Page 1 of 1
Dull1554'a image gallery
Posted: Mon Dec 15, 2003 7:42 pm
by dull1554
I have been working on a image gallery for quite a white, if you want you can check it out here =>
http://24.95.139.167/dull1554/gallery/index.php>
tell me what you think
Posted: Mon Dec 15, 2003 7:45 pm
by microthick
Hey,
Can't see your code so I don't know if you're already doing this, but at the upload page, you might wanna verify what types of files people upload. For all we know, someone here might upload a .php file and have fun with your server.
Posted: Mon Dec 15, 2003 7:48 pm
by dull1554
see i dont really care b/c i have it upload it to a seperate folder, but how would i have it check for certail file extensitns like .jpg .jpeg .gif .png, and so on and so fourth
Posted: Mon Dec 15, 2003 8:07 pm
by microthick
This is what I have on my upload image script:
Code: Select all
<?php
if (isset($_POST["action"]) && $_POST["action"] == "upload") {
if (isset($Picture1) && $Picture1 != "none") {
if ($Picture1_type == "image/gif" || $Picture1_type == "image/pjpeg") {
$data = addslashes(fread(fopen($Picture1, "r"), filesize($Picture1)));
$sql = "INSERT INTO userimages ";
$sql .= "(userid, bin_data, filename, filesize, filetype, description) ";
$sql .= "VALUES (".$_SESSION["userid"].", '".$data."', '".$Picture1_name."', ";
$sql .= "'".$Picture1_size."', '".$Picture1_type."', '1')";
$result = mysql_query($sql, $conn);
if ($result) {
$msg = "File uploaded!";
}
else {
$msg = "Error! File not uploaded.";
}
}
else {
$msg = "Picture #1 not uploaded. You can only upload gifs and jpegs.";
}
}
}
?>
Allows them to only upload jpgs and gifs.
Posted: Mon Dec 15, 2003 8:12 pm
by dull1554
this is my upload script
Code: Select all
<?php
$stripspaces = eregi_replace("_"," ",$_FILES["userfile"]["tmp_name"]);
if (is_uploaded_file($stripspaces)) {
copy($_FILES["userfile"]["tmp_name"], "images/" . $_FILES["userfile"]["name"]);
echo "<p>File uploaded successfully.</p>";
}
?>
how could i incorperate file extension checking?
Posted: Mon Dec 15, 2003 8:16 pm
by microthick
Wow. I didn't even know this $_FILES array existed. We handle things totally differently. I guess cuz I'm writing my image to the db and you to the filesystem.
I found some insight here regarding your problem. Read the user comments at the bottom.
http://ca.php.net/move_uploaded_file
Posted: Mon Dec 15, 2003 8:26 pm
by dull1554
thankyou i'll look into it, yeah all i do is upload it to the images dir and then my gallery loops and finds all the image files, then displays them 10 at a time, if you want to see my code, here it is
Code: Select all
<?php
$mtime = microtime();
$mtime = explode(" ",$mtime);
$mtime = $mtime[1] + $mtime[0];
$tstart = $mtime;
$max_per_page=10;
$folder = "images/";
if(!isset($_GET['start_from']))
{
$start_from = "0";
}
else{
$start_from=$_GET['start_from'];
}
$back = $start_from-$max_per_page;
$forward = $start_from+$max_per_page;
$version_info = "Complex Gallery 1.0 Beta (for evaluation purposes only)";
Print <<< EOT
<html>
<head>
<link rel="stylesheet" type="text/css" href="../../styles.css"/>
<script type="text/javascript" src="../../fader.js"></script>
</head>
<center>
<a href=index.php?start_from=$back>back</a>
<a href=index.php?start_from=$forward>forward</a></center>
EOT;
if($handle = opendir($folder))
{
$i=0;
while($files = readdir($handle))
{
if ($files != "." && $files != ".." && $files != "Thumbs.db")
{
if ($i >= $start_from && $i < $start_from + $max_per_page) {
echo "<center><img src='".$folder.$files."'></center><br>";
}
$i++;
}
}
}
Print <<< EOT
<html>
<head>
<link rel="stylesheet" type="text/css" href="../../styles.css"/>
<script type="text/javascript" src="../../fader.js"></script>
</head>
<center>
<a href=index.php?start_from=$back>back</a>
<a href=index.php?start_from=$forward>forward</a><br>There are $i pictures in this gallary.<br>$version_info
<br>
<a href=upload_admin.php>Administer this page</a>
</center>
EOT;
$mtime = microtime();
$mtime = explode(" ",$mtime);
$mtime = $mtime[1] + $mtime[0];
$tend = $mtime;
$totaltime = ($tend - $tstart);
printf ("<center>page was generated in %f seconds</center>", $totaltime);
?>
well thanks again, i'll check it out and get back to ya
Posted: Mon Dec 15, 2003 8:42 pm
by dull1554
heres my soultion to making it so only images can be uploaded;
Code: Select all
<?php
$stripspaces = eregi_replace("_"," ",$_FILES["userfile"]["tmp_name"]);
$ext = substr(strrchr($_FILES['userfile']['name'], '.'), 1);
if (($ext == "jpg") or ($ext == "jpeg") or ($ext == "bmp")) or ($ext == "gif"))
or ($ext == "tif")) or ($ext == "png")) or ($ext == "rle")) or ($ext == "dib"))
or ($ext == "jpe")) or ($ext == "tiff")) {
copy($_FILES["userfile"]["tmp_name"], "images/" . $_FILES["userfile"]["name"]);
echo "<p>Image uploaded successfully.</p>";
}
else
{
echo "<p>Please upload image files only!</p>";
}
?>
i think i got kost of the common image formats, if you guys.girls can think of any more please let me know
Posted: Mon Dec 15, 2003 8:46 pm
by microthick
That looks great. You might find it easier to maintain if you create an array containing all of those file extensions instead.
Then you can go:
$ext_array = array("jpg", "jpeg", "bmp", "gif"); //etcetera
if (in_array($ext, $ext_array)) {
// do something
}
Posted: Mon Dec 15, 2003 8:55 pm
by dull1554
yea i think i might do that, ya see i never do things the easy way the first time, thats why you will see in like a week my gallery script will be to version like 1.8(i add 0.1 to my version number every time i upload it to my server), did you think i covered enough file extensions
i changed it to this
Code: Select all
<?php
$stripspaces = eregi_replace("_"," ",$_FILES["userfile"]["tmp_name"]);
$ext = substr(strrchr($_FILES['userfile']['name'], '.'), 1);
$ext_array = array("jpg", "jpeg", "jpe", "tiff", "dib", "rle", "png", "tif", "bmp", "gif");
if (in_array($ext, $ext_array)) {
copy($_FILES["userfile"]["tmp_name"], "images/" . $_FILES["userfile"]["name"]);
echo "<p>Image uploaded successfully.</p>";
}
else
{
echo "<p>Please upload image files only!</p>";
}
?>
tell me what you think
Posted: Tue Dec 16, 2003 11:13 am
by dull1554
so anyone else, what do you think, is it allright?
Posted: Tue Dec 16, 2003 3:35 pm
by dull1554
come on guys check it out!!!!!!!!!!!!!!!!!!!!!! I would really love some feedback, i want to know what else i should do with it......
Posted: Tue Dec 16, 2003 6:09 pm
by qads
dont you want to check for file size?
dont you want to check if a file with same name is already in the upload dir? i could just take a picture of my butt (not that i want too) and overwrite all ur images.
you also said(another post) that spaces in file name are a problem, would't this be a great place to remove any spaces? or rename the image to something else altogether? i.e.
$name = MD5(11 * 05 * 80 * time ());
or something more random then above.
edit: forgot about the fliename spaceing bit, i just read ur code

Posted: Tue Dec 16, 2003 8:21 pm
by dull1554
yea i fixed the whole spaces problem, right now i'm not really worried about people uploading a file with the same name b/c this will eventually be password protected and the images will all have unique names anyways, but should i run across this problem i will change my code, i just did not find that necessary! thanks tho