Dull1554'a image gallery

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

Dull1554'a image gallery

Post by dull1554 »

I have been working on a image gallery for quite a white, if you want you can check it out here =>http://24.95.139.167/dull1554/gallery/index.php>

tell me what you think
microthick
Forum Regular
Posts: 543
Joined: Wed Sep 24, 2003 2:15 pm
Location: Vancouver, BC

Post by microthick »

Hey,

Can't see your code so I don't know if you're already doing this, but at the upload page, you might wanna verify what types of files people upload. For all we know, someone here might upload a .php file and have fun with your server.
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

Post by dull1554 »

see i dont really care b/c i have it upload it to a seperate folder, but how would i have it check for certail file extensitns like .jpg .jpeg .gif .png, and so on and so fourth
microthick
Forum Regular
Posts: 543
Joined: Wed Sep 24, 2003 2:15 pm
Location: Vancouver, BC

Post by microthick »

This is what I have on my upload image script:

Code: Select all

<?php
if (isset($_POST["action"]) && $_POST["action"] == "upload") {
	if (isset($Picture1) && $Picture1 != "none") {
		if ($Picture1_type == "image/gif" || $Picture1_type == "image/pjpeg") {
			$data = addslashes(fread(fopen($Picture1, "r"), filesize($Picture1)));
		
			$sql = "INSERT INTO userimages ";
			$sql .= "(userid, bin_data, filename, filesize, filetype, description) ";
			$sql .= "VALUES (".$_SESSION["userid"].", '".$data."', '".$Picture1_name."', ";
			$sql .= "'".$Picture1_size."', '".$Picture1_type."', '1')";
			$result = mysql_query($sql, $conn);
			if ($result) {
				$msg = "File uploaded!";
			}
			else {
				$msg = "Error! File not uploaded.";
			}
		}
		else {
			$msg = "Picture #1 not uploaded. You can only upload gifs and jpegs.";
		}
	}
}

?>
Allows them to only upload jpgs and gifs.
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

Post by dull1554 »

this is my upload script

Code: Select all

<?php
$stripspaces = eregi_replace("_"," ",$_FILES["userfile"]["tmp_name"]);
if (is_uploaded_file($stripspaces)) {

        copy($_FILES["userfile"]["tmp_name"], "images/" . $_FILES["userfile"]["name"]);

        echo "<p>File uploaded successfully.</p>";

}

?>
how could i incorperate file extension checking?
microthick
Forum Regular
Posts: 543
Joined: Wed Sep 24, 2003 2:15 pm
Location: Vancouver, BC

Post by microthick »

Wow. I didn't even know this $_FILES array existed. We handle things totally differently. I guess cuz I'm writing my image to the db and you to the filesystem.

I found some insight here regarding your problem. Read the user comments at the bottom.

http://ca.php.net/move_uploaded_file
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

Post by dull1554 »

thankyou i'll look into it, yeah all i do is upload it to the images dir and then my gallery loops and finds all the image files, then displays them 10 at a time, if you want to see my code, here it is

Code: Select all

<?php

$mtime = microtime();
$mtime = explode(" ",$mtime);
$mtime = $mtime[1] + $mtime[0];
$tstart = $mtime;

$max_per_page=10;
$folder = "images/";






if(!isset($_GET['start_from']))
{
    $start_from = "0";
}
else{
    $start_from=$_GET['start_from'];
}

$back = $start_from-$max_per_page;
$forward = $start_from+$max_per_page;
$version_info = "Complex Gallery 1.0 Beta (for evaluation purposes only)";
Print <<< EOT
<html>

<head>
<link rel="stylesheet" type="text/css" href="../../styles.css"/>
<script type="text/javascript" src="../../fader.js"></script>
</head>

<center>
<a href=index.php?start_from=$back>back</a>
&nbsp;&nbsp;&nbsp;&nbsp;
<a href=index.php?start_from=$forward>forward</a></center>

EOT;

if($handle = opendir($folder))
{
    $i=0;
    while($files = readdir($handle))
  {
     if ($files != "." && $files != ".." && $files != "Thumbs.db")
    {
         if ($i >= $start_from && $i < $start_from + $max_per_page) {
              echo "<center><img src='".$folder.$files."'></center><br>";
         }
         $i++;
    }

  }
}

Print <<< EOT
<html>

<head>
<link rel="stylesheet" type="text/css" href="../../styles.css"/>
<script type="text/javascript" src="../../fader.js"></script>
</head>

<center>
<a href=index.php?start_from=$back>back</a>
&nbsp;&nbsp;&nbsp;&nbsp;
<a href=index.php?start_from=$forward>forward</a><br>There are $i pictures in this gallary.<br>$version_info
<br>
<a href=upload_admin.php>Administer this page</a>
</center>
EOT;


$mtime = microtime();
$mtime = explode(" ",$mtime);
$mtime = $mtime[1] + $mtime[0];
$tend = $mtime;
$totaltime = ($tend - $tstart);
printf ("<center>page was generated in %f seconds</center>", $totaltime);


?>
well thanks again, i'll check it out and get back to ya
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

Post by dull1554 »

heres my soultion to making it so only images can be uploaded;

Code: Select all

<?php
$stripspaces = eregi_replace("_"," ",$_FILES["userfile"]["tmp_name"]);
$ext = substr(strrchr($_FILES['userfile']['name'], '.'), 1);

if (($ext == "jpg") or ($ext == "jpeg") or ($ext == "bmp")) or ($ext == "gif"))
or ($ext == "tif")) or ($ext == "png")) or ($ext == "rle")) or ($ext == "dib"))
or ($ext == "jpe")) or ($ext == "tiff")) {

       copy($_FILES["userfile"]["tmp_name"], "images/" . $_FILES["userfile"]["name"]);

      echo "<p>Image uploaded successfully.</p>";

}
else
{
    echo "<p>Please upload image files only!</p>";
}

?>
i think i got kost of the common image formats, if you guys.girls can think of any more please let me know
microthick
Forum Regular
Posts: 543
Joined: Wed Sep 24, 2003 2:15 pm
Location: Vancouver, BC

Post by microthick »

That looks great. You might find it easier to maintain if you create an array containing all of those file extensions instead.

Then you can go:

$ext_array = array("jpg", "jpeg", "bmp", "gif"); //etcetera

if (in_array($ext, $ext_array)) {
// do something
}
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

Post by dull1554 »

yea i think i might do that, ya see i never do things the easy way the first time, thats why you will see in like a week my gallery script will be to version like 1.8(i add 0.1 to my version number every time i upload it to my server), did you think i covered enough file extensions

i changed it to this

Code: Select all

<?php
$stripspaces = eregi_replace("_"," ",$_FILES["userfile"]["tmp_name"]);
$ext = substr(strrchr($_FILES['userfile']['name'], '.'), 1);
$ext_array = array("jpg", "jpeg", "jpe", "tiff", "dib", "rle", "png", "tif", "bmp", "gif");

if (in_array($ext, $ext_array)) {
       copy($_FILES["userfile"]["tmp_name"], "images/" . $_FILES["userfile"]["name"]);

      echo "<p>Image uploaded successfully.</p>";

}
else
{
    echo "<p>Please upload image files only!</p>";
}

?>
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

tell me what you think

Post by dull1554 »

so anyone else, what do you think, is it allright?
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

Post by dull1554 »

come on guys check it out!!!!!!!!!!!!!!!!!!!!!! I would really love some feedback, i want to know what else i should do with it......
qads
DevNet Resident
Posts: 1199
Joined: Tue Apr 23, 2002 10:02 am
Location: Brisbane

Post by qads »

dont you want to check for file size?

dont you want to check if a file with same name is already in the upload dir? i could just take a picture of my butt (not that i want too) and overwrite all ur images.

you also said(another post) that spaces in file name are a problem, would't this be a great place to remove any spaces? or rename the image to something else altogether? i.e.

$name = MD5(11 * 05 * 80 * time ());

or something more random then above.

edit: forgot about the fliename spaceing bit, i just read ur code :P
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

Post by dull1554 »

yea i fixed the whole spaces problem, right now i'm not really worried about people uploading a file with the same name b/c this will eventually be password protected and the images will all have unique names anyways, but should i run across this problem i will change my code, i just did not find that necessary! thanks tho
Post Reply