Coding Help!!! I'm a noob.

Discussion in 'Scripts, 3rd Party Apps, and Programming' started by lamusica, Jul 1, 2014.

  1. lamusica

    lamusica New Member

    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    How can I get My Users for this chat I'm Working on. I have been trying this code...

    HTML
    <form action="uploadavatar.php" method="post" enctype="mulipart/form-data">
    <input type="file" name="file" />
    <input type="submit" name="submit" class="button" />
    </form>
    PHP

    <?php
    if (move_uploaded_file($_FILES['file']['tmp_name'], "../avatar/")) {
    print "Received {$_FILES['file']['name']} - its size is {$_FILES['userfile']['size']}";
    } else {
    print "Upload failed!";
    }
    ?>

    Here's the URL to my beta right now.
    http://vago.x10.mx/chat3/index.php
     
  2. essellar

    essellar Community Advocate Community Support

    Messages:
    3,295
    Likes Received:
    227
    Trophy Points:
    63
    Okay — the HTML form and PHP snippet have nothing to do with the question you asked up top (they're just about uploading an avatar image file), and your URL requires a registration and login to see anything. It's really hard to help given those circumstances.

    Can you simply explain what it is you're trying to do?
     
  3. lamusica

    lamusica New Member

    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Sorry, Here is a testing account.
    User: Test@Test.com
    Pass: test
    What Im trying to do is allow the users to upload a avatar.
    I was thinking about making it through mysql. (blobs).
     
  4. caftpx10

    caftpx10 Well-Known Member

    Messages:
    1,511
    Likes Received:
    112
    Trophy Points:
    63
    Are you also uploading the actual files to the server?, if so then that could possibly violate the ToS.

    If you're wanting to just store the image links to the database so they can be used as an avatar then that's good enough.

    What you need to do is have a connection to the MySQL server and the database itself, use the universal variable '$_POST['NAMEOFTEXTBOX']' , use real escape (to avoid SQL injections), use a query pointing to that username and then update a row from that user's column (avatar) so that it has the URL.
    You will of course need to use a PHP function which checks if it exists and the file extension, which shouldn't take long since there are many functions which can do the job.
    (Please note that this is from the top of my head, I've not created this myself yet.)

    Talking about file extension checking, your script doesn't seem to check so anyone could upload a malicious script (PHP) and execute it without you knowing.
    Believe me, there's one function I know that ALL webhosts should block if you're not using a VPS.
    So, I would really sort all of these things out before releasing it to the public.
     
    Last edited: Jul 6, 2014
  5. leafypiggy

    leafypiggy Manager of Pens and Office Supplies Staff Member

    Messages:
    3,819
    Likes Received:
    163
    Trophy Points:
    63
    Don't use mysql_real_escape_string or any of the mysql_* functions/libraries. They're deprecated, old, and useless. Use PDO, or Mysqli.
     
    • Like Like x 1
  6. Skizzerz

    Skizzerz Contributors Staff Member Contributors

    Messages:
    2,929
    Likes Received:
    117
    Trophy Points:
    63
    To clarify, allowing users to upload avatar images does not constitute a ToS violation. Where a violation could occur is if they are uploading lewd images to use as avatars (in which case you should be policing your site and deleting them and warning/banning such members), or if you allow general file uploads/hosting.
     
    • Informative Informative x 1
  7. caftpx10

    caftpx10 Well-Known Member

    Messages:
    1,511
    Likes Received:
    112
    Trophy Points:
    63
    Ah, I just thought that images irrelevant to the site aren't allowed but according to you avatars are allowed if they're appropriate, thanks for the information!
     

Share This Page