I'm making an upload application and I have a script that once the images are uploaded they are resized but the original dimensions are stored to be used later on. the index.php should should show the images on the screen.
I've stored the image path instead of a blob on the database and using the 'path' variable to show it on the browser.
The search works but the images are not displaying and I can't find the reason why.
Im new to php/mysql so any help is appreciated on why my images are not showing up.
upload.php
<?php
require_once 'includes/config.inc.php';
require_once 'includes/functions.php';
// Add the heading to output
$output = '<h1>Gallery</h1>';
// Echo the gathered output
echo $output;
// Include the HTML header
include_once 'includes/head.html';
// Check if the form has been submitted...
if (isset($_POST['fileupload'])
&& isset($_POST['title']) && isset($_POST['description'])) {
$title = $_POST['title'];
$description = $_POST['description'];
if (is_uploaded_file($_FILES['userfile']['tmp_name'] )) {
$updir = dirname(__FILE__).'/uploads/';
//$upfilename = $_FILES['userfile']['name'];
$ext=end(explode(".", $_FILES['userfile']['name']));//gets extension
$newname = $updir.$title;
$tmpname = $_FILES['userfile']['tmp_name'];
$newimage = $newname.'.'.$ext;
$path = $newimage;
//if file is an image, upload it
if($_FILES['userfile']['type'] == 'image/jpeg'){
if (move_uploaded_file($tmpname, $newimage)) {
//print if file was uploaded
//echo 'File successfully uploaded';
list($width, $height) = getimagesize($newimage);
//Add values to the DB
$sql = "INSERT INTO Images VALUES(NULL, '$title', '$description', '$width', '$height', '$path')";
$result = mysqli_query($link, $sql);
if(!$result) die ("Database access failed: " . $link->error);
$w = $width;
$h = $height;
resize($newimage, $width, $height);
}
} else {
//print if file failed
echo 'File upload failed';
}
}
//echo debug();
}
// Include the HTML footer
?>
index.php(The sql script is here)
<?php
require_once 'includes/config.inc.php';
require_once 'includes/functions.php';
if (!isset($_GET['page'])) {
$id = 'home'; // display home page
} else {
$id = $_GET['page']; // else requested page
}
switch ($id) {
case 'home' :
include 'uploads.php';
break;
default :
include 'views/404.php';
}
$sql = 'SELECT * FROM Images';
$result = mysqli_query($link, $sql);
if(!$result){
die(mysqli_error($link));
}else{
while($row = mysqli_fetch_array($result)){
echo '<div><a href= "#">
<img src="'.$row['path'].'" width=150 height=150 alt="'.$row['title'].'" /></a></div>';
}
mysqli_free_result($result);
}
/*
Alternative way of showing the right images
$images = glob('uploads/*.jpg');
for($i = 0; $i < count($images); $i++){
list($w,$h) = getimagesize($images[$i]);
$allimages = $images[$i];
echo '<div><a href="'.$allimages.'">
<img src="'.$allimages.'" width="'.$w.'" height="'.$h.'" alt="" /></a>
</div><br/>';
}*/
include_once 'includes/footer.html';
?>
The problem is that you are using dirname(__FILE__) for the start of the path of your image and store that complete path in the database.
According to the manual dirname:
Returns the path of the parent directory.
And __FILE__:
The full path and filename of the file with symlinks resolved.
So you are storing your image using a absolute path on the local file system of the server.
However, that absolute path is not absolute relative to the root of the web-server so the browser will not find the images.
The solution is to use an absolute path when you move the uploaded image, but store a path that is absolute relative to the root of the web-server.
In your case you can probably use the /uploads/ path for that although that would depend on the exact file structure:
...
// no dirname here
$updir = '/uploads/';
//$upfilename = $_FILES['userfile']['name'];
$ext=end(explode(".", $_FILES['userfile']['name']));//gets extension
$newname = $updir.$title;
$tmpname = $_FILES['userfile']['tmp_name'];
$newimage = $newname.'.'.$ext;
$path = $newimage;
//if file is an image, upload it
if($_FILES['userfile']['type'] == 'image/jpeg'){
// only use dirname() here
if (move_uploaded_file($tmpname, dirname(__FILE__) . $newimage)) {
...
You have to add domain of your server to the src attribute of img tag so it'll became an absolute path for users to see the images:
echo '<div><a href= "#">
<img src="'$_SERVER['HTTP_HOST'].$row['path'].'" width=150 height=150 alt="'.$row['title'].'" /></a></div>';
Related
I want to save the path of an image in my database, these images are generated with html2canvas and are saved in a directory, but when I generate them and save them in my database, a non-existent image name is generated and that is the one that stores me.
This is the code of how the image is saved in the database:
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
include './save.php';
$file = './images';
$route = $file. "/". $imgName;
$insert = $conexion->query("INSERT INTO images (img) VALUES ('$route')");
if ($insert) {
echo "<script>alert('successfully registered image')</script>";
}
else {
echo '<script>("Ups...Something's wrong")</script>';
}
}
This is the code that decodes the image for me and saves it in the folder:
$image = json_decode(file_get_contents("php://input"));
$image = $image->capture;
$image = str_replace("data:image/png;base64,", "", urldecode($image));
$image = base64_decode($image);
$imgName = "Image_" . uniqid() . ".png";
file_put_contents("images/$imgName", $image);
I am using this bellow php to check the the kind of file saved in database, but it show everything as folder please i don't know what the problem is.
<?php
$path = dirname(__FILE__);
$sub_folder = scandir($path);
$num = count($sub_folder);
//$jailchillink This is the name of file saved in database replaced width index.php
if(is_file($path.'\\'.index.php)){ $codetype = 'file';}
else if(is_img($path.'\\'.index.php)){ $codetype = 'image';}
else{ $codetype = 'folder';}?>
The above code will output folder
<?php
$path = dirname(__FILE__);
$sub_folder = scandir($path);
$num = count($sub_folder);
//$jailchillink This is the name of file saved in database replaced width index.php
if(is_file($path.'\\'.'index.php')){
echo $codetype = 'file';
}else if(is_img($path.'\\'.'index.php')){
echo $codetype = 'image';
}else{
echo $codetype = 'folder';
}
?>
Now the output is file. just add ' around index.php.
I am trying to upload images onto server.
On the Server the folder name:{photo}
I check the permissions on the folder and it currently on 0755.
When I run my php code, I get this error code:
"Error uploading file - check destination is writeable."
The post that was similar to my issues is this: How to upload photo to my hosting server folder directory
but I already have these functions in my code:
Here my php code:
<?php
$filetmp = $_FILES["file_img"]["tmp_name"];
$filename = $_FILES["file_img"]["name"];
$filetype = $_FILES["file_img"]["type"];
$filesize = $_FILES["file_img"]["size"];
$fileinfo = getimagesize($_FILES["file_img"]["tmp_name"]);
$filewidth = $fileinfo[0];
$fileheight = $fileinfo[1];
$filepath = "../photo/".$filename;
$filepath_thumb = "../photo/thumb/".$filename;
if($_POST['btn_upload'])
{
$sPhotoFileName = $filename;
$nPhotoSize = $filesize;
$sTempFileName = $filetmp;
chmod($filepath_thumb,0755);
chmod($filepath,0755);
if(file_exists('photo/' . $_FILES['file_img']['name'])){
die('File with that name already exists.');
}else{
if ($sPhotoFileName) // file uploaded
{ $aFileNameParts = explode(".", $sPhotoFileName);
$sFileExtension = end($aFileNameParts); // part behind last dot
if ($sFileExtension != "jpg"
&& $sFileExtension != "png"
&& $sFileExtension != "gif")
{ die ("Choose a JPG for the photo");
}
}
if($_FILES['file_img']['error'] > 0){
die('An error ocurred when uploading.');
}
if ($nPhotoSize == 0)
{ die ("Sorry. The upload of $sPhotoFileName has failed.
Search a photo smaller than 300K, using the button.");
}
if ($nPhotoSize > 30240000000)
{ die ("Sorry.
The file $sPhotoFileName is larger than 300K.
Advice: reduce the photo using a drawing tool.");
}
// read photo
$oTempFile = fopen($sTempFileName, "r");
$sBinaryPhoto = fread($oTempFile, fileSize($sTempFileName));
// Try to read image
$nOldErrorReporting = error_reporting(E_ALL & ~(E_WARNING)); // ingore warnings
$oSourceImage = imagecreatefromstring($sBinaryPhoto); // try to create image
error_reporting($nOldErrorReporting);
if (!$oSourceImage) // error, image is not a valid jpg
{ die ("Sorry.
It was not possible to read photo $sPhotoFileName.
Choose another photo in JPG format.");
}
}
$nWidth = imagesx($oSourceImage); // get original source image width
$nHeight = imagesy($oSourceImage); // and height
// create small thumbnail
$nDestinationWidth = 80;
$nDestinationHeight = 60;
//$oDestinationImage = imagecreatetruecolor($nDestinationWidth, $nDestinationHeight);
$oDestinationImage = imagecreate($nDestinationWidth, $nDestinationHeight);
/*$oResult = imagecopyresampled(
$oDestinationImage, $oSourceImage,
0, 0, 0, 0,
$nDestinationWidth, $nDestinationHeight,
$nWidth, $nHeight); // resize the image
*/
imagecopyresized($oDestinationImage, $oSourceImage,0, 0, 0, 0,$nDestinationWidth, $nDestinationHeight,$nWidth, $nHeight); // resize the image
ob_start(); // Start capturing stdout.
imageJPEG($oDestinationImage); // As though output to browser.
$sBinaryThumbnail = ob_get_contents(); // the raw jpeg image data.
ob_end_clean(); // Dump the stdout so it does not screw other output.
// attempt insert query execution
$sql = "INSERT INTO UploadImg (img_name, img_path, img_type) VALUES ('$sPhotoFileName', '$filepath', '$filetype')";
if(mysqli_query($link, $sql)){
echo "Records added successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
if(!move_uploaded_file($_FILES["file_img"]["tmp_name"],"../photo/".$_FILES["file_img"]["name"])){
die('Error uploading file - check destination is writeable.');
echo "Error Code: " .$_FILES["file_img"]["name"] . "<br>";
}else{
$sBinaryThumbnail = addslashes($sBinaryThumbnail);
$oDatabase = $link;
mysqli_select_db("upload", $oDatabase);
$sQuery = "insert into Uploadimg (thumbnail) VALUES ('$sBinaryThumbnail')";
echo $sQuery;
mysqli_query($sQuery, $oDatabase);
die('File uploaded successfully.');
mysqli_close($link);
}
}
?>
Now I read an article say that even if your folder permission setup up to do all three read, write, and executed on all three level. the code still will not be able to read it depending on the settings on the server.
So I am confused and looking for clarification. Please assist me?
You can upload the image by binary data encoded and save the file with the image format on the server.
755 means it is not world writable. You can set it writable and executable with 777.
This is still vulnerable as anyone with access to your server os can write to the folder, so you should probably just make the web server user the owner of the folder and keep the permissions as they are now. If you're running apache, the user is usually www-data or apache.
I figure it out you gotta set the GID and UID permissionsfilepermission
The set group identification GID allows the owner to execute all applications to read, write and pull to the folder.
Same thing with the User identification UID. the problem is the your folder will be wide open for strangers to manipulate it but it works.
My images are uploading into the folder. Tell me what yall think?
First in your php.ini put
file_uploads = On
Next, create an HTML form that allow users to choose the image file they want to upload:
<form action="upload.php" method="post" enctype="multipart/form-data">
Select image to upload:
<input type="file" name="fileToUpload" id="fileToUpload">
<input type="submit" value="Upload Image" name="submit">
Make sure that the form uses method="post"
Then use the php code below to upload image
<?php
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) {
$check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
if($check !== false) {
echo "File is an image - " . $check["mime"] . ".";
$uploadOk = 1;
} else {
echo "File is not an image.";
$uploadOk = 0;
}
}
?>
I am trying to resize an image that I have uploaded with a form. I am using the script scene here: http://www.white-hat-web-design.co.uk/blog/resizing-images-with-php/
I am also using the following code to upload the image:
upload.php:
<?php
session_start();
require_once "database.php";
db_connect();
require_once "auth.php";
$current_user = current_user();
$emailstring = $current_user['email'];
//Check to see if the type of file uploaded is a valid image type
function is_valid_type($file)
{
//This is an array that holds all the valid image MIME types
$valid_types = array("image/jpg", "image/jpeg", "image/bmp", "image/gif", "image/png");
if (in_array($file['type'], $valid_types))
return 1;
return 0;
}
function showContents($array)
{
echo "<pre>";
print_r($array);
echo "</pre>";
}
//Set some constants
//This variable is the path to the image folder where all the images are going to be stored
//Note that there is a trailing forward slash
$TARGET_PATH = "profile_images/";
//Get our POSTed variables
$upload_picture_fileinput = $_FILES['upload_picture_fileinput'];
//Sanitize input
$upload_picture_fileinput['name'] = mysql_real_escape_string($upload_picture_fileinput['name']);
//Build our target path full string. This is where the file will be moved to
//i.e. profile_images/picture.jpg
$TARGET_PATH .= $upload_picture_fileinput['name'];
if(!is_valid_type($upload_picture_fileinput)) {
$_SESSION['error'] = "You must upload a jpeg, gif, bmp, or png";
header("Location: account.php");
exit;
}
//attempt to move the file from its temporary directory to its new home
if (move_uploaded_file($upload_picture_fileinput['tmp_name'], $TARGET_PATH)) {
$sql = "UPDATE `users` SET `profile_image_filename`='" . $upload_picture_fileinput['name'] . "'
WHERE email='$emailstring'";
$result = mysql_query($sql) or die ("Could not insert data into DB: " . mysql_error());
header("Location: account.php");
exit;
}
else
{
$_SESSION['error'] = "Could not upload file. Check read/write permissions on the directory";
header("Location: account.php") ;
exit;
}
and where my form is:
<div class="pictures add_pictures">
<div class="add_picture">
<div class="upload_picture">
<form action="upload.php" method="POST" enctype="multipart/form-data" name="upload_picture_form" class="upload_picture_form">
<span class="add_picture_label">+ Add a Profile Picture</span>
<input type="file" name="upload_picture_fileinput" class="upload_picture_file_input"/>
<input type="hidden" name="MAX_FILE_SIZE" value="100000"/>
<br><br><br><br><br><br><br>
<input type="submit" id="submit" value="Upload" />
</form>
</div>
</div>
</div>
<?php
$sql = "select * FROM `users` WHERE `id`='$id'";
$result = mysql_query($sql) or die ("Could not access DB: " . mysql_error());
$row = mysql_fetch_assoc($result);
echo "<p>";
echo "<img src=\"profile_images/" . $row['profile_image_filename'] . "\" alt=\"\" /><br />";
echo "</p>";
?>
//not currently working
<img src="/imageresize.php"/>
The echo above prints the picture out fine, but when I try to use that filename to resize the image, it does not appear/work.
<?php
session_start();
require_once "database.php";
db_connect();
require_once "auth.php";
$current_user = current_user();
$resized_image = '\"profile_images/" . $row['profile_image_filename'] . "\" alt=\"\" /';
header('Content-Type: image/jpg');
include('SimpleImage.php');
$image = new SimpleImage();
$image->load($resized_image);
$image->resizeToWidth(300);
$image->output();
?>
I am connecting to the database fine and the image filename is being saved in my database. I just don't know why the file path above will print the picture, but not work in the resize script. Please help if you can. Thank you.
The code below creates a function named createThumbs that will get three parameters. The first and the second is correspondingly the path to the directory that contains original images and the path to the directory in which thumbnails will be placed. The third parameter is the width you want for the thumbnail images.
<?php
function createThumbs( $pathToImages, $pathToThumbs, $thumbWidth )
{
// open the directory
$dir = opendir( $pathToImages );
// loop through it, looking for any/all JPG files:
while (false !== ($fname = readdir( $dir ))) {
// parse path for the extension
$info = pathinfo($pathToImages . $fname);
// continue only if this is a JPEG image
if ( strtolower($info['extension']) == 'jpg' )
{
echo "Creating thumbnail for {$fname} <br />";
// load image and get image size
$img = imagecreatefromjpeg( "{$pathToImages}{$fname}" );
$width = imagesx( $img );
$height = imagesy( $img );
// calculate thumbnail size
$new_width = $thumbWidth;
$new_height = floor( $height * ( $thumbWidth / $width ) );
// create a new temporary image
$tmp_img = imagecreatetruecolor( $new_width, $new_height );
// copy and resize old image into new image
imagecopyresized( $tmp_img, $img, 0, 0, 0, 0, $new_width, $new_height, $width, $height );
// save thumbnail into a file
imagejpeg( $tmp_img, "{$pathToThumbs}{$fname}" );
}
}
// close the directory
closedir( $dir );
}
// call createThumb function and pass to it as parameters the path
// to the directory that contains images, the path to the directory
// in which thumbnails will be placed and the thumbnail's width.
// We are assuming that the path will be a relative path working
// both in the filesystem, and through the web for links
createThumbs("upload/","upload/thumbs/",100);
?>
Looks like in $resized_image you have added the html alt tag which should, of course, not be part of the parameter you are feeding into $image->load($resized_image);.
Try changing this to
$image->load('profile_images/' . $row['profile_image_filename']);
instead of the string that already targets the html rendering.
so I am just learning PHP and am trying to make it so you can upload a picture. When attempting this on a local host all I get is a picture of a piece of paper being ripped in half (it must be some error/replacement picture). The directory for the image is right its just not being displayed properly.
thanks
Code:
<?php
//connect to the database
$link = mysql_connect("localhost", "root", "root")
or die("Could not connect: " . mysql_error());
mysql_select_db("images", $link)
or die (mysql_error());
//make variables available
$image_caption = $_POST['image_caption'];
$image_username = $_POST['image_username'];
$image_tempname = $_FILES['image_filename']['name'];
$today = date("Y-m-d");
//upload image and check for image type
//make sure to change your path to match your images directory
$ImageDir ="/Users/JohnSmith/Desktop/images/";
$ImageName = $ImageDir . $image_tempname;
if (move_uploaded_file($_FILES['image_filename']['tmp_name'],
$ImageName)) {
//get info about the image being uploaded
list($width, $height, $type, $attr) = getimagesize($ImageName);
switch ($type) {
case 1:
$ext = ".gif";
break;
case 2:
$ext = ".jpg";
break;
case 3:
$ext = ".png";
break;
default:
echo "Sorry, but the file you uploaded was not a GIF, JPG, or " .
"PNG file.<br>";
echo "Please hit your browser's 'back' button and try again.";
}
//insert info into image table
$insert = "INSERT INTO images
(image_caption, image_username, image_date)
VALUES
('$image_caption', '$image_username', '$today')";
$insertresults = mysql_query($insert)
or die(mysql_error());
$lastpicid = mysql_insert_id();
$newfilename = $ImageDir . $lastpicid . $ext;
rename($ImageName, $newfilename);
}
?>
<html>
<head>
<title>Here is your pic!</title>
</head>
<body>
<p>Here is the picture you just uploaded to our servers:</p>
<img src="Users/AdamAshwal/Desktop/images/<?php echo $lastpicid . $ext; ?>" align="left">
<strong><?php echo $image_name; ?></strong><br>
This image is a <?php echo $ext; ?> image.<br>
It is <?php echo $width; ?> pixels wide
and <?php echo $height; ?> pixels high.<br>
It was uploaded on <?php echo $today; ?>.
</body>
</html>
The image isn't being shown because your Desktop is not a public webroot. Make a directory within your app to store the uploaded images and render them from there.
JMC Creative's answer is correct, too -- your image tags don't seem to be looking in the right place for the uploaded images.
On a side note, you have a very obvious SQL injection vulnerability in the code sample that you provided. All user inputs that are being stored in the database should be sanitized with mysql_real_escape_string. See this XKCD comic for a humorous explanation. An example follows:
$image_caption = mysql_real_escape_string($_POST['image_caption']);
Shouldn't your image src be:
<img src="/Users/JohnSmith/Desktop/images/<?php echo $lastpicid . $ext; ?>">
The src should be relative to where the script is.
And don't use align="left" in the html tag, use css instead please.