1. Do I need a session_id for the upload to work? How is it involved with my upload.php? I already started a session on all my pages to deal with user logins so will starting a session on the upload.php will that interfere?
2. How do you pass the file information to your upload.php? I assume it is through the post_params but it does not seem to be working since the file progress is shown but the upload does not go through to upload.php since there are no errors and the file is not saved.
See my scripts if you need to, to give you an idea of what I tried to do
This is my initializer (see post_params)
Code: Select all
<script type="text/javascript">
var swfu;
SWFUpload.onload = function () {
var settings = {
flash_url : "../progressbar/swfupload/swfupload.swf",
upload_url: "../progressbar/upload.php",
post_params: {
"PHPSESSID" : "<?php echo session_id(); ?>",
"Filedata" : "Filedata",
"#username" : "username",
"#selection" : "selection"
},
file_size_limit : "100 MB",
file_types : "*.*",
file_types_description : "All Files",
file_upload_limit : 100,
file_queue_limit : 0,
custom_settings : {
progressTarget : "fsUploadProgress",
cancelButtonId : "btnCancel"
},
debug: false,
// Button Settings
button_image_url : "../progressbar/swfupload/XPButtonUploadText_61x22.png",
button_placeholder_id : "spanButtonPlaceholder",
button_width: 61,
button_height: 22,
// The event handler functions are defined in handlers.js
swfupload_loaded_handler : swfUploadLoaded,
file_queued_handler : fileQueued,
file_queue_error_handler : fileQueueError,
file_dialog_complete_handler : fileDialogComplete,
upload_start_handler : uploadStart,
upload_progress_handler : uploadProgress,
upload_error_handler : uploadError,
upload_success_handler : uploadSuccess,
upload_complete_handler : uploadComplete,
queue_complete_handler : queueComplete, // Queue plugin event
// SWFObject settings
minimum_flash_version : "9.0.28",
swfupload_pre_load_handler : swfUploadPreLoad,
swfupload_load_failed_handler : swfUploadLoadFailed
};
swfu = new SWFUpload(settings);
}
</script>Code: Select all
<input type="hidden" name="username" id="username" value="<?php echo $session->username; ?>" />
<span id="spanButtonPlaceholder"></span>
<select name="selection" id="selection">
<option value="1">Chat Image</option>
<option value="2">MP3</option>
<option value="3">Change User Image</option>
</select>Code: Select all
if($_POST["selection"]==3){
$username=$_POST["username"];
# edit #
$maxwidth = 1024;
$maxheight = 1024;
$max_filesize = 1024000;
$uploads = "../usercontent/$username/images";
$types_array = array('image/gif','image/jpeg','image/x-png', 'image/jpg');
# end edit #
if($_FILES['Filedata']['name'] == "")
{
echo"<script>
alert(\"Please select a file to upload!\");
</script>";
return;
}
if (!getimagesize($_FILES['Filedata']['tmp_name'])){
echo"<script>
alert(\"That file type is not allowed!\");
</script>";
return;
}
$blacklist = array(".php", ".phtml", ".php3", ".php4", ".js", ".shtml", ".pl" ,".py");
foreach ($blacklist as $item) {
if(preg_match("/$item\$/i", $_FILES['Filedata']['name'])) {
echo "We do not allow uploading of this type of file\n";
echo"<script>
alert(\"We do not allow uploading of this type of file. Your account has been flagged!\");
</script>";
return;
}
}
$max_filesize_kb = ($max_filesize / 1024);
if($_FILES['Filedata']['size'] > $max_filesize_kb)
{
echo"<script>
alert(\"Your file is too large it must be.$max_filesize_kb\");
</script>";
return;
}
$imagesize = getimagesize($_FILES['Filedata']['tmp_name']);
$imagewidth = $imagesize[0];
$imageheight = $imagesize[1];
if($imagewidth > $maxwidth || $imageheight > $maxheight)
{
echo"<script>
alert(\"The resolution is too large files may be up to ".$maxwidth."px x ".$maxheight."px in size\n\");
</script>";
}
/*check for image*/
$checkimage="SELECT * FROM images WHERE username='$username'";
$queryimage=mysql_query($checkimage) or die('Error, select query failed');
while ($row = mysql_fetch_assoc($queryimage)) {
$image=$row['image'];
}
$myFile = "../usercontent/$username/images/$image";
$fh = fopen($myFile, 'w') or die("can't open file");
fclose($fh);
unlink($myFile);
/*insert into database*/
$image1=urlencode($_FILES['Filedata']['name']);
$second_query = "UPDATE images SET image='$image1'
WHERE username='$username'";
mysql_query($second_query) or die('Error, insert query failed');
/*copy file*/
move_uploaded_file($_FILES['Filedata']['tmp_name'], $uploads.'/'.urlencode($_FILES['file']['name']))
or die ("Couldn't upload ".$_FILES['Filedata']['name']."\n");
echo"<script>
alert(\"File uploaded Refresh the page to view it\");
</script>";
return;
}