Uploading File Problem

Jmz · 07-10-2008, 06:09 PM

Can anybody see where I'm going wrong with this file upload script?

It works fine for some files but the odd one it will redirect me to "create_gallery.php?msg=e" even though it's a perfectly normal image file.

PHP Code:


			
<?php
    include("restrict.php");
    include("../../config/connect.php");
    include("../../config/settings.php");
    include("../../config/functions.php");
    
    $galcount = mysql_query("SELECT count(*) as gal from tbl_gallery WHERE fld_userid = '$UserID'");
    $gal_q = mysql_fetch_assoc($galcount);
    $galc = $gal_q['gal'];
    
    $UserPack = mysql_query("SELECT fld_pack FROM tbl_users WHERE fld_id = '$UserID'");
    $User_q = mysql_fetch_assoc($UserPack);
    $UserPackNum = $User_q['fld_pack'];
    
    $packdetails = mysql_query("SELECT fld_galleries FROM tbl_packages WHERE fld_id = '$UserPackNum'");
    $pack_q = mysql_fetch_assoc($packdetails);
    $PackLimit = $pack_q['fld_galleries'];
    
    if ($galc < $PackLimit){

/* -----------------------
Define all the variables we need
---------------------------- */
$target_path = "../../uploads/".$UserID."/";
$user_prefix = "thumb_";
$image_prefix = rand();

//error checking / security
$mimetypes = array('image/jpeg', 'image/png', 'image/pjpeg', 'image/gif');
$extensions = array('jpg', 'gif', 'jpeg', 'png', 'pjpeg');

//Target Path
$target_path = $target_path.$user_prefix.$image_prefix.basename( $_FILES['uploadedfile']['name']); 
$_FILES['uploadedfile']['tmp_name'];  

//Check the file size
$file_size = $_FILES['uploadedfile']['size'];

//Give the file a name to go in the db (keep same as target path)
$thumbname = $user_prefix.$image_prefix.basename( $_FILES['uploadedfile']['name']); 

//Define the mime type
//$mimetype = strtolower($_FILES['uploadedfile']['type']);
//Alternate mime type
//$aImagesize = getimagesize($FILES['uploadedfile']['tmp_name']);
//$szMimetype = $aImagesize['mime'];

$aImagesize = getimagesize($FILES['uploadedfile']['tmp_name']);
$szMimetype = shell_exec(escapeshellcmd ("file -bi ".$FILES['uploadedfile']['tmp_name']));

//Define the extension
$extension = getExtension($thumbname);
$extension = strtolower($extension);

if ($file_size >= $thumb_limit_size) {
    echo "Your file is too big";
    exit ();
}

if (in_array($extension, $extensions)){

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
    
    switch($extension)
    {
        case "jpeg";
            $image = imagecreatefromjpeg($target_path);
        break;
        case "jpg";
            $image = imagecreatefromjpeg($target_path);        
        break;
        case "gif";
            $image = imagecreatefromgif($target_path);        
        break;
        case "png";
            $image = imagecreatefrompng($target_path);        
        break;
        default:
            return FALSE;
    }
    if ($image === false) { die ('Unable to open image'); }
    
    $width = imagesx($image);
    $height = imagesy($image);
    
    $imageratio = $width/$height;
    
    if ($width>$height){
    $newwidth = $thumb_width;
    $newheight = $height * ($newwidth/$width);
    }else{
    $newheight = $thumb_width;
    $newwidth = $width * ($newheight/$height);
    }
    
        $image_resized = imagecreatetruecolor($newwidth, $newheight);
        imagecopyresized($image_resized, $image, 0, 0, 0, 0, $newwidth, $newheight, $width, $height);
        ImageJpeg ($image_resized,"$target_path");    
        move_uploaded_file ($image_resized, "$target_path");    
    
    
    $galleryname = $_POST['galleryname'];
    $gallerydescription = $_POST['gallerydescription'];
    $gallerykeywords = $_POST['gallerykeywords'];
    
    if (empty ($galleryname) or empty ($gallerydescription) or empty ($gallerykeywords)) {
        echo "Fill out all fields";
        exit();
    }
    
    $galleryname = mysql_real_escape_string($galleryname);
    $gallerydescription = mysql_real_escape_string($gallerydescription);
    $gallerykeywords = mysql_real_escape_string($gallerykeywords);
    
    $create_gallery = mysql_query("INSERT INTO tbl_gallery (fld_id, fld_galleryname, fld_gallerydesc, fld_keywords, fld_userid, fld_thumbname) values ('', '$galleryname', '$gallerydescription', '$gallerykeywords', '$UserID', '$thumbname')");
    
    if ($create_gallery){
        echo "<meta http-equiv=\"refresh\" content=\"0;url=../modify_gallery.php?msg=s\"/>";
    } else {
        echo "<meta http-equiv=\"refresh\" content=\"0;url=../modify_gallery.php?msg=e\"/>";
    }    
    
    } else{
        echo "<meta http-equiv=\"refresh\" content=\"0;url=../create_gallery.php?msg=e\"/>";
    }
    }else{
        echo "<meta http-equiv=\"refresh\" content=\"0;url=../create_gallery.php?msg=f\"/>";
    }
    
    }else{
        echo "<meta http-equiv=\"refresh\" content=\"0;url=../create_gallery.php?msg=n\"/>";
    }
?>

drewbee · 07-10-2008, 06:30 PM

You have two possibilities. ?msg=e shows up under the possible circumstances:

1) Your $create_gallery insert fails for whatever reason. check your mysql_error to see if anything is being output on the one that fails. (if it does)

What is the second else that redirects to ?msg=e part of? IE what is the original if statement.

Identation mate!!

drewbee · 07-10-2008, 06:35 PM

*oops double post*

drewbee · 07-10-2008, 06:35 PM

Ok, the 2nd one is from this statement, correct?
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {

Any reason (like load balancing) that the temp file wouldn't exist, or a problem with the target path in those particular circumstances?

Off topic to your original post, does this get the type of file? I have never seen this before, never thought about using a command to get it (and far more reliable then the PHP mime_type I assume:
$szMimetype = shell_exec(escapeshellcmd ("file -bi ".$FILES['uploadedfile']['tmp_name']));

cool!

Jmz · 07-10-2008, 08:40 PM

My problem is I wrote this about a month ago and couldn't get it to work properly, then I added and edited bit so much I cant remember what I ended up with

I was hoping someone might be able to see something I didn't but it looks like I'll just have to rewrite the whole thing from scratch.

Does anybody have a good, working image upload script I can look at? I wont copy it exactly, I just want to see how you check mime/file types etc.

delayedinsanity · 07-10-2008, 09:27 PM

That's why I like as-I-go debugging. When I'm coding, depending on how into a certain section I am, I'll constantly flip from my editor to the browser to run the script and see how things are going. That way I can catch problems before I've gone so far that I have to backtrace twice as long to find a typo.

My other favourite debugging practice is to flex my muskles, load a clip into the chamber, through on some gangsta rap, and starting sprinkling die() statements throughout my code. Then I can run it till it dies, see if it works, go to the next die... I've even found some notices pop up from time to time when I do that, that I would've never seen otherwise.

I don't know if this'll help any, and it's part of a script I did a while back so I haven't optimized it any time lately, but you can check out the image upload and thumbnail functions I use in my user authentication system here:
http://pastebin.com/m253910de
-m

Jmz · 07-11-2008, 06:37 AM

Thanks for that

The only part I think I need is the part where you check for a valid file and mime type. My script seems to work fine apart from those two things.

I'll work on this later today and post here if I get any more problems.