Jump to content
MakeWebGames

Account page layout with display pic upload

boionfire81

By boionfire81
in Requests & In Production

 Share

Recommended Posts

boionfire81 Apprentice

boionfire81

Posted
Posted

So here's the thing. I'm taking two mods

http://makewebgames.io/forum/game-engines/mccode-development-support/free-modifications/16045-user-settings-mod

&

http://makewebgames.io/forum/game-engines/mccode-development-support/free-modifications/2025-mccode-v2-profile-image-uploader

I've got the upload working perfect on it's own page, as well as the one account page. BUT how can I change the display picture from text to upload?

 

Link to comment
Share on other sites
boionfire81 Apprentice

boionfire81

Posted
  • Author
Posted

This is what I have

 

<?php
include "globals.php";
echo "<h3>Edit Account</h3>";
if(!empty($_POST['username']) &&  !empty($_POST['email']))
{
foreach($_POST as $k => $v) { $v=trim($v); }
$username=$db->escape($_POST['username']);
$email=$db->escape($_POST['email']);
$gender=!empty($_POST['gender']) ? $db->escape($_POST['gender']) : '';
$forum_sig=!empty($_POST['forums_sig']) ? $db->escape($_POST['forums_sig']) : '';
$prof_sig=!empty($_POST['signature']) ? $db->escape($_POST['signature']) : '';
$unqr=$db->query("SELECT `userid` FROM `users` WHERE `username`='{$username}'");
$emqr=$db->query("SELECT `userid` FROM `users` WHERE `email`='{$email}'");
$error=false;
if($db->num_rows($unqr) && $db->escape($ir['username']) !=$_POST['username']) { $error=true; echo "Username in use.<br />"; }
if($db->num_rows($emqr) && $db->escape($ir['email']) !=$_POST['email']) { $error=true; echo "Email in use.<br />"; }
if($error==false)
{
$db->query("UPDATE `users` SET `username`='{$username}',`email`='{$email}',`gender`='{$gender}',`display_pic`='{$display_pic}',`forums_signature`='{$forum_sig}',`signature`='{$signature}' WHERE `userid`='{$ir['userid']}'");
}
if((!empty($_POST['newpw']) || !empty($_POST['newpw2'])) && $_POST['newpw'] !=$_POST['newpw2'])
{
echo "New passwords do not match.";
}
elseif(!empty($_POST['newpw']) && !empty($_POST['newpw2']) && $_POST['newpw']==$_POST['newpw2'])
{
$pass=md5($_POST['newpw']);
$db->query("UPDATE `users` SET `userpass`='{$pass}' WHERE `userid`='{$ir['userid']}'");
}
}
else
{
echo '<form method="post" class="input" enctype="multipart/form-data"><table width="95%">
<tr><td>Username:</td><td><input type="text" name="username" value="'.htmlspecialchars($ir['username']).'" class="inputs"/></td></tr>
<tr><td>Email:</td><td><input type="text" name="email" value="'.htmlspecialchars($ir['email']).'" class="inputs"/></td></tr>
<tr><td>Password:</td><td><input type="password" name="newpw1" class="inputs"/></td></tr>
<tr><td>Confirm Password:</td><td><input type="password" name="newpw2" class="inputs"/></td></tr>
<tr><td>Gender:</td><td><select name="gender" class="inputs">';
$gens=array('Male','Female');
foreach($gens as $k => $v)
{
if($ir['gender']==$v) { echo '<option selected="selected">'.$v.'</option>'; }
else { echo '<option>'.$v.'</option>'; }
}
echo '</select>
</td></tr>
<tr><td>Display Pic:</td><td><input type="file" name="display_pic" value="" class="inputs"/></td></tr>
<tr><th style="text-align: left;">Forum Signature</th>
<td><textarea rows="4" cols="100" name="forums_sig">'.htmlspecialchars($ir['forums_signature']).'</textarea></td></tr>
<tr><th style="text-align: left;">Profile Signature</th>
<td><textarea rows="6" cols="100" name="signature">'.htmlspecialchars($ir['signature']).'</textarea></td></tr>
<tr><td></td><td><input type="submit" value="Save" class="formbutton"/></td></tr>
</table></form>';
}
//Edit below for max fb size of the pic

   $maxsize = 1000000;

   /*Basic security procedures*/
   if(!$_SERVER['REQUEST_METHOD'] == "POST" || !isset($_SERVER['HTTP_USER_AGENT'])){
      echo 'Hack Attempt!';
      $h->endpage(); exit;    
      }

   $headerinject = array("Content-Type:", "MIME-Version:", "Content-Transfer-Encoding:", "bcc:", "cc:");
   foreach($_POST as $k => $v){
      foreach($headerinject as $v2){
          if(strpos($v, $v2) !== false){
              logBadRequest(); header("HTTP/1.0 403 Forbidden"); exit; }
              } }

   /*What extensions can be used?*/
   $valid = array('image/gif', 'image/png', 'image/pjpeg','image/jpeg', 'image/jpg');

   /*If the extension isnt allowed...*/
   if(!in_array($_FILES['imagefile']['type'], $valid))
   {
       $type = strrchr($_FILES['imagefile']['display_pic'], '.');
       echo 'This file type '.$type.' is not allowed.
<br><a href="account.php" class="button">Try Again</a>';
       $h->endpage();
       exit;
   }

   /*Check image size*/                    
   if ($_FILES['imagefile']['size'] > $maxsize) {
       echo 'Image to large
<br><a href="account.php" class="button">Try Again</a>'; $h->endpage(); exit;
   }

   $check = ''.$_FILES['imagefile']['tmp_name'].'';

   /*Check for .exe files*/
   if (is_executable($check) || !is_file($check)) {
       echo 'The file '.$_FILES['imagefile']['name'].' seems to be harmful to the server
<br><a href="account.php" class="button">Try Again</a>';
       @unlink($check);
       $h->endpage();
       exit;
   }

   /*Now to create the correct image using php*/
   if ($_FILES['imagefile']['type']=="image/jpeg")
   {
       $create = @ImageCreateFromJPEG(''.$_FILES['imagefile']['tmp_name'].'');
       $image = @Imagejpeg($create, 'profilepics/'.$_FILES['imagefile']['name'].'');
   }
   if ($_FILES['imagefile']['type']=="image/png")
   {
       $create = @ImageCreateFromPNG(''.$_FILES['imagefile']['tmp_name'].'');
       $image = @Imagepng($create, 'profilepics/'.$_FILES['imagefile']['name'].'');
   }
   if ($_FILES['imagefile']['type']=="image/jpg")
   {
       $create = @ImageCreateFromJPEG(''.$_FILES['imagefile']['tmp_name'].'');
       $image = @Imagejpeg($create, 'profilepics/'.$_FILES['imagefile']['name'].'');
   }
   if ($_FILES['imagefile']['type']=="image/gif")
   {
       $create = @ImageCreateFromGIF(''.$_FILES['imagefile']['tmp_name'].'');
       $image = @Imagegif($create, 'profilepics/'.$_FILES['imagefile']['name'].'');
   }
   if ($_FILES['imagefile']['type']=="image/pjpeg")
   {
       $create = @ImageCreateFromJPEG(''.$_FILES['imagefile']['tmp_name'].'');
       $image = @Imagejpeg($create, 'profilepics/'.$_FILES['imagefile']['name'].'');
   }

   /*Destroy the php image*/
   @unlink(''.$_FILES['imagefile']['tmp_name'].'');
   @ImageDestroy($create);

   /*If php could not create the image*/
   if (!$create) {
       echo 'The image you are trying to upload seems to be corrupt please try again!
Back';
       $h->endpage();
       exit;
   }

   $path = 'profilepics/';
   $pic = $_FILES['imagefile']['name'];
   $picture = $path.$pic;
   $oldpic = $ir['display_pic'];

   /*Check to see if its already uploaded*/
   if ($picture == $oldpic) {
       echo '
Image already uploaded!Back';
       $h->endpage(); exit;
   }

   /*Delete previous image to save space*/
   $delete = ($oldpic);

   if ($delete) { echo 'Previous image deleted from system...

'; }
   if (!$delete) { echo 'No Previous image to be deleted...

'; }

   $dataa = $_FILES['imagefile']['size'];
   $datab = $_FILES['imagefile']['type'];
   $datad = $_FILES['imagefile']['name'];

   /*Information for user*/
   echo 'Old Image Location: '.$oldpic.'

   New Image Location: '.$picture.'

   Image Uploaded


<u>Info:</u>
Image Name: '.$datad.'
Image Size: '.$dataa.' bytes
Type: '.$datab.'


Back';

   /*Check DB*/
   $check = $db->query(
   sprintf("SELECT COUNT(*) as cnt FROM `users` WHERE `display_pic` = '%s'",
   $db->escape($picture)));

   $checks = $db->fetch_row($check);

   if ($checks['cnt'] > 0) {
       echo 'Please use another image name
Back';
       $h->endpage(); exit;
   }




$h->endpage();
exit();
?>

 

all it ever says is invalid image type.

Link to comment
Share on other sites
boionfire81 Apprentice

boionfire81

Posted
  • Author
Posted

Actually, just got it working this morning :)

 

<?php
include "globals.php";
echo "<h3>Edit Account</h3>";
if(!empty($_POST['username']) &&  !empty($_POST['email']))
{
foreach($_POST as $k => $v) { $v=trim($v); }
$username=$db->escape($_POST['username']);
$email=$db->escape($_POST['email']);
$gender=!empty($_POST['gender']) ? $db->escape($_POST['gender']) : '';
$forum_sig=!empty($_POST['forums_sig']) ? $db->escape($_POST['forums_sig']) : '';
$signature=!empty($_POST['signature']) ? $db->escape($_POST['signature']) : '';
$unqr=$db->query("SELECT `userid` FROM `users` WHERE `username`='{$username}'");
$emqr=$db->query("SELECT `userid` FROM `users` WHERE `email`='{$email}'");
$display_pic=!empty($_POST['display_pic']) ? $db->escape($_POST['display_pic']) : '';
$error=false;
if($db->num_rows($unqr) && $db->escape($ir['username']) !=$_POST['username']) { $error=true; echo "Username in use.<br />"; }
if($db->num_rows($emqr) && $db->escape($ir['email']) !=$_POST['email']) { $error=true; echo "Email in use.<br />"; }
if((!empty($_POST['newpw']) || !empty($_POST['newpw2'])) && $_POST['newpw'] !=$_POST['newpw2'])
{
echo "New passwords do not match.";
}
elseif(!empty($_POST['newpw']) && !empty($_POST['newpw2']) && $_POST['newpw']==$_POST['newpw2'])
{
$pass=md5($_POST['newpw']);
$db->query("UPDATE `users` SET `userpass`='{$pass}' WHERE `userid`='{$ir['userid']}'");
}
if(!empty($_POST['display_pic']))
{
$maxsize = 1000000;
if(!$_SERVER['REQUEST_METHOD'] == "POST" || !isset($_SERVER['HTTP_USER_AGENT'])){
echo 'Hack Attempt!';
$h->endpage(); exit;    
}
   $headerinject = array("Content-Type:", "MIME-Version:", "Content-Transfer-Encoding:", "bcc:", "cc:");
   foreach($_POST as $k => $v){
      foreach($headerinject as $v2){
          if(strpos($v, $v2) !== false){
              logBadRequest(); header("HTTP/1.0 403 Forbidden"); exit; }
              } }

   /*What extensions can be used?*/
   $valid = array('image/gif', 'image/png', 'image/pjpeg','image/jpeg', 'image/jpg');

   /*If the extension isnt allowed...*/
   if(!in_array($_FILES['imagefile']['type'], $valid))
   {
       $type = strrchr($_FILES['imagefile']['name'], '.');
       echo 'This file type '.$type.' is not allowed.
Back';
       $h->endpage();
       exit;
   }

   /*Check image size*/                    
   if ($_FILES['imagefile']['size'] > $maxsize) {
       echo 'Image to large
Back'; $h->endpage(); exit;
   }

   $check = ''.$_FILES['imagefile']['tmp_name'].'';

   /*Check for .exe files*/
   if (is_executable($check) || !is_file($check)) {
       echo 'The file '.$_FILES['imagefile']['name'].' seems to be harmful to the server
Back';
       @unlink($check);
       $h->endpage();
       exit;
   }

   /*Now to create the correct image using php*/
   if ($_FILES['imagefile']['type']=="image/jpeg")
   {
       $create = @ImageCreateFromJPEG(''.$_FILES['imagefile']['tmp_name'].'');
       $image = @Imagejpeg($create, 'profilepics/'.$_FILES['imagefile']['name'].'');
   }
   if ($_FILES['imagefile']['type']=="image/png")
   {
       $create = @ImageCreateFromPNG(''.$_FILES['imagefile']['tmp_name'].'');
       $image = @Imagepng($create, 'profilepics/'.$_FILES['imagefile']['name'].'');
   }
   if ($_FILES['imagefile']['type']=="image/jpg")
   {
       $create = @ImageCreateFromJPEG(''.$_FILES['imagefile']['tmp_name'].'');
       $image = @Imagejpeg($create, 'profilepics/'.$_FILES['imagefile']['name'].'');
   }
   if ($_FILES['imagefile']['type']=="image/gif")
   {
       $create = @ImageCreateFromGIF(''.$_FILES['imagefile']['tmp_name'].'');
       $image = @Imagegif($create, 'profilepics/'.$_FILES['imagefile']['name'].'');
   }
   if ($_FILES['imagefile']['type']=="image/pjpeg")
   {
       $create = @ImageCreateFromJPEG(''.$_FILES['imagefile']['tmp_name'].'');
       $image = @Imagejpeg($create, 'profilepics/'.$_FILES['imagefile']['name'].'');
   }

   /*Destroy the php image*/
   @unlink(''.$_FILES['imagefile']['tmp_name'].'');
   @ImageDestroy($create);

   /*If php could not create the image*/
   if (!$create) {
       echo 'The image you are trying to upload seems to be corrupt please try again!
Back';
       $h->endpage();
       exit;
   }

   $path = 'profilepics/';
   $pic = $_FILES['imagefile']['name'];
   $picture = $path.$pic;
   $oldpic = $ir['display_pic'];

   /*Check to see if its already uploaded*/
   if ($picture == $oldpic) {
       echo '
Image already uploaded!Back';
       $h->endpage(); exit;
   }

   /*Delete previous image to save space*/
   $delete = ($oldpic);

   if ($delete) { echo 'Previous image deleted from system...

'; }
   if (!$delete) { echo 'No Previous image to be deleted...

'; }

   $dataa = $_FILES['imagefile']['size'];
   $datab = $_FILES['imagefile']['type'];
   $datad = $_FILES['imagefile']['name'];

   /*Information for user*/
   echo 'Old Image Location: '.$oldpic.'

   New Image Location: '.$picture.'

   Image Uploaded


<u>Info:</u>
Image Name: '.$datad.'
Image Size: '.$dataa.' bytes
Type: '.$datab.'


Back';

   /*Check DB*/
   $check = $db->query(
   sprintf("SELECT COUNT(*) as cnt FROM `users` WHERE `display_pic` = '%s'",
   $db->escape($picture)));

   $checks = $db->fetch_row($check);

   if ($checks['cnt'] > 0) {
       echo 'Please use another image name
Back';
       $h->endpage(); exit;
   }

   /*Update DB*/

}

if($error==false)
{
$db->query("UPDATE `users` SET `username`='{$username}',`email`='{$email}',`gender`='{$gender}',`forums_signature`='{$forum_sig}',`signature`='{$signature}' WHERE `userid`='{$ir['userid']}'");
$path = 'profilepics/';
   $pic = $_FILES['imagefile']['name'];
   $picture = $path.$pic;
$db->query(
   sprintf("UPDATE `users` SET `display_pic` = '%s' WHERE `userid` = %u",
   $db->escape($picture),
   $userid));
}
}
else
{
echo '<form method="post" action="'.$_SERVER['PHP_SELF'].'" enctype="multipart/form-data"><table width="95%">
<tr><td>Username:</td><td><input type="text" name="username" value="'.htmlspecialchars($ir['username']).'" class="inputs"/></td></tr>
<tr><td>Email:</td><td><input type="text" name="email" value="'.htmlspecialchars($ir['email']).'" class="inputs"/></td></tr>
<tr><td>Password:</td><td><input type="password" name="newpw1" class="inputs"/></td></tr>
<tr><td>Confirm Password:</td><td><input type="password" name="newpw2" class="inputs"/></td></tr>
<tr><td>Gender:</td><td><select name="gender" class="inputs">';
$gens=array('Male','Female');
foreach($gens as $k => $v)
{
if($ir['gender']==$v) { echo '<option selected="selected">'.$v.'</option>'; }
else { echo '<option>'.$v.'</option>'; }
}
echo '</select>
</td></tr>
<tr><td>Display Pic:</td><td><input type="file" name="imagefile" class="inputs"/></td></tr>
<tr><th style="text-align: left;">Forum Signature</th>
<td><textarea rows="4" cols="100" name="forums_sig">'.htmlspecialchars($ir['forums_signature']).'</textarea></td></tr>
<tr><th style="text-align: left;">Profile Signature</th>
<td><textarea rows="6" cols="100" name="signature">'.htmlspecialchars($ir['signature']).'</textarea></td></tr>
<tr><td></td><td><input type="submit" value="Save" class="formbutton"/></td></tr>
</table></form>';
}
$h->endpage();
exit();
?>
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...