« on: September 14, 2007, 06:36:23 PM »
I have a set of codes to upload an image file to my server. This one set of codes for the art gallery works. I copied these codes to use for uploading image files for a store`s website. The ONLY difference between them is the displayed design of the pages and their redirecting links and the store`s files are under a subfolder. Why doesn`t the store`s codes work?
The Art Gallery Codes
submit.php
<?php
//Date: February 24 2007
//For: www.secrettrance.net
//Description: Upload New Trance
include("dbcon.php");
require_once "design.php";
require_once "auth.php";
require_once "includes/defines.php";
$Title = "Secret Trance: Upload New Trance";
require_once "header.php";
require_once "hidestatus.php";
if (!isLoggedIn()) {
Redirect("index.php");
}
?>
<table border=0 width=100%><? //2
?>
<tr>
<td>
<table border=0 width=100% bgcolor="000000"><? //3
?>
<tr>
<td background="<? echo $boxbanner; ?>"><b>Upload New Trance</b>
<tr>
<td background="<? echo $boxback; ?>">
<?php
if( $suspend < 1){
?>
<form enctype="multipart/form-data" action="upload.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="3000000" />
<b>Image File:</b> <a href="javascript:void(0)" ONCLICK="open('help1.php','miniwin','toolbar=0, location=0,directories=0, status=0,menubar=0, scrollbars=0,resizable=0, width=300,height=300')">?</a>
<br><input name="userfile" style="font-size: 13px; background-color: #000000; border: 0px;" type="file" />
<input type=hidden name="l" value="<? echo rtrim($log) ?>">
<p>
<b>Title:</b> <a href="javascript:void(0)" ONCLICK="open('help2.php','miniwin','toolbar=0, location=0,directories=0, status=0,menubar=0, scrollbars=0,resizable=0, width=300,height=300')">?</a>
<br><input type=text name="n" size=50 maxlength=150>
<p>
<b>Description:</b> <a href="javascript:void(0)" ONCLICK="open('help3.php','miniwin','toolbar=0, location=0,directories=0, status=0,menubar=0, scrollbars=0,resizable=0, width=300,height=300')">?</a>
<br><textarea name="t" cols=80 rows=5 style="border: 0px; background-color:#000000; color: #B6ABCE;"></textarea>
<p>
<b>Select a Category:</b> <a href="javascript:void(0)" ONCLICK="open('help4.php','miniwin','toolbar=0, location=0,directories=0, status=0,menubar=0, scrollbars=0,resizable=0, width=300,height=300')">?</a>
<br><select name="cat" style="border: 0px; background-color:#000000; color: #B6ABCE;">
<?
$res = mysql_query("SELECT id, name FROM imagecats ORDER BY name ASC");
while ( $cat = mysql_fetch_row($res) ){
echo "<option value='$cat[0]'>$cat[1]</option>";
}
?>
</select>
<p>
<b>Literature:</b> <a href="javascript:void(0)" ONCLICK="open('help5.php','miniwin','toolbar=0, location=0,directories=0, status=0,menubar=0, scrollbars=0,resizable=0, width=300,height=300')">?</a>
<br><textarea name="s" cols=80 rows=5 style="border: 0px; background-color:#000000; color: #B6ABCE;"></textarea>
<p>
<b>Keywords:</b>
<br><input type=text name="key" size=50 maxlength=255>
<p>
<input type="submit" value="Upload Trance" /></form>
<?php
}
else {
if( $suspend > 0){
echo "Sorry, your account is on suspension. You must wait until suspension expires before you can access this.";
}
}
?>
</table><? //3
?>
</table><? //2
?>
<p>
<?
require_once "footer.php";
?>
upload.php
<?php session_start();
include("dbcon.php");
include("auth.php");
//Date: February 25 2007
//For: secrettrance.net
//Description: Upload a new trance
$log=$l;
//Get the users upload limits
$res=mysql_query("SELECT dLim, mLim, gLim, isHold, id FROM userdata WHERE login='$log'");
$rows = mysql_fetch_row($res);
$dailyLim=$rows[0];
$monthlyLim=$rows[1];
$galleryLim=$rows[2];
$hold=$rows[3];
$gall = $rows[4];
mysql_free_result($res);
//Decide where the file is going
if ( $temp ){
$uploaddir = 'gallery/$lname/';
}else{
$uploaddir = "gallery/$log/";
}
$file=$_FILES['userfile']['name'];
$uploadfile = $uploaddir . $file;
$uploadthumb = "thumbs/" . $file;
//The add query
$entry_date = strftime("%B\ %e\,\ %Y %H:%M:%S", time());
$add="INSERT INTO image ( name, description, gallNum, URL, thumbURL, rating, numRates, addDate, cat, literature, keyw ) VALUES ( '$n', '$t', $gall, '$uploadfile', '$uploadthumb', 0, 0, '$entry_date', $cat, '$s', '$key' )";
//The users current upload usage on the system
$daily="SELECT COUNT(*) from image WHERE addDate=NOW() AND gallNum=$gall";
$res=mysql_query($daily);
$temp = mysql_fetch_row($res);
$d = $temp[0];
mysql_free_result($res);
$monthly="SELECT COUNT(*) from image WHERE MONTH(addDate)=MONTH(NOW()) AND YEAR(addDate)=YEAR(NOW()) AND gallNum=$gall";
$res=mysql_query($monthly);
$temp = mysql_fetch_row($res);
$m = $temp[0];
mysql_free_result($res);
$gallery="SELECT COUNT(*) from image WHERE gallNum=$gall";
$res=mysql_query($gallery);
$temp = mysql_fetch_row($res);
$g = $temp[0];
mysql_free_result($res);
$exten=split('\.',$file);
//Check for file restrictions
if($exten[1]=="jpg"||$exten[1]=="jpeg"||$exten[1]=="gif"||$exten[1]=="JPG"||$exten[1]=="JPEG"||$exten[1]=="GIF"||$exten[1]=="png"||$exten[1]=="PNG"){
//Check for suspension
if(!$hold){
//Check for usage limit hit
if($dailyLim>$d && $monthlyLim>$m && $galleryLim > $g){
// The actual uploading
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
$res = mysql_query($add) or die(mysql_error());
header("Location: trancer.php");
} else {
print "Possible file upload attack! Here's some debugging info:\n";
print_r($_FILES);
}
}else{
echo "You can`t exceed your upload limit. View <a href='manual.php'>the manual</a> for more information.";
}
}else{
echo "You're on suspension. Please talk to an administrator.";
}
}else{
echo "Invalid file extension. Please only upload .jpg, .png or .gif files. Thank You.";
}
mysql_close($con);
//redirect
header("Location: uploadechos.php");
//-----upload.php
?>
uploadechos.php
<?php
include("dbcon.php");
include("func.php");
require_once "auth.php";
require_once "includes/defines.php";
$log = $_SESSION['sess_name'];
$_SESSION['echos'] = $echos = $echos + 10;
mysql_query("UPDATE userdata SET echo_count = $echos WHERE login = '".$log."' ") or die(mysql_error());
header("Location: trancer.php");
?>
auth.php
<?php
//======================================================
// Auth routines
// (c) 2006 Joao Pinheiro
//======================================================
// Defines
DEFINE('SESSION_MAGIC','sadhjasklsad2342');
// Initialization
@session_start();
@ob_start();
/*
Redirects to another page
*/
function Redirect($to) {
@session_write_close();
@ob_end_clean();
@header("Location: $to");
}
/*
Deletes existing session
*/
function RemoveSession() {
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
@setcookie(session_name(), '', time()-42000, '/');
}
}
/*
Checks if user is logged in
*/
function isLoggedIn() {
return(isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC));
}
/*
Terminates an existing session
*/
function Logout() {
@RemoveSession();
@session_destroy();
}
/*
read message count
*/
function CountMessages($id) {
if ($res=mysql_query("SELECT * FROM messagedata WHERE recBoxID=$id AND isNew=1"))
{
$count=mysql_num_rows($res);
mysql_free_result($res);
return($count);
}
return 0;
}
/*
Go login go!
*/
function Login($username,$password) {
global $nmsg, $rows;
$ok=false;
if ($res=mysql_query("SELECT id,level,mailNum, echo_count, status, isHold, guildLim, adult FROM userdata WHERE login='$username' AND password='$password'"))
{
if ($rows=mysql_fetch_row($res)) {
$_SESSION['sess_name'] = $username;
$_SESSION['pass'] = $password;
$_SESSION['gal'] = $rows[0];
$_SESSION['mail'] = $rows[2];
$_SESSION['level2'] = $rows[1];
$_SESSION['echos'] = $rows[3];
$_SESSION['status'] = $rows[4];
$_SESSION['suspend'] = $rows[5];
$_SESSION['guildnum'] = $rows[6];
$_SESSION['adult'] = $rows[7];
$_SESSION['magic'] = SESSION_MAGIC;
$_SESSION['rows'] = $rows; /* stupid stupid hack */
$nmsg = CountMessages($rows[0]);
$ok=true;
} else {
include('login_failed.php');
}
mysql_free_result($res);
}
return($ok);
}
/*
Escape array using mysql
*/
function Escape(&$arr)
{
if (Count($arr)>0) {
foreach($arr as $k => $v) {
if (is_array($v)) {
Escape($arr[$k]);
}
else {
if (function_exists('get_magic_quotes')) {
if(!get_magic_quotes_gpc()) {
$arr[$k] = stripslashes($v);
}
}
$arr[$k] = mysql_real_escape_string($v);
}
}
}
}
// -----------------------------------------------
// Main
// -----------------------------------------------
Escape($_POST);
Escape($_GET);
Escape($_COOKIE);
Escape($_REQUEST);
Escape($_GLOBALS);
Escape($_SERVER);
?>
The Store`s Files
product_add.php
<?php
//Date: August 26 2007
//For: A Place for Pets
//Description: Add a Product
include("dbcon.php");
require_once "auth.php";
require_once "includes/defines.php";
$Title = "A Place for Pets: Admin Panel: Add a Product";
require_once "header.php";
require_once "hidestatus.php";
if (!isLoggedIn()) {
Redirect("index.php");
}
$lev=$_SESSION['level2'];
$log=$_SESSION['gal'];
?>
<table width=100% border=0 cellpadding=0><? //1
?>
<tr>
<td width=20% valign=top>
<? require_once "navbar.php"; ?>
<td>
<td>
<td>
<td width=80% valign=top>
<?php
if( $lev > 8){
?>
<table border=0 width=100% bgcolor="<? echo $outline; ?>"><? //2
?>
<tr>
<td bgcolor="<? echo $head; ?>"><font color="<? echo $font1; ?>"><b>Admin Panel: Add a Product</b></font>
</table> <? //2
?>
<?php
if( $suspend < 1){
?>
<form enctype="multipart/form-data" action="upload.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="3000000" />
<b>Image File:</b>
<br><input name="userfile" style="font-size: 13px; background-color: #000000; border: 0px;" type="file" />
<input type=hidden name="l" value="<? echo rtrim($log) ?>">
<p>
<b>Title:</b>
<br><input type=text name="n" size=50 maxlength=150>
<p>
<b>Description:</b>
<br><textarea name="t" cols=80 rows=5 style="border: 0px; background-color:#000000; color: #B6ABCE;"></textarea>
<p>
<b>Select a Category:</b>
<br><select name="cat" style="border: 0px; background-color:#000000; color: #B6ABCE;">
<?
$res = mysql_query("SELECT id, name FROM imagecats ORDER BY name ASC");
while ( $cat = mysql_fetch_row($res) ){
echo "<option value='$cat[0]'>$cat[1]</option>";
}
?>
</select>
<p>
<b>Literature:</b>
<br><textarea name="s" cols=80 rows=5 style="border: 0px; background-color:#000000; color: #B6ABCE;"></textarea>
<p>
<b>Keywords:</b>
<br><input type=text name="key" size=50 maxlength=255>
<p>
<input type="submit" value="Upload Trance" /></form>
<?php
}
else {
if( $suspend > 0){
echo "Sorry, your account is on suspension. You must wait until suspension expires before you can access this.";
}
}
?>
<?
}
?>
</table><? //1
?>
<? require_once "footer.php"; ?>
upload.php
<?php session_start();
include("dbcon.php");
include("auth.php");
//Date: August 26 2007
//For: A Place for Pets
//Description: Upload a new trance
$log=$l;
//Get the users upload limits
$res=mysql_query("SELECT dLim, mLim, gLim, isHold, id FROM userdata WHERE login='$log'");
$rows = mysql_fetch_row($res);
$dailyLim=$rows[0];
$monthlyLim=$rows[1];
$galleryLim=$rows[2];
$hold=$rows[3];
$gall = $rows[4];
mysql_free_result($res);
//Decide where the file is going
if ( $temp ){
$uploaddir = 'gallery/$lname/';
}else{
$uploaddir = "gallery/$log/";
}
$file=$_FILES['userfile']['name'];
$uploadfile = $uploaddir . $file;
$uploadthumb = "thumbs/" . $file;
//The add query
$entry_date = strftime("%B\ %e\,\ %Y %H:%M:%S", time());
$add="INSERT INTO image ( name, description, gallNum, URL, thumbURL, rating, numRates, addDate, cat, literature, keyw ) VALUES ( '$n', '$t', $gall, '$uploadfile', '$uploadthumb', 0, 0, '$entry_date', $cat, '$s', '$key' )";
//The users current upload usage on the system
$daily="SELECT COUNT(*) from image WHERE addDate=NOW() AND gallNum=$gall";
$res=mysql_query($daily);
$temp = mysql_fetch_row($res);
$d = $temp[0];
mysql_free_result($res);
$monthly="SELECT COUNT(*) from image WHERE MONTH(addDate)=MONTH(NOW()) AND YEAR(addDate)=YEAR(NOW()) AND gallNum=$gall";
$res=mysql_query($monthly);
$temp = mysql_fetch_row($res);
$m = $temp[0];
mysql_free_result($res);
$gallery="SELECT COUNT(*) from image WHERE gallNum=$gall";
$res=mysql_query($gallery);
$temp = mysql_fetch_row($res);
$g = $temp[0];
mysql_free_result($res);
$exten=split('\.',$file);
//Check for file restrictions
if($exten[1]=="jpg"||$exten[1]=="jpeg"||$exten[1]=="gif"||$exten[1]=="JPG"||$exten[1]=="JPEG"||$exten[1]=="GIF"||$exten[1]=="png"||$exten[1]=="PNG"){
//Check for suspension
if(!$hold){
//Check for usage limit hit
if($dailyLim>$d && $monthlyLim>$m && $galleryLim > $g){
// The actual uploading
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
$res = mysql_query($add) or die(mysql_error());
header("Location: index.php");
} else {
print "Possible file upload attack! Here's some debugging info:\n";
print_r($_FILES);
}
}else{
echo "You can`t exceed your upload limit.";
}
}else{
echo "You're on suspension. Please talk to an administrator.";
}
}else{
echo "Invalid file extension. Please only upload .jpg, .png or .gif files.";
}
mysql_close($con);
//redirect
header("Location: product_add.php");
?>
auth.php
<?php
//======================================================
// Auth routines
// (c) 2006 Joao Pinheiro
//======================================================
// Defines
DEFINE('SESSION_MAGIC','sadhjasklsad2342');
// Initialization
@session_start();
@ob_start();
/*
Redirects to another page
*/
function Redirect($to) {
@session_write_close();
@ob_end_clean();
@header("Location: $to");
}
/*
Deletes existing session
*/
function RemoveSession() {
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
@setcookie(session_name(), '', time()-42000, '/');
}
}
/*
Checks if user is logged in
*/
function isLoggedIn() {
return(isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC));
}
/*
Terminates an existing session
*/
function Logout() {
@RemoveSession();
@session_destroy();
}
/*
read message count
*/
function CountMessages($id) {
if ($res=mysql_query("SELECT * FROM messagedata WHERE recBoxID=$id AND isNew=1"))
{
$count=mysql_num_rows($res);
mysql_free_result($res);
return($count);
}
return 0;
}
/*
Go login go!
*/
function Login($username,$password) {
global $nmsg, $rows;
$ok=false;
if ($res=mysql_query("SELECT id,level,mailNum, echo_count, isHold FROM userdata WHERE login='$username' AND password='$password'"))
{
if ($rows=mysql_fetch_row($res)) {
$_SESSION['sess_name'] = $username;
$_SESSION['pass'] = $password;
$_SESSION['gal'] = $rows[0];
$_SESSION['mail'] = $rows[2];
$_SESSION['level2'] = $rows[1];
$_SESSION['echos'] = $rows[3];
$_SESSION['suspend'] = $rows[4];
$_SESSION['magic'] = SESSION_MAGIC;
$_SESSION['rows'] = $rows; /* stupid stupid hack */
$nmsg = CountMessages($rows[0]);
$ok=true;
} else {
include('login_failed.php');
}
mysql_free_result($res);
}
return($ok);
}
/*
Escape array using mysql
*/
function Escape(&$arr)
{
if (Count($arr)>0) {
foreach($arr as $k => $v) {
if (is_array($v)) {
Escape($arr[$k]);
}
else {
if (function_exists('get_magic_quotes')) {
if(!get_magic_quotes_gpc()) {
$arr[$k] = stripslashes($v);
}
}
$arr[$k] = mysql_real_escape_string($v);
}
}
}
}
// -----------------------------------------------
// Main
// -----------------------------------------------
Escape($_POST);
Escape($_GET);
Escape($_COOKIE);
Escape($_REQUEST);
Escape($_GLOBALS);
Escape($_SERVER);
?>
I just don`t get it. I`ve been trying many different ways to get the store to upload files to the server and add the information into the database. The databases of the art gallery and the store both have mirrored userdata and mirrored image and mirrored catimages tables. I`ve been fighting this for a couple weeks now.
Author
Topic: I copied the codes exactly, why is one not working? (Read 239 times)