So I was thinking and thinking and couldn't figure it out. So I was following this tutorial which I want to implement on my site https://www.w3schools.com/php/php_file_upload.asp and on the tutorial when the user uploads their image it sends it straight to a folder, which will obviously be in the server files. Now my problem here is, if I want to display their image somewhere on their profile when they upload it, how would I go about grabbing the image from the folder, or do I have to change the code on the tutorial so that it saves in my database? I really have no clue, and I am now officially lost and anxiety is slowly falling down my imaginary tears that are illustrated by my depressed brain, and yeah.
You save the images in a specific folder, then save the filename in the database. Whenever you want to retrieve this file in your front-end you just take the filename from the database and link to wherever you put the file.
Related
My question is about HTML and PHP.
This is my setup right now:
A website where user have accounts
A FTP server with pictures (currently none)
Files are currently saved on the website in the "PICTURES" folder (which is accessible by everybody who know the full URL)
So, I would like to know how I can display the images without storing them on the website (which will fix my URL problem).
My idea was to move the files on the FTP server, and when a users logon and request a page with those images, download them through a FTP connection, save them on the website, display the images, and remove them. Which would make them accessible only between the downloading time. But this solutions sounds REALLY bad to me.
You need always to have a place where your images are stored. But, if you don't want to give a user the chance to know where are stored, you can create a system which is used to show the images.
Think about this, if you want to download a file from Mega, you can't access to the URL where the file is stored, instead of that, the server itselfs calls a system who assign you a "key" and you can download the file only through that system using your "key".
You could use a system like "base64" so you can encode your image, and show it using it, or, you can use the "header" modifier so, you can display an image using a PHP code.
For example your image tag will be like:
<img src="processImage.php?id=01&user=10&key=123" />
So, your processImage will return a "tricky" image, actually not the image, but the code processed by PHP will be returned, like using "imagejpg()" function with the header "Content-Type:image/jpeg" and then the user will not know where the image is stored actually but the img will works actually.
I'm trying to create a photo upload system following Adam Khourys online tutorials.
http://www.developphp.com/view.php?tid=1395 - Upload multiple files video
http://www.developphp.com/view.php?tid=1304 - User profile upload
Most of the code is like for like, but with my own variable names used instead. One major difference is instead of creating 3 different file upload fields as in the multiple upload video I created my form to allow multiple selections from just one upload field.
Below is a brief overview of the files, their location and what the page does.
create_post.php located in root directory - the page that allows for image upload
image_uploader.php located in root > includes directory - the page that contains the upload form, made as a seperate file to be included into any page that may require photo uploads.
photo_system.php located in root > parsers directory - the page that handles image upload.
When I go to the create a post page, click the link to upload image(s) all works well, I can see the form, I can even select the files I would like to try and upload but when I click the upload button nothing seems to happen, when photo_system.php should load.
I've added a line of code to photo_system.php right at the top that should bring up an alert box once the page has loaded, in an attempt to debug my issues, but I never see this unless I go directly to image_uploader.php
This has lead me to believe that maybe my relative links to files were the issue so I've tried appending $_SERVER['DOCUMENT_ROOT'] to the start of the links to ensure it can alway locate them from the root directory, currently I have it set up with a hard coded $root variable and still I can't seem to get the system to work.
Is it likey that the file structure and the way the pages interact with each other is my problem? Could anyone take a look at my code for these three files and see if they can spot anything? I've been stumped by this for a week or so now so I think its time to ask for some outside help.
I have my 3 files saved in a txt format so the code can be viewed
http://www.vwrx-project.co.uk/temp_source_code/create_post.txt
http://www.vwrx-project.co.uk/temp_source_code/image_uploader.txt
http://www.vwrx-project.co.uk/temp_source_code/photo_system.txt
It turns out that in the end I was trying to nest two tables one inside the other so this was part of my issue.
The way that I had it set up I was including the photo upload system, image_uploader.php, as a table with an action requesting the photo_system.php file which worked when I went to the image_uploader.php page directly.
I also had in my main page where the images were being uploaded a form that had been set to onsubmit = false and this was canceling out the form action of the included file.
I only found this out when I decided to try and code it straight into one file else I'd still be stuck now.
I have constructed a site for users to upload their own work and share it.
At the moment, people can search the database for pieces of work and they can upload their own which is working fine.
However, when someone uploads a piece of work I have to manually duplicate a php page, add the url into the database and edit the query to show the relevant content.
I was wondering if there was any way of getting my php file to do this for each upload.
Thanks, Tyler
I'm trying to make my own framework for my own projects and I would want people to upload themes for their profiles to the database. Letting them theme the look and feel of their accounts.
I first thought of having the files on the server.
A user would log in and the PHP would pick up their user id and other misc details and route the urls to their particular folder and serve the files in that folder.
an example would be a real directory of
http://www.foo.bar/users/me/style.css
http://www.foo.bar/users/me/script.js
http://www.foo.bar/users/me/index.tpl
http://www.foo.bar/users/me/otherPage.tpl
then I was thinking wow, imagine if I have 100's of users? then I would have 100's of folders in my users directory on my server, not to mention duplicate files all over the place taking up space. So ok, while this may be the fasted way to fetch a file maybe loading the markup from the database won't be such a bad idea right?
My server looks cleaner but now my database will get queried a lot more than I would want.
Then comes the major issue i think, is having files that are particular to a user. For example stylesheets may have background url's with images, so now these images needed to be linked to their real path on the server. Which brings me back to having a dedicated folder for each user to house their theme specific files.
How can i securely and effectively find a way to let users upload themes and have all files images, pdf's, docs, etc. all saved without them potentially being accessed by another account holder or thru simple hacking techniques to pull a file from the server that belongs to another user.
One solution I thought of was to only let users who are logged in view files, append to the file a unique tag that will let the user view the file if the tag matches a session variable. But then what if a user wants to share that file with another person, then tagging the file would bring my back to square 1 with the security thing not letting view the file because they wouldn't be an authorized user.
Well in any case, what would be best practices to get some of my concerns on the right path to being delt with.
P.S.
I choose these tags because in my solutions I think they will touch upon some of these aspects.
You can store html or css in a table row but be sure to sanitize the data to avoid hacks, or injections. The easiest way would be to let the user paste the code into a text area or field. If you want to let them upload files, you will need to write a script that parses the data from the uploaded file. This is more complicated as you will have to manage all filtering and sanitizing along with making pulling the data from the file and saving it to the database.
We skin our CMS to work with multiple clients and their own users. But rather than giving them the possibility of changing ANY area or style of the page we allow certain areas such as:
upload your logo
set the colour of the banner bar behind your logo (using a smart colour picker and some 'figure out the contrast between the colours' functions)
set your text colour (using a colour picker)
and so on for the items you want them to change.
We then store those in the database and serve them up through dynamic stylesheets (I know these don't cache but it's better than having hundreds of files).
I know that MySpace used to let you upload a whole host of HTML and CSS (not sure if they still do) but it's a security nightmare as the potential for XSS is enourmous.
You may want to look at HTML Purifier if you're going to let them add their own custom HTML and full themes -> http://www.htmlpurifier.org
How would I save each user's 'default photo' onto a website? This same photo may be used during some of their interactions on the site(maybe in a chat session), and it may be displayed on their profile page. Will each user have their own folder? If so, how can I create such a folder. Will this folder stay on ftp? Or MySQL? Will it take any space? As of now, whatever photos are uploaded onto the server, are simply stored in a folder that reads--'uploadportrait.php'. Where can I go from this? If someone can tell me the general principles of this, then that would be great! Thank you in advance.
If it is just one photo it doesn't make much sense to create a folder for each user. If you already have a working upload routine, simply store the file path of the uploaded file inside of the user database. You don't need to duplicate the image then.