Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[djfox]

I have a set of codes to upload an image file to my server. This one set of codes for the art gallery works. I copied these codes to use for uploading image files for a store`s website. The ONLY difference between them is the displayed design of the pages and their redirecting links and the store`s files are under a subfolder. Why doesn`t the store`s codes work?

The Art Gallery Codes

submit.php

Code: [Select]

<?php
//Date: February 24 2007
//For: www.secrettrance.net
//Description: Upload New Trance

include("dbcon.php");
require_once "design.php";
require_once "auth.php";
require_once "includes/defines.php";

$Title = "Secret Trance: Upload New Trance";

require_once "header.php";
require_once "hidestatus.php";

 if (!isLoggedIn()) {
Redirect("index.php");
 }
?>

<table border=0 width=100%><? //2
?>
<tr>
<td>
<table border=0 width=100% bgcolor="000000"><? //3
?>
<tr>
<td background="<? echo $boxbanner; ?>"><b>Upload New Trance</b>
<tr>
<td background="<? echo $boxback; ?>">
<?php
if( $suspend < 1){
?>
<form enctype="multipart/form-data" action="upload.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="3000000" />
<b>Image File:</b> <a href="javascript:void(0)" ONCLICK="open('help1.php','miniwin','toolbar=0, location=0,directories=0, status=0,menubar=0, scrollbars=0,resizable=0, width=300,height=300')">?</a>
<br><input name="userfile" style="font-size: 13px; background-color: #000000; border: 0px;" type="file" />
 <input type=hidden name="l" value="<? echo rtrim($log) ?>">
<p>
<b>Title:</b> <a href="javascript:void(0)" ONCLICK="open('help2.php','miniwin','toolbar=0, location=0,directories=0, status=0,menubar=0, scrollbars=0,resizable=0, width=300,height=300')">?</a>
<br><input type=text name="n" size=50 maxlength=150>
<p>
<b>Description:</b> <a href="javascript:void(0)" ONCLICK="open('help3.php','miniwin','toolbar=0, location=0,directories=0, status=0,menubar=0, scrollbars=0,resizable=0, width=300,height=300')">?</a>
<br><textarea name="t" cols=80 rows=5 style="border: 0px; background-color:#000000; color: #B6ABCE;"></textarea>
<p>
<b>Select a Category:</b> <a href="javascript:void(0)" ONCLICK="open('help4.php','miniwin','toolbar=0, location=0,directories=0, status=0,menubar=0, scrollbars=0,resizable=0, width=300,height=300')">?</a>
<br><select name="cat" style="border: 0px; background-color:#000000; color: #B6ABCE;">
<?
  $res = mysql_query("SELECT id, name FROM imagecats ORDER BY name ASC");
  while ( $cat = mysql_fetch_row($res) ){
     echo "<option value='$cat[0]'>$cat[1]</option>";
  }
?>
 </select>
<p>
<b>Literature:</b> <a href="javascript:void(0)" ONCLICK="open('help5.php','miniwin','toolbar=0, location=0,directories=0, status=0,menubar=0, scrollbars=0,resizable=0, width=300,height=300')">?</a>
<br><textarea name="s" cols=80 rows=5 style="border: 0px; background-color:#000000; color: #B6ABCE;"></textarea>
<p>
<b>Keywords:</b>
<br><input type=text name="key" size=50 maxlength=255>
<p>
<input type="submit" value="Upload Trance" /></form>
<?php
}
else {
if( $suspend > 0){
echo "Sorry, your account is on suspension. You must wait until suspension expires before you can access this.";
}
}
?>
</table><? //3
?>
</table><? //2
?>
<p>
<?
require_once "footer.php";
?>
upload.php

Code: [Select]

<?php session_start();
include("dbcon.php");
include("auth.php");

//Date: February 25 2007
//For: secrettrance.net
//Description: Upload a new trance

$log=$l;

//Get the users upload limits
$res=mysql_query("SELECT dLim, mLim, gLim, isHold, id FROM userdata WHERE login='$log'");
$rows = mysql_fetch_row($res);
$dailyLim=$rows[0];
$monthlyLim=$rows[1];
$galleryLim=$rows[2];
$hold=$rows[3];
$gall = $rows[4];
mysql_free_result($res);

//Decide where the file is going
if ( $temp ){   
   $uploaddir = 'gallery/$lname/';
}else{
   $uploaddir = "gallery/$log/";
}
$file=$_FILES['userfile']['name'];
$uploadfile = $uploaddir . $file;
$uploadthumb = "thumbs/" . $file;

//The add query
$entry_date = strftime("%B\ %e\,\ %Y %H:%M:%S", time());
$add="INSERT INTO image ( name, description, gallNum, URL, thumbURL, rating, numRates, addDate, cat, literature, keyw ) VALUES ( '$n', '$t', $gall, '$uploadfile', '$uploadthumb', 0, 0, '$entry_date', $cat, '$s', '$key' )";

//The users current upload usage on the system
$daily="SELECT COUNT(*) from image WHERE addDate=NOW() AND gallNum=$gall";
$res=mysql_query($daily);
$temp = mysql_fetch_row($res);
$d = $temp[0];
mysql_free_result($res);
$monthly="SELECT COUNT(*) from image WHERE MONTH(addDate)=MONTH(NOW()) AND YEAR(addDate)=YEAR(NOW()) AND gallNum=$gall";
$res=mysql_query($monthly);
$temp = mysql_fetch_row($res);
$m = $temp[0];
mysql_free_result($res);
$gallery="SELECT COUNT(*) from image WHERE gallNum=$gall";
$res=mysql_query($gallery);
$temp = mysql_fetch_row($res);
$g = $temp[0];
mysql_free_result($res);
$exten=split('\.',$file);

//Check for file restrictions
if($exten[1]=="jpg"||$exten[1]=="jpeg"||$exten[1]=="gif"||$exten[1]=="JPG"||$exten[1]=="JPEG"||$exten[1]=="GIF"||$exten[1]=="png"||$exten[1]=="PNG"){
   //Check for suspension
   if(!$hold){
     //Check for usage limit hit
     if($dailyLim>$d && $monthlyLim>$m && $galleryLim > $g){
       // The actual uploading
       if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
          $res = mysql_query($add) or die(mysql_error());
          header("Location: trancer.php");
       } else {
          print "Possible file upload attack!  Here's some debugging info:\n";
          print_r($_FILES);
       }
     }else{
        echo "You can`t exceed your upload limit. View <a href='manual.php'>the manual</a> for more information.";
     }
   }else{
      echo "You're on suspension. Please talk to an administrator.";
   }
}else{
   echo "Invalid file extension. Please only upload .jpg, .png or .gif files. Thank You.";
} 
mysql_close($con);

//redirect
header("Location: uploadechos.php");

//-----upload.php
?>
uploadechos.php

Code: [Select]

<?php
include("dbcon.php");
include("func.php");
require_once "auth.php";
require_once "includes/defines.php";

$log = $_SESSION['sess_name'];

   $_SESSION['echos'] = $echos = $echos + 10;
   mysql_query("UPDATE userdata SET echo_count = $echos WHERE login = '".$log."' ") or die(mysql_error());
   
header("Location: trancer.php");
?>
auth.php

Code: [Select]

<?php
//======================================================
// Auth routines
// (c) 2006 Joao Pinheiro
//======================================================
  // Defines
 
  DEFINE('SESSION_MAGIC','sadhjasklsad2342');

  // Initialization
  @session_start();
  @ob_start();
  
 
    /*
      Redirects to another page
    */
    function Redirect($to) {

   @session_write_close();
   @ob_end_clean();
   @header("Location: $to");
    } 
 
     /*
        Deletes existing session
    */
function RemoveSession() {
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
   @setcookie(session_name(), '', time()-42000, '/');
}
}
    
/*
  Checks if user is logged in
*/ 
function isLoggedIn() {

return(isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC));
}

    /*
      Terminates an existing session
    */
    function Logout() {
    @RemoveSession();
    @session_destroy();
    }
 
    /* 
      read message count
    */
    function CountMessages($id) {
    
   if ($res=mysql_query("SELECT * FROM messagedata WHERE recBoxID=$id AND isNew=1"))
   {
   $count=mysql_num_rows($res);
   mysql_free_result($res);    
   return($count);
   }
   return 0; 
    }
    
    /*
      Go login go!
    */
    function Login($username,$password) {
   
    global $nmsg, $rows;
   
   $ok=false;
   if ($res=mysql_query("SELECT id,level,mailNum, echo_count, status, isHold, guildLim, adult FROM userdata WHERE login='$username' AND password='$password'"))
   {
   if ($rows=mysql_fetch_row($res)) {
    $_SESSION['sess_name'] = $username;
$_SESSION['pass'] = $password;
$_SESSION['gal'] = $rows[0];
$_SESSION['mail'] = $rows[2];
$_SESSION['level2'] = $rows[1];
$_SESSION['echos'] = $rows[3];
$_SESSION['status'] = $rows[4];
$_SESSION['suspend'] = $rows[5];
$_SESSION['guildnum'] = $rows[6];
$_SESSION['adult'] = $rows[7];
    $_SESSION['magic'] = SESSION_MAGIC;
    $_SESSION['rows'] = $rows; /* stupid stupid hack */
    $nmsg = CountMessages($rows[0]);
    $ok=true;
   } else {
   include('login_failed.php');
   }
   mysql_free_result($res);
   }
   return($ok);
   }

    /*
      Escape array using mysql
    */   
function Escape(&$arr)
{
 if (Count($arr)>0) {
    foreach($arr as $k => $v) {
        if (is_array($v)) {
            Escape($arr[$k]);
        }
        else {
            if (function_exists('get_magic_quotes')) {
                if(!get_magic_quotes_gpc()) {
                    $arr[$k] = stripslashes($v);
                }
            }
            $arr[$k] = mysql_real_escape_string($v);
        }
   }
      }
}

// -----------------------------------------------    
// Main
// -----------------------------------------------    

   Escape($_POST);
   Escape($_GET);
   Escape($_COOKIE);
   Escape($_REQUEST);
   Escape($_GLOBALS);
   Escape($_SERVER);
   
?>




The Store`s Files

product_add.php

Code: [Select]

<?php
//Date: August 26 2007
//For: A Place for Pets
//Description: Add a Product

include("dbcon.php");
require_once "auth.php";
require_once "includes/defines.php";

$Title = "A Place for Pets: Admin Panel: Add a Product";

require_once "header.php";
require_once "hidestatus.php";

 if (!isLoggedIn()) {
Redirect("index.php");
 }
 
$lev=$_SESSION['level2'];
$log=$_SESSION['gal'];
?>

<table width=100% border=0 cellpadding=0><? //1
?>
<tr>
<td width=20% valign=top>
<? require_once "navbar.php"; ?>
<td>
<td>
<td>
<td width=80% valign=top>
<?php
   if( $lev > 8){
?>
<table border=0 width=100% bgcolor="<? echo $outline; ?>"><? //2
?>
<tr>
<td bgcolor="<? echo $head; ?>"><font color="<? echo $font1; ?>"><b>Admin Panel: Add a Product</b></font>
</table> <? //2
?>
<?php
if( $suspend < 1){
?>
<form enctype="multipart/form-data" action="upload.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="3000000" />
<b>Image File:</b>
<br><input name="userfile" style="font-size: 13px; background-color: #000000; border: 0px;" type="file" />
 <input type=hidden name="l" value="<? echo rtrim($log) ?>">
<p>
<b>Title:</b>
<br><input type=text name="n" size=50 maxlength=150>
<p>
<b>Description:</b>
<br><textarea name="t" cols=80 rows=5 style="border: 0px; background-color:#000000; color: #B6ABCE;"></textarea>
<p>
<b>Select a Category:</b>
<br><select name="cat" style="border: 0px; background-color:#000000; color: #B6ABCE;">
<?
  $res = mysql_query("SELECT id, name FROM imagecats ORDER BY name ASC");
  while ( $cat = mysql_fetch_row($res) ){
     echo "<option value='$cat[0]'>$cat[1]</option>";
  }
?>
 </select>
<p>
<b>Literature:</b>
<br><textarea name="s" cols=80 rows=5 style="border: 0px; background-color:#000000; color: #B6ABCE;"></textarea>
<p>
<b>Keywords:</b>
<br><input type=text name="key" size=50 maxlength=255>
<p>
<input type="submit" value="Upload Trance" /></form>
<?php
}
else {
if( $suspend > 0){
echo "Sorry, your account is on suspension. You must wait until suspension expires before you can access this.";
}
}
?>
<?
}
?>
</table><? //1
?>

<? require_once "footer.php"; ?>
upload.php

Code: [Select]

<?php session_start();
include("dbcon.php");
include("auth.php");

//Date: August 26 2007
//For: A Place for Pets
//Description: Upload a new trance

$log=$l;

//Get the users upload limits
$res=mysql_query("SELECT dLim, mLim, gLim, isHold, id FROM userdata WHERE login='$log'");
$rows = mysql_fetch_row($res);
$dailyLim=$rows[0];
$monthlyLim=$rows[1];
$galleryLim=$rows[2];
$hold=$rows[3];
$gall = $rows[4];
mysql_free_result($res);

//Decide where the file is going
if ( $temp ){   
   $uploaddir = 'gallery/$lname/';
}else{
   $uploaddir = "gallery/$log/";
}
$file=$_FILES['userfile']['name'];
$uploadfile = $uploaddir . $file;
$uploadthumb = "thumbs/" . $file;

//The add query
$entry_date = strftime("%B\ %e\,\ %Y %H:%M:%S", time());
$add="INSERT INTO image ( name, description, gallNum, URL, thumbURL, rating, numRates, addDate, cat, literature, keyw ) VALUES ( '$n', '$t', $gall, '$uploadfile', '$uploadthumb', 0, 0, '$entry_date', $cat, '$s', '$key' )";

//The users current upload usage on the system
$daily="SELECT COUNT(*) from image WHERE addDate=NOW() AND gallNum=$gall";
$res=mysql_query($daily);
$temp = mysql_fetch_row($res);
$d = $temp[0];
mysql_free_result($res);
$monthly="SELECT COUNT(*) from image WHERE MONTH(addDate)=MONTH(NOW()) AND YEAR(addDate)=YEAR(NOW()) AND gallNum=$gall";
$res=mysql_query($monthly);
$temp = mysql_fetch_row($res);
$m = $temp[0];
mysql_free_result($res);
$gallery="SELECT COUNT(*) from image WHERE gallNum=$gall";
$res=mysql_query($gallery);
$temp = mysql_fetch_row($res);
$g = $temp[0];
mysql_free_result($res);
$exten=split('\.',$file);

//Check for file restrictions
if($exten[1]=="jpg"||$exten[1]=="jpeg"||$exten[1]=="gif"||$exten[1]=="JPG"||$exten[1]=="JPEG"||$exten[1]=="GIF"||$exten[1]=="png"||$exten[1]=="PNG"){
   //Check for suspension
   if(!$hold){
     //Check for usage limit hit
     if($dailyLim>$d && $monthlyLim>$m && $galleryLim > $g){
       // The actual uploading
       if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
          $res = mysql_query($add) or die(mysql_error());
          header("Location: index.php");
       } else {
          print "Possible file upload attack!  Here's some debugging info:\n";
          print_r($_FILES);
       }
     }else{
        echo "You can`t exceed your upload limit.";
     }
   }else{
      echo "You're on suspension. Please talk to an administrator.";
   }
}else{
   echo "Invalid file extension. Please only upload .jpg, .png or .gif files.";
} 
mysql_close($con);

//redirect
header("Location: product_add.php");
?>
auth.php

Code: [Select]

<?php
//======================================================
// Auth routines
// (c) 2006 Joao Pinheiro
//======================================================
  // Defines
 
  DEFINE('SESSION_MAGIC','sadhjasklsad2342');

  // Initialization
  @session_start();
  @ob_start();
  
 
    /*
      Redirects to another page
    */
    function Redirect($to) {

   @session_write_close();
   @ob_end_clean();
   @header("Location: $to");
    } 
 
     /*
        Deletes existing session
    */
function RemoveSession() {
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
   @setcookie(session_name(), '', time()-42000, '/');
}
}
    
/*
  Checks if user is logged in
*/ 
function isLoggedIn() {

return(isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC));
}

    /*
      Terminates an existing session
    */
    function Logout() {
    @RemoveSession();
    @session_destroy();
    }
 
    /* 
      read message count
    */
    function CountMessages($id) {
    
   if ($res=mysql_query("SELECT * FROM messagedata WHERE recBoxID=$id AND isNew=1"))
   {
   $count=mysql_num_rows($res);
   mysql_free_result($res);    
   return($count);
   }
   return 0; 
    }
    
    /*
      Go login go!
    */
    function Login($username,$password) {
   
    global $nmsg, $rows;
   
   $ok=false;
   if ($res=mysql_query("SELECT id,level,mailNum, echo_count, isHold FROM userdata WHERE login='$username' AND password='$password'"))
   {
   if ($rows=mysql_fetch_row($res)) {
    $_SESSION['sess_name'] = $username;
$_SESSION['pass'] = $password;
$_SESSION['gal'] = $rows[0];
$_SESSION['mail'] = $rows[2];
$_SESSION['level2'] = $rows[1];
$_SESSION['echos'] = $rows[3];
$_SESSION['suspend'] = $rows[4];
    $_SESSION['magic'] = SESSION_MAGIC;
    $_SESSION['rows'] = $rows; /* stupid stupid hack */
    $nmsg = CountMessages($rows[0]);
    $ok=true;
   } else {
   include('login_failed.php');
   }
   mysql_free_result($res);
   }
   return($ok);
   }

    /*
      Escape array using mysql
    */   
function Escape(&$arr)
{
 if (Count($arr)>0) {
    foreach($arr as $k => $v) {
        if (is_array($v)) {
            Escape($arr[$k]);
        }
        else {
            if (function_exists('get_magic_quotes')) {
                if(!get_magic_quotes_gpc()) {
                    $arr[$k] = stripslashes($v);
                }
            }
            $arr[$k] = mysql_real_escape_string($v);
        }
   }
      }
}

// -----------------------------------------------    
// Main
// -----------------------------------------------    

   Escape($_POST);
   Escape($_GET);
   Escape($_COOKIE);
   Escape($_REQUEST);
   Escape($_GLOBALS);
   Escape($_SERVER);
   
?>
I just don`t get it. I`ve been trying many different ways to get the store to upload files to the server and add the information into the database. The databases of the art gallery and the store both have mirrored userdata and mirrored image and mirrored catimages tables. I`ve been fighting this for a couple weeks now.

[BlueSkyIS]

"Why doesn`t the store`s codes work?"

What doesn't work? What errors are you seeing?

[djfox]

There are no errors.

It`s not working by it is not loading the file and it is not inserting the information into the database.

[AdRock]

maybe a stupid question, but have you created a directory for the images to be uploaded to and set the permissions?

[djfox]

maybe a stupid question, but have you created a directory for the images to be uploaded to and set the permissions?

Yep.

[AndyB]

Realistically, nobody's going to wade through tons of code to find out why it "doesn't work".  The best you could hope for is someone spotting a random potential problem.  For example, in upload.php the querystring $add is defined but never executed.

Debug your code by liberal use of echo statements to track progress and variable values.  Restructure queries so that you can echo the actual querystrings, etc.

[djfox]

Realistically, nobody's going to wade through tons of code to find out why it "doesn't work".  The best you could hope for is someone spotting a random potential problem.  For example, in upload.php the querystring $add is defined but never executed.

Debug your code by liberal use of echo statements to track progress and variable values.  Restructure queries so that you can echo the actual querystrings, etc.

Well, I certainly didn`t expect any split second answers. As for the $add being executed, it is executed:

Code: [Select]

if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
          $res = mysql_query($add) or die(mysql_error());
          header("Location: index.php");
       }


[BlueSkyIS]

"Debug your code by liberal use of echo statements to track progress and variable values.  Restructure queries so that you can echo the actual querystrings, etc."