In my profile, something with slashes comes back as
I'll have a proper go at some h4x tonight with my tools (I'm at college atm)<script>alert(\'hello\');</script>
Moderator: General Moderators
I'll have a proper go at some h4x tonight with my tools (I'm at college atm)<script>alert(\'hello\');</script>
Good idea - drop down menus and check boxes.jackpf wrote:Yeah, it's pretty cool.
Oh right. I was just thinking, why not have a select box to allow the user to select the gallery they want to upload to rather than seperate forms?
I think you should do the same for profile editing as well...rather than having a seperate submit button for each field, just have one.
Anyway, cool. Good luck. I'll have a go at hacking your uploads as well if you want (when you're done)
Code: Select all
mkdir("members/$id", 0755);
mkdir("members/$id"/images, 0755);
Code: Select all
<?php
session_start();
if(isset($_GET['id']) || isset($_POST['id']));
else if (isset($_SESSION['id'])) {
$id = $_SESSION['id'];
} else {
// the page to send them to if they are NOT logged in
include_once "index.php";
exit();
}
?>
<?php
include 'uploads/doresize.php';
define ("MAX_SIZE","100");
function getExtension($str) {
$i = strrpos($str,".");
if (!$i) { return ""; }
$l = strlen($str) - $i;
$ext = substr($str,$i+1,$l);
return $ext;
}
$errors=0;
if(isset($_POST['Submit']))
{
$image=$_FILES['image']['name'];
if ($image)
{
$filename = stripslashes($_FILES['image']['name']);
$extension = getExtension($filename);
$extension = strtolower($extension);
if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif"))
{exit("Upload failed.<BR>Unacceptable file type.<br. Use only jpg, jpeg, png or fig formats");
echo '<h1>Only try to upload .jpg, .jpeg, .png and .gif files!</h1>';
$errors=1;
}
else
{
$size=filesize($_FILES['image']['tmp_name']);
if ($size > MAX_SIZE*1024)
{exit("Upload failed.<BR>Your file has exceeded the size limit of 220kb");
echo '<h1>You have exceeded the size limit!</h1>';
$errors=1;
}
$groovy = sizeof(glob("/members/$id/images/*"));
$groovy = ++$groovy;
print $groovy;
$image_name=$groovy.'.'.$extension;
$newname="".$image_name;
$copied = copy($_FILES['image']['tmp_name'], $newname);
if (!$copied)
{
echo '<h1>Copy unsuccessfull!</h1>';
$errors=1;
}
}
}
}
if(isset($_POST['Submit']) && !$errors)
{
echo "<h1>File Uploaded Successfully!</h1>";
}
// NOW make the resize call!
img_resize ($_FILES [ 'image'] [ 'name'], $_FILES [ 'image'] [ 'tmp_name'], 537, $newname);
// Now make an array of the contents of the directory "landscapes"
$array = glob('members/$id/images/*');
// write the .txt file with the new array
$myFile = "landscapes.txt";
$fh = fopen($myFile, 'w+') or die("can't open file");
$stringData = "arse=images/".implode(",images/",$array);
fwrite($fh, $stringData);
fclose($fh);
// APPEND the .txt fil with the total image number
$myFile = "landscapes.txt";
$fh = fopen($myFile, 'a+') or die("can't open file");
$stringData = "&totalimgs=".$groovy;
fwrite($fh, $stringData);
fclose($fh);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Member Upload</title>
<link href="styles/main.css" rel="stylesheet" type="text/css" />
<link rel="icon" href="http://www.shutterbugclub.com/favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="http://www.shutterbugclub.com/favicon.ico" type="image/x-icon" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<?php include_once "header_template.php"; ?>
<br>
<br>
<br>
<br>
<table width="975" height="366" border="0" align="center">
<td width="44%" height="328"><div align="center">
<table width="100%" height="270" border="0">
<tr>
<td height="322"><div align="center">
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,29,0" width="426" height="320">
<param name="movie" value="images/required_site_pics/uploadBlurb.swf">
<param name="quality" value="high">
<embed src="images/required_site_pics/uploadBlurb.swf" quality="high" pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash" width="426" height="320"></embed>
</object>
</div></td>
</tr>
</table>
</div> </td>
<td width="56%" rowspan="2">
<div align="center"><?php include_once "showpics.php"; ?></div></td>
</tr> <tr>
<td height="32"><form action="" method="post" enctype="multipart/form-data" name="form1">
<table width="70%" border="0" align="center">
<tr>
<td><div align="center">
<input name="file" type="file" size="0" maxlength="0">
</div></td>
<td><div align="center">
<select name="select">
<option selected>Choose Gallery</option>
<option value="dayone">Day One Digital</option>
<option value="portraits">Portraits</option>
<option value="landscapes">Landscapes</option>
<option value="speed">Freeze it !</option>
<option value="events">I was there</option>
<option value="candid">Street / Candid</option>
<option value="travel">Far Far Away</option>
</select>
</div></td>
<td><div align="center">
<input type="submit" name="Submit" value="Go">
</div></td>
</tr>
</table>
</form></td>
</tr>
</table>
<p>
<?php include_once "footer_template.php"; ?>
</p>
<p> </p>
</body>
</html>
This sounds like the best solution - but a headache to learn !jackpf wrote:Well, personally, I would have one directory for uploads. I'd then have a record in the database for each photo, specifying what album it's in...who owns it...etc.
That way, they can be easily organised...easily deleted/managed etc...
That's just how I'd do it anyway. You could actually have a blob field as well, and store the image itself in the database. But...that could put a bit of strain on the db server if you have a lot of users.
And I'm afraid I don't know much about flash...so I can't help you there.