[RESOLVED] Upload picture

**diablo21** · Jan 6th, 2014, 12:39 PM

hello,
can someone help me to put upload picture + secure method for this registration and what table in database should i create in mssql 2000 to read pictures?

register.php

Code:

<? if (eregi("modules/", $_SERVER['SCRIPT_NAME'])) { header("Location: ../?op=news"); } ?>
<?php
global $servername;
?>
<?php if(!isset($_POST['reg_accept'])) { echo"<tr><td>&nbsp;</td></tr>"; } else { register(); } ?>
<script language="Javascript"> 
function refresh_image(image){
tmp = new Date();
tmp = "?"+tmp.getTime() 
document.images["verify"].src = image+tmp 
}
 
function CountLeft(field, count, max) {
if (field.value.length > max)
field.value = field.value.substring(0, max);
else
count.value = max - field.value.length;
}
</script>
<script src="includes/javascript/chekname.js"></script>
<script src="includes/javascript/chekmail.js"></script>
<script type="text/javascript" src="includes/javascript/rules.js"></script>
<form action='' name='' method='post'>
<table align='center' class='sort-table' cellspacing='0' cellpadding='0' width='500'>

<tr><td colspan='2' align='center' class=asd><? echo $servername;?> :: Register</td></tr>
<tr>
<td align='left'>UserName:</td>
</tr>
<tr class='even'>
<td align='center'><input type='text' name='reg_account' size='25' id='reg_account' maxLength='10' class='login' onblur='showHint(this.value)' ></td>
<td align='center'>(4-10 Alpha-Numeric Characters)</td>
</tr>
<tr>
<td align='left'>Password:</td>
</tr>
<tr class='even'>
<td align='center'><input type='password' id='reg_password' name='reg_password' size='25'  maxLength='10' class='login' onKeyDown='CountLeft(this.form.password,this.form.pass,10);'
onKeyUp='CountLeft(this.form.password,this.form.pass,10);'></td>
<td align='center'>(4-10 Alpha-Numeric Characters)</td>
</tr>
<tr>
<td align='left'>Repeat The Password:</td>
</tr>
<tr class='even'>
<td align='center'><input type='password' id='reg_password' name='reg_repassword' size='25'  maxLength='10' class='login' onKeyDown='CountLeft(this.form.repassword,this.form.repass,10);'
onKeyUp='CountLeft(this.form.repassword,this.form.repass,10);'></td>
<td align='center'>(4-10 Alpha-Numeric Characters)</td>
</tr>
<tr>
<td align='left'>E-Mail Address:</td>
</tr>
<tr class='even'>
<td align='center'><input type='text' id='reg_mail' name='reg_mail' size='25'maxLength='40' class='login' onblur='showMail(this.value)' ></td>
<td align='center'>(Example, name@domain.com)</td>
</tr>
<tr>
<td align='left'>Secret Question:</td>
</tr>
<tr class='even'>
<td align='center'><input type='text' id='reg_question' name='reg_question' size='25' maxLength='15' class='login' onKeyDown='CountLeft(this.form.question,this.form.questiona,15);'
onKeyUp='CountLeft(this.form.question,this.form.questiona,15);'></td>
<td align='center'>(No Spaces)</td>
</tr>
<tr>
<td align='left'>Secret Answer:</td>
</tr>
<tr class='even'>
<td align='center'><input type='text' id='reg_answer' name='reg_answer' size='25' maxLength='15' class='login' onKeyDown='CountLeft(this.form.answer,this.form.answera,15);'
onKeyUp='CountLeft(this.form.answer,this.form.answera,15);'></td>
<td align='center'>(No Spaces)</td>
</tr>
<tr bgcolor='#000000'>
<td align='left' colspan='4'>
<b><font color=#40BFE7>Enter letters and numbers below. Can't read the letters and numbers below ?</font></b>
<br>
<center>
<a href="javascript:refresh_image('includes/verify/verify.php');"> 
<img src='images/refresh.gif' border='0' /></a>
<br>
<img src='includes/verify/verify.php' name='verify' id='verify'> 
</center>
</td>
</tr>
<tr class='even'>
<td align='center'>
Type letters and numbers here:</td>
<td align='center'><input type='text' id='reg_code' name='reg_code' size='25' maxLength='6' class='login' ></td>
</tr>
<tr>
<td align='center' colspan='2'>
<input class='checkbox' type='checkbox' name='reg_agree' value='agree'>
<a onclick="rules('')">I agree with terms of <? echo $servername; ?></a>
</td></tr>
<tr><td align='center' colspan='2'>
<div id='showrules' style='display: none;'>
<table width="443" border="1" bordercolor="000000" style="border-collapse: collapse; border: 1px solid #000000"><tr><td bgcolor="#222222" align="center"><font color="#CCCCCC"> 
<br /><em><b><font color=#40BFE7><font class="full_title"><? echo $servername;?> Rules</font><br /> 
<br></br> 
<font color="#FFFFFF">1.</font> Using patches, hacks and other programs is not allowed!<br /> 
<br></br> 
<font color="#FFFFFF">2.</font> Advertising sites, forums and blogs is not allowed!<br /> 
<br></br> 
<font color="#FFFFFF">3.</font> Frauds in trading are not allowed! We are not responsible for stolen items.<br /> 
<br></br> 
<font color="#FFFFFF">4.</font> Sharing personal information (account, password secret answer & question) is not allowed! We are not responsible for stolen accounts.<br /> 
<br></br> 
<font color="#FFFFFF">5.</font> Breakdown of events organized by the administration is not allowed!<br /> 
<br></br> 
<font color="#FFFFFF">6.</font> Asking the administration for party, items, adding stats is not allowed!<br /> 
<br></br> 
<font color="#FFFFFF">7.</font> Using insults against other players is allowed. You may not use bad words against the administration and the server.</u></a>.<br /> 
<br></br> 
<font color="#FFFFFF">8.</font> Spaming on the global chat (/post) is not allowed!<br /> 
<br /> 
<font color="#FFFFFF">9.</font> Spots in arena are allowed only for BK,DL,ELF!</u></a>.<br /> 
<br /></br> 
<font color="#FFFFFF">10.</font> AFK is allowed everywhere.<br /> 
<br /></br> 
</td></tr></table>
</div>
</td></tr>
<tr class='even'>
<td align='center'><input type='submit' name='reg_accept' id='reg_accept' class='button' value='Register'></td>
<td align='center'><input type='reset' name='reset' class='button' value='reset'></td>
</tr>

</form>

function register:

Code:

function register()
{
$reg_account = secure($_POST['reg_account']);
$reg_password = secure($_POST['reg_password']);
$reg_repassword = secure($_POST['reg_repassword']);
$reg_mail = secure($_POST['reg_mail']);
$reg_question = secure($_POST['reg_question']);
$reg_answer = secure($_POST['reg_answer']);
$reg_code = secure($_POST['reg_code']);
$reg_agree = secure($_POST['reg_agree']);
$reg_time = date('Y-m-d H:i:s');

$acc_len = strlen($reg_account);
$pass_len = strlen($reg_password);
$ques_len = strlen($reg_question);
$answ_len = strlen($reg_answer);

check_inject();
global $md5;

$exists_accq = mssql_query("Select * from MEMB_INFO where memb___id='$reg_account'");
$exists_acc = mssql_num_rows($exists_accq);

$exists_mailq = mssql_query("Select * from MEMB_INFO where mail_addr='$reg_mail'");
$exists_mail = mssql_num_rows($exists_mailq);

if(empty($reg_account) or empty($reg_password) or empty($reg_repassword) or empty($reg_mail) or empty($reg_question) or empty($reg_answer) or empty($reg_code)) { echo"<tr><td align='center' class='modules'><span class=offline><b>Error:</b> You can not leave empty fields !</span></td></tr>"; $error=1; }
else{

if($acc_len < 4) { echo"<tr><td align='center' class='modules'><span class=offline><b>Error:</b> Account must be at least 4 symbols !</span></td></tr>"; $error=1; }
elseif($exists_acc != 0) { echo"<tr><td align='center' class='modules'><span class=offline><b>Error:</b> Another member has already registered with this account !</span></td></tr>"; $error=1; }

if($pass_len < 4) { echo"<tr><td align='center' class='modules'><span class=offline><b>Error:</b> Password must be at least 4 symbols !</span></td></tr>"; $error=1; }
elseif($reg_password != $reg_repassword) { echo"<tr><td align='center' class='modules'><span class=offline><b>Error:</b> Passwords did not match !</span></td></tr>"; $error=1; }

if(!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,6}$",$reg_mail) && count($_POST)>0 && count($reg_mail)<60) { echo"<tr><td align='center' class='modules'><span class=offline><b>Error:</b> Invalid email address! Only 0-9 a-z and @ and . and _ and - !</span></td></tr>"; $error=1; }
elseif($exists_mail != 0) { echo"<tr><td align='center' class='modules'><span class=offline><b>Error:</b> Another member has already registered with this email !</span></td></tr>"; $error=1; }

if($ques_len < 4) { echo"<tr><td align='center' class='modules'><span class=offline><b>Error:</b> Question must be at least 4 symbols !</span></td></tr>"; $error=1; }
if($answ_len < 4) { echo"<tr><td align='center' class='modules'><span class=offline><b>Error:</b> Answer must be at least 4 symbols !</span></td></tr>"; $error=1; }
if(md5($reg_code) != $_SESSION['random_value']) { echo"<tr><td align='center' class='modules'><span class=offline><b>Error:</b> Please go back and write the code correctly !</span></td></tr>"; $error=1; }
if($reg_agree != agree) { echo"<tr><td align='center' class='modules'><span class=offline><b>Error:</b> You must agree with the terms !</span></td></tr>"; $error=1; }


if($error != 1) {
echo"<tr><td align='center' class='asd'><span class='online'>Account $reg_account successfuly created on $reg_time !</span></td></tr>";

$md5 = mssql_query("SELECT * FROM misc WHERE id=4");
$md5 = mssql_fetch_array($md5);
$md5 = $md5['misc'];
if($md5 == 0) {
$a = mssql_query("INSERT INTO MEMB_INFO (memb___id,memb__pwd,memb_name,sno__numb,mail_addr,appl_days,modi_days,out__days,true_days,mail_chek,bloc_code,ctl1_code,fpas_ques,fpas_answ) VALUES ('$reg_account','$reg_password','$servername','1','$reg_mail','$reg_time','$reg_time','$reg_time','$reg_time','1','0','0','$reg_question','$reg_answer')");
$b = mssql_query("INSERT INTO VI_CURR_INFO (ends_days,chek_code,used_time,memb___id,memb_name,memb_guid,sno__numb,Bill_Section,Bill_value,Bill_Hour,Surplus_Point,Surplus_Minute,Increase_Days ) VALUES ('2010','1',1234,'$reg_account','$reg_account',1,'7','6','3','6','6','$reg_time','0' )");
$c = mssql_query("INSERT INTO MEMB_CREDITS (memb___id,credits) VALUES ('$reg_acc','0')");
}
else
{
$a = mssql_query("INSERT INTO MEMB_INFO (memb___id,memb__pwd,memb_name,sno__numb,mail_addr,appl_days,modi_days,out__days,true_days,mail_chek,bloc_code,ctl1_code,fpas_ques,fpas_answ) VALUES ('$reg_account',md5($reg_password),'$servername','1','$reg_mail','$reg_time','$reg_time','$reg_time','$reg_time','1','0','0','$reg_question','$reg_answer')");
$c = mssql_query("INSERT INTO MEMB_CREDITS (memb___id,credits) VALUES ('$reg_acc','0')");
}
}}}

i want to make when register to upload picture to his account name
can someone help me?

**Pc Monk** · Jan 10th, 2014, 02:16 AM

well i didnt read your code since i was lazy..
but to show the button only when he is logged in you have to check if the session is set so it will be like this

PHP Code:


<?php

if(isset($_SESSION['user'])) {

?>

<input type="button" value="Upload" name="Upload" />

<?php

}

else{

?>

<h1> You have to login or signup to upload a photo </h1>



<?php

}

?>

btw, about the secure method try to check extention of the file that user is uploading by strlen and strrpos and avoid exe and bat

**diablo21** · Jan 10th, 2014, 03:42 PM

i make a javascript for upload is it good as secure

Code:

$(document).ready(function()
2
{
3
 
4
var options = {
5
 beforeSubmit: function()
6
 {
7
 // pre submit callback
8
 $("#progress").show();
9
 $("#result").html("");
10
 $("#percent").html("0%");
11
 },
12
 uploadProgress: function(event, position, total, percentComplete)
13
 {
14
 //during submission
15
 $("#bar").width(percentComplete+'%');
16
 $("#percent").html(percentComplete+'%');
17
 
18
 },
19
 success: function()
20
 {
21
 //post submit call back
22
 $("#progress-bar").addClass("progress progress-success progress-striped");
23
 $(".bar").css("width","100%");
24
 $(".percent").html('100%');
25
 
26
},
27
 complete: function(response)
28
 {
29
 
30
if(response.responseText=="Invalid File"){
31
 $("#progress-bar").hide();
32
 $("#result").html("<font color='red'>"+response.responseText+"</font>");}
33
 else{
34
 $("#progress-bar").show();
35
 $("#result").html(response.responseText);
36
 }
37
 
38
 },
39
 error: function()
40
 {
41
 $("#result").html("<font color='red'> ERROR: unable to upload files</font>");
42
 
43
}
44
 
45
};
46
 
47
$("#itform").ajaxForm(options);
48
 
49
});
50
// If File is not selected.
51
var file_selected = false;
52
function showNoFile() {
53
 if(!file_selected) {
54
 alert('No file selected!');
55
 return false;
56
 }
57
else{
58
return true;
59
}
60
}

and my upload.php

Code:

<style>
2
.sucess{
3
color:#088A08;
4
}
5
.error{
6
color:red;
7
}
8
</style>
9
 
10
<?php
11
$file_exts = array("jpg", "bmp", "jpeg", "gif", "png");
12
$upload_exts = end(explode(".", $_FILES["file"]["name"]));
13
if ((($_FILES["file"]["type"] == "image/gif")
14
|| ($_FILES["file"]["type"] == "image/jpeg")
15
|| ($_FILES["file"]["type"] == "image/png")
16
|| ($_FILES["file"]["type"] == "image/pjpeg"))
17
&& ($_FILES["file"]["size"] < 2000000)
18
&& in_array($upload_exts, $file_exts))
19
{
20
if ($_FILES["file"]["error"] > 0)
21
{
22
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
23
}
24
else
25
{
26
echo "Upload: " . $_FILES["file"]["name"] . "<br>";
27
echo "Type: " . $_FILES["file"]["type"] . "<br>";
28
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
29
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
30
// Enter your path to upload file here
31
if (file_exists("c:\wamp\www\upload/newupload/" .
32
$_FILES["file"]["name"]))
33
{
34
echo "<div class='error'>"."(".$_FILES["file"]["name"].")".
35
" already exists. "."</div>";
36
}
37
else
38
{
39
move_uploaded_file($_FILES["file"]["tmp_name"],
40
"c:\wamp\www\upload/newupload/" . $_FILES["file"]["name"]);
41
echo "<div class='sucess'>"."Stored in: " .
42
"c:\wamp\www\upload/newupload/" . $_FILES["file"]["name"]."</div>";
43
}
44
}
45
}
46
else
47
{
48
echo "<div class='error'>Invalid file</div>";
49
}
50
?>

**Nightwalker83** · Jan 11th, 2014, 03:12 AM

This is how I upload the file.

PHP Code:


$pName= 0;
$pPrice= 0;
$pImagePath= 0;
$pImageType= 0;
$sendfile= 0;
//connect to server or exit
require_once("conadmin.php");
//select database
if (mysql_select_db($dbDatabase, $conn)) {
}else {
die;
}
$query = "CREATE TABLE IF NOT EXISTS products
(productid varchar(20) not null primary key,
pPrice decimal (8,2), pImagePath varchar(100), pImageType varchar(100))";
if (mysql_query($query, $conn)) {
}else {
die;
}
        
if (isset($_POST['pName'], $_POST['pPrice'], $_POST['pImagePath'], $_POST['pImageType'])){
$pName=  mysql_real_escape_string($_POST['pName']);
$pPrice=  mysql_real_escape_string($_POST['pPrice']);
$pImagePath= mysql_real_escape_string($_POST['pImagePath']);
$pImageType= mysql_real_escape_string($_POST['pImageType']);

if (!(mysql_select_db($dbDatabase, $conn))){
echo '&result=db+selection+failed&';
exit;
}

if (!($result = mysql_query("SELECT * FROM products where productid= '$pName'"))){
echo '&result=query+failed&';
exit;
}
$num_results = mysql_num_rows($result);
if($num_results <= 0) {//product does not exist so insert
$insert = "insert into products (productid, pPrice, pImagePath, pImageType)
values('$pName','$pPrice', '$pImagePath', '$pImageType')";
if (mysql_query($insert, $conn))
echo "&result=the+product+'$pName'+has+been+successfully+added&";
else
echo '&result=the+insert+was+not+successful&';
}else {//update product
$update = "update products set pPrice='$pPrice', pImagePath='$pImagePath', pImageType='$pImageType' where productid='$pName'";
if (mysql_query($update, $conn)){
}else{
echo '&result=the+update+was+not+successful&';
}
}
}

$MAXIMUM_FILESIZE = 1024 * 200; // 200KB
$MAXIMUM_FILE_COUNT = 10; // keep maximum 10 files on server
//echo exif_imagetype($_FILES['Filedata']);
if (isset($_FILES['sendfile'])){
if (move_uploaded_file($_FILES['sendfile']['tmp_name'], "./temporary/".$_FILES['sendfile']['name'])){
echo "The file has been saved as: " .$_FILES['sendfile']['name'];
}else{
echo "Error! Could not upload file.";
}
}
?>

Also, if the thread is "Resolved" please mark it as such by selecting "Mark thread Resolved" from the "Thread Tools" drop down menu.

Thread: [RESOLVED] Upload picture

Thread Tools

Display

[RESOLVED] Upload picture

Re: Upload picture

Re: Upload picture

Re: Upload picture

Posting Permissions