This is an avatar uploader i have.. Anyhow im having some problems with files already existing so i would need it to rename the uploaded files, something random maybe.. maybe someone could help me out?

thanks in advance

<?
session_start();//starts the session


if ($user['username']){ //If the user is logged in

print "<h3>Welcome to the avatar uploader</h3>";

print "<form method=\"post\" enctype=\"multipart/form-data\" name=\"form1\">";//Set the form and the type

print "Please select your .jpg avatar<br />";//Tell the user to select an image

print "<input type=\"file\" name=\"file\" /><br /><br />";//A file input box

print "<input type=\"submit\" name=\"fsubmit\" value=\"Upload\">";//Submit / upload button

print "</form>"; //End for

}

if ($_POST['fsubmit']){ //If the form has been submit

if ($_FILES['file']['size'] >= "500000"){ //If the file size is greater than 500000b

	print "<br />Your file size must be less than <strong>50000kb</strong>!<br />"; //Error message

}

elseif ($_FILES['file']['size'] <= "500000"){ //If not and the file is less than 500000b

	print "<strong>Upload Status</strong><br />"; //Show the upload status

	if($_FILES) { //If the file exists

		print "<strong>File exists</strong>"; //Tell the user
	}

	else //If not

	{

		print "<strong>File doesn't exist</strong>"; //Error message

	}

	$folder = "img/avatar";

	move_uploaded_file($_FILES['file']['tmp_name'], "$folder/".$_FILES['file']['name'])or die ("<br />Could not copy"); //Move the file to the specified folder, or show an error message

	$location= $_FILES['file']['name'];

	$update = mysql_query("UPDATE users SET av = '$location' WHERE id = $users[id]")or die ("The avatar was not added to the specified user!");//Query the database

	print "<br />"; //Line break

	print "Name: ".$_FILES['file']['name']."<br />"; //Name of the file

	print "URL: /$folder/".$_FILES['file']['name']."<br />"; //URL of the uploaded file

	print "Size: ".$_FILES['file']['size']."<br />"; //Show the size of the file

	print "Type: ".$_FILES['file']['type']."<br />"; //Show the file type

	print "<br />"; //Line break

	print "-------------------------"; //Lots of ----

	print "<br />"; //Line break

	print "<strong>Avatar Set!</strong>"; //Confirmation message

}

}
?>

    You could just add a timestamp to the beginning of the file name.

    I doubt two users will post an image with the same name concurrently.

    If you think otherwise, you could just use something like

    $hash = substr(sha1(md5(time())), 0, rand() % 8 + 1);
$location= $hash.$_FILES['file']['name'];
move_uploaded_file($_FILES['file']['tmp_name'], "$folder/".$location)or die ("<br />Could not copy"); //Move the file to the specified folder, or show an error message

      yeah thats smart, likewisely noone will upload at the same time. Anyhow when i did that i got this errormessage:

      Upload Status
      File exists
      Warning: move_uploaded_file(img/avatar/) [function.move-uploaded-file]: failed to open stream: Is a directory in xxx/avatar.php on line 49

      Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/upload_tmp/phpqABIfP' to 'img/avatar/' in xxx/avatar.php on line 49

      Could not copy

        For some reason move_uploaded_file is not getting the file name. i.e. $hash.$_FILES['file']['name']

        Please post up your code.

          <?
session_start();//starts the session


if ($user['username']){ //If the user is logged in

print "<h3>Welcome to the avatar uploader</h3>";

print "<form method=\"post\" enctype=\"multipart/form-data\" name=\"form1\">";//Set the form and the type

print "Please select your .jpg avatar<br />";//Tell the user to select an image

print "<input type=\"file\" name=\"file\" /><br /><br />";//A file input box

print "<input type=\"submit\" name=\"fsubmit\" value=\"Upload\">";//Submit / upload button

print "</form>"; //End for

}

if ($_POST['fsubmit']){ //If the form has been submit

if ($_FILES['file']['size'] >= "500000"){ //If the file size is greater than 500000b

	print "<br />Your file size must be less than <strong>50000kb</strong>!<br />"; //Error message

}

elseif ($_FILES['file']['size'] <= "500000"){ //If not and the file is less than 500000b

	print "<strong>Upload Status</strong><br />"; //Show the upload status

	if($_FILES) { //If the file exists

		print "file exists";
	}

	else //If not

	{

		print "<strong>File doesn't exist</strong>"; //Error message

	}


    $folder = "img/avatar";

	move_uploaded_file($_FILES['file']['tmp_name'], "$folder/".$location)or die ("<br />Could not copy"); //Move the file to the specified folder, or show an error message

    $hash = substr(sha1(md5(time())), 0, rand() % 8 + 1);
    $location= $hash.$_FILES['file']['name'];

	$update = mysql_query("UPDATE users SET av = '$location' WHERE id = $users[id]")or die ("The avatar was not added to the specified user!");//Query the database

	print "<br />"; //Line break

	print "Name: ".$_FILES['file']['name']."<br />"; //Name of the file

	print "URL: /$folder/".$_FILES['file']['name']."<br />"; //URL of the uploaded file

	print "Size: ".$_FILES['file']['size']."<br />"; //Show the size of the file

	print "Type: ".$_FILES['file']['type']."<br />"; //Show the file type

	print "<br />"; //Line break

	print "-------------------------"; //Lots of ----

	print "<br />"; //Line break

	print "<strong>Avatar Set!</strong>"; //Confirmation message

}

}
?>
            $hash = substr(sha1(md5(time())), 0, rand() % 8 + 1);
        $location= $hash.$_FILES['file']['name'];

            Needs to be before move_uploaded_file and you might want to update the rest of the script so it uses the right file name. ($location, not $_FILES['file']['name'] since you added the hash)

              i'm not sure if i have done this correctly but i get this error message now, it at least tells me the file does not exists..

              Upload Status
              File doesn't exist
              Fatal error: Cannot use string offset as an array in xxx/avatar.php on line 51

              <?
session_start();//starts the session


if ($user['username']){ //If the user is logged in

print "<h3>Welcome to the avatar uploader</h3>";

print "<form method=\"post\" enctype=\"multipart/form-data\" name=\"form1\">";//Set the form and the type

print "Please select your .jpg avatar<br />";//Tell the user to select an image

print "<input type=\"file\" name=\"file\" /><br /><br />";//A file input box

print "<input type=\"submit\" name=\"fsubmit\" value=\"Upload\">";//Submit / upload button

print "</form>"; //End for

}

if ($_POST['fsubmit']){ //If the form has been submit

if ($location['file']['size'] >= "500000"){ //If the file size is greater than 500000b

	print "<br />Your file size must be less than <strong>50000kb</strong>!<br />"; //Error message

}

elseif ($location['file']['size'] <= "500000"){ //If not and the file is less than 500000b

	print "<strong>Upload Status</strong><br />"; //Show the upload status

	if($location) { //If the file exists

		print "file exists";
	}

	else //If not

	{

		print "<strong>File doesn't exist</strong>"; //Error message

	}


    $folder = "img/avatar";
    $hash = substr(sha1(md5(time())), 0, rand() % 8 + 1);
    $location= $hash.$_FILES['file']['name'];

	move_uploaded_file($location['file']['tmp_name'], "$folder/".$location)or die ("<br />Could not copy"); //Move the file to the specified folder, or show an error message



	$update = mysql_query("UPDATE users SET av = '$location' WHERE id = $users[id]")or die ("The avatar was not added to the specified user!");//Query the database

	print "<br />"; //Line break

	print "Name: ".$location['file']['name']."<br />"; //Name of the file

	print "URL: /$folder/".$location['file']['name']."<br />"; //URL of the uploaded file

	print "Size: ".$location['file']['size']."<br />"; //Show the size of the file

	print "Type: ".$location['file']['type']."<br />"; //Show the file type

	print "<br />"; //Line break

	print "-------------------------"; //Lots of ----

	print "<br />"; //Line break

	print "<strong>Avatar Set!</strong>"; //Confirmation message

}

}
?>

                move_uploaded_file($location['file']['tmp_name'], "$folder/".$location)

                should be

                move_uploaded_file($_FILES['file']['tmp_name'], "$folder/".$location)

                  6 days later

                  well it moves the file to the right folder, but it does not insert to the database :S

                    Everywhere you use $location['file']['name'] is wrong.

                    It should just be $location since it holds the file location, with the hash attached.

                    Also, it cannot be successfully moving the file with $location['file']['tmp_name']

                    You want $_FILES['file']['tmp_name']

                    I believe you believe that $location is a copy of your $FILES array with the modified file name. This is incorrect. All of your files data is still in $FILES except the real file location (after you move it) is in $location, since we attached the hash to it.

                    In regards to the SQL error, change die ("The avatar was not added to the specified user!") to die(mysql_error()) and post up the error please.

                      Write a Reply...