Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

PHP Upload wont set CHMOD of images

Posted on 2009-04-01
3
Medium Priority
?
293 Views
Last Modified: 2012-05-06
The script I've written is a small news system, but it seems when I go to upload the image, it's inserted into the file I choose, but it isn't appearing when I view the article? Really confused and I've came to and end with this, any help would be much appreciated!
<?php
 
// Include the needed file(s)
require_once("require/config.php");
 
if($isLogged != true) {
	
		core::redir("login.php", "You must be logged in to access this page.", "3", "error");
	
}
 
else {
 
?>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Paramount Global Services &bull; News Hub</title>
    <link href="news.css" type="text/css" media="all" rel="stylesheet" />
	<script type="text/javascript" src="tinymce/jscripts/tiny_mce/tiny_mce.js"></script>
	<script type="text/javascript">
		tinyMCE.init({
		mode : "textareas",
		elements : "maincontent",
		theme : "advanced",
	relative_urls : false,
	theme_advanced_buttons1 : "bold,italic,underline,strikethrough,separator,justifyleft,justifycenter,justifyright,justifyfull,separator,bullist,numlist,link,unlink",
	theme_advanced_buttons2 : ",fontselect,fontsizeselect,undo,redo,forecolor,spellchecker",
	theme_advanced_buttons3 : "",
	theme_advanced_toolbar_location : "bottom",
	theme_advanced_toolbar_align : "left",
	theme_advanced_statusbar_location : "bottom",
	extended_valid_elements : "a[name|href|target|title|onclick],img[class|src|border=0|alt|title|hspace|vspace|width|height|align|onmouseover|onmouseout|name],hr[class|width|size|noshade],font[face|size|color|style],span[class|align|style]"
});
</script>
</head>
 
<div id="container">
<div id="logo"></div>
<?php
 
	// Switch dependant on what the user wants to do
	switch($_GET['action']) {
	
		default:
		
			// Echo out welcome etc, with a link to each different item they can do
			$username = $userInfo['username'];
			
			echo "<div id=\"maincontent\"><div id=\"welcome\"><h3>Welcome back, {$username}</h3></div><p>This is the news control centre where you can add, edit or delete articles.</p>";
			echo "<div id=\"mainoptions\"><ul><li><a href=\"?action=add\">Add a new news article</a></li><li><a href=\"?action=modify\">Modify a news article</a></li><li><a href=\"news-hub.php?action=modify\">View your older news articles</a></li><li><a href=\"logout.php\">Logout</a></li></div>";
			// Select top 10 articles
			$sqlSel = db::select("articles", "", "0, 10", "id DESC");
			
			while($r = mysql_fetch_array($sqlSel)) {
				
				$title = core::presentString($r['title']);
 
				echo "<ul><li>{$title} - <a href=\"news-hub.php?action=edit&news_id={$r['id']}\">Edit this article</a> / <a href=\"news-hub.php?action=delete&news_id={$r['id']}\">Delete this article</a></li></ul>";
				
			}
			
			echo "</div>";
			
		break;
		
		case 'add':
		
			// Check to see if the item has been posted, if not display a form
			if(!$_POST['add_article']) {
 
?>
 
<div id="maincontent"><div id="welcome"><h3>Add a new news article</h3></div><p>Please fill out the form below to create your new article, once you have finished please click the 'Submit Article' button at the bottom of the page.</p>
 
<form method="post" action="news-hub.php?action=add" enctype="multipart/form-data">
<h5>Article Title</h5>
<input type="text" name="title" class="inputboxes" /></p>
<h5>Article Image</h5>
<input type="file" name="file" /></p>
<h5>Article Body</h5>
<textarea name="content" style="width: 100%;"></textarea></p>
<div align="center">
<input type="submit" name="add_article" value="Create your news article"  class="formbuttons" />
<input name="reset" type="reset" value="Clear ALL the fields and start over" class="formbuttons" />
</div>
</form>
</div>
 
<?php
			
			}
			
			else { 
			
				// Define some details, clean some fields
				$title = core::cleanString($_POST['title']);
				$content = core::cleanString($_POST['content']);
				$author = $userInfo['username'];
 
    			$file = explode('.', $_FILES["file"]["name"]);
    			$file = $file[0] . '-' . md5(rand(1,10000)) . '.' . $file[1];
        		if(!move_uploaded_file($_FILES["file"]["tmp_name"], "news/" . $file)) {
        		echo "<div id=\"maincontent\"><div id=\"welcome\"><h3>Ooops!</h3></div>";
       			echo '<p>There has been an error uploading the image, please go back and try again.</p></div><br />';
        		
        		}
				
				chmod($file, 0777);
 
  				
				// Insert into the database
				db::insert("articles", "NULL, '$content', '$author', '$title', '$file'");
				echo "<div id=\"maincontent\"><div id=\"welcome\"><h3>Good news!</h3></div>";
				echo "<p><strong>Your news article was successfully submitted.</strong><br /><br /><a href=\"news-hub.php\">Return to news control centre?</a></p></div>";
			
			}
			
		break;
		
		case 'delete':
		
			// Check to see if an article has been selected for deletion, if not display all articles
			if(!$_GET['news_id']) {
			
				$sqlSel = db::select("articles", "", "", "id DESC");
				
				while($r = mysql_fetch_array($sqlSel)) {
				
					$title = core::presentString($r['title']);
 
					echo "<p><a href=\"news-hub.php?action=delete&news_id={$r['id']}\">{$title}</a></p><hr/>";
				
				}
			
			}
			
			else {
			
				$id = core::cleanString($_GET['news_id']);
				
				// Make sure ID is numeric
				if(is_numeric($id) == false) {
	
					core::redir("news-hub.php?action=delete", "The article ID has to be numeric.", "3", "error");
	
				}
			
				db::delete("articles", "id = '$id'");
				echo "<div id=\"maincontent\"><div id=\"welcome\"><h3>Congratulations</h3></div>";
				echo "<p><strong>Your news article has been successfully deleted.</strong></p><p><a href=\"news-hub.php\">Return to news control centre?</a></p></div>";
			
			}
			
		break;
		
		case 'edit':
		
			// Check to see if an article has been selected for editing, if not display all articles
			if(!$_GET['news_id']) {
			
				$sqlSel = db::select("articles", "", "", "id DESC");
				
				while($r = mysql_fetch_array($sqlSel)) {
				
					$title = core::presentString($r['title']);
 
					echo "<p><a href=\"news-hub.php?action=edit&news_id={$r['id']}\">{$title}</a></p><hr/>";
				
				}
			
			}
			
			else {
			
				if(!$_POST) {
			
				$id = core::cleanString($_GET['news_id']);
				
				// Make sure ID is numeric
				if(is_numeric($id) == false) {
	
					core::redir("news-hub.php?action=edit", "The article ID has to be numeric.", "3", "error");
	
				}
				
				$sqlSel = db::select("articles", "id = '$id'", "", "id DESC");
				
				while($r = mysql_fetch_array($sqlSel)) {
				
					$title = core::presentString($r['title']);
					$article = core::presentString($r['content']);
					
					echo "
					<div id=\"maincontent\"><div id=\"welcome\"><h3>Edit your news article</h3></div><p>Please edit the sections you wish to below, once you have finished please click the 'Submit Article' button at the bottom of the page.</p>
					<form method=\"post\" action=\"news-hub.php?action=edit&news_id={$id}\" enctype=\"multipart/form-data\">
					<h5>Article Title</h5>
					<input type=\"text\" name=\"title\"/ value=\"{$title}\" class=\"inputboxes\" /></p>
					<h5>Article Image (overwrites current image)</h5>
					<input type=\"file\" name=\"file\"/>
					<h5>Article Body</h5>
					<div align=\"center\"> 
					<textarea name=\"content\" style=\"width: 100%;\">{$article}</textarea></p>
					<input type=\"submit\" name=\"add_article\" value=\"Create your news article\"  class=\"formbuttons\" />
					<input name=\"reset\" type=\"reset\" value=\"Clear ALL the fields and start over\" class=\"formbuttons\" />
					</div></form></div>";
					
					
				}
				
				}
				
				else {
				
					$id = core::cleanString($_GET['news_id']);
				
					// Make sure ID is numeric
					if(is_numeric($id) == false) {
	
						core::redir("news-hub.php?action=edit", "The article ID has to be numeric.", "3", "error");
	
					}
					
					// Check if there is a file, and if so upload it and rewrite db information
					
					if($_FILES["file"]["name"] != NULL) {
					$file = explode('.', $_FILES["file"]["name"]);
    				$file = $file[0] . '-' . md5(rand(1,10000)) . '.' . $file[1];
        			if(!move_uploaded_file($_FILES["file"]["tmp_name"], "news/" . $file)) {
        		
        				echo 'Error uploading the image. Make sure directory \'news\' is set to permission of 0777.';
        		
        			}
					chmod($file, 0777);
        			db::update("articles", "image = '$file'", "id = '$id'");
        			}
				
					// Define some details, clean some fields
					$title = core::cleanString($_POST['title']);
					$content = core::cleanString($_POST['content']);
				
					// Insert into the database
					db::update("articles", "content = '$content', title = '$title'", "id = '$id'");
					echo "<div id=\"maincontent\"><div id=\"welcome\"><h3>Good news</h3><p>Your article was successfully edited.</p></div>";
					echo "<p><a href=\"news-hub.php\">Return to news control centre?</a></p></div>";
				
				}
			
			}
		
		break;
		
		case 'modify':
			
			// Get # of rows
			$sqlCount = db::count(db::select("articles", "", "", "id DESC"));
			// Select all articles
			$sqlSel = db::select("articles", "", "", "id DESC");
			echo "<div id=\"maincontent\"><div id=\"welcome\"><h3>Edit your articles</h3><p>Please select which article you would like to edit or delete below.</p></div>";
			while($r = mysql_fetch_array($sqlSel)) {
				
				$title = core::presentString($r['title']);
				echo "<p>{$title} - <a href=\"news-hub.php?action=edit&news_id={$r['id']}\">Edit</a> / <a href=\"news-hub.php?action=delete&news_id={$r['id']}\">Delete</a></p>";
			
			}
echo "<p><a href=\"news-hub.php\">Return to news control centre?</a></p></div>";			
		break;
		
	}
 
}
 
?>

Open in new window

0
Comment
Question by:xjdx
  • 2
3 Comments
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 2000 total points
ID: 24044496
chmod() gives a return value.  What do you get when you test that?
http://us2.php.net/manual/en/function.chmod.php

You might also want to use the chmod() against the path and file name together:
chmod("news/" . $file, 0777);

What OS are you running?  Are you on a hosted server?
0
 

Author Closing Comment

by:xjdx
ID: 31565565
Great thanks that fixed it!
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 24044612
Cool!  I love it when there is a quick solution.  Thanks for the points, ~Ray
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question