Daron Posted August 10, 2012 Share Posted August 10, 2012 ight i know this is going be a stupid crazy question and im sure the answer is no, but is it anyway to run a query that deletes from the server o.o not the database. Basically what happened is i created a avy uploading thingy so no more giving url of your avy u have to upload it, and how it works is it uploads the avy to a folder and a query runs to set that newly uploaded avy as your avy. 2 big problems tho, one if an image with the same name exist in the folder it wont allow the pic to be uploaded, and 2 which is the biggest problem, is that if a user uploads another pic then the previous pic is still stored in the folder 0.0 that could be a lot of unnecessary storage taken up, plus users wouldnt be able to use that pic again since a pic of same name cant be uploaded twice. Here is the code: function do_pic_change() { global $ir,$c,$userid,$h; $allowedExts = array("gif", "png"); $extension = end(explode(".", $_FILES["file"]["name"])); if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 30000) && in_array($extension, $allowedExts)) { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . "<br />"; } else { if (file_exists("avys/" . $_FILES["file"]["name"])) { echo "That avy is already uploaded! "; } else { move_uploaded_file($_FILES["file"]["tmp_name"], "avys/" . $_FILES["file"]["name"]); mysql_query("UPDATE users SET display_pic='avys/{$_FILES['file']['name']}' WHERE userid=$userid",$c); mysql_query("UPDATE users SET display_pic='avys/{$_FILES['file']['name']}' WHERE userid=$userid",$c); echo "Avy Changed!"; } } } else { echo "Invalid file"; } } Quote Link to comment Share on other sites More sharing options...
Lithium Posted August 10, 2012 Share Posted August 10, 2012 to avoid duplicates, simply rename the file to something unique but where you can still find the actual owner/uploader... a suggestion, hex the userid and add let's say timestamp making a file called something on this lines userid_hex.timestamp.file_ext, this way you can quickly find if that user has any file uploaded, and delete it if needed, and you will have no duplicate entries. Quote Link to comment Share on other sites More sharing options...
Daron Posted August 10, 2012 Author Share Posted August 10, 2012 ah makes sense, but hmm i might be better off going back to the URLs tho, would save me from having to manually delete who knows how many avys. wish it was a way to overwrite uploaded avys Quote Link to comment Share on other sites More sharing options...
Lithium Posted August 10, 2012 Share Posted August 10, 2012 Actually... there is... http://php.net/manual/en/function.move-uploaded-file.php Quote Link to comment Share on other sites More sharing options...
Daron Posted August 10, 2012 Author Share Posted August 10, 2012 (edited) oooh nice, so after reading that i got it so they can overwrite, now u think ya can help me out with figuring how to change the name of the uploads? i thought of an plan to set each persons uploaded avy to be named after them so that way when they upload another it would be assigned same name and just overwrite. EDIT: Nevermind i got it working! It now names the avy after the user here is the code i came up with function do_pic_change() { global $ir,$c,$userid,$h; $allowedExts = array("gif", "png"); $extension = end(explode(".", $_FILES["file"]["name"])); if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 30000) && in_array($extension, $allowedExts)) { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . "<br />"; } else { $filename = basename($_FILES['file']['name']); $extension = pathinfo($filename, PATHINFO_EXTENSION); $new = $ir['username'].'.'.$extension; move_uploaded_file($_FILES["file"]["tmp_name"], "avys/{$new}"); mysql_query("UPDATE users SET display_pic='avys/{$new}' WHERE userid=$userid",$c); echo "Avy Changed!"; } } else { echo "Invalid file"; } } Edited August 10, 2012 by Daron Quote Link to comment Share on other sites More sharing options...
SilverStar Posted August 10, 2012 Share Posted August 10, 2012 To delete files, use the unlink function. Your upload isn't secure though. Read these: http://www.tidy-designs.co.uk/website-development/php-secure-file-upload-script/ http://www.nullcandy.com/php-image-upload-security-how-not-to-do-it/ http://www.phpclasses.org/blog/post/67-PHP-security-exploit-with-GIF-images.html Quote Link to comment Share on other sites More sharing options...
Daron Posted August 10, 2012 Author Share Posted August 10, 2012 =O those links were very enlightening and scary xD, crazy how he ran a script through a image 0.0 thank you for showing me that. So the 2nd link seemed to be most useful and based of what i seen i think what i was suppose to do is add a .htaccess file to the folder with the uploaded avys and add this code right? ForceType application/octet-stream <FilesMatch "(?i)\.gif$"> ForceType image/gif </FilesMatch> <FilesMatch "(?i)\.png$"> ForceType image/png </FilesMatch> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.