Uploading Pictures

WorrNemesis

I've been working on a forum a lot like this one. I want to make it so you can upload pictures onto posts and such. I've tried to use the example on the website, but it doesn't seem to work. What do I do?

axo

have you already begun scripting?

just done that yesterday ... hope it helps.
if anyone finds some safety hole, please, please contact me 😉

<?php

/** 
 * upload checker: checks uploaded picture.
 * allows only jpeg-files.
 * $fn is the filename given as name in the file-upload-field.
*/
function check_jpeg(&$_FILES, $fn) {

$MAXSIZE = 51200; // 50 kb
$DEST	= "/relative/path/to/save/";

if($_FILES[$fn]['error'] == 4) {
	return "error: no file uploaded";
} 

if($_FILES[$fn]['error'] == 3) {
	return "error: file uploaded partial";
} 

if( 	($_FILES[$fn]['error'] == 1 || $_FILES[$fn]['error'] == 2) 
	|| ($_FILES[$fn]['size'] > $MAXSIZE) 
) {
	return "error: file too big";
} 

if($_FILES[$fn]['type'] != "image/jpeg" && $_FILES[$fn]['type'] != "image/pjpeg") {
	return "error: no jpeg file";
}	

$fileinfo = @getimagesize($_FILES[$fn]['tmp_name']);

if(!$fileinfo) { 
	return "error: file not readable";
}

if($fileinfo[2] != 2) {		
	return "error: no jpeg file";
}

// create random filename for saving...
$filename = random_letters(8) . ".jpg";	

// double-check if jpeg exists ;-) no overwrite!
$filename = check_if_exists($DEST , $filename);		

// to be able to save file to server
chmod($DEST,0755);					

$check 	= move_uploaded_file($_FILES[$fn]['tmp_name'], $DEST.$filename); 
if(!$check) {	
	return "error: could not write!";
}

// safer mode again
chmod($DEST,0644);	

// chmod for uploaded file				
chmod($DEST.$filename, 0644);

return TRUE;
}
#------------------------:[ upload checker end.


############ SITE show:

// seen just today: if file is greater than the 
// post_max_size set in php.ini, nothing will happen.
if(is_array($_FILES) && is_array($_POST) && count($_FILES) == 0) {
	die("exceeded maximum upload size. assuming hacking attempt.");
}



if(isset($_POST['submit'])) {
	$error = check_jpeg($_FILES,"userfile");

if($error == 1) {
	// file uploaded successfully
} else {
	// errors happened while upload
	echo $error;
}

}

?>

<!-- other html -->

<form enctype="multipart/form-data" action="<? echo $PHP_SELF; ?>" method="post">
	<input type=hidden name="MAX_FILE_SIZE" value="51200">
	<input name="userfile" type="file" size=30 accept="image/jpeg">
	<input type=submit name=submit value=' submit ' >
</form>

<!-- other html -->

WorrNemesis

After a while I figured out how to do it. Thanks for the help. I have started scripting for the forum, it's long, really long.