upload script-losing $vars using $PHP_SE

[deleted]

hi, this was working and through messing with it over and over, now its not working.
its using $PHP_SELF and when its submitted i lose my variables. shouldnt they get sent to the next page (once sybmitted).
i know that they were brfore because i had a db script in here too and it listed all of the users files without refreshing, now it will not..im really confused at why it isnt working anymore. i forget what i changed that messed it up. ah...well my question is, shouldnt my variables stay in the code since im using $PHP_SELF?
(the variables come from a "log-in form" thats on my header.php, which take you to "insert.php"..which is the code your looking at now)
thank you..

<? include("../header.php"); ?>
 
<?
echo "<h3 class='subtitles'>editing $user's account</h3>"; ?>

<?php

/ u p l o a d c o d e b e g i n s /

$my_max_file_size = "10240000"; # in bytes
$image_max_width = "1200";
$image_max_height = "1200";
$the_path = "../$user";

$registered_types = array(
"application/x-gzip-compressed" => ".tar.gz, .tgz",
"application/x-zip-compressed" => ".zip",
"application/x-tar" => ".tar",
"text/plain" => ".html, .php, .txt, .inc (etc)",
"image/bmp" => ".bmp, .ico",
"image/gif" => ".gif",
"image/pjpeg" => ".jpg, .jpeg",
"image/jpeg" => ".jpg, .jpeg",
"application/x-shockwave-flash" => ".swf",
"application/msword" => ".doc",
"application/vnd.ms-excel" => ".xls",
"application/octet-stream" => ".exe, .fla (etc)"
); # these are only a few examples, you can find many more!

$allowed_types = array("image/gif","image/pjpeg","image/jpeg","application/x-shockwave-flash","application/x-zip-compressed","text/plain");

--

function form($error=false) {

global $PHP_SELF,$my_max_file_size;

if ($error) print $error . "<br><br>";
echo($user);
print "\n<table border='0' class='outline_table' width='100%' cellpadding='5'>";
print "\n<tr><td><h4 class='subtitles'>Add a file</h4></td></tr>";
print "\n<tr><td><form ENCTYPE='multipart/form-data'  action='" . $PHP_SELF . "' method='post'>";
print "\n<INPUT TYPE='hidden' name='MAX_FILE_SIZE' value='" . $my_max_file_size . "'>";
print "\n<INPUT TYPE='hidden' name='task' value='upload'>";
print "\nFile to upload<br><INPUT class='texts' NAME='the_file' TYPE='file' SIZE='35'><br>";
print "\nDescription of file (not needed)<br /><textarea class='texts' name='filedesc_ff' rows='8' cols='40' wrap></textarea><br />";
print "\n<br /><input class='submits' type='submit' Value='Upload'><br />";
print "\n</form></td></tr>";
print "\n</table>";

} # END form

--

if (!ereg("^{4",phpversion()))} {
function in_array($needle,$haystack) { # we have this function in PHP4, so for you PHP3 people
for ($i=0; $i < count($haystack); $i++) {
if ($haystack[$i] == $needle) {
return true;
}
}
}
}

--

function validate_upload($the_file) {

global $my_max_file_size, $image_max_width, $image_max_height,$allowed_types,$the_file_type,$registered_types;

$start_error = "\n<b>Error:</b>\n<ul>";

if ($the_file == "none") { # do we even have a file?

	$error .= "\n<li>You did not upload anything!</li>";

} else { # check if we are allowed to upload this file_type

	if (!in_array($the_file_type,$allowed_types)) {
		$error .= "\n<li>The file that you uploaded was of a type that is not allowed, you are only 
					allowed to upload files of the type:\n<ul>";
		while ($type = current($allowed_types)) {
			$error .= "\n<li>" . $registered_types[$type] . " (" . $type . ")</li>";
			next($allowed_types);
		}
		$error .= "\n</ul>";
	}

	if (ereg("image",$the_file_type) && (in_array($the_file_type,$allowed_types))) {

		$size = GetImageSize($the_file);
		list($foo,$width,$bar,$height) = explode("\"",$size[3]);

		if ($width > $image_max_width) {
			$error .= "\n<li>Your image should be no wider than " . $image_max_width . " Pixels</li>";
		}

		if ($height > $image_max_height) {
			$error .= "\n<li>Your image should be no higher than " . $image_max_height . " Pixels</li>";
		}

	}

	if ($error) {
		$error = $start_error . $error . "\n</ul>";
		return $error;
	} else {
		return false;
	}
}

} # END validate_upload

--

function list_files() {

global $the_path;

$handle = dir($the_path);
print "\n<b>Uploaded files:</b><br>";
while ($file = $handle->read()) {
	if (($file != ".") && ($file != "..")) {
		print "\n" . $file . "<br>";
   }
}
print "<hr>";

}

--

function upload($the_file) {

global $the_path,$the_file_name;

$error = validate_upload($the_file);
if ($error) {
	form($error);
} else { # cool, we can continue
	if (!@copy($the_file, $the_path . "/" . $the_file_name)) {
		form("\n<b>Something barfed, check the path to and the permissions for the upload directory</b>");
	}
}

} # END upload

--

############ Start page

print "\n<head>\n<title>Upload example</title>\n</head>\n<body>";

switch($task) {
case 'upload':
upload($the_file);
break;
default:
form();
}
print "\n</body>\n";
/ e n d o f u p l o a d c o d e /

?>
<? include("../footer.php"); ?>

rrijnders

You say you set variables in "header.php" which then "takes you to insert.php"; but you include() header.php in insert.php. Which is it? Does header.php post to insert.php, or does insert.php include() header.php? It makes a difference...

Also, what exactly is not working? Do you get error messages? Which variables appear to not be set when the insert script runs?

-- Rich