[RESOLVED] not uploaded/setting var

djdaz

Hey, i have a problem in the following code. For some reason the image is not been uploaded.
I think it has something to do with the $filename variable not been set. I get nothing when i try to echo it out.
I cant see any errors, maybe u guys can.
The suspect code is near the bottom.
Thanks in advance.
<?php
session_start();

include('includes/constants.php');

//Connect to MySQL
$dbc = mysql_connect(DB_SERVER, DB_USER, DB_PASS);
mysql_select_db(DB_NAME);

include('includes/cookie_check.php');
include('includes/logincheck.php');
include('includes/functions.php');

if( !isset($_POST['submit']) )
{

$sql_userDetails = mysql_query("SELECT * FROM users WHERE username='$_SESSION[username]'");
$sql_array = mysql_fetch_array($sql_userDetails);
?>
<html>
<head>
<title>BDJBB - User Control Panel</title>
<?php include('includes/main_header.php');?>
<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post" enctype="multipart/form-data">
<table border="1" cellspacing="0" cellpadding="4" width="100%"  bordercolor="#000000" style="border-collapse:collapse; border-style:solid; border-width:thin; ">
	<tr>
		<td background='images/cell.gif' align="center" colspan="2"><b>User Control Panel</b></td>
	</tr>
	<tr>
		<td background='images/cell.gif' align="center" colspan="2"><b>Registration Information</b></td>
	</tr>
	<tr>
		<td colspan="2">In order to change your email address or password. You must give your current password.</td>
	</tr>
	<tr>
		<td><b>Username</b></td>
		<td><b><?php echo $_SESSION['username'];?></b></td>
	</tr>
	<tr>
		<td><b>Email Address</b></td>
		<td><input type="text" name="email"></td>
	</tr>
	<tr>
		<td><b>Old Password</b></td>
		<td><input type="password" name="oldpass"></td>
	</tr>
	<tr>
		<td><b>New Password</b></td>
		<td><input type="password" name="newpass"></td>
	</tr>
	<tr>
		<td><b>Confirm New Password</b></td>
		<td><input type="password" name="connewpass"></td>
	</tr>
	<tr>
		<td background='images/cell.gif' align="center" colspan="2"><b>Personal Details</b></td>
	</tr>
	<tr>
		<td colspan="2">This information will be viewable on your profile.</td>
	</tr>
	<tr>
		<td><b>MSN Address</b></td>
		<td><input type="text" name="msn" value="<?php echo $sql_array['msn'];?>"></td>
	</tr>
	<tr>
		<td><b>Yahoo Address</b></td>
		<td><input type="text" name="yahoo" value="<?php echo $sql_array['yahoo'];?>"></td>
	</tr>
	<tr>
		<td><b>AIM Address</b></td>
		<td><input type="text" name="aim" value="<?php echo $sql_array['aim'];?>"></td>
	</tr>
	<tr>
		<td><b>ICQ Address</b></td>
		<td><input type="text" name="icq" value="<?php echo $sql_array['icq'];?>"></td>
	</tr>
	<tr>
		<td><b>Location</b></td>
		<td><input type="text" name="location" value="<?php echo $sql_array['location'];?>"></td>
	</tr>
	<tr>
		<td><b>Website</b></td>
		<td><input type="text" name="website" value="<?php echo $sql_array['website'];?>"></td>
	</tr>
	<tr>
		<td background='images/cell.gif' align="center" colspan="2"><b>Forum Settings</b></td>
	</tr>
	<tr>
		<td><b>Signature</b></td>
		<td><textarea name="sig" rows="7" cols="40"><?php echo $sql_array['signature'];?></textarea></td>
	</tr>
	<tr>
		<td><b>Avatar</b></td>
		<td><input type="file" name="avatar"></td>
	</tr>
	<tr>
		<td background='images/cell.gif' align="center" colspan="2"><input type="submit" name="submit" value="Submit"></td>
	</tr>
</table>
<?php
}
else
{
	//SQL
	$sql_userDetails = mysql_query("SELECT * FROM users WHERE username='$_SESSION[username]'");
	$sql_array = mysql_fetch_array($sql_userDetails);

//Register Vars
$username = $_SESSION['username'];
$email = trim($_POST['email']);
$oldpass = trim($_POST['oldpass']);
$newpass = trim($_POST['newpass']);
$connewpass = trim($_POST['connewpass']);
$msn = trim($_POST['msn']);
$yahoo = trim($_POST['yahoo']);
$aim = trim($_POST['aim']);
$icq = trim($_POST['icq']);
$location = trim($_POST['location']);
$website = trim($_POST['website']);
$sig = trim($_POST['sig']);
$avatar = $_FILES['avatar'];

//Deal with password/email change.

if( !empty($oldpass) )
{
	//Where either changing email address or password. Or both. So which?
	if( isset($newpass) && isset($connewpass) )
	{
		//Were changing passwords. Check if the password is ok.
		if( md5($oldpass) != $sql_array['password'] )
		{
			output_message('Error','Supplied password is incorrect');
			exit();
		}

		//Now do the supplied password match
		if( $newpass != $connewpass )
		{
			output_message('Error','New passwords do not match.');
			exit();
		}

		//All is well. Update.
		$encpass = md5($newpass);

		if( !mysql_query("UPDATE users SET password='$encpass' WHERE username='$username'") )
		{
			output_message('MySQL Error','Database error detected. Please inform an admin.');
			exit();
		}
	}
	else if( isset($email) )
	{
		//Email address wants changing.

		//Were changing passwords. Check if the password is ok.
		if( md5($oldpass) != $sql_array['password'] )
		{
			output_message('Error','Supplied password is incorrect');
			exit();
		}

		//All is well. Update.	
		if( !mysql_query("UPDATE users SET email='$email' WHERE username='$username'") )
		{
			output_message('MySQL Error','Database error detected. Please inform an admin.<br><br>'.mysql_error());
			exit();
		}
	}
}

$gen_sql = mysql_query("UPDATE users SET msn='$msn',yahoo='$yahoo',icq='$icq',aim='$aim',location='$location',website='$website',signature='$sig' WHERE username='$_SESSION[username]'");

if( !$gen_sql )
{
	output_message('MySQL Error','Database error detected. Please inform an admin.'.mysql_error());
	exit();
}

if( $_FILES['avatar']['size'] <= "0" )
{
	if( $_FILES['avatar']['size'] > "51200" )
	{
		output_message('Success','Maximum file size exceeded. Must be below 50KB!<br><a href="javascript:history.back">Back</a>');
		exit();
	}

	function getfileextension($str) { 
		$i = strrpos($str,"."); 
		if (!$i) { return ""; } 

		$l = strlen($str) - $i; 
		$ext = substr($str,$i+1,$l); 

		return $ext; 
	}

	$image = $_FILES['avatar']['name'];
	$ext = strtolower(getfileextension($image));

	$acceptable_extensions = array("gif","png","jpg","jpeg");

	if( !in_array($ext, $acceptable_extensions) )
	{
		output_message('Error','Invalid file type. Must be .gif, .png, .jpg');
		exit();
	}

	$filename = $_SERVER['DOCUMENT_ROOT'].'/avatars/users/'.uniqid(rand()).'.'.$ext;

	if( move_uploaded_file($_FILES['avatar']['tmp_name'], $filename ) == FALSE )
	{
		output_message('Error','Error uploading file.');
		exit();
	}

	if( !mysql_query("UPDATE users SET avatar='$filename' WHERE username='$_SESSION[username]'") )
	{
		output_message('Error','MySQL error. Please report to an admin');
		exit();
	}

}		

output_message('Success','Changes have been successfully applied.<br><br><a href="ucp.php">User Control Panel</a><br><br>oi'.$filename);

}
?>
bpat1434

if( $_FILES['avatar']['size'] <= "0" )
{
Umm... IF the file size is LESS THAN OR EQUAL TO 0?
Perhaps it should be:
if( $_FILES['avatar']['size'] >= "0" )
{
~Brett
djdaz

bpat1434 wrote:
Umm... IF the file size is LESS THAN OR EQUAL TO 0?

Perhaps it should be:

~Brett
hehe. well spotted.
Cheers muchly 😃