Error

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
almossaid
Forum Newbie
Posts: 13
Joined: Sat Feb 25, 2012 11:27 am

Error

Post by almossaid »

Hi everybody!
Need help please, My problem is:
When I want to change my profile picture I ´ll get this error
Notice: Undefined index: type in /customers/e/b/9/mode.com/httpd.www/mode/changepic.php on line 39 Notice: Undefined index: type in /customers/e/b/9/mode.com/httpd.www/mode/changepic.php on line 43

Notice: Undefined index: type in /customers/e/b/9/mode.com/httpd.www/mode/changepic.php on line 58 Notice: Undefined index: type in /customers/e/b/9/mode.com/httpd.www/mode/changepic.php on line 61

Code: Select all

<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
if(!isset($_SESSION))
{
session_start();
}  
require_once "config.php";
$link = mysql_connect("$host", "$user", "$password")
          or die ("Could not connect to MySQL");
        	   mysql_select_db ("$db")
          or die ("Could not select database");
//-------------------------------- REsize Image	 
          if ($_FILES['image']['name']!='' ){
		  	$myFile =$_POST['add'];
       #  unlink($myFile);
          

              $imagename = mt_rand(0, 999).$_FILES['image']['name'];
              $source = $_FILES['image']['tmp_name'];
              $target = "upload/".$imagename;
              move_uploaded_file($source, $target);
 
              $imagepath = $imagename;
              $save = "upload/" . $imagepath; //This is the new file you saving
              $file = "upload/" . $imagepath; //This is the original file
 
              list($width, $height) = getimagesize($file) ; 
 
              $modwidth = 80; 
              $modheight = 120; 
              $tn = imagecreatetruecolor($modwidth, $modheight) ; 
              $image = imagecreatefromjpeg($file) ; 
              imagecopyresampled($tn, $image, 0, 0, 0, 0, $modwidth, $modheight, $width, $height) ; 
 
              imagejpeg($tn, $save, 100) ; 
 
				$pic='upload/'. basename($imagepath);
<line 39 ................. >	if($_SESSION['type']==1){
			echo "<script language=\"javascript\" type=\"text/javascript\">
             var URL= 'mcontrol.php?m=1&image=$pic'
              window.location.href = URL;
<line 42 ............................></script>";}elseif($_SESSION['type']==2){
			 echo "<script language=\"javascript\" type=\"text/javascript\">
             var URL= 'pcontrol.php?p=1&image=$pic'
              window.location.href = URL;
		     </script>";
			 }

		     }else{ $pic='images/nopic.jpg';}  
//----------------------------------------- End Resize Image 
?>
<html>
<body>
<p style="background:#F4F4F4; font-family:Verdana, Arial,sans-serif ; font-size:16px; font-weight:bold; color: #173948">Ladda upp bilder</p>
<div  id="container">
         <?php 
<line 58 ..................... > if($_SESSION['type']==1){
                   $sql=mysql_query("SELECT `image` FROM `registermodel` WHERE `username`='$_SESSION[username]' LIMIT 1");
                     while($row=mysql_fetch_array($sql)){$img=$row['image'];}
<line 61 ......................> }elseif($_SESSION['type']==2){
                                     $sql=mysql_query("SELECT `image` FROM `registerphotograph` WHERE `username`='$_SESSION[username]' LIMIT 1");
                      while($row=mysql_fetch_array($sql)){$img=$row['image'];}
}
?>
<form action="changepic.php" method="post" name="form1" enctype="multipart/form-data" >
<table width="450">
  <tr>
    <td width="120" ><span style=" font-family:Verdana, Arial,sans-serif ; font-size:12px; font-weight:bold; color: #173948"><span id="result_box" lang="sv">Infoga bild</span> :</span></td>
    <td  align="left" ><input type="file" name="image" size="30" />  <input type="hidden" value=" <?php echo $img ?>" name="add" />
</td>
  </tr>
  <tr height="40"><td colspan="2" align="center"><input type="submit" value="Edit Photo"   /></td></tr>
</table>
</form>

</body>
</html>



User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Error

Post by requinix »

There is no $_SESSION information. Either change your code so that it works if that information is missing or fix the bug where your code requires it to be set but it isn't.
almossaid
Forum Newbie
Posts: 13
Joined: Sat Feb 25, 2012 11:27 am

Problem is SOLVED

Post by almossaid »

Hi
The Problem is solved
thank you
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: Error

Post by Mordred »

This code looks extremely insecure - it blindly accepts the user-supplied filename and puts it on the server - if the upload/ directory is directly accessible this is an instant game over, if not it could still be leveraged through other vulnerabilities to completely own the server.
almossaid
Forum Newbie
Posts: 13
Joined: Sat Feb 25, 2012 11:27 am

Re: Error

Post by almossaid »

Hi Mordred!
I am just a beginner.... If you have some advice please write it
thank you
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: Error

Post by Eric! »

There's lots of stuff out there to learn from. Here's a good summary of things you need to do in your code to protect your server:
http://stackoverflow.com/questions/1106 ... th-uploads

Once you understand the issues you can then work on improving your code.
Post Reply