Trying to make a user punbb gallery...

Goober · 2006-09-25 01:59

Goober
Member
Offline

From: USA
Registered: 2005-03-02
Posts: 46

Topic: Trying to make a user punbb gallery...

$_GET['id'] = $id;
    if (empty($id) || $id < 2) {
        message('Bad request.');
    }    

    if ($cookie['is_guest'] || $cur_user['id'] != $id && $cur_user['status'] < PUN_MOD) {
        message('You are not allowed to access this page.');
    }
    
    if (isset($_POST['form_sent']))
    {
        $uploaded_file = $_FILES['image'];
        
        // Make sure the upload went smooth
        switch ($_FILE['image']['error'])
        {
            case 1:    // UPLOAD_ERR_INI_SIZE
            case 2:    // UPLOAD_ERR_FORM_SIZE
                message('Too large.');
                break;

            case 3:    // UPLOAD_ERR_PARTIAL
                message('Partial upload.');
                break;

            case 4:    // UPLOAD_ERR_NO_FILE
                message('No file.');
                break;

            default:
                // No error occured, but was something actually uploaded?
                if ($_FILE['image']['size'] == 0)
                    message('No file');
                break;
        }
        
        if (is_uploaded_file($uploaded_file['tmp_name']))
        {
    
        $ok_filetypes = array('image/gif', 'image/jpg', 'image/jpeg', 'image/pjpeg', 'image/png', 'image/x-png');
        if (!$_FILES['image']['error'] && $_FILES['image']['size'] > $pun_config['o_avatars_size'] * 1024) {
            message('Sorry, but the attached file is too large. Please reduce the size of it\'s contents.'); // #err
        }
        
        $filename = (!$_FILES['image']['error'] ? substr(basename($_FILES['image']['name']), -30 ) : '');
        $x = strtolower(substr($_FILES['image']['name'], -3));
        if ($filename && !in_array($x, $ok_filetypes)) {
            message('Sorry, the filetype you have tried to upload is not allowed.');
        }

            $uniq = $id.'_'.substr(md5(uniqid(rand())), 0, 10);
            // This is line is commented for a reason 
            // $ext = strtolower( substr($_FILES['attached']['name'], -3));
            move_uploaded_file($_FILES['image']['tmp_name'], $pun_config['o_base_url'].'/members/images/'.$uniq);

            // Put the stuff in the db
            $db->query('INSERT INTO '.$db->prefix.'gallery (user_id, url, caption) VALUES(
            \''.addslashes($id).'\',
            \''.addslashes($uniq).'\',
            \''.addslashes($_POST['caption']).'\'
            )') or error('Unable to insert picture into db', __FILE__, __LINE__, $db->_error());
                                        
            redirect('profile.php?id='.$id, 'Your Picture has been added! Redirecting...');
            }

I get the message: "No File" whenever I try to upload an image but the problem is is that there is a file...Does anyone see an error in my syntax?

Smartys · 2006-09-25 02:01

Smartys
Former PunBB Developer
Offline

Registered: 2004-04-30
Posts: 7,844

Re: Trying to make a user punbb gallery...

Is enctype="multipart/form-data" in the <form> tag?
Without seeing the actual form for upload, it's harder to debug

Goober · 2006-09-25 02:03

Goober
Member
Offline

From: USA
Registered: 2005-03-02
Posts: 46

Re: Trying to make a user punbb gallery...

sorry...here's the complete code...and I do believe it is...

<?php
$pun_root = '../../';
require $pun_root.'include/common.php';

$_GET['id'] = $id;
    if (empty($id) || $id < 2) {
        message('Bad request.');
    }    

    if ($cookie['is_guest'] || $cur_user['id'] != $id && $cur_user['status'] < PUN_MOD) {
        message('You are not allowed to access this page.');
    }
    
    if (isset($_POST['form_sent']))
    {
        $uploaded_file = $_FILES['image'];
        
        // Make sure the upload went smooth
        switch ($_FILE['image']['error'])
        {
            case 1:    // UPLOAD_ERR_INI_SIZE
            case 2:    // UPLOAD_ERR_FORM_SIZE
                message('Too large.');
                break;

            case 3:    // UPLOAD_ERR_PARTIAL
                message('Partial upload.');
                break;

            case 4:    // UPLOAD_ERR_NO_FILE
                message('No file.');
                break;

            default:
                // No error occured, but was something actually uploaded?
                if ($_FILE['image']['size'] == 0)
                    message('No file');
                break;
        }
        
        if (is_uploaded_file($uploaded_file['tmp_name']))
        {
    
        $ok_filetypes = array('image/gif', 'image/jpg', 'image/jpeg', 'image/pjpeg', 'image/png', 'image/x-png');
        if (!$_FILES['image']['error'] && $_FILES['image']['size'] > $pun_config['o_avatars_size'] * 1024) {
            message('Sorry, but the attached file is too large. Please reduce the size of it\'s contents.'); // #err
        }
        
        $filename = (!$_FILES['image']['error'] ? substr(basename($_FILES['image']['name']), -30 ) : '');
        $x = strtolower(substr($_FILES['image']['name'], -3));
        if ($filename && !in_array($x, $ok_filetypes)) {
            message('Sorry, the filetype you have tried to upload is not allowed.');
        }

            $uniq = $id.'_'.substr(md5(uniqid(rand())), 0, 10);
            // This is line is commented for a reason 
            // $ext = strtolower( substr($_FILES['attached']['name'], -3));
            move_uploaded_file($_FILES['image']['tmp_name'], $pun_config['o_base_url'].'/members/images/'.$uniq);

            // Put the stuff in the db
            $db->query('INSERT INTO '.$db->prefix.'gallery (user_id, url, caption) VALUES(
            \''.addslashes($id).'\',
            \''.addslashes($uniq).'\',
            \''.addslashes($_POST['caption']).'\'
            )') or error('Unable to insert picture into db', __FILE__, __LINE__, $db->_error());
                                        
            redirect('profile.php?id='.$id, 'Your Picture has been added! Redirecting...');
            }
            
            } else {
            
require $pun_root.'header.php';
?>
    <form action="<?php echo $pun_root ?>members/images/upload.php?id=<?php echo $id ?>" method="POST" enctype="multipart/form-data">
    <input type="hidden" name="form_sent" value="1" />
    <input type='hidden' name='MAX_FILE_SIZE' value='614400' />
    <table cellpadding="4" cellspacing="1" class="main" width="420">
        <tr class="head">
            <td class="head"><b>Upload Image</b></td>
        </tr>
        <tr class="con1">
            <td style="padding-bottom:0px;">Upload an Image<br /><span class="small"><i>Images must be in JPEG, BMP, or GIF format and less than 512kb in size.</i></span></td>
        </tr>
        <tr class="con1">
            <td><input type="file" name="image" size="50" /></td>
        <tr class="con1">
            <td>
                <table cellspacing="0" cellpadding="0" width="100%">
                    <tr>
                        <td>
                            Add a Caption:
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <input type="text" name="caption" style="width:400px;" maxlength="216" />
                        </td>
                    </tr>
                </table>
            </td>
        </tr>
        <tr class="con1">
            <td align='right'><input type="submit" name="submit" class="button" value="Submit" /></td>
        </tr>
    </table>
    </form>
<?php 
require $pun_root.'footer.php';
}
?>

Smartys · 2006-09-25 02:05

Smartys
Former PunBB Developer
Offline

Registered: 2004-04-30
Posts: 7,844

Re: Trying to make a user punbb gallery...

What version of PunBB is this using?

Goober · 2006-09-25 02:06

Goober
Member
Offline

From: USA
Registered: 2005-03-02
Posts: 46

Re: Trying to make a user punbb gallery...

1.1.5

it's $cur_user instead of $pun_user

Smartys · 2006-09-25 02:07

Smartys
Former PunBB Developer
Offline

Registered: 2004-04-30
Posts: 7,844

Re: Trying to make a user punbb gallery...

Aha, that explains quite a bit
Figure out which No file message you're actually getting

Goober · 2006-09-25 02:09

Goober
Member
Offline

From: USA
Registered: 2005-03-02
Posts: 46

Re: Trying to make a user punbb gallery...

2nd one...

Smartys · 2006-09-25 02:10

Smartys
Former PunBB Developer
Offline

Registered: 2004-04-30
Posts: 7,844

Re: Trying to make a user punbb gallery...

Oh, and I feel obligated to say "Upgrade to 1.2.12! 1.1.15 is old and may have security issues"

Goober · 2006-09-25 02:17

Goober
Member
Offline

From: USA
Registered: 2005-03-02
Posts: 46

Re: Trying to make a user punbb gallery...

Sometimes older is better...

Smartys · 2006-09-25 10:35

Smartys
Former PunBB Developer
Offline

Registered: 2004-04-30
Posts: 7,844

Re: Trying to make a user punbb gallery...

And sometimes older in its released form is vulnerable to SQL injects

Trying to make a user punbb gallery...

Posts: 10

1 Topic by Goober 2006-09-25 01:59

Topic: Trying to make a user punbb gallery...

2 Reply by Smartys 2006-09-25 02:01 (edited by Smartys 2006-09-25 02:05)

Re: Trying to make a user punbb gallery...

3 Reply by Goober 2006-09-25 02:03

Re: Trying to make a user punbb gallery...

4 Reply by Smartys 2006-09-25 02:05

Re: Trying to make a user punbb gallery...

5 Reply by Goober 2006-09-25 02:06

Re: Trying to make a user punbb gallery...

6 Reply by Smartys 2006-09-25 02:07

Re: Trying to make a user punbb gallery...

7 Reply by Goober 2006-09-25 02:09

Re: Trying to make a user punbb gallery...

8 Reply by Smartys 2006-09-25 02:10

Re: Trying to make a user punbb gallery...

9 Reply by Goober 2006-09-25 02:17

Re: Trying to make a user punbb gallery...

10 Reply by Smartys 2006-09-25 10:35

Re: Trying to make a user punbb gallery...

Posts: 10