TalkPHP - View Single Post

Jmz · 07-10-2008, 06:09 PM

Can anybody see where I'm going wrong with this file upload script?

It works fine for some files but the odd one it will redirect me to "create_gallery.php?msg=e" even though it's a perfectly normal image file.

PHP Code:


			
<?php
    include("restrict.php");
    include("../../config/connect.php");
    include("../../config/settings.php");
    include("../../config/functions.php");
    
    $galcount = mysql_query("SELECT count(*) as gal from tbl_gallery WHERE fld_userid = '$UserID'");
    $gal_q = mysql_fetch_assoc($galcount);
    $galc = $gal_q['gal'];
    
    $UserPack = mysql_query("SELECT fld_pack FROM tbl_users WHERE fld_id = '$UserID'");
    $User_q = mysql_fetch_assoc($UserPack);
    $UserPackNum = $User_q['fld_pack'];
    
    $packdetails = mysql_query("SELECT fld_galleries FROM tbl_packages WHERE fld_id = '$UserPackNum'");
    $pack_q = mysql_fetch_assoc($packdetails);
    $PackLimit = $pack_q['fld_galleries'];
    
    if ($galc < $PackLimit){

/* -----------------------
Define all the variables we need
---------------------------- */
$target_path = "../../uploads/".$UserID."/";
$user_prefix = "thumb_";
$image_prefix = rand();

//error checking / security
$mimetypes = array('image/jpeg', 'image/png', 'image/pjpeg', 'image/gif');
$extensions = array('jpg', 'gif', 'jpeg', 'png', 'pjpeg');

//Target Path
$target_path = $target_path.$user_prefix.$image_prefix.basename( $_FILES['uploadedfile']['name']); 
$_FILES['uploadedfile']['tmp_name'];  

//Check the file size
$file_size = $_FILES['uploadedfile']['size'];

//Give the file a name to go in the db (keep same as target path)
$thumbname = $user_prefix.$image_prefix.basename( $_FILES['uploadedfile']['name']); 

//Define the mime type
//$mimetype = strtolower($_FILES['uploadedfile']['type']);
//Alternate mime type
//$aImagesize = getimagesize($FILES['uploadedfile']['tmp_name']);
//$szMimetype = $aImagesize['mime'];

$aImagesize = getimagesize($FILES['uploadedfile']['tmp_name']);
$szMimetype = shell_exec(escapeshellcmd ("file -bi ".$FILES['uploadedfile']['tmp_name']));

//Define the extension
$extension = getExtension($thumbname);
$extension = strtolower($extension);

if ($file_size >= $thumb_limit_size) {
    echo "Your file is too big";
    exit ();
}

if (in_array($extension, $extensions)){

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
    
    switch($extension)
    {
        case "jpeg";
            $image = imagecreatefromjpeg($target_path);
        break;
        case "jpg";
            $image = imagecreatefromjpeg($target_path);        
        break;
        case "gif";
            $image = imagecreatefromgif($target_path);        
        break;
        case "png";
            $image = imagecreatefrompng($target_path);        
        break;
        default:
            return FALSE;
    }
    if ($image === false) { die ('Unable to open image'); }
    
    $width = imagesx($image);
    $height = imagesy($image);
    
    $imageratio = $width/$height;
    
    if ($width>$height){
    $newwidth = $thumb_width;
    $newheight = $height * ($newwidth/$width);
    }else{
    $newheight = $thumb_width;
    $newwidth = $width * ($newheight/$height);
    }
    
        $image_resized = imagecreatetruecolor($newwidth, $newheight);
        imagecopyresized($image_resized, $image, 0, 0, 0, 0, $newwidth, $newheight, $width, $height);
        ImageJpeg ($image_resized,"$target_path");    
        move_uploaded_file ($image_resized, "$target_path");    
    
    
    $galleryname = $_POST['galleryname'];
    $gallerydescription = $_POST['gallerydescription'];
    $gallerykeywords = $_POST['gallerykeywords'];
    
    if (empty ($galleryname) or empty ($gallerydescription) or empty ($gallerykeywords)) {
        echo "Fill out all fields";
        exit();
    }
    
    $galleryname = mysql_real_escape_string($galleryname);
    $gallerydescription = mysql_real_escape_string($gallerydescription);
    $gallerykeywords = mysql_real_escape_string($gallerykeywords);
    
    $create_gallery = mysql_query("INSERT INTO tbl_gallery (fld_id, fld_galleryname, fld_gallerydesc, fld_keywords, fld_userid, fld_thumbname) values ('', '$galleryname', '$gallerydescription', '$gallerykeywords', '$UserID', '$thumbname')");
    
    if ($create_gallery){
        echo "<meta http-equiv=\"refresh\" content=\"0;url=../modify_gallery.php?msg=s\"/>";
    } else {
        echo "<meta http-equiv=\"refresh\" content=\"0;url=../modify_gallery.php?msg=e\"/>";
    }    
    
    } else{
        echo "<meta http-equiv=\"refresh\" content=\"0;url=../create_gallery.php?msg=e\"/>";
    }
    }else{
        echo "<meta http-equiv=\"refresh\" content=\"0;url=../create_gallery.php?msg=f\"/>";
    }
    
    }else{
        echo "<meta http-equiv=\"refresh\" content=\"0;url=../create_gallery.php?msg=n\"/>";
    }
?>

07-10-2008, 06:09 PM	#1 (permalink)
Jmz The Acquainted Join Date: Oct 2007 Location: Newcastle, UK Posts: 113 Thanks: 3	Uploading File Problem Can anybody see where I'm going wrong with this file upload script? It works fine for some files but the odd one it will redirect me to "create_gallery.php?msg=e" even though it's a perfectly normal image file. PHP Code: <?php include("restrict.php"); include("../../config/connect.php"); include("../../config/settings.php"); include("../../config/functions.php"); $galcount = mysql_query("SELECT count() as gal from tbl_gallery WHERE fld_userid = '$UserID'"); $gal_q = mysql_fetch_assoc($galcount); $galc = $gal_q['gal']; $UserPack = mysql_query("SELECT fld_pack FROM tbl_users WHERE fld_id = '$UserID'"); $User_q = mysql_fetch_assoc($UserPack); $UserPackNum = $User_q['fld_pack']; $packdetails = mysql_query("SELECT fld_galleries FROM tbl_packages WHERE fld_id = '$UserPackNum'"); $pack_q = mysql_fetch_assoc($packdetails); $PackLimit = $pack_q['fld_galleries']; if ($galc < $PackLimit){ / ----------------------- Define all the variables we need ---------------------------- / $target_path = "../../uploads/".$UserID."/"; $user_prefix = "thumb_"; $image_prefix = rand(); //error checking / security $mimetypes = array('image/jpeg', 'image/png', 'image/pjpeg', 'image/gif'); $extensions = array('jpg', 'gif', 'jpeg', 'png', 'pjpeg'); //Target Path $target_path = $target_path.$user_prefix.$image_prefix.basename( $_FILES['uploadedfile']['name']); $_FILES['uploadedfile']['tmp_name']; //Check the file size $file_size = $_FILES['uploadedfile']['size']; //Give the file a name to go in the db (keep same as target path) $thumbname = $user_prefix.$image_prefix.basename( $_FILES['uploadedfile']['name']); //Define the mime type //$mimetype = strtolower($_FILES['uploadedfile']['type']); //Alternate mime type //$aImagesize = getimagesize($FILES['uploadedfile']['tmp_name']); //$szMimetype = $aImagesize['mime']; $aImagesize = getimagesize($FILES['uploadedfile']['tmp_name']); $szMimetype = shell_exec(escapeshellcmd ("file -bi ".$FILES['uploadedfile']['tmp_name'])); //Define the extension $extension = getExtension($thumbname); $extension = strtolower($extension); if ($file_size >= $thumb_limit_size) { echo "Your file is too big"; exit (); } if (in_array($extension, $extensions)){ if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { switch($extension) { case "jpeg"; $image = imagecreatefromjpeg($target_path); break; case "jpg"; $image = imagecreatefromjpeg($target_path); break; case "gif"; $image = imagecreatefromgif($target_path); break; case "png"; $image = imagecreatefrompng($target_path); break; default: return FALSE; } if ($image === false) { die ('Unable to open image'); } $width = imagesx($image); $height = imagesy($image); $imageratio = $width/$height; if ($width>$height){ $newwidth = $thumb_width; $newheight = $height ($newwidth/$width); }else{ $newheight = $thumb_width; $newwidth = $width * ($newheight/$height); } $image_resized = imagecreatetruecolor($newwidth, $newheight); imagecopyresized($image_resized, $image, 0, 0, 0, 0, $newwidth, $newheight, $width, $height); ImageJpeg ($image_resized,"$target_path"); move_uploaded_file ($image_resized, "$target_path"); $galleryname = $_POST['galleryname']; $gallerydescription = $_POST['gallerydescription']; $gallerykeywords = $_POST['gallerykeywords']; if (empty ($galleryname) or empty ($gallerydescription) or empty ($gallerykeywords)) { echo "Fill out all fields"; exit(); } $galleryname = mysql_real_escape_string($galleryname); $gallerydescription = mysql_real_escape_string($gallerydescription); $gallerykeywords = mysql_real_escape_string($gallerykeywords); $create_gallery = mysql_query("INSERT INTO tbl_gallery (fld_id, fld_galleryname, fld_gallerydesc, fld_keywords, fld_userid, fld_thumbname) values ('', '$galleryname', '$gallerydescription', '$gallerykeywords', '$UserID', '$thumbname')"); if ($create_gallery){ echo "<meta http-equiv=\"refresh\" content=\"0;url=../modify_gallery.php?msg=s\"/>"; } else { echo "<meta http-equiv=\"refresh\" content=\"0;url=../modify_gallery.php?msg=e\"/>"; } } else{ echo "<meta http-equiv=\"refresh\" content=\"0;url=../create_gallery.php?msg=e\"/>"; } }else{ echo "<meta http-equiv=\"refresh\" content=\"0;url=../create_gallery.php?msg=f\"/>"; } }else{ echo "<meta http-equiv=\"refresh\" content=\"0;url=../create_gallery.php?msg=n\"/>"; } ?> __________________ Free CSS Tutorials