" />
<input type=hidden name="l" value="<? echo rtrim($log) ?>">
<p>
<b>Title:</b> <a href="javascript:void(0)" ONCLICK="open('help2.php','miniwin','toolbar=0, location=0,directories=0, status=0,menubar=0, scrollbars=0,resizable=0, width=300,height=300')">?</a>
<br><input type=text name="n" size=50 maxlength=150>
<p>
<b>Description:</b> <a href="javascript:void(0)" ONCLICK="open('help3.php','miniwin','toolbar=0, location=0,directories=0, status=0,menubar=0, scrollbars=0,resizable=0, width=300,height=300')">?</a>
<br><textarea name="t" cols=80 rows=5 style="border: 0px; background-color:#000000; color: #B6ABCE;"></textarea>
<p>	
<b>Select a Category:</b> <a href="javascript:void(0)" ONCLICK="open('help4.php','miniwin','toolbar=0, location=0,directories=0, status=0,menubar=0, scrollbars=0,resizable=0, width=300,height=300')">?</a>
<br><select name="cat" style="border: 0px; background-color:#000000; color: #B6ABCE;">
<?
  $res = mysql_query("SELECT id, name FROM imagecats ORDER BY name ASC");
  while ( $cat = mysql_fetch_row($res) ){
     echo "<option value='$cat[0]'>$cat[1]</option>";
  }
?>
</select>
<p>
<b>Literature:</b> <a href="javascript:void(0)" ONCLICK="open('help5.php','miniwin','toolbar=0, location=0,directories=0, status=0,menubar=0, scrollbars=0,resizable=0, width=300,height=300')">?</a>
<br><textarea name="s" cols=80 rows=5 style="border: 0px; background-color:#000000; color: #B6ABCE;"></textarea>
<p>
<b>Keywords:</b>
<br><input type=text name="key" size=50 maxlength=255>
<p>
<input type="submit" value="Upload Trance" /></form>
<?php
}
else {
if( $suspend > 0){
echo "Sorry, your account is on suspension. You must wait until suspension expires before you can access this.";
}
}
?>
</table><? //3
?>
</table><? //2 
?>
<p>
<?
require_once "footer.php";
?>

 

upload.php

<?php session_start();
include("dbcon.php");
include("auth.php");

//Date: February 25 2007
//For: secrettrance.net
//Description: Upload a new trance

$log=$l;

//Get the users upload limits
$res=mysql_query("SELECT dLim, mLim, gLim, isHold, id FROM userdata WHERE login='$log'");
$rows = mysql_fetch_row($res);
$dailyLim=$rows[0];
$monthlyLim=$rows[1];
$galleryLim=$rows[2];
$hold=$rows[3];
$gall = $rows[4];
mysql_free_result($res);

//Decide where the file is going
if ( $temp ){   
   $uploaddir = 'gallery/$lname/';
}else{
   $uploaddir = "gallery/$log/";
}
$file=$_FILES['userfile']['name'];
$uploadfile = $uploaddir . $file;
$uploadthumb = "thumbs/" . $file;

//The add query
$entry_date = strftime("%B\ %e\,\ %Y %H:%M:%S", time());
$add="INSERT INTO image ( name, description, gallNum, URL, thumbURL, rating, numRates, addDate, cat, literature, keyw ) VALUES ( '$n', '$t', $gall, '$uploadfile', '$uploadthumb', 0, 0, '$entry_date', $cat, '$s', '$key' )";

//The users current upload usage on the system
$daily="SELECT COUNT(*) from image WHERE addDate=NOW() AND gallNum=$gall";
$res=mysql_query($daily);
$temp = mysql_fetch_row($res);
$d = $temp[0];
mysql_free_result($res);
$monthly="SELECT COUNT(*) from image WHERE MONTH(addDate)=MONTH(NOW()) AND YEAR(addDate)=YEAR(NOW()) AND gallNum=$gall";
$res=mysql_query($monthly);
$temp = mysql_fetch_row($res);
$m = $temp[0];
mysql_free_result($res);
$gallery="SELECT COUNT(*) from image WHERE gallNum=$gall";
$res=mysql_query($gallery);
$temp = mysql_fetch_row($res);
$g = $temp[0];
mysql_free_result($res);
$exten=split('\.',$file);

//Check for file restrictions
if($exten[1]=="jpg"||$exten[1]=="jpeg"||$exten[1]=="gif"||$exten[1]=="JPG"||$exten[1]=="JPEG"||$exten[1]=="GIF"||$exten[1]=="png"||$exten[1]=="PNG"){
   //Check for suspension
   if(!$hold){
     //Check for usage limit hit
     if($dailyLim>$d && $monthlyLim>$m && $galleryLim > $g){
       // The actual uploading
       if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
          $res = mysql_query($add) or die(mysql_error());
          header("Location: trancer.php");
       } else {
          print "Possible file upload attack!  Here's some debugging info:\n";
          print_r($_FILES);
       }
     }else{
        echo "You can`t exceed your upload limit. View <a href='manual.php'>the manual</a> for more information.";
     }
   }else{
      echo "You're on suspension. Please talk to an administrator.";
   }
}else{
   echo "Invalid file extension. Please only upload .jpg, .png or .gif files. Thank You.";
} 
mysql_close($con);

//redirect
header("Location: uploadechos.php");

//-----upload.php
?>

 

uploadechos.php

<?php
include("dbcon.php");
include("func.php");
require_once "auth.php";
require_once "includes/defines.php";

$log = $_SESSION['sess_name'];

   $_SESSION['echos'] = $echos = $echos + 10;
   mysql_query("UPDATE userdata SET echo_count = $echos WHERE login = '".$log."' ") or die(mysql_error());
   
header("Location: trancer.php");
?>

 

auth.php

<?php
//======================================================
// Auth routines
// (c) 2006 Joao Pinheiro
//======================================================
	// Defines

	DEFINE('SESSION_MAGIC','sadhjasklsad2342');

	// Initialization
	@session_start();
	@ob_start();
  

    /*
      Redirects to another page
    */
    function Redirect($to) {

   @session_write_close();
   @ob_end_clean();
   @header("Location: $to");
    } 

     /*
        Deletes existing session
    */
function RemoveSession() {
	$_SESSION = array();
	if (isset($_COOKIE[session_name()])) {
	   @setcookie(session_name(), '', time()-42000, '/');
	}
}
    
/*
  Checks if user is logged in
*/ 
function isLoggedIn() {

	return(isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC));
}

    /*
      Terminates an existing session
    */
    function Logout() {
    @RemoveSession();
    @session_destroy();
    }

    /* 
      read message count
    */
    function CountMessages($id) {
    
   if ($res=mysql_query("SELECT * FROM messagedata WHERE recBoxID=$id AND isNew=1"))
   {
	   $count=mysql_num_rows($res);
	   mysql_free_result($res);	   
	   return($count);
   }
   return 0; 
    }
    
    /*
      Go login go!
    */
    function Login($username,$password) {
   
    global $nmsg, $rows;
   
   $ok=false;	
   if ($res=mysql_query("SELECT id,level,mailNum, echo_count, status, isHold, guildLim, adult FROM userdata WHERE login='$username' AND password='$password'"))
   {
	   if ($rows=mysql_fetch_row($res)) {
		    $_SESSION['sess_name'] = $username;
			$_SESSION['pass'] = $password;
			$_SESSION['gal'] = $rows[0];
			$_SESSION['mail'] = $rows[2];
			$_SESSION['level2'] = $rows[1];	
			$_SESSION['echos'] = $rows[3];
			$_SESSION['status'] = $rows[4];
			$_SESSION['suspend'] = $rows[5];
			$_SESSION['guildnum'] = $rows[6];
			$_SESSION['adult'] = $rows[7];
		    $_SESSION['magic'] = SESSION_MAGIC;
		    $_SESSION['rows'] = $rows; /* stupid stupid hack */
		    $nmsg = CountMessages($rows[0]);
		    $ok=true;
	   } else {
		   include('login_failed.php');
	   }
	   mysql_free_result($res);
   }
   return($ok);
   }

    /*
      Escape array using mysql
    */   
function Escape(&$arr)
{
 if (Count($arr)>0) {
	    foreach($arr as $k => $v) {
	        if (is_array($v)) {
	            Escape($arr[$k]);
	        }
	        else {
	            if (function_exists('get_magic_quotes')) {
	                if(!get_magic_quotes_gpc()) {
	                    $arr[$k] = stripslashes($v);
	                }
	            }
	            $arr[$k] = mysql_real_escape_string($v);
	        }
	   }
      }
}

// -----------------------------------------------    
// Main
// -----------------------------------------------    

   Escape($_POST);
   Escape($_GET);
   Escape($_COOKIE);
   Escape($_REQUEST);
   Escape($_GLOBALS);
   Escape($_SERVER);
   
?>

 

 

 

 

 

The Store`s Files

 

product_add.php

<?php
//Date: August 26 2007
//For: A Place for Pets
//Description: Add a Product

include("dbcon.php");
require_once "auth.php";
require_once "includes/defines.php";

$Title = "A Place for Pets: Admin Panel: Add a Product";

require_once "header.php";
require_once "hidestatus.php";

if (!isLoggedIn()) {
Redirect("index.php");
}

$lev=$_SESSION['level2'];
$log=$_SESSION['gal'];
?>

<table width=100% border=0 cellpadding=0><? //1
?>
<tr>
<td width=20% valign=top>
<? require_once "navbar.php"; ?>
<td>
<td>
<td>
<td width=80% valign=top>
<?php
   if( $lev > {
?>
<table border=0 width=100% bgcolor="<? echo $outline; ?>"><? //2
?>
<tr>
<td bgcolor="<? echo $head; ?>"><font color="<? echo $font1; ?>"><b>Admin Panel: Add a Product</b></font>
</table> <? //2
?>
<?php
if( $suspend < 1){
?>
<form enctype="multipart/form-data" action="upload.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="3000000" />
<b>Image File:</b>
<br><input name="userfile" style="font-size: 13px; background-color: #000000; border: 0px;" type="file" />
<input type=hidden name="l" value="<? echo rtrim($log) ?>">
<p>
<b>Title:</b>
<br><input type=text name="n" size=50 maxlength=150>
<p>
<b>Description:</b>
<br><textarea name="t" cols=80 rows=5 style="border: 0px; background-color:#000000; color: #B6ABCE;"></textarea>
<p>	
<b>Select a Category:</b>
<br><select name="cat" style="border: 0px; background-color:#000000; color: #B6ABCE;">
<?
  $res = mysql_query("SELECT id, name FROM imagecats ORDER BY name ASC");
  while ( $cat = mysql_fetch_row($res) ){
     echo "<option value='$cat[0]'>$cat[1]</option>";
  }
?>
</select>
<p>
<b>Literature:</b>
<br><textarea name="s" cols=80 rows=5 style="border: 0px; background-color:#000000; color: #B6ABCE;"></textarea>
<p>
<b>Keywords:</b>
<br><input type=text name="key" size=50 maxlength=255>
<p>
<input type="submit" value="Upload Trance" /></form>
<?php
}
else {
if( $suspend > 0){
echo "Sorry, your account is on suspension. You must wait until suspension expires before you can access this.";
}
}
?>
<?
}
?>
</table><? //1
?>

<? require_once "footer.php"; ?>

 

upload.php

<?php session_start();
include("dbcon.php");
include("auth.php");

//Date: August 26 2007
//For: A Place for Pets
//Description: Upload a new trance

$log=$l;

//Get the users upload limits
$res=mysql_query("SELECT dLim, mLim, gLim, isHold, id FROM userdata WHERE login='$log'");
$rows = mysql_fetch_row($res);
$dailyLim=$rows[0];
$monthlyLim=$rows[1];
$galleryLim=$rows[2];
$hold=$rows[3];
$gall = $rows[4];
mysql_free_result($res);

//Decide where the file is going
if ( $temp ){   
   $uploaddir = 'gallery/$lname/';
}else{
   $uploaddir = "gallery/$log/";
}
$file=$_FILES['userfile']['name'];
$uploadfile = $uploaddir . $file;
$uploadthumb = "thumbs/" . $file;

//The add query
$entry_date = strftime("%B\ %e\,\ %Y %H:%M:%S", time());
$add="INSERT INTO image ( name, description, gallNum, URL, thumbURL, rating, numRates, addDate, cat, literature, keyw ) VALUES ( '$n', '$t', $gall, '$uploadfile', '$uploadthumb', 0, 0, '$entry_date', $cat, '$s', '$key' )";

//The users current upload usage on the system
$daily="SELECT COUNT(*) from image WHERE addDate=NOW() AND gallNum=$gall";
$res=mysql_query($daily);
$temp = mysql_fetch_row($res);
$d = $temp[0];
mysql_free_result($res);
$monthly="SELECT COUNT(*) from image WHERE MONTH(addDate)=MONTH(NOW()) AND YEAR(addDate)=YEAR(NOW()) AND gallNum=$gall";
$res=mysql_query($monthly);
$temp = mysql_fetch_row($res);
$m = $temp[0];
mysql_free_result($res);
$gallery="SELECT COUNT(*) from image WHERE gallNum=$gall";
$res=mysql_query($gallery);
$temp = mysql_fetch_row($res);
$g = $temp[0];
mysql_free_result($res);
$exten=split('\.',$file);

//Check for file restrictions
if($exten[1]=="jpg"||$exten[1]=="jpeg"||$exten[1]=="gif"||$exten[1]=="JPG"||$exten[1]=="JPEG"||$exten[1]=="GIF"||$exten[1]=="png"||$exten[1]=="PNG"){
   //Check for suspension
   if(!$hold){
     //Check for usage limit hit
     if($dailyLim>$d && $monthlyLim>$m && $galleryLim > $g){
       // The actual uploading
       if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
          $res = mysql_query($add) or die(mysql_error());
          header("Location: index.php");
       } else {
          print "Possible file upload attack!  Here's some debugging info:\n";
          print_r($_FILES);
       }
     }else{
        echo "You can`t exceed your upload limit.";
     }
   }else{
      echo "You're on suspension. Please talk to an administrator.";
   }
}else{
   echo "Invalid file extension. Please only upload .jpg, .png or .gif files.";
} 
mysql_close($con);

//redirect
header("Location: product_add.php");
?>

 

auth.php

<?php
//======================================================
// Auth routines
// (c) 2006 Joao Pinheiro
//======================================================
	// Defines

	DEFINE('SESSION_MAGIC','sadhjasklsad2342');

	// Initialization
	@session_start();
	@ob_start();
  

    /*
      Redirects to another page
    */
    function Redirect($to) {

   @session_write_close();
   @ob_end_clean();
   @header("Location: $to");
    } 

     /*
        Deletes existing session
    */
function RemoveSession() {
	$_SESSION = array();
	if (isset($_COOKIE[session_name()])) {
	   @setcookie(session_name(), '', time()-42000, '/');
	}
}
    
/*
  Checks if user is logged in
*/ 
function isLoggedIn() {

	return(isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC));
}

    /*
      Terminates an existing session
    */
    function Logout() {
    @RemoveSession();
    @session_destroy();
    }

    /* 
      read message count
    */
    function CountMessages($id) {
    
   if ($res=mysql_query("SELECT * FROM messagedata WHERE recBoxID=$id AND isNew=1"))
   {
	   $count=mysql_num_rows($res);
	   mysql_free_result($res);	   
	   return($count);
   }
   return 0; 
    }
    
    /*
      Go login go!
    */
    function Login($username,$password) {
   
    global $nmsg, $rows;
   
   $ok=false;	
   if ($res=mysql_query("SELECT id,level,mailNum, echo_count, isHold FROM userdata WHERE login='$username' AND password='$password'"))
   {
	   if ($rows=mysql_fetch_row($res)) {
		    $_SESSION['sess_name'] = $username;
			$_SESSION['pass'] = $password;
			$_SESSION['gal'] = $rows[0];
			$_SESSION['mail'] = $rows[2];
			$_SESSION['level2'] = $rows[1];	
			$_SESSION['echos'] = $rows[3];
			$_SESSION['suspend'] = $rows[4];
		    $_SESSION['magic'] = SESSION_MAGIC;
		    $_SESSION['rows'] = $rows; /* stupid stupid hack */
		    $nmsg = CountMessages($rows[0]);
		    $ok=true;
	   } else {
		   include('login_failed.php');
	   }
	   mysql_free_result($res);
   }
   return($ok);
   }

    /*
      Escape array using mysql
    */   
function Escape(&$arr)
{
 if (Count($arr)>0) {
	    foreach($arr as $k => $v) {
	        if (is_array($v)) {
	            Escape($arr[$k]);
	        }
	        else {
	            if (function_exists('get_magic_quotes')) {
	                if(!get_magic_quotes_gpc()) {
	                    $arr[$k] = stripslashes($v);
	                }
	            }
	            $arr[$k] = mysql_real_escape_string($v);
	        }
	   }
      }
}

// -----------------------------------------------    
// Main
// -----------------------------------------------    

   Escape($_POST);
   Escape($_GET);
   Escape($_COOKIE);
   Escape($_REQUEST);
   Escape($_GLOBALS);
   Escape($_SERVER);
   
?>

 

I just don`t get it. I`ve been trying many different ways to get the store to upload files to the server and add the information into the database. The databases of the art gallery and the store both have mirrored userdata and mirrored image and mirrored catimages tables. I`ve been fighting this for a couple weeks now.

Link to comment
Share on other sites
AndyB Regular Member

AndyB

Posted
Posted

Realistically, nobody's going to wade through tons of code to find out why it "doesn't work".  The best you could hope for is someone spotting a random potential problem.  For example, in upload.php the querystring $add is defined but never executed.

 

Debug your code by liberal use of echo statements to track progress and variable values.  Restructure queries so that you can echo the actual querystrings, etc.

Link to comment
Share on other sites
djfox Regular Member

djfox

Posted
  • Author
Posted

Realistically, nobody's going to wade through tons of code to find out why it "doesn't work".  The best you could hope for is someone spotting a random potential problem.  For example, in upload.php the querystring $add is defined but never executed.

 

Debug your code by liberal use of echo statements to track progress and variable values.  Restructure queries so that you can echo the actual querystrings, etc.

 

Well, I certainly didn`t expect any split second answers. As for the $add being executed, it is executed:

if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
          $res = mysql_query($add) or die(mysql_error());
          header("Location: index.php");
       }

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.