boionfire81 Posted April 23, 2016 Share Posted April 23, 2016 So here's the thing. I'm taking two mods http://makewebgames.io/forum/game-engines/mccode-development-support/free-modifications/16045-user-settings-mod & http://makewebgames.io/forum/game-engines/mccode-development-support/free-modifications/2025-mccode-v2-profile-image-uploader I've got the upload working perfect on it's own page, as well as the one account page. BUT how can I change the display picture from text to upload? Quote Link to comment Share on other sites More sharing options...
KyleMassacre Posted April 23, 2016 Share Posted April 23, 2016 Instead of input type='text' it needs to be input type='file' But then you need to go above and beyond and validate that its an actual file by validating the image properties like file type, width, height, and file size. Quote Link to comment Share on other sites More sharing options...
boionfire81 Posted April 24, 2016 Author Share Posted April 24, 2016 This is what I have <?php include "globals.php"; echo "<h3>Edit Account</h3>"; if(!empty($_POST['username']) && !empty($_POST['email'])) { foreach($_POST as $k => $v) { $v=trim($v); } $username=$db->escape($_POST['username']); $email=$db->escape($_POST['email']); $gender=!empty($_POST['gender']) ? $db->escape($_POST['gender']) : ''; $forum_sig=!empty($_POST['forums_sig']) ? $db->escape($_POST['forums_sig']) : ''; $prof_sig=!empty($_POST['signature']) ? $db->escape($_POST['signature']) : ''; $unqr=$db->query("SELECT `userid` FROM `users` WHERE `username`='{$username}'"); $emqr=$db->query("SELECT `userid` FROM `users` WHERE `email`='{$email}'"); $error=false; if($db->num_rows($unqr) && $db->escape($ir['username']) !=$_POST['username']) { $error=true; echo "Username in use.<br />"; } if($db->num_rows($emqr) && $db->escape($ir['email']) !=$_POST['email']) { $error=true; echo "Email in use.<br />"; } if($error==false) { $db->query("UPDATE `users` SET `username`='{$username}',`email`='{$email}',`gender`='{$gender}',`display_pic`='{$display_pic}',`forums_signature`='{$forum_sig}',`signature`='{$signature}' WHERE `userid`='{$ir['userid']}'"); } if((!empty($_POST['newpw']) || !empty($_POST['newpw2'])) && $_POST['newpw'] !=$_POST['newpw2']) { echo "New passwords do not match."; } elseif(!empty($_POST['newpw']) && !empty($_POST['newpw2']) && $_POST['newpw']==$_POST['newpw2']) { $pass=md5($_POST['newpw']); $db->query("UPDATE `users` SET `userpass`='{$pass}' WHERE `userid`='{$ir['userid']}'"); } } else { echo '<form method="post" class="input" enctype="multipart/form-data"><table width="95%"> <tr><td>Username:</td><td><input type="text" name="username" value="'.htmlspecialchars($ir['username']).'" class="inputs"/></td></tr> <tr><td>Email:</td><td><input type="text" name="email" value="'.htmlspecialchars($ir['email']).'" class="inputs"/></td></tr> <tr><td>Password:</td><td><input type="password" name="newpw1" class="inputs"/></td></tr> <tr><td>Confirm Password:</td><td><input type="password" name="newpw2" class="inputs"/></td></tr> <tr><td>Gender:</td><td><select name="gender" class="inputs">'; $gens=array('Male','Female'); foreach($gens as $k => $v) { if($ir['gender']==$v) { echo '<option selected="selected">'.$v.'</option>'; } else { echo '<option>'.$v.'</option>'; } } echo '</select> </td></tr> <tr><td>Display Pic:</td><td><input type="file" name="display_pic" value="" class="inputs"/></td></tr> <tr><th style="text-align: left;">Forum Signature</th> <td><textarea rows="4" cols="100" name="forums_sig">'.htmlspecialchars($ir['forums_signature']).'</textarea></td></tr> <tr><th style="text-align: left;">Profile Signature</th> <td><textarea rows="6" cols="100" name="signature">'.htmlspecialchars($ir['signature']).'</textarea></td></tr> <tr><td></td><td><input type="submit" value="Save" class="formbutton"/></td></tr> </table></form>'; } //Edit below for max fb size of the pic $maxsize = 1000000; /*Basic security procedures*/ if(!$_SERVER['REQUEST_METHOD'] == "POST" || !isset($_SERVER['HTTP_USER_AGENT'])){ echo 'Hack Attempt!'; $h->endpage(); exit; } $headerinject = array("Content-Type:", "MIME-Version:", "Content-Transfer-Encoding:", "bcc:", "cc:"); foreach($_POST as $k => $v){ foreach($headerinject as $v2){ if(strpos($v, $v2) !== false){ logBadRequest(); header("HTTP/1.0 403 Forbidden"); exit; } } } /*What extensions can be used?*/ $valid = array('image/gif', 'image/png', 'image/pjpeg','image/jpeg', 'image/jpg'); /*If the extension isnt allowed...*/ if(!in_array($_FILES['imagefile']['type'], $valid)) { $type = strrchr($_FILES['imagefile']['display_pic'], '.'); echo 'This file type '.$type.' is not allowed. <br><a href="account.php" class="button">Try Again</a>'; $h->endpage(); exit; } /*Check image size*/ if ($_FILES['imagefile']['size'] > $maxsize) { echo 'Image to large <br><a href="account.php" class="button">Try Again</a>'; $h->endpage(); exit; } $check = ''.$_FILES['imagefile']['tmp_name'].''; /*Check for .exe files*/ if (is_executable($check) || !is_file($check)) { echo 'The file '.$_FILES['imagefile']['name'].' seems to be harmful to the server <br><a href="account.php" class="button">Try Again</a>'; @unlink($check); $h->endpage(); exit; } /*Now to create the correct image using php*/ if ($_FILES['imagefile']['type']=="image/jpeg") { $create = @ImageCreateFromJPEG(''.$_FILES['imagefile']['tmp_name'].''); $image = @Imagejpeg($create, 'profilepics/'.$_FILES['imagefile']['name'].''); } if ($_FILES['imagefile']['type']=="image/png") { $create = @ImageCreateFromPNG(''.$_FILES['imagefile']['tmp_name'].''); $image = @Imagepng($create, 'profilepics/'.$_FILES['imagefile']['name'].''); } if ($_FILES['imagefile']['type']=="image/jpg") { $create = @ImageCreateFromJPEG(''.$_FILES['imagefile']['tmp_name'].''); $image = @Imagejpeg($create, 'profilepics/'.$_FILES['imagefile']['name'].''); } if ($_FILES['imagefile']['type']=="image/gif") { $create = @ImageCreateFromGIF(''.$_FILES['imagefile']['tmp_name'].''); $image = @Imagegif($create, 'profilepics/'.$_FILES['imagefile']['name'].''); } if ($_FILES['imagefile']['type']=="image/pjpeg") { $create = @ImageCreateFromJPEG(''.$_FILES['imagefile']['tmp_name'].''); $image = @Imagejpeg($create, 'profilepics/'.$_FILES['imagefile']['name'].''); } /*Destroy the php image*/ @unlink(''.$_FILES['imagefile']['tmp_name'].''); @ImageDestroy($create); /*If php could not create the image*/ if (!$create) { echo 'The image you are trying to upload seems to be corrupt please try again! Back'; $h->endpage(); exit; } $path = 'profilepics/'; $pic = $_FILES['imagefile']['name']; $picture = $path.$pic; $oldpic = $ir['display_pic']; /*Check to see if its already uploaded*/ if ($picture == $oldpic) { echo ' Image already uploaded!Back'; $h->endpage(); exit; } /*Delete previous image to save space*/ $delete = ($oldpic); if ($delete) { echo 'Previous image deleted from system... '; } if (!$delete) { echo 'No Previous image to be deleted... '; } $dataa = $_FILES['imagefile']['size']; $datab = $_FILES['imagefile']['type']; $datad = $_FILES['imagefile']['name']; /*Information for user*/ echo 'Old Image Location: '.$oldpic.' New Image Location: '.$picture.' Image Uploaded <u>Info:</u> Image Name: '.$datad.' Image Size: '.$dataa.' bytes Type: '.$datab.' Back'; /*Check DB*/ $check = $db->query( sprintf("SELECT COUNT(*) as cnt FROM `users` WHERE `display_pic` = '%s'", $db->escape($picture))); $checks = $db->fetch_row($check); if ($checks['cnt'] > 0) { echo 'Please use another image name Back'; $h->endpage(); exit; } $h->endpage(); exit(); ?> all it ever says is invalid image type. Quote Link to comment Share on other sites More sharing options...
boionfire81 Posted April 26, 2016 Author Share Posted April 26, 2016 [uSER=68711]KyleMassacre[/uSER] any idea? Quote Link to comment Share on other sites More sharing options...
KyleMassacre Posted April 27, 2016 Share Posted April 27, 2016 I have no idea. I would have to install it and I don't really want to haha Quote Link to comment Share on other sites More sharing options...
boionfire81 Posted April 27, 2016 Author Share Posted April 27, 2016 Actually, just got it working this morning :) <?php include "globals.php"; echo "<h3>Edit Account</h3>"; if(!empty($_POST['username']) && !empty($_POST['email'])) { foreach($_POST as $k => $v) { $v=trim($v); } $username=$db->escape($_POST['username']); $email=$db->escape($_POST['email']); $gender=!empty($_POST['gender']) ? $db->escape($_POST['gender']) : ''; $forum_sig=!empty($_POST['forums_sig']) ? $db->escape($_POST['forums_sig']) : ''; $signature=!empty($_POST['signature']) ? $db->escape($_POST['signature']) : ''; $unqr=$db->query("SELECT `userid` FROM `users` WHERE `username`='{$username}'"); $emqr=$db->query("SELECT `userid` FROM `users` WHERE `email`='{$email}'"); $display_pic=!empty($_POST['display_pic']) ? $db->escape($_POST['display_pic']) : ''; $error=false; if($db->num_rows($unqr) && $db->escape($ir['username']) !=$_POST['username']) { $error=true; echo "Username in use.<br />"; } if($db->num_rows($emqr) && $db->escape($ir['email']) !=$_POST['email']) { $error=true; echo "Email in use.<br />"; } if((!empty($_POST['newpw']) || !empty($_POST['newpw2'])) && $_POST['newpw'] !=$_POST['newpw2']) { echo "New passwords do not match."; } elseif(!empty($_POST['newpw']) && !empty($_POST['newpw2']) && $_POST['newpw']==$_POST['newpw2']) { $pass=md5($_POST['newpw']); $db->query("UPDATE `users` SET `userpass`='{$pass}' WHERE `userid`='{$ir['userid']}'"); } if(!empty($_POST['display_pic'])) { $maxsize = 1000000; if(!$_SERVER['REQUEST_METHOD'] == "POST" || !isset($_SERVER['HTTP_USER_AGENT'])){ echo 'Hack Attempt!'; $h->endpage(); exit; } $headerinject = array("Content-Type:", "MIME-Version:", "Content-Transfer-Encoding:", "bcc:", "cc:"); foreach($_POST as $k => $v){ foreach($headerinject as $v2){ if(strpos($v, $v2) !== false){ logBadRequest(); header("HTTP/1.0 403 Forbidden"); exit; } } } /*What extensions can be used?*/ $valid = array('image/gif', 'image/png', 'image/pjpeg','image/jpeg', 'image/jpg'); /*If the extension isnt allowed...*/ if(!in_array($_FILES['imagefile']['type'], $valid)) { $type = strrchr($_FILES['imagefile']['name'], '.'); echo 'This file type '.$type.' is not allowed. Back'; $h->endpage(); exit; } /*Check image size*/ if ($_FILES['imagefile']['size'] > $maxsize) { echo 'Image to large Back'; $h->endpage(); exit; } $check = ''.$_FILES['imagefile']['tmp_name'].''; /*Check for .exe files*/ if (is_executable($check) || !is_file($check)) { echo 'The file '.$_FILES['imagefile']['name'].' seems to be harmful to the server Back'; @unlink($check); $h->endpage(); exit; } /*Now to create the correct image using php*/ if ($_FILES['imagefile']['type']=="image/jpeg") { $create = @ImageCreateFromJPEG(''.$_FILES['imagefile']['tmp_name'].''); $image = @Imagejpeg($create, 'profilepics/'.$_FILES['imagefile']['name'].''); } if ($_FILES['imagefile']['type']=="image/png") { $create = @ImageCreateFromPNG(''.$_FILES['imagefile']['tmp_name'].''); $image = @Imagepng($create, 'profilepics/'.$_FILES['imagefile']['name'].''); } if ($_FILES['imagefile']['type']=="image/jpg") { $create = @ImageCreateFromJPEG(''.$_FILES['imagefile']['tmp_name'].''); $image = @Imagejpeg($create, 'profilepics/'.$_FILES['imagefile']['name'].''); } if ($_FILES['imagefile']['type']=="image/gif") { $create = @ImageCreateFromGIF(''.$_FILES['imagefile']['tmp_name'].''); $image = @Imagegif($create, 'profilepics/'.$_FILES['imagefile']['name'].''); } if ($_FILES['imagefile']['type']=="image/pjpeg") { $create = @ImageCreateFromJPEG(''.$_FILES['imagefile']['tmp_name'].''); $image = @Imagejpeg($create, 'profilepics/'.$_FILES['imagefile']['name'].''); } /*Destroy the php image*/ @unlink(''.$_FILES['imagefile']['tmp_name'].''); @ImageDestroy($create); /*If php could not create the image*/ if (!$create) { echo 'The image you are trying to upload seems to be corrupt please try again! Back'; $h->endpage(); exit; } $path = 'profilepics/'; $pic = $_FILES['imagefile']['name']; $picture = $path.$pic; $oldpic = $ir['display_pic']; /*Check to see if its already uploaded*/ if ($picture == $oldpic) { echo ' Image already uploaded!Back'; $h->endpage(); exit; } /*Delete previous image to save space*/ $delete = ($oldpic); if ($delete) { echo 'Previous image deleted from system... '; } if (!$delete) { echo 'No Previous image to be deleted... '; } $dataa = $_FILES['imagefile']['size']; $datab = $_FILES['imagefile']['type']; $datad = $_FILES['imagefile']['name']; /*Information for user*/ echo 'Old Image Location: '.$oldpic.' New Image Location: '.$picture.' Image Uploaded <u>Info:</u> Image Name: '.$datad.' Image Size: '.$dataa.' bytes Type: '.$datab.' Back'; /*Check DB*/ $check = $db->query( sprintf("SELECT COUNT(*) as cnt FROM `users` WHERE `display_pic` = '%s'", $db->escape($picture))); $checks = $db->fetch_row($check); if ($checks['cnt'] > 0) { echo 'Please use another image name Back'; $h->endpage(); exit; } /*Update DB*/ } if($error==false) { $db->query("UPDATE `users` SET `username`='{$username}',`email`='{$email}',`gender`='{$gender}',`forums_signature`='{$forum_sig}',`signature`='{$signature}' WHERE `userid`='{$ir['userid']}'"); $path = 'profilepics/'; $pic = $_FILES['imagefile']['name']; $picture = $path.$pic; $db->query( sprintf("UPDATE `users` SET `display_pic` = '%s' WHERE `userid` = %u", $db->escape($picture), $userid)); } } else { echo '<form method="post" action="'.$_SERVER['PHP_SELF'].'" enctype="multipart/form-data"><table width="95%"> <tr><td>Username:</td><td><input type="text" name="username" value="'.htmlspecialchars($ir['username']).'" class="inputs"/></td></tr> <tr><td>Email:</td><td><input type="text" name="email" value="'.htmlspecialchars($ir['email']).'" class="inputs"/></td></tr> <tr><td>Password:</td><td><input type="password" name="newpw1" class="inputs"/></td></tr> <tr><td>Confirm Password:</td><td><input type="password" name="newpw2" class="inputs"/></td></tr> <tr><td>Gender:</td><td><select name="gender" class="inputs">'; $gens=array('Male','Female'); foreach($gens as $k => $v) { if($ir['gender']==$v) { echo '<option selected="selected">'.$v.'</option>'; } else { echo '<option>'.$v.'</option>'; } } echo '</select> </td></tr> <tr><td>Display Pic:</td><td><input type="file" name="imagefile" class="inputs"/></td></tr> <tr><th style="text-align: left;">Forum Signature</th> <td><textarea rows="4" cols="100" name="forums_sig">'.htmlspecialchars($ir['forums_signature']).'</textarea></td></tr> <tr><th style="text-align: left;">Profile Signature</th> <td><textarea rows="6" cols="100" name="signature">'.htmlspecialchars($ir['signature']).'</textarea></td></tr> <tr><td></td><td><input type="submit" value="Save" class="formbutton"/></td></tr> </table></form>'; } $h->endpage(); exit(); ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.