xjdx
asked on
PHP Upload wont set CHMOD of images
The script I've written is a small news system, but it seems when I go to upload the image, it's inserted into the file I choose, but it isn't appearing when I view the article? Really confused and I've came to and end with this, any help would be much appreciated!
<?php
// Include the needed file(s)
require_once("require/config.php");
if($isLogged != true) {
core::redir("login.php", "You must be logged in to access this page.", "3", "error");
}
else {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Paramount Global Services • News Hub</title>
<link href="news.css" type="text/css" media="all" rel="stylesheet" />
<script type="text/javascript" src="tinymce/jscripts/tiny_mce/tiny_mce.js"></script>
<script type="text/javascript">
tinyMCE.init({
mode : "textareas",
elements : "maincontent",
theme : "advanced",
relative_urls : false,
theme_advanced_buttons1 : "bold,italic,underline,strikethrough,separator,justifyleft,justifycenter,justifyright,justifyfull,separator,bullist,numlist,link,unlink",
theme_advanced_buttons2 : ",fontselect,fontsizeselect,undo,redo,forecolor,spellchecker",
theme_advanced_buttons3 : "",
theme_advanced_toolbar_location : "bottom",
theme_advanced_toolbar_align : "left",
theme_advanced_statusbar_location : "bottom",
extended_valid_elements : "a[name|href|target|title|onclick],img[class|src|border=0|alt|title|hspace|vspace|width|height|align|onmouseover|onmouseout|name],hr[class|width|size|noshade],font[face|size|color|style],span[class|align|style]"
});
</script>
</head>
<div id="container">
<div id="logo"></div>
<?php
// Switch dependant on what the user wants to do
switch($_GET['action']) {
default:
// Echo out welcome etc, with a link to each different item they can do
$username = $userInfo['username'];
echo "<div id=\"maincontent\"><div id=\"welcome\"><h3>Welcome back, {$username}</h3></div><p>This is the news control centre where you can add, edit or delete articles.</p>";
echo "<div id=\"mainoptions\"><ul><li><a href=\"?action=add\">Add a new news article</a></li><li><a href=\"?action=modify\">Modify a news article</a></li><li><a href=\"news-hub.php?action=modify\">View your older news articles</a></li><li><a href=\"logout.php\">Logout</a></li></div>";
// Select top 10 articles
$sqlSel = db::select("articles", "", "0, 10", "id DESC");
while($r = mysql_fetch_array($sqlSel)) {
$title = core::presentString($r['title']);
echo "<ul><li>{$title} - <a href=\"news-hub.php?action=edit&news_id={$r['id']}\">Edit this article</a> / <a href=\"news-hub.php?action=delete&news_id={$r['id']}\">Delete this article</a></li></ul>";
}
echo "</div>";
break;
case 'add':
// Check to see if the item has been posted, if not display a form
if(!$_POST['add_article']) {
?>
<div id="maincontent"><div id="welcome"><h3>Add a new news article</h3></div><p>Please fill out the form below to create your new article, once you have finished please click the 'Submit Article' button at the bottom of the page.</p>
<form method="post" action="news-hub.php?action=add" enctype="multipart/form-data">
<h5>Article Title</h5>
<input type="text" name="title" class="inputboxes" /></p>
<h5>Article Image</h5>
<input type="file" name="file" /></p>
<h5>Article Body</h5>
<textarea name="content" style="width: 100%;"></textarea></p>
<div align="center">
<input type="submit" name="add_article" value="Create your news article" class="formbuttons" />
<input name="reset" type="reset" value="Clear ALL the fields and start over" class="formbuttons" />
</div>
</form>
</div>
<?php
}
else {
// Define some details, clean some fields
$title = core::cleanString($_POST['title']);
$content = core::cleanString($_POST['content']);
$author = $userInfo['username'];
$file = explode('.', $_FILES["file"]["name"]);
$file = $file[0] . '-' . md5(rand(1,10000)) . '.' . $file[1];
if(!move_uploaded_file($_FILES["file"]["tmp_name"], "news/" . $file)) {
echo "<div id=\"maincontent\"><div id=\"welcome\"><h3>Ooops!</h3></div>";
echo '<p>There has been an error uploading the image, please go back and try again.</p></div><br />';
}
chmod($file, 0777);
// Insert into the database
db::insert("articles", "NULL, '$content', '$author', '$title', '$file'");
echo "<div id=\"maincontent\"><div id=\"welcome\"><h3>Good news!</h3></div>";
echo "<p><strong>Your news article was successfully submitted.</strong><br /><br /><a href=\"news-hub.php\">Return to news control centre?</a></p></div>";
}
break;
case 'delete':
// Check to see if an article has been selected for deletion, if not display all articles
if(!$_GET['news_id']) {
$sqlSel = db::select("articles", "", "", "id DESC");
while($r = mysql_fetch_array($sqlSel)) {
$title = core::presentString($r['title']);
echo "<p><a href=\"news-hub.php?action=delete&news_id={$r['id']}\">{$title}</a></p><hr/>";
}
}
else {
$id = core::cleanString($_GET['news_id']);
// Make sure ID is numeric
if(is_numeric($id) == false) {
core::redir("news-hub.php?action=delete", "The article ID has to be numeric.", "3", "error");
}
db::delete("articles", "id = '$id'");
echo "<div id=\"maincontent\"><div id=\"welcome\"><h3>Congratulations</h3></div>";
echo "<p><strong>Your news article has been successfully deleted.</strong></p><p><a href=\"news-hub.php\">Return to news control centre?</a></p></div>";
}
break;
case 'edit':
// Check to see if an article has been selected for editing, if not display all articles
if(!$_GET['news_id']) {
$sqlSel = db::select("articles", "", "", "id DESC");
while($r = mysql_fetch_array($sqlSel)) {
$title = core::presentString($r['title']);
echo "<p><a href=\"news-hub.php?action=edit&news_id={$r['id']}\">{$title}</a></p><hr/>";
}
}
else {
if(!$_POST) {
$id = core::cleanString($_GET['news_id']);
// Make sure ID is numeric
if(is_numeric($id) == false) {
core::redir("news-hub.php?action=edit", "The article ID has to be numeric.", "3", "error");
}
$sqlSel = db::select("articles", "id = '$id'", "", "id DESC");
while($r = mysql_fetch_array($sqlSel)) {
$title = core::presentString($r['title']);
$article = core::presentString($r['content']);
echo "
<div id=\"maincontent\"><div id=\"welcome\"><h3>Edit your news article</h3></div><p>Please edit the sections you wish to below, once you have finished please click the 'Submit Article' button at the bottom of the page.</p>
<form method=\"post\" action=\"news-hub.php?action=edit&news_id={$id}\" enctype=\"multipart/form-data\">
<h5>Article Title</h5>
<input type=\"text\" name=\"title\"/ value=\"{$title}\" class=\"inputboxes\" /></p>
<h5>Article Image (overwrites current image)</h5>
<input type=\"file\" name=\"file\"/>
<h5>Article Body</h5>
<div align=\"center\">
<textarea name=\"content\" style=\"width: 100%;\">{$article}</textarea></p>
<input type=\"submit\" name=\"add_article\" value=\"Create your news article\" class=\"formbuttons\" />
<input name=\"reset\" type=\"reset\" value=\"Clear ALL the fields and start over\" class=\"formbuttons\" />
</div></form></div>";
}
}
else {
$id = core::cleanString($_GET['news_id']);
// Make sure ID is numeric
if(is_numeric($id) == false) {
core::redir("news-hub.php?action=edit", "The article ID has to be numeric.", "3", "error");
}
// Check if there is a file, and if so upload it and rewrite db information
if($_FILES["file"]["name"] != NULL) {
$file = explode('.', $_FILES["file"]["name"]);
$file = $file[0] . '-' . md5(rand(1,10000)) . '.' . $file[1];
if(!move_uploaded_file($_FILES["file"]["tmp_name"], "news/" . $file)) {
echo 'Error uploading the image. Make sure directory \'news\' is set to permission of 0777.';
}
chmod($file, 0777);
db::update("articles", "image = '$file'", "id = '$id'");
}
// Define some details, clean some fields
$title = core::cleanString($_POST['title']);
$content = core::cleanString($_POST['content']);
// Insert into the database
db::update("articles", "content = '$content', title = '$title'", "id = '$id'");
echo "<div id=\"maincontent\"><div id=\"welcome\"><h3>Good news</h3><p>Your article was successfully edited.</p></div>";
echo "<p><a href=\"news-hub.php\">Return to news control centre?</a></p></div>";
}
}
break;
case 'modify':
// Get # of rows
$sqlCount = db::count(db::select("articles", "", "", "id DESC"));
// Select all articles
$sqlSel = db::select("articles", "", "", "id DESC");
echo "<div id=\"maincontent\"><div id=\"welcome\"><h3>Edit your articles</h3><p>Please select which article you would like to edit or delete below.</p></div>";
while($r = mysql_fetch_array($sqlSel)) {
$title = core::presentString($r['title']);
echo "<p>{$title} - <a href=\"news-hub.php?action=edit&news_id={$r['id']}\">Edit</a> / <a href=\"news-hub.php?action=delete&news_id={$r['id']}\">Delete</a></p>";
}
echo "<p><a href=\"news-hub.php\">Return to news control centre?</a></p></div>";
break;
}
}
?>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Cool! I love it when there is a quick solution. Thanks for the points, ~Ray
ASKER