code help

drag0n

Hi everyone,
I am trying to code an affilate script, and this is the part where users get to upload their banners, right now the banners are not getting uploaded into the directory on my server. As you can see, after you uplaod a pic, then its supposed to show it, which it does, but then after it refreshes it isnt there, its like it was never there! This is the code:

<?php
//	--------------------------------------------------	//
//														//
//		$FileName:		member.inc.php					//
//		$Version:		1.0								//
//		$Copyright:		Copyright (C) drag0n 2003		//
//														//
//	--------------------------------------------------	//

if( !defined( 'INC' ) )
{
	exit;
}

//   --- Include the menu ---   //

@include( "files/member_menu.html" );

//   --- What is the action? ---   //

if( isset( $_GET[ "action" ] ) && !empty( $_GET[ "action" ] ) )
{
	if( $_GET[ "action" ] == "image" )
	{
		//   --- Does the account already have an image? ---   //
		$sql_img = "SELECT * FROM affiliate WHERE id = '" . $_SESSION[ "accountId" ] . "'";
		$result_img = mysql_query( $sql_img ) or die( mysql_error() );
		$data = mysql_fetch_array( $result_img );

	if( $data[ "have_image" ] == 1 )
	{
		//   --- Remove the other image ---   //
		if( isset( $_POST[ "delete" ] ) )
		{
			//   --- Remove the image ---   //

			@unlink( $_SERVER[ "DOCUMENT_ROOT" ] . "/images/affiliate/" . $data[ "image_name" ] );

			//   --- Update the database ---   //

			$sql_rem = "UPDATE affiliate SET have_image = '0', image_name = '' WHERE id = '" . $_SESSION[ "accountId" ] . "'";
			$result_rem = mysql_query( $sql_rem ) or die( mysql_error() );

			$msg = "The image has been removed.\n";
			$msg .= "<meta http-equiv=\"refresh\" content=\"3; url=./?section=member&mode=account&action=image\" />";
			@include( "files/msg.php" );
		}
		else
		{
			@include( "files/remove_img.html" );
		}
	}
	else
	{
		//   --- Process the upload form? ---   //
		if( isset( $_POST[ "upload" ] ) )
		{
			if( empty( $_FILES[ "u_img" ][ "name" ] ) )
			{
				$msg = "You must select the image that you want to use!\n";
				$msg .= "<meta http-equiv=\"refresh\" content=\"3; url=./?section=member&mode=account&action=image\" />\n";
				@include( "files/msg.php" );
			}
			else
			{
				//	A file has been selected. Correct filetype?
				$ext = explode( "." , $_FILES[ "u_img" ][ "name" ] );
				$ext = $ext[ ( count( $ext ) - 1 ) ];
				$allowed = array( 'gif' , 'jpg' , 'jpeg' );

				//	Check the extension!
				if( !in_array( $ext , $allowed ) )
				{
					$msg = "The allowed file types are .gif, .jpg and .jpeg!\n";
					$msg .= "<meta http-equiv=\"refresh\" content=\"3; url=./?section=member&mode=account&action=image\" />\n";
					@include( "files/msg.php" );
				}
				else
				{
					//	Valid extension. Check the size of the file.
					if( $_FILES[ "u_img" ][ "size" ] > ( 1024 * 15 ) )
					{
						$msg = "The file is too large. The maximum file size is 15 kB.\n";
						$msg .= "<meta http-equiv=\"refresh\" content=\"3; url=./?section=member&mode=account&action=image\" />\n";
						@include( "files/msg.php" );
					}
					else
					{
						//	Last control. Size of the image!
						$data = GetImageSize( $_FILES[ "u_img" ][ "tmp_name" ] );
						if( ( $data[ 0 ] > 88 ) || ( $data[ 1 ] > 31 ) )
						{
							$msg = "The file is too large. The maximum file size is 15 kB.\n";
							$msg .= "<meta http-equiv=\"refresh\" content=\"3; url=./?section=member&mode=account&action=image\" />\n";
							@include( "files/msg.php" );
						}
						else
						{
							//	Everything is ok! Save the filename to the database!
							$sql_saveimg = "UPDATE affiliate SET have_image = '1', image_name = '" . $_SERVER[ "accountId" ] . "." . $ext . "' WHERE id = '" . $_SESSION[ "accountId" ] . "'";
							$save_result = mysql_query( $sql_saveimg ) or die( mysql_error() );

							//	Get the data
							$sql_get = "SELECT * FROM affiliate WHERE id = '" . $_SESSION[ "accountId" ] . "'";
							$result_get = mysql_query( $sql_get ) or die( mysql_error() );
							$data = mysql_fetch_array( $result_get );

							//	Do the actual "upload". =)
							if( is_uploaded_file( $_FILES[ "u_img" ][ "tmp_name" ] ) )
							{
								move_uploaded_file( $_FILES[ "u_img" ][ "tmp_name" ] , $_SERVER[ "DOCUMENT_ROOT" ] . "/images/affiliate/" . $_SESSION[ "accountId" ] . "." . $ext );
							}

							//	Print message
							$msg = "This is the button that will be used by your account in the future.\n";
							$msg = "<p><img src=\"http://www.mydomain.com/images/affiliate/" . $_SESSION[ "accountId" ] . "." . $ext . "\" width=\"88\" height=\"31\" border=\"0\" /></p>\n";
							$msg .= "<meta http-equiv=\"refresh\" content=\"3; url=./?section=member&mode=account\" />\n";
							@include( "files/msg.php" );
						}
					}
				}
			}
		}
		else
		{
			@include( "files/upload.html" );
		}
	}

}
else if( $_GET[ "action" ] == "edit" )
{
	//	Form processing?
	if( isset( $_POST[ "save" ] ) )
	{
		//	Check all fields
		if( empty( $_POST[ "p_name" ] ) || empty( $_POST[ "s_name" ] ) || empty( $_POST[ "s_url" ] ) || empty( $_POST[ "descr" ] ) )
		{
			$msg = "You must fill in all the fields!\n";
			$msg .= "<meta http-equiv=\"refresh\" content=\"10; url=./?section=member&mode=account&action=edit\" />\n";
			@include( "files/msg.php" );
		}
		else
		{
			//	Data was not empty. Change the password?
			if( !empty( $_POST[ "u_pass" ] ) && !empty( $_POST[ "v_pass" ] ) )
			{
				//	Let's check the data.
				if( $_POST[ "u_pass" ] != $_POST[ "v_pass" ] )
				{
					$msg = "The new passwords did not match!\n";
					$msg .= "<meta http-equiv=\"refresh\" content=\"5; url=./?section=member&mode=account&action=edit\" />\n";
					$error = true;
					@include( "files/msg.php" );
				}
				else
				{
					//	Let's check the new password again.
					if( !preg_match( "#^[a-zA-Z0-9]{5,15}$#" , $_POST[ "u_pass" ] ) )
					{
						$msg = "Your password can only contain a-z, A-Z and 0-9. The minimum length is 5 chars and the max length\n";
						$msg .= "is 15 chars.";
						$msg .= "<meta http-equiv=\"refresh\" content=\"5; url=./?section=member&mode=account&action=edit\" />\n";
						$error = true;
						@include( "files/msg.php" );
					}
					else
					{
						$pass = md5( $_POST[ "u_pass" ] );
					}
				}
			}

			//	Let's save the data.
			$sql_save = "UPDATE affiliate SET p_name = '" . addslashes( $_POST[ "p_name" ] ) . "', s_name = '" . addslashes( $_POST[ "s_name" ] ) . "',";
			$sql_save .= " s_url = '" . addslashes( $_POST[ "s_url" ] ) . "', comments = '" . addslashes( $_POST[ "descr" ] ) . "'";

			if( !empty( $pass ) )
			{
				$sql_save .= ", pass = '" . $pass . "'";
			}

			$sql_save .= " WHERE id = '" . $_SESSION[ "accountId" ] . "'";
			$result_save = mysql_query( $sql_save ) or die( mysql_error() );

			//	Print a message.
			$msg = "Your data have been saved.\n";
			$msg .= "<meta http-equiv=\"refresh\" content=\"3; url=./?section=member&mode=account&action=edit\" />\n";
			@include( "files/msg.php" );
		}
	}
	else
	{
		//	Get the data for the active user
		$sql_get = "SELECT * FROM affiliate WHERE id = '" . $_SESSION[ "accountId" ] . "'";
		$result_get = mysql_query( $sql_get ) or die( mysql_error() );
		$user = mysql_fetch_array( $result_get );

		//	Prepare the page
		$p_name = $user[ "p_name" ];
		$s_name = $user[ "s_name" ];
		$s_url = $user[ "s_url" ];
		$descr = stripslashes( $user[ "comments" ] );

		@include( "files/edit.php" );
	}
}
else if( $_GET[ "action" ] == "delete" )
{
	//	Has the deletion been verified?
	if( isset( $_POST[ "delete" ] ) )
	{
		//	Delete the account
		$sql_del = "DELETE FROM affiliate WHERE id = '" . $_SESSION[ "accountId" ] . "'";
		$result_del = mysql_query( $sql_del ) or die( mysql_error() );

		//	Log the user out.
		session_destroy();

		//	Print a messsage and redirect
		$msg = "Your account have been removed!\n";
		$msg .= "<meta http-equiv=\"refresh\" content=\"3; url=./\" />\n";
		@include( "files/msg.php" );
	}
	else
	{
		@include( "files/delete.html" );
	}
}
else
{
	$msg = "This is an invalid page!\n";
	$msg .= "<meta http-equiv=\"refresh\" content=\"3; url=./?section=member&mode=account\" />\n";
	@include( "files/msg.php" );
}
}
else
{
	//	View the accounts stats.
	$sql_get_stats = "SELECT * FROM affiliate WHERE id = '" . $_SESSION[ "accountId" ] . "'";
	$result_stats = mysql_query( $sql_get_stats ) or die( mysql_error() );

if( mysql_num_rows( $result_stats ) < 1 )
{
	//	Fatal Error! Log the user out!
	unset( $_SESSION[ "accountId" ] );
	$msg = "Error: The account does not exist.\n";
	$msg .= "<meta http-equiv=\"refresh\" content=\"3; url=./?section=member&mode=register\" />\n";
}
else
{
	//	Get the stats and print them!
	$user = mysql_fetch_array( $result_stats );

	//	Prepare the data
	$hits_in = $user[ "hits_in" ];
	$hits_out = $user[ "hits_out" ];
	$hits_this_month = ( $user[ "hits_this_month" ] == 0 ) ? "<font color=\"#ff0000\">" . $user[ "hits_this_month" ] . "</font>" : $user[ "hits_this_month" ];
	$current_day = $user[ "c_day" ];

	@include( "files/stats.php" );
}
}

?>

drag0n

help? anybody?

Weedpacket

I think mebbe it's just a minor typo here:

//    Everything is ok! Save the filename to the database!
                                $sql_saveimg = "UPDATE affiliate SET have_image = '1', image_name = '" . $_[b][color=red]SERVER[/color][/b][ "accountId" ] . "." . $ext . "' WHERE id = '" . $_SESSION[ "accountId" ] . "'";

Do the files get moved to the right directory?

Doesn't allow PNGs, for shame! 🙂

drag0n

hehe, I will allow PNGs, thanks for that tip. I dont see the typo, I mean Ive checked this script at least 10 times, I cant come up with anything. And no, the images do not move into the images/affilate folder. It only displays it after you submit it, and then it refreshes again and its gone. WeedPacket, thanks for replying when no one else did. Any help is apprciated thanks

Weedpacket

Originally posted by drag0n
hehe, I will allow PNGs, thanks for that tip. I dont see the typo, I mean Ive checked this script at least 10 times, I cant come up with anything. And no, the images do not move into the images/affilate folder. It only displays it after you submit it, and then it refreshes again and its gone. WeedPacket, thanks for replying when no one else did. Any help is apprciated thanks

The bit I highlighted is the bit that looks like a typo: shouldn't it read "SESSION" instead of "SERVER"?

What I'm thinking is that the images are in the affiliate directory (that's where it looks for them when initially displaying them, after all), but what's happening is that because of that typo, the path getting stored in the database is clobbered; so when you try to use it to find the image again later ... you don't.

drag0n

I also think the images do get and go into affilates folder for a short time, moments after you click upload but dissapears after my script refreshes. Any ideas on why? COuld it excute the delete function? Ive checked several times after tried, but the pic doesnt get uploaded into images/affiliates , I have affiliates on chmod 777, anything else would not WORK.
Thanks again