Oracle Posted August 8, 2014 Share Posted August 8, 2014 (edited) I have Redux: When trying to upload a new display picture or a picture for forum signatures: A person will get sent to a "500" Page that says the website may be under costruction or the website has a programming error. The 500 page is picchange2: here is the code: , function do_pic_change() { global $db, $ir, $c, $userid, $h; if (!isset($_POST['verf']) || !verify_csrf_code('prefs_picchange', stripslashes($_POST['verf']))) { csrf_error('picchange'); } $_POST['newpic'] = (isset($_POST['newpic']) && is_string($_POST['newpic'])) ? $_POST['newpic'] : ''; if (empty($_POST['newpic'])) { echo ' You did not enter a new pic.<br /> > <a href="' . gen_url('preferences', true) . '&action=picchange">Back</a> '; } else { if (strlen($_POST['newpic']) < 8 || !(substr($_POST['newpic'], 0, 7) == 'http://' || substr($_POST['newpic'], 0, 8 == 'https://'))) { echo 'Invalid Image.<br />> <a href="' . gen_url('preferences', true) . '&action=picchange">Go Back</a>'; die($h->endpage()); } $image = (@getimagesize($_POST['newpic'])); if (!is_array($image)) { echo 'Invalid Image.<br />> <a href="' . gen_url('preferences', true) . '&action=picchange">Go Back</a>'; die($h->endpage()); } $db->query( 'UPDATE `users` SET `display_pic` = "' . $_POST['newpic'] . '" WHERE `userid` = ' . $userid); echo htmlentities($_POST['newpic'], ENT_QUOTES, 'ISO-8859-1') . '<br /> Pic changed! <br /> > <a href="' . gen_url('index', true) . '">Go Home</a> '; } } function forum_change() { global $ir, $c, $userid, $h; $code = request_csrf_code('prefs_forumchange'); echo " <h3>Forum Info Change</h3> Please note that the avatar must be externally hosted, <a href='http://www.photobucket.com'>Photobucket</a> is our recommendation. <br /> Any avatars that are not 150x150 will be automatically resized <form action='" . gen_url('preferences', true) . "&action=forumchange2' method='post'> Avatar: <input type='text' name='forums_avatar' value='{$ir['forums_avatar']}' /> <br /> Signature (you may use BBcode): <textarea rows=10 cols=50 name='forums_signature'>{$ir['forums_signature']}</textarea> <br /> <input type='hidden' name='verf' value='{$code}' /> <input type='submit' value='Change Info' /> </form> "; } function do_forum_change() { global $db, $ir, $c, $userid, $h; if (!isset($_POST['verf']) || !verify_csrf_code('prefs_forumchange', stripslashes($_POST['verf']))) { csrf_error('forumchange'); } $_POST['forums_avatar'] = (isset($_POST['forums_avatar']) && is_string($_POST['forums_avatar']) && !empty($_POST['forums_avatar'])) ? $_POST['forums_avatar'] : 'http://thmb.it/img/150x150/example.jpg'; $image = (@getimagesize($_POST['forums_avatar'])) ; $_POST['forums_signature'] = strip_tags($db->escape($_POST['forums_signature'])); if (strlen($_POST['forums_avatar']) < 8 || !(substr($_POST['forums_avatar'], 0, 7) == 'http://' || substr($_POST['forums_avatar'], 0, 8 == 'https://'))) { echo 'Invalid Image.<br />> <a href="' . gen_url('preferences', true) . '&action=forumchange">Go Back</a>'; die($h->endpage()); } if (!is_array($image)) { echo 'Invalid Image.<br />> <a href="' . gen_url('preferences', true) . '&action=forumchange">Go Back</a>'; die($h->endpage()); } if (strlen($_POST['forums_signature']) > 250) { echo 'You may only have a forums signature consisting of 250 characters or less.<br />> <a href="' . gen_url('preferences', true) . '&action=forumchange">Go Back</a>'; die($h->endpage()); } $db->query( "UPDATE `users` SET `forums_avatar` = '{$_POST['forums_avatar']}', `forums_signature` = '{$_POST['forums_signature']}' WHERE `userid` = $userid"); echo 'Forum Info changed!<br />> <a href="' . gen_url('index', true) . '">Go Home</a>'; } $h->endpage(); I have no idea where the problem is. Thanks for all your help ahead of time. ! Edited August 8, 2014 by KyleMassacre added code tags Quote Link to comment Share on other sites More sharing options...
Oracle Posted August 11, 2014 Author Share Posted August 11, 2014 None of the Similar Threads below help. Can someone please help me with this? Quote Link to comment Share on other sites More sharing options...
KyleMassacre Posted August 11, 2014 Share Posted August 11, 2014 The 500 error is generally due to an error in your code. Try checking your error logs or turning your error reporting on Quote Link to comment Share on other sites More sharing options...
Oracle Posted January 2 Author Share Posted January 2 I'm still having trouble with this..... function do_pic_change() { global $db, $ir, $c, $userid, $h; if (!isset($_POST['verf']) || !verify_csrf_code('prefs_picchange', stripslashes($_POST['verf']))) { csrf_error('picchange'); } $_POST['newpic'] = (isset($_POST['newpic']) && is_string($_POST['newpic'])) ? $_POST['newpic'] : ''; if (empty($_POST['newpic'])) { echo ' You did not enter a new pic.<br /> > <a href="' . gen_url('preferences', true) . '&action=picchange">Back</a> '; } else { if (strlen($_POST['newpic']) < 8 || !(substr($_POST['newpic'], 0, 7) == 'http://' || substr($_POST['newpic'], 0, 8 == 'https://'))) { echo 'Invalid Image.<br />> <a href="' . gen_url('preferences', true) . '&action=picchange">Go Back</a>'; die($h->endpage()); } $image = (@getimagesize($_POST['newpic'])); if (!is_array($image)) { echo 'Invalid Image.<br />> <a href="' . gen_url('preferences', true) . '&action=picchange">Go Back</a>'; die($h->endpage()); } $db->query( 'UPDATE `users` SET `display_pic` = "' . $_POST['newpic'] . '" WHERE `userid` = ' . $userid); echo htmlentities($_POST['newpic'], ENT_QUOTES, 'ISO-8859-1') . '<br /> Pic changed! <br /> > <a href="' . gen_url('index', true) . '">Go Home</a> '; } } It won't let me add a pic Quote Link to comment Share on other sites More sharing options...
Inveteratus Posted January 3 Share Posted January 3 There's more faults in that bit of code than you can shake a stick at ... but you could try a couple of little of changes that help as you've not provided any information on what is going wrong. Changing the error messages to make it clear which part of the code is failing is useful, but I ran successful test by changing just one line: <?php function do_pic_change() { global $db, $userid, $h; if (!isset($_POST['verf']) || !verify_csrf_code('prefs_picchange', stripslashes($_POST['verf']))) { csrf_error('picchange'); } $_POST['newpic'] = (isset($_POST['newpic']) && is_string($_POST['newpic'])) ? trim($_POST['newpic']) : ''; if (empty($_POST['newpic'])) { echo 'You did not enter a new pic.<br />> <a href="' . gen_url('preferences', true) . '&action=picchange">Back</a>'; } else { //if (strlen($_POST['newpic']) < 8 || !(substr($_POST['newpic'], 0, 7) == 'http://' || substr($_POST['newpic'], 0, 8 == 'https://'))) { if (!filter_var($_POST['newpic'], FILTER_VALIDATE_URL)) { echo 'Invalid Image - Invalid URL.<br />> <a href="' . gen_url('preferences', true) . '&action=picchange">Go Back</a>'; die($h->endpage()); } $image = getimagesize($_POST['newpic']); if (!is_array($image)) { echo 'Invalid Image - Cannot retrieve image dimensions.<br />> <a href="' . gen_url('preferences', true) . '&action=picchange">Go Back</a>'; die($h->endpage()); } $db->query('UPDATE `users` SET `display_pic` = "' . $_POST['newpic'] . '" WHERE `userid` = ' . $userid); echo htmlentities($_POST['newpic'], ENT_QUOTES, 'ISO-8859-1') . '<br />Pic changed!<br />> <a href="' . gen_url('index', true) . '">Go Home</a>'; } } I've made a few changes: * Removed unnecessary references to global variables * Added extra information in the error messages to help debug the problem * Change one line leaving the original commented out Testing this against the url https://upload.wikimedia.org/wikipedia/commons/4/40/Image_test.png works nicely. Quote Link to comment Share on other sites More sharing options...
newttster Posted January 3 Share Posted January 3 I'm wondering if it might have something to do with the csrf functions found in the global_func file??? Quote Link to comment Share on other sites More sharing options...
Oracle Posted January 4 Author Share Posted January 4 Thank you for your help 😃 I do thanks but can anyone fix this? function do_pic_change() { global $db, $ir, $c, $userid, $h; if (!isset($_POST['verf']) || !verify_csrf_code('prefs_picchange', stripslashes($_POST['verf']))) { csrf_error('picchange'); } $_POST['newpic'] = (isset($_POST['newpic']) && is_string($_POST['newpic'])) ? $_POST['newpic'] : ''; if (empty($_POST['newpic'])) { echo ' You did not enter a new pic.<br /> > <a href="' . gen_url('preferences', true) . '&action=picchange">Back</a> '; } else { if (strlen($_POST['newpic']) < 8 || !(substr($_POST['newpic'], 0, 7) == 'http://' || substr($_POST['newpic'], 0, 8 == 'https://'))) { echo 'Invalid Image.<br />> <a href="' . gen_url('preferences', true) . '&action=picchange">Go Back</a>'; die($h->endpage()); } $image = (@getimagesize($_POST['newpic'])); if (!is_array($image)) { echo 'Invalid Image.<br />> <a href="' . gen_url('preferences', true) . '&action=picchange">Go Back</a>'; die($h->endpage()); } $db->query( 'UPDATE `users` SET `display_pic` = "' . $_POST['newpic'] . '" WHERE `userid` = ' . $userid); echo htmlentities($_POST['newpic'], ENT_QUOTES, 'ISO-8859-1') . '<br /> Pic changed! <br /> > <a href="' . gen_url('index', true) . '">Go Home</a> '; } } Its not working giving me an error of " Invalid Picture" Quote Link to comment Share on other sites More sharing options...
gamble Posted January 4 Share Posted January 4 (edited) 58 minutes ago, Oracle said: Thank you for your help 😃 I do thanks but can anyone fix this? function do_pic_change() { global $db, $ir, $c, $userid, $h; if (!isset($_POST['verf']) || !verify_csrf_code('prefs_picchange', stripslashes($_POST['verf']))) { csrf_error('picchange'); } $_POST['newpic'] = (isset($_POST['newpic']) && is_string($_POST['newpic'])) ? $_POST['newpic'] : ''; if (empty($_POST['newpic'])) { echo ' You did not enter a new pic.<br /> > <a href="' . gen_url('preferences', true) . '&action=picchange">Back</a> '; } else { if (strlen($_POST['newpic']) < 8 || !(substr($_POST['newpic'], 0, 7) == 'http://' || substr($_POST['newpic'], 0, 8 == 'https://'))) { echo 'Invalid Image.<br />> <a href="' . gen_url('preferences', true) . '&action=picchange">Go Back</a>'; die($h->endpage()); } $image = (@getimagesize($_POST['newpic'])); if (!is_array($image)) { echo 'Invalid Image.<br />> <a href="' . gen_url('preferences', true) . '&action=picchange">Go Back</a>'; die($h->endpage()); } $db->query( 'UPDATE `users` SET `display_pic` = "' . $_POST['newpic'] . '" WHERE `userid` = ' . $userid); echo htmlentities($_POST['newpic'], ENT_QUOTES, 'ISO-8859-1') . '<br /> Pic changed! <br /> > <a href="' . gen_url('index', true) . '">Go Home</a> '; } } Its not working giving me an error of " Invalid Picture" Judging by your code there's 4 possibilities: 1. The length of the image url is not at leave 8 characters 2&3. The URL you input does not start with http:// or DOES start with https:// 4. The getimagesize() is not detecting it as an image, are you trying to use a weird file extension? Edit: So as long as my brain isn't getting twisted by the multi-condition if it's basically just expecting a http://www.... URL. Nothing else. Most sites will have https:// so I'd bet this is what's causing you issues Edited January 4 by gamble Quote Link to comment Share on other sites More sharing options...
Oracle Posted January 4 Author Share Posted January 4 33 minutes ago, gamble said: No just uploading https: or http: files nothing too long. no wierd file extensions Judging by your code there's 4 possibilities: 1. The length of the image url is not at leave 8 characters 2&3. The URL you input does not start with http:// or DOES start with https:// 4. The getimagesize() is not detecting it as an image, are you trying to use a weird file extension? Edit: So as long as my brain isn't getting twisted by the multi-condition if it's basically just expecting a http://www.... URL. Nothing else. Most sites will have https:// so I'd bet this is what's causing you issues 13 hours ago, Oracle said: it has and else if , begins with http or https it's invalid . which doesn't make sense to me not sure why its stating that, because that is what I need to use. 13 hours ago, Oracle said: it has and else if , begins with http or https it's invalid . which doesn't make sense to me not sure why its stating that, because that is what I need to use. else { if (strlen($_POST['newpic']) < 8 || !(substr($_POST['newpic'], 0, 7) == 'http://' || substr($_POST['newpic'], 0, 8 == 'https://'))) { echo 'Invalid Image.<br />> <a href="' . gen_url('preferences', true) . '&action=picchange">Go Back</a>'; die($h->endpage()); Quote Link to comment Share on other sites More sharing options...
KyleMassacre Posted January 5 Share Posted January 5 (edited) On 1/3/2023 at 6:39 PM, Oracle said: || substr($_POST['newpic'], 0, 8 == 'https://'))) Should be: || substr($_POST['new_pic'], 0, 8)== 'https://')) Edited January 5 by KyleMassacre Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.