I have a problem that I'm working with right now. Currently I have a registration form that accepts a few fields from the user and a picture upload field for the profile picture. Currently the profile picture name is being inserted into the database but when viewing the folder of the target location there is no sign of the picture. Right now the page goes white and loads a little tiny broken picture in the top left hand corner. Any advice?
Profile Page
<?PHP
ob_start();
error_reporting(E_ALL);
ini_set('display_errors',"On");
session_start();
if (!isset($_SESSION['username'])) {
header('location:login.php');
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
<style>
</style>
<!--[if lt IE 9]>
<script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js"></script>
<script> $(document).ready(function(){
$('#login-trigger').click(function(){
$(this).next('#login-content').slideToggle();
$(this).toggleClass('active');
if ($(this).hasClass('active')) $(this).find('span').html('▲')
else $(this).find('span').html('▼')
})
});
</script>
</head>
<body>
<header class="cf">
<nav></nav>
</header>
<h1 style="text-align:center"> The Animator - BETA</h1>
<hr />
<div id="nav" style="text-align:center">
<ul style="text-align:center">
<li><a href= "theanimator.html" ><strong>Home</strong></a></li>
<strong><li><a href= "industrial.html" >Industrial</a></li>
<li><a href= "educational.html" >Education</a></li>
<li><a href= "independent.html" >Independent</a></li>
<li><a href= "emergent.html" >Emergent</a></li>
<li><a href= "team.html" >Team</a></li>
<li><a href= "project.html" >Project</a></li>
<li><a href= "budget.html" >Budget</a></li>
<li><a href= "profile.html" >Profile</a></li></strong>
</ul>
</div>
<hr />
<div style="padding-left:19%"><input type="text" value="search" />
<input type="button" value="Search!" name="search"/>
</div>
<h1 style="text-align:center">Profile</h1>
<div style="padding-left:15%; padding-right:15%; font-family: Arial, Helvetica, sans-serif;">
<div style="font-size:18px; text-align:center; font-family: Arial, Helvetica, sans-serif;">
<p>
<?php
$querytest = "SELECT * FROM account WHERE idaccount = " . $_GET['idaccount'];
$result = mysql_query($querytest);
echo $_SESSION['idaccount'];
?>
</p>
<p>
<?php
echo $_SESSION['username'];
?>
</p>
</div>
<p style="text-align:center;"><?php echo $_SESSION['email'];?></p>
<div style="font-size:18px; width:100px; text-align:left; margin-left:201px; padding-left:10pt">Specialties</div>
</div>
<div style="width:100%; float:left;">
<div style="width:30%">
<?php
$db_name = "animator"; // Database name
$link = mysql_connect('localhost', 'root', 'admin');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
//echo 'Connected successfully';
mysql_select_db($db_name) or die("Could not connect to Database" .mysql_error());
$result = mysql_query("SELECT * FROM animator.account WHERE idaccount=" . $_SESSION['idaccount'] . ";");
if (!$result) { // add this check.
die('Invalid query: ' . mysql_error());
}
while($row = mysql_fetch_array($result))
{
header("Content-type: image/jpeg");
echo mysql_result($result, 0);
}
?>
</div>
<div class="previous_work" id="previous_work" style="width:70%; float:left; margin-left:2%;">
<hr />
<li>3D Animation</li>
<li>Scriptwriting</li>
<li>CGI Animation </li>
</div>
<hr />
</div>
<hr />
<?php echo $_SESSION['bio']; ?>
</p>
</div>
</p>
<p> </p>
</div>
<div id="footer"> <hr />
<p><strong><u><a href="about.html">About The Animator</a> | <a href="contact.html">Contact</a> | <a href="privacy.html">Privacy Policy</a> | <a href="faq.html">FAQ</a></u></strong><u> | <strong><a href="questionnaire.html">Questionnaire</a> |</strong></u> <strong><a href="reports.html">Admin Reports</a> |</strong></u></p>
</div>
</body>
</html>
REGISTER PAGE WITH PHOTO UPLOAD
<?php
error_reporting(E_ALL);
ini_set('display_errors',"On");
include ('database_connection.php');
$target = "/var/www/profile";
if (isset($_POST['formsubmitted'])) {
$error = array();//Declare An Array to store any error message
if (empty($_POST['name'])) {//if no name has been supplied
$error[] = 'Please Enter a name ';//add to array "error"
} else {
$name = $_POST['name'];//else assign it a variable
}
if (empty($_POST['e-mail'])) {
$error[] = 'Please Enter your Email ';
} else {
if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $_POST['e-mail'])) {
//regular expression for email validation
$Email = $_POST['e-mail'];
} else {
$error[] = 'Your EMail Address is invalid ';
}
}
if (empty($_POST['Password'])) {
$error[] = 'Please Enter Your Password ';
} else {
$Password = $_POST['Password'];
}
if (empty($error)) //send to Database if there's no error '
{ // If everything's OK...
// Make sure the email address is available:
$query_verify_email = "SELECT * FROM account WHERE email ='$Email'";
$result_verify_email = mysqli_query($dbc, $query_verify_email);
if (!$result_verify_email) {//if the Query Failed ,similar to if($result_verify_email==false)
echo ' Database Error Occured ';
}
if (mysqli_num_rows($result_verify_email) == 0) { // IF no previous user is using this email .
// Create a unique activation code:
$activation = md5(uniqid(rand(), true));
$target = $target . basename($_FILES['photo']['name']);
//This gets all the other information from the form
$pic=($_FILES['photo']['name']);
if(!isset($_FILES['photo'])) {
$error[] = "No photo selected !";
}
$query_insert_user = "INSERT INTO `account` ( `username`, `passwords`, `email`, `picture`) VALUES ( '$name', '$Password', '$Email ' , '$pic')";
$result_insert_user = mysqli_query($dbc, $query_insert_user);
if (!$result_insert_user) {
echo 'Query Failed ';
}
if (mysqli_affected_rows($dbc) == 1) { //If the Insert Query was successfull.
// Send the email:
$message = " To activate your account, please click on this link:\n\n";
$message .= WEBSITE_URL . '/activate.php?email=' . urlencode($Email) . "&key=$activation";
mail($Email, 'Registration Confirmation', $message, 'From: systemadminstrator@theanimator.com');
// Flush the buffered output.
// Finish the page:
echo '<div class="success">Thank you for
registering! A confirmation email
has been sent to '.$Email.' Please click on the Activation Link to Activate your account </div>';
} else { // If it did not run OK.
echo '<div class="errormsgbox">You could not be registered due to a system
error. We apologize for any
inconvenience.</div>';
}
} else { // The email address is not available.
echo '<div class="errormsgbox" >That email
address has already been registered.
</div>';
}
} else {//If the "error" array contains error msg , display them
echo '<div class="errormsgbox"> <ol>';
foreach ($error as $key => $values) {
echo ' <li>'.$values.'</li>';
}
echo '</ol></div>';
}
mysqli_close($dbc);//Close the DB Connection
} // End of the main Submit conditional.
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Registration Form</title>
<style type="text/css">
body {
font-family:"Lucida Grande", "Lucida Sans Unicode", Verdana, Arial, Helvetica, sans-serif;
font-size:12px;
}
.registration_form {
margin:0 auto;
width:500px;
padding:14px;
}
label {
width: 10em;
float: left;
margin-right: 0.5em;
display: block
}
.submit {
float:right;
}
fieldset {
background:#EBF4FB none repeat scroll 0 0;
border:2px solid #B7DDF2;
width: 500px;
}
legend {
color: #fff;
background: #80D3E2;
border: 1px solid #781351;
padding: 2px 6px
}
.elements {
padding:10px;
}
p {
border-bottom:1px solid #B7DDF2;
color:#666666;
font-size:11px;
margin-bottom:20px;
padding-bottom:10px;
}
a{
color:#0099FF;
font-weight:bold;
}
/* Box Style */
.success, .warning, .errormsgbox, .validation {
border: 1px solid;
margin: 0 auto;
padding:10px 5px 10px 50px;
background-repeat: no-repeat;
background-position: 10px center;
font-weight:bold;
width:450px;
}
.success {
color: #4F8A10;
background-color: #DFF2BF;
background-image:url('images/success.png');
}
.warning {
color: #9F6000;
background-color: #FEEFB3;
background-image: url('images/warning.png');
}
.errormsgbox {
color: #D8000C;
background-color: #FFBABA;
background-image: url('images/error.png');
}
.validation {
color: #D63301;
background-color: #FFCCBA;
background-image: url('images/error.png');
}
</style>
</head>
<body>
<form action="registeraccount.php" method="post" class="registration_form" enctype="multipart/form-data">
<fieldset>
<legend>Registration Form </legend>
<h2 style="text-align:center">Create an account!</h2>
<p style="text-align:center"> <span>Already a member? <a href="login.php">Log in</a></span> </p>
<div class="elements">
<label for="name">Name :</label>
<input type="text" id="name" name="name" size="25" />
</div>
<div class="elements">
<label for="e-mail">E-mail :</label>
<input type="text" id="e-mail" name="e-mail" size="25" />
</div>
<div class="elements">
<label for="Password">Password:</label>
<input type="password" id="Password" name="Password" size="25" />
<p>
Photo:
</p>
<input type="hidden" name="size" value="350000">
<input type="file" name="photo">
<p>
</div>
<br />
<div class="submit">
<input type="hidden" name="formsubmitted" value="TRUE" />
<input type="submit" value="Register" />
</div>
</fieldset>
</form>
<button onclick="window.location='theanimator.html';">Go Back!</button>
</body>
</html>
NOTE: This is a Suggestive answer.
Remove or comment out this line: $target = "/var/www/profile";
and place the code I posted below, underneath your mail() function,
or above $message = "To activate your account... and give that a try/test.
PATH NOTE: in regards to $upload_path = './uploads/'; in my code,
this is assuming that you are running your script from the root of your server.
You could try $upload_path = '/var/www/profile/uploads/'; but you will need to keep the trailing slash.
You will also need to delete/comment out $target = $target . basename($_FILES['photo']['name']);,
or better yet, use my code in that space instead. You will have to test in which spot it will be work best.
Here is my (tested) code:
$allowed_filetypes = array('.jpg','.gif','.bmp','.png'); // These will be the types of file that will pass the validation.
$max_filesize = 9999999999; // Maximum filesize in BYTES - SET IN to a low number for small files
$upload_path = './uploads/'; // The place the files will be uploaded to (currently a 'files' directory).
$filename = $_FILES['photo']['name']; // Get the name of the file (including file extension).
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename.
// Check if the filetype is allowed, if not DIE and inform the user.
if(!in_array($ext,$allowed_filetypes))
die('The file you attempted to upload is not allowed.');
// Now check the filesize, if it is too large then DIE and inform the user.
if(filesize($_FILES['photo']['tmp_name']) > $max_filesize)
die('The file you attempted to upload is too large.');
// Check if we can upload to the specified path, if not DIE and inform the user.
if(!is_writable($upload_path))
die('You cannot upload to the specified directory, please CHMOD it to 777.');
// Upload the file to your specified path.
if(move_uploaded_file($_FILES['photo']['tmp_name'],$upload_path . $filename))
echo 'Your file upload was successful'; // It worked.
else
echo 'There was an error during the file upload. Please try again.'; // It failed
// rest of your code to be placed below