Jump to content
MakeWebGames

Redux - profile pics and forum sig pics


Oracle

Recommended Posts

I have Redux: When trying to upload a new display picture or a picture for forum signatures: A person will get sent to a "500" Page that says the website may be under costruction or the website has a programming error. The 500 page is picchange2: here is the code: ,

 

function do_pic_change()
{
   global $db, $ir, $c, $userid, $h;
   if (!isset($_POST['verf'])
           || !verify_csrf_code('prefs_picchange',
                   stripslashes($_POST['verf'])))
   {
       csrf_error('picchange');
   }
   $_POST['newpic'] =
           (isset($_POST['newpic']) && is_string($_POST['newpic']))
                   ? $_POST['newpic'] : '';
   if (empty($_POST['newpic']))
   {
       echo '
You did not enter a new pic.<br />
> <a href="' . gen_url('preferences', true)
               . '&action=picchange">Back</a>
  ';
   }
   else
   {
       if (strlen($_POST['newpic']) < 8
               || !(substr($_POST['newpic'], 0, 7) == 'http://'
                       || substr($_POST['newpic'], 0, 8 == 'https://')))
       {
           echo 'Invalid Image.<br />> <a href="'
                   . gen_url('preferences', true)
                   . '&action=picchange">Go Back</a>';
           die($h->endpage());
       }
       $image = (@getimagesize($_POST['newpic']));
       if (!is_array($image))
       {
           echo 'Invalid Image.<br />> <a href="'
                   . gen_url('preferences', true)
                   . '&action=picchange">Go Back</a>';
           die($h->endpage());
       }
       $db->query(
               'UPDATE `users` SET `display_pic` = "' . $_POST['newpic']
                       . '" WHERE `userid` = ' . $userid);
       echo htmlentities($_POST['newpic'], ENT_QUOTES, 'ISO-8859-1')
               . '<br />
   Pic changed!
   <br />
   > <a href="' . gen_url('index', true) . '">Go Home</a>
   ';
   }
}

function forum_change()
{
   global $ir, $c, $userid, $h;
   $code = request_csrf_code('prefs_forumchange');
   echo "
<h3>Forum Info Change</h3>
Please note that the avatar must be externally hosted, <a href='http://www.photobucket.com'>Photobucket</a> is our recommendation.
 <br />
Any avatars that are not 150x150 will be automatically resized
<form action='" . gen_url('preferences', true)
           . "&action=forumchange2' method='post'>
Avatar: <input type='text' name='forums_avatar' value='{$ir['forums_avatar']}' />
 <br />
Signature (you may use BBcode): <textarea rows=10 cols=50 name='forums_signature'>{$ir['forums_signature']}</textarea>
 <br />
       <input type='hidden' name='verf' value='{$code}' />
<input type='submit' value='Change Info' />
</form>
  ";
}
function do_forum_change()
{
   global $db, $ir, $c, $userid, $h;
   if (!isset($_POST['verf'])
           || !verify_csrf_code('prefs_forumchange',
                   stripslashes($_POST['verf'])))
   {
       csrf_error('forumchange');
   }
   $_POST['forums_avatar'] =
           (isset($_POST['forums_avatar']) && is_string($_POST['forums_avatar']) && !empty($_POST['forums_avatar']))
                   ? $_POST['forums_avatar'] : 'http://thmb.it/img/150x150/example.jpg';
   $image = (@getimagesize($_POST['forums_avatar'])) ;
   $_POST['forums_signature'] =
           strip_tags($db->escape($_POST['forums_signature']));
   if (strlen($_POST['forums_avatar']) < 8
           || !(substr($_POST['forums_avatar'], 0, 7) == 'http://'
                   || substr($_POST['forums_avatar'], 0, 8 == 'https://')))
   {
       echo 'Invalid Image.<br />> <a href="'
               . gen_url('preferences', true)
               . '&action=forumchange">Go Back</a>';
       die($h->endpage());
   }
   if (!is_array($image))
   {
       echo 'Invalid Image.<br />> <a href="'
               . gen_url('preferences', true)
               . '&action=forumchange">Go Back</a>';
       die($h->endpage());
   }
   if (strlen($_POST['forums_signature']) > 250)
   {
       echo 'You may only have a forums signature consisting of 250 characters or less.<br />> <a href="'
               . gen_url('preferences', true)
               . '&action=forumchange">Go Back</a>';
       die($h->endpage());
   }
   $db->query(
           "UPDATE `users` SET `forums_avatar` = '{$_POST['forums_avatar']}', `forums_signature` = '{$_POST['forums_signature']}' WHERE `userid` = $userid");
   echo 'Forum Info changed!<br />> <a href="' . gen_url('index', true)
           . '">Go Home</a>';
}
$h->endpage();

 

I have no idea where the problem is. Thanks for all your help ahead of time. !

Edited by KyleMassacre
added code tags
Link to comment
Share on other sites

  • 8 years later...

I'm still having trouble with this..... 

 

function do_pic_change()
{
    global $db, $ir, $c, $userid, $h;
    if (!isset($_POST['verf'])
            || !verify_csrf_code('prefs_picchange',
                    stripslashes($_POST['verf'])))
    {
        csrf_error('picchange');
    }
    $_POST['newpic'] =
            (isset($_POST['newpic']) && is_string($_POST['newpic']))
                    ? $_POST['newpic'] : '';
    if (empty($_POST['newpic']))
    {
        echo '
You did not enter a new pic.<br />
&gt; <a href="' . gen_url('preferences', true)
                . '&action=picchange">Back</a>
   ';
    }
    else
    {
        if (strlen($_POST['newpic']) < 8
                || !(substr($_POST['newpic'], 0, 7) == 'http://'
                        || substr($_POST['newpic'], 0, 8 == 'https://')))
        {
            echo 'Invalid Image.<br />&gt; <a href="'
                    . gen_url('preferences', true)
                    . '&action=picchange">Go Back</a>';
            die($h->endpage());
        }
        $image = (@getimagesize($_POST['newpic']));
        if (!is_array($image))
        {
            echo 'Invalid Image.<br />&gt; <a href="'
                    . gen_url('preferences', true)
                    . '&action=picchange">Go Back</a>';
            die($h->endpage());
        }
        $db->query(
                'UPDATE `users` SET `display_pic` = "' . $_POST['newpic']
                        . '" WHERE `userid` = ' . $userid);
        echo htmlentities($_POST['newpic'], ENT_QUOTES, 'ISO-8859-1')
                . '<br />
    Pic changed!
    <br />
    &gt; <a href="' . gen_url('index', true) . '">Go Home</a>
    ';
    }
}

 

 

 

It won't let me add a pic 

Link to comment
Share on other sites

There's more faults in that bit of code than you can shake a stick at ... but you could try a couple of little of changes that help as you've not provided any information on what is going wrong. Changing the error messages to make it clear which part of the code is failing is useful, but I ran successful test by changing just one line:

<?php
function do_pic_change()
{
  global $db, $userid, $h;

  if (!isset($_POST['verf']) || !verify_csrf_code('prefs_picchange', stripslashes($_POST['verf']))) {
    csrf_error('picchange');
  }

  $_POST['newpic'] = (isset($_POST['newpic']) && is_string($_POST['newpic'])) ? trim($_POST['newpic']) : '';
  if (empty($_POST['newpic'])) {
    echo 'You did not enter a new pic.<br />&gt; <a href="' . gen_url('preferences', true) . '&action=picchange">Back</a>';
  }
  else
  {
    //if (strlen($_POST['newpic']) < 8 || !(substr($_POST['newpic'], 0, 7) == 'http://' || substr($_POST['newpic'], 0, 8 == 'https://'))) {
    if (!filter_var($_POST['newpic'], FILTER_VALIDATE_URL)) {
      echo 'Invalid Image - Invalid URL.<br />&gt; <a href="' . gen_url('preferences', true) . '&action=picchange">Go Back</a>';
      die($h->endpage());
    }

    $image = getimagesize($_POST['newpic']);
    if (!is_array($image)) {
      echo 'Invalid Image - Cannot retrieve image dimensions.<br />&gt; <a href="' . gen_url('preferences', true) . '&action=picchange">Go Back</a>';
      die($h->endpage());
    }

    $db->query('UPDATE `users` SET `display_pic` = "' . $_POST['newpic'] . '" WHERE `userid` = ' . $userid);
    echo htmlentities($_POST['newpic'], ENT_QUOTES, 'ISO-8859-1') . '<br />Pic changed!<br />&gt; <a href="' . gen_url('index', true) . '">Go Home</a>';
  }
}

I've made a few changes:

* Removed unnecessary references to global variables
* Added extra information in the error messages to help debug the problem
* Change one line leaving the original commented out

Testing this against the url https://upload.wikimedia.org/wikipedia/commons/4/40/Image_test.png works nicely.

 

Link to comment
Share on other sites

Thank you for your help 😃

I do thanks but can anyone fix this? 

 

function do_pic_change()
{
    global $db, $ir, $c, $userid, $h;
    if (!isset($_POST['verf'])
            || !verify_csrf_code('prefs_picchange',
                    stripslashes($_POST['verf'])))
    {
        csrf_error('picchange');
    }
    $_POST['newpic'] =
            (isset($_POST['newpic']) && is_string($_POST['newpic']))
                    ? $_POST['newpic'] : '';
    if (empty($_POST['newpic']))
    {
        echo '
You did not enter a new pic.<br />
&gt; <a href="' . gen_url('preferences', true)
                . '&action=picchange">Back</a>
   ';
    }
    else
    {
        if (strlen($_POST['newpic']) < 8
                || !(substr($_POST['newpic'], 0, 7) == 'http://'
                        || substr($_POST['newpic'], 0, 8 == 'https://')))
        {
            echo 'Invalid Image.<br />&gt; <a href="'
                    . gen_url('preferences', true)
                    . '&action=picchange">Go Back</a>';
            die($h->endpage());
        }
        $image = (@getimagesize($_POST['newpic']));
        if (!is_array($image))
        {
            echo 'Invalid Image.<br />&gt; <a href="'
                    . gen_url('preferences', true)
                    . '&action=picchange">Go Back</a>';
            die($h->endpage());
        }
        $db->query(
                'UPDATE `users` SET `display_pic` = "' . $_POST['newpic']
                        . '" WHERE `userid` = ' . $userid);
        echo htmlentities($_POST['newpic'], ENT_QUOTES, 'ISO-8859-1')
                . '<br />
    Pic changed!
    <br />
    &gt; <a href="' . gen_url('index', true) . '">Go Home</a>
    ';
    }
}

 

 

Its not working giving me an error of  " Invalid Picture" 

Link to comment
Share on other sites

58 minutes ago, Oracle said:

Thank you for your help 😃

I do thanks but can anyone fix this? 

 

function do_pic_change()
{
    global $db, $ir, $c, $userid, $h;
    if (!isset($_POST['verf'])
            || !verify_csrf_code('prefs_picchange',
                    stripslashes($_POST['verf'])))
    {
        csrf_error('picchange');
    }
    $_POST['newpic'] =
            (isset($_POST['newpic']) && is_string($_POST['newpic']))
                    ? $_POST['newpic'] : '';
    if (empty($_POST['newpic']))
    {
        echo '
You did not enter a new pic.<br />
&gt; <a href="' . gen_url('preferences', true)
                . '&action=picchange">Back</a>
   ';
    }
    else
    {
        if (strlen($_POST['newpic']) < 8
                || !(substr($_POST['newpic'], 0, 7) == 'http://'
                        || substr($_POST['newpic'], 0, 8 == 'https://')))
        {
            echo 'Invalid Image.<br />&gt; <a href="'
                    . gen_url('preferences', true)
                    . '&action=picchange">Go Back</a>';
            die($h->endpage());
        }
        $image = (@getimagesize($_POST['newpic']));
        if (!is_array($image))
        {
            echo 'Invalid Image.<br />&gt; <a href="'
                    . gen_url('preferences', true)
                    . '&action=picchange">Go Back</a>';
            die($h->endpage());
        }
        $db->query(
                'UPDATE `users` SET `display_pic` = "' . $_POST['newpic']
                        . '" WHERE `userid` = ' . $userid);
        echo htmlentities($_POST['newpic'], ENT_QUOTES, 'ISO-8859-1')
                . '<br />
    Pic changed!
    <br />
    &gt; <a href="' . gen_url('index', true) . '">Go Home</a>
    ';
    }
}

 

 

Its not working giving me an error of  " Invalid Picture" 

Judging by your code there's 4 possibilities:

 

1. The length of the image url is not at leave 8 characters

2&3. The URL you input does not start with http:// or DOES start with https://

4. The getimagesize() is not detecting it as an image, are you trying to use a weird file extension?

 

Edit:

So as long as my brain isn't getting twisted by the multi-condition if it's basically just expecting a http://www.... URL. Nothing else. Most sites will have https:// so I'd bet this is what's causing you issues

Edited by gamble
Link to comment
Share on other sites

33 minutes ago, gamble said:

No just uploading https: or http: files nothing too long. no wierd file extensions

 

Judging by your code there's 4 possibilities:

 

1. The length of the image url is not at leave 8 characters

2&3. The URL you input does not start with http:// or DOES start with https://

4. The getimagesize() is not detecting it as an image, are you trying to use a weird file extension?

 

Edit:

So as long as my brain isn't getting twisted by the multi-condition if it's basically just expecting a http://www.... URL. Nothing else. Most sites will have https:// so I'd bet this is what's causing you issues

 

13 hours ago, Oracle said:

 

it has and else if , begins with http or https it's invalid . which doesn't make sense to me not sure why its

stating that, because that is what I need to use. 

13 hours ago, Oracle said:

 

it has and else if , begins with http or https it's invalid . which doesn't make sense to me not sure why its

stating that, because that is what I need to use. 

else
    {
        if (strlen($_POST['newpic']) < 8
                || !(substr($_POST['newpic'], 0, 7) == 'http://'
                        || substr($_POST['newpic'], 0, 8 == 'https://')))
        {
            echo 'Invalid Image.<br />&gt; <a href="'
                    . gen_url('preferences', true)
                    . '&action=picchange">Go Back</a>';
            die($h->endpage());

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...