upload issues

slimjim

Ok i have a few issues. First issue i have is this. I bring up this page, and it is blank. Now i did so much messing with it, but at one point i was able to view the form, but when i was able to view the form, it just let me upload without a user name or password. Other issue i have is that the bottom part does not work at all. I figured that some of this code is just not in the right place. If anyone can help me out that would be great.
<?  

require_once "admin/common.php";
dbconnect();

if ($_FILES['file']['name']) { 
        $ext=substr($_FILES['file']['name'], -3); 
        if ($ext != "zip" && $ext !="rar" ) { 
           echo "<br><br>The file you attempted to upload does not"; 
           echo " appear to be a valid or supported file type.<br>PLEASE NOTE: WE KEEP A RECORD OF ALL IP'Z<br><br><a href=\"memberecard.php\">CLICK HERE TO GO BACK AND TRY AGAIN</a>\n<br><br>"; 
           exit(); 
           }

if(isset($_POST["submit"])) {  

$query = mysql_query("SELECT * FROM member WHERE username='$username'AND password='$password'") or die(mysql_error()); 

$rows = mysql_num_rows($query);  

if($rows=1){ 

   $home = "/home/www/html/uploadtest/";  

   $dir = $home.$_POST["path"];   

   $maxsize = "50000000";   

$file_size = $_FILES['file']['size']; 
       if ($file_size <= $maxsize) {  

          echo "<font color='#0000CC' size='2' face='Tahoma'><strong>";  
$file_name = $_FILES["file"]["name"]; 
           print ("Script name: " . $name . "<br>");    

           print ("File name: " . $file_name . "<br>");    

                      echo "</strong></font>"; 

       if(copy($file, "$dir/$file_name")) {  
              $query = mysql_query("INSERT INTO trial (file, name, cat, type, mysql, descrip, size, status) VALUES ('$file_name', '$name', '$cat', '$type', '$mysql', '$descrip', '$file_size', '1')") or die(mysql_error()); 
              echo "<font color='#0000CC' size='2' face='Tahoma'><strong>"; 
           print ("Your file was successfully uploaded!<br>");    
                      echo "</strong></font>"; 
       } else {    
              echo "<font color='#0000CC' size='2' face='Tahoma'><strong>"; 
           print ("Your file could not be copied.<br>  ");  
                      echo "</strong></font>";   
       }   

   } else {  
   echo "<font color='#0000CC' size='2' face='Tahoma'><strong>"; 
       print ("Filesize exceeds " . $maxsize . "File was not uploaded<br>");  
       echo "</strong></font>"; 
   }  

echo "<font color='#0000CC' size='2' face='Tahoma'><strong>"; 
   //print "$dir/$file_name";  

   echo "<br>File Size: $file_size Max Size: $maxsize </strong></font>"; 



} else {  

?>  

<?memberregheader()?>
<div align="left">
<?=$error?> 
  <table border="0" cellpadding="0" cellspacing="0" width="75%">
  <form action="<?=$PHP_SELF?>" method="POST" enctype="multipart/form-data"> 
    <tr>
      <td width="37%">
        <p align="right"><font color="#0000CC" size="2" face="Tahoma"><strong> Username to upload file:</td>
      <center>
      <td width="63%"><input type="text" name="username" maxlength="12"></td>
      </tr>
  </center>
      <tr>
        <td width="37%">
          <p align="right"><font color="#0000CC"><b>Password to upload file:</b></font>:</td>
      <center>
        <td width="63%"><input type="password" name="password" maxlength="12"></td>
      </tr>
  </center>
      <tr>
        <td width="37%">
          <p align="right"><font color="#0000CC"><b>File name:</b></font></td>
      <center>
        <td width="63%"><input type="text" name="name" maxlength="36"> </td>
      </tr>
  </center>
      <tr>
        <td width="37%">
          <p align="right"><font color="#0000CC"><b>Type:</b></font></td>
      <center>
        <td width="63%"><select name="type" id="type"> 
      <option>GPL</option> 
      <option>Mixed</option> 
      <option>Spechal</option> 
    </select> </td>
      </tr>
  </center>
      <tr>
        <td width="37%">
          <p align="right"><font color="#0000CC"><b>Category:</b></font></td>
      <center>
        <td width="63%"><select name="cat" id="cat"> 
      <option>Auctions </option> 
      <option>Web Traffic Analysis</option> 
    </select></td>
      </tr>
  </center>
      <tr>
        <td width="37%">
          <p align="right"><font color="#0000CC"><b>Description:</b></font></td>
      <center>
        <td width="63%"><textarea name="descrip" cols="30" rows="3" id="descrip"></textarea></td>
      </tr>
  </center>
      <tr>
        <td width="37%">
          <p align="right"><font color="#0000CC"><b>MySQL Needed:</b></font></td>
      <center>
        <td width="63%"><select name="mysql" id="mysql"> 
      <option selected>Yes</option> 
      <option>No</option> 
    </select></td>
      </tr>
  </center>
      <tr>
        <td width="37%">
          <p align="right"><font color="#0000CC"><b>Directory to upload:</b></font></td>
      <center>
        <td width="63%"><select name="path" id="path"> 
      <option selected>scripts</option> 
    </select></td>
      </tr>
  </center>
      <tr>
        <td width="37%">
          <p align="right"><font color="#0000CC"><b>Choose a file to upload:</b></font></td>
      <center>
        <td width="63%"><input type="file" name="file"></td>
      </tr>
  </center>
      <tr>
        <td width="37%">
          <p align="right"></td>
      <center>
        <td width="63%"><input type=submit name="submit" value="Upload"></td>
      </tr>
        </form> 
    </table>
  </center>
</div>
<?memberregfooter()?>


<? 
}
} else { 

   if (getenv ("HTTP_X_FORWARDED_FOR")) {  

  $ip = getenv ("HTTP_X_FORWARDED_FOR");  

} else {  

  $ip = getenv ("REMOTE_ADDR");  

}  

$lastline = exec( "ping $ip", $resultsArray );  

for($i=0; $i < sizeof($resultsArray); $i++)  

{  

        echo $resultsArray[$i] . '<br>';  

}  

   $page = $_SERVER['REQUEST_URI']; 
         $query = mysql_query("INSERT INTO error ('page', 'ip') VALUES ('$page', '$ip')") or die(mysql_error()); 
   print "Password is invalid. Page, IP, and TIMESTAMP has been added to database. ";  

}  

?>