php user image upload create specified folder unique image names

StackOverflow https://stackoverflow.com//questions/12662372

Question

I'm (a newbie in php) still working on a time off project and another problem came up, for which I can't find a solution. Therefore I hope u guys can help me! Worked great the last time I posted something on here! I really appreciate your help...thx ahead!

My problem: I want users to be able to upload pictures when they are logged in. They got several little buttons on their profile with images on them...and they should be able to change them... I want to have it like this -> When a user uploads an image, the script shall create a new folder on the server. This shall happen in the "user_images" folder (that exists already). So a user with e.g. "id=55" creates a folder "55" in "user_images" when he uploads images. I tried and tried and tried and tried...with different syntax in line -> "$upload_dir =" but without any success :-/ I just don't get it to work...

Here is the part of the script:

<?php
include 'dbconfig.php';
page_protect();

$rs_settings = mysql_query("select * from user where id='$_SESSION[user_id]'");
while ($row_settings = mysql_fetch_array($rs_settings));


error_reporting (E_ALL ^ E_NOTICE);
session_start();
//only assign a new timestamp if the session variable is empty
if (!isset($_SESSION['user_id']) || strlen($_SESSION['user_id'])==0){
$_SESSION['user_id'] = mysql_query("select * from user where id='$_SESSION[user_id]'");         
//assign the timestamp to the session variable
$_SESSION['user_file_ext']= "";
}

$upload_dir = "user_images/";
$upload_path = $upload_dir;             
$large_image_prefix = "Large_";         
$thumb_image_prefix = "button_";            
$large_image_name = $large_image_prefix.$_SESSION['user_id'];    
image (append the timestamp to the filename)
$thumb_image_name = $thumb_image_prefix.$_SESSION['user_id'];     
image (append the timestamp to the filename)
$max_file = "1";    // Maximum file size in MB
$max_width = "";    // Max width allowed for the large image
$thumb_width = "87"; // Width of thumbnail image
$thumb_height = "35";   // Height of thumbnail image
// Only one of these image types should be allowed for upload
$allowed_image_types =     
array('image/pjpeg'=>"jpg",'image/jpeg'=>"jpg",'image/jpg'=>"jpg",'image/png'=>"png",
'image/x-png'=>"png",'image/gif'=>"gif");
$allowed_image_ext = array_unique($allowed_image_types); // do not change this
$image_ext = "";    // initialise variable, do not change this.
foreach ($allowed_image_ext as $mime_type => $ext) {
$image_ext.= strtoupper($ext)." ";
}

function resizeImage($image,$width,$height,$scale) {
list($imagewidth, $imageheight, $imageType) = getimagesize($image);
$imageType = image_type_to_mime_type($imageType);
$newImageWidth = ceil($width * $scale);
$newImageHeight = ceil($height * $scale);
$newImage = imagecreatetruecolor($newImageWidth,$newImageHeight);
switch($imageType) {
case "image/gif":
$source=imagecreatefromgif($image); 
break;
case "image/pjpeg":
case "image/jpeg":
case "image/jpg":
$source=imagecreatefromjpeg($image); 
break;
case "image/png":
case "image/x-png":
$source=imagecreatefrompng($image); 
break;
}
imagecopyresampled($newImage,$source,0,0,0,0,$newImageWidth,$newImageHeight,
$width,$height);
switch($imageType) {
case "image/gif":
imagegif($newImage,$image); 
break;
case "image/pjpeg":
case "image/jpeg":
case "image/jpg":
imagejpeg($newImage,$image,90); 
break;
case "image/png":
case "image/x-png":
imagepng($newImage,$image);  
break;
}
chmod($image, 0777);
return $image;
}

function resizeThumbnailImage($thumb_image_name, $image, $width, $height, $start_width,   
$start_height, $scale){
list($imagewidth, $imageheight, $imageType) = getimagesize($image);
$imageType = image_type_to_mime_type($imageType);

$newImageWidth = ceil($width * $scale);
$newImageHeight = ceil($height * $scale);
$newImage = imagecreatetruecolor($newImageWidth,$newImageHeight);
switch($imageType) {
case "image/gif":
$source=imagecreatefromgif($image); 
break;
case "image/pjpeg":
    case "image/jpeg":
    case "image/jpg":
        $source=imagecreatefromjpeg($image); 
        break;
    case "image/png":
    case "image/x-png":
        $source=imagecreatefrompng($image); 
        break;
}
imagecopyresampled($newImage,$source,0,0,$start_width,$start_height,$newImageWidth,
$newImageHeight,$width,$height);
switch($imageType) {
case "image/gif":
imagegif($newImage,$thumb_image_name); 
break;
case "image/pjpeg":
case "image/jpeg":
case "image/jpg":
imagejpeg($newImage,$thumb_image_name,90); 
break;
case "image/png":
case "image/x-png":
imagepng($newImage,$thumb_image_name);  
break;
}
chmod($thumb_image_name, 0777);
return $thumb_image_name;
}

function getHeight($image) {
$size = getimagesize($image);
$height = $size[1];
return $height;
}

function getWidth($image) {
$size = getimagesize($image);
$width = $size[0];
return $width;
}


$large_image_location = $upload_path.$large_image_name.$_SESSION['user_file_ext'];
$thumb_image_location = $upload_path.$thumb_image_name.$_SESSION['user_file_ext'];


if(!is_dir($upload_dir)){
mkdir($upload_dir, 0777);
chmod($upload_dir, 0777);
}


if (file_exists($large_image_location)){
 if(file_exists($thumb_image_location)){
    $thumb_photo_exists = "<img
src=\"".$upload_path.$thumb_image_name.$_SESSION['user_file_ext']."\" alt=\"Thumbnail   
Image\"/>";
}else{
 $thumb_photo_exists = "";
}
$large_photo_exists = "<img  
src=\"".$upload_path.$large_image_name.$_SESSION['user_file_ext']."\" alt=\"Large   
Image\"/>";
} else {
$large_photo_exists = "";
$thumb_photo_exists = "";
}

if (isset($_POST["upload"])) { 
//Get the file information
$userfile_name = $_FILES['image']['name'];
$userfile_tmp = $_FILES['image']['tmp_name'];
$userfile_size = $_FILES['image']['size'];
$userfile_type = $_FILES['image']['type'];
$filename = basename($_FILES['image']['name']);
$file_ext = strtolower(substr($filename, strrpos($filename, '.') + 1));

//Only process if the file is a JPG, PNG or GIF and below the allowed limit
if((!empty($_FILES["image"])) && ($_FILES['image']['error'] == 0)) {

    foreach ($allowed_image_types as $mime_type => $ext) {
        //loop through the specified image types and if they match the     
extension then break out
        //everything is ok so go and check file size
        if($file_ext==$ext && $userfile_type==$mime_type){
            $error = "";
            break;
        }else{
            $error = "Only <strong>".$image_ext."</strong> images accepted for upload<br />";
        }
    }
    //check if the file size is above the allowed limit
    if ($userfile_size > ($max_file*1048576)) {
        $error.= "Images must be under ".$max_file."MB in size";
    }

}else{
    $error= "Select an image for upload";
}
//Everything is ok, so we can upload the image.
if (strlen($error)==0){

    if (isset($_FILES['image']['name'])){
        //this file could now has an unknown file extension (we hope it's one of the ones set above!)
        $large_image_location = $large_image_location.".".$file_ext;
        $thumb_image_location = $thumb_image_location.".".$file_ext;

        //put the file ext in the session so we know what file to look for once its uploaded
        $_SESSION['user_file_ext']=".".$file_ext;

        move_uploaded_file($userfile_tmp, $large_image_location);
        chmod($large_image_location, 0777);

        $width = getWidth($large_image_location);
        $height = getHeight($large_image_location);
        //Scale the image if it is greater than the width set above
        if ($width > $max_width){
            $scale = $max_width/$width;
            $uploaded = resizeImage($large_image_location,$width,$height,$scale);
        }else{
            $scale = 1;
            $uploaded = resizeImage($large_image_location,$width,$height,$scale);
        }
        //Delete the thumbnail file so the user can create a new one
        if (file_exists($thumb_image_location)) {
            unlink($thumb_image_location);
        }
    }
    //Refresh the page to show the new uploaded image
    header("location:".$_SERVER["PHP_SELF"]);
    exit();
}
?>

It would be really cool if someone could help me to fix these problems...you may know how hard it is, when you're just a rookie! If there's more weird syntax in there...let me know, I'm just a beginner (like we all have been at the beginning) and trying to get better :)

Thank you guys!

Was it helpful?

Solution

Keeping in mind that allowing any user to upload content to your server creates a security hole that requires special attention, this is a bit of code I've used in the past for an internal-use application:

$folderPath = "/uploads/" . $folderName;
$exist = is_dir($folderPath);

if(!$exist) {
mkdir("$folderPath");
chmod("$folderPath", 0755);
}
else { echo "Folder already exists"; }

You can also chmod right from mkdir but was having issues with doing that on this particular server config.

http://php.net/manual/en/function.mkdir.php


UPDATED with more complete example:

// Define path where file will be uploaded to
//   User ID is set as directory name
$folderPath = "/uploads/$userID";

// Check to see if directory already exists
$exist = is_dir($folderPath);

// If directory doesn't exist, create directory
if(!$exist) {
mkdir("$folderPath");
chmod("$folderPath", 0755);
}
else { echo "Folder already exists"; }


// PROCESS FILE UPLOAD

// Set initial/temporary upload location
//   temp_uploads must have proper read/write permissions (755 or 777)
$target_path = "/uploads/temp_uploads/";

// Append the name of the uploaded file to the temp directory
$target_path .= basename( $_FILES['uploadedfile']['name']);

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
$filename = basename( $_FILES['uploadedfile']['name']);

// Location where temporary file is being stored
$temp_location = '/uploads/temp_uploads/' . basename( $_FILES['uploadedfile']['name']);

// Final destination where file will be located
$destination = "/uploads/$folderPath/$filename";

rename($temp_location, $destination);
}

OTHER TIPS

You are assigning a mysql query resource to the $_SESSION["user_id"]

$_SESSION['user_id'] = mysql_query("select * from user where id='$_SESSION[user_id]'");

I think you want to get the user id out of that query

Also if your code produces any errors it would be great if you included them in your question

ps. don't use mysql_* functions, they are deprecated and create unwanted security holes if not used properly, learn dibi, pdo, or any other newer database layer

$file_name=basename($_FILES['uploadedfile']['name']);
mkdir("upload/".$username,0777);
$target_path = "upload/$username/". $file_name;
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top