cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Photographs

Be3G
Grafter
Posts: 6,111
Thanks: 1
Registered: ‎05-04-2007

Re: Photographs

‎18-07-2008 8:08 PM

There isn't, no - nor is there a set limit on size IIRC; PN just ask that it's used 'responsibly'.
Message 16 of 19
(290 Views)
0 Thanks
MikeWhitehead
Grafter
Posts: 748
Registered: ‎19-08-2007

Re: Photographs

‎19-07-2008 8:25 AM

[code=config.php]
<?php
$username="USERNAME";
$password="PASSWORD";
$database="DATABASE_NAME";
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
?>
[/code]

[code=index.php]
<?php
  include_once ("/gallery/inc/config.php");
?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Administration Panel :: Gallery</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" type="text/css" href="/gallery/styles/style.css?nocache />
<?
$mode = $_GET['mode'];
  if ($mode == "addimage"){
        $countResult = mysql_query("SELECT * FROM gallery");
        $imgID =  mysql_num_rows($countResult);
        $imgID = $imgID + 1;
        $imgName = $_POST['imgName'];
        $imgDesc = $_POST['imgDesc'];
$uploadLocation = "/gallery/photos/";
        if ($imgName == "" && $imgDesc == "") {
?>
<form name="imgUpload" method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>" enctype="multipart/form-data">
            <table width="60" border="0" cellspacing="0" cellpadding="0">
  <tr class="style1">
    <td nowrap><div align="right">Image ID:</div></td>
    <td><?php echo $imgID; ?></td>
  </tr>
              <tr class="style1">
                <td nowrap><div align="right">Description: </div></td>
                <td><textarea name="imgDesc" cols="70" rows="20" class="style1" id="imgDesc"></textarea></td>
              </tr>
              <tr class="style1">
                <td nowrap><div align="right">Image Filename: </div></td>
                <td><input type="file" name="imgName"><br /></td>
              </tr>
              <tr>
                <td>&nbsp;</td>
                <td><input type="hidden" name="MAX_FILE_SIZE" value="25000"><input name="Submit" type="submit" value="Submit"></td>
              </tr>
            </table>
</form>
</body>
</html>
<?
} else {
if (is_uploaded_file($_FILES['imgName']['tmp_name'])){
$newImgLoc = $uploadLocation . $_FILES['imgName']['name'];
if (!copy($imgName, $newImgLoc)){
print "Error Uploading File.";
exit();
} else {
$query = mysql_query("INSERT INTO gallery (imgID,imgName,imgDesc) VALUES ('$imgID','$imgName','$imgDesc')");
if(!$query) {
$err=mysql_error();
echo "There was an error reported. The error was:" . $err;
exit();
} else {
echo "<p class='style1'>Photo has been uploaded. <a href='index.php'>Go back to Admin Panel.</a></p>";
exit;
}
}
}
}
} else {
?>
<p class="style1">Please choose an option..</p>
<p class="style1"><a href="index.php?mode=addimage">1) Upload Photo</a></p>
<br />
<br />
<span class="style1">Current Date/Time : <?php echo date("H:i d-M-Y"); ?></span><br />
  <?
}
?>
[/code]
Untested (as I don't have time to). Should let you upload an image to webspace, and allows for additions to the code (delete image, view images, edit image description, etc). I've not included the client-facing code to display the images and descriptions, again as I don't have time (but I'm sure somebody on here can help out with that).
Message 17 of 19
(290 Views)
0 Thanks
Prod_Man
Grafter
Posts: 287
Registered: ‎04-08-2007

Re: Photographs

‎19-07-2008 11:09 PM

Well ...
Not bad seing as that's all off the top of the head as an idea Smiley
I'd have gone for a Select & Case approach,
with each page action in a separate file in a sub-directory.
For the other parts there would have to be some protection against:

  • Code Upload/Inclusion - There is no filtering what-so-ever on File Extensions &/ Data types, you'll hav to use an Image library (such as the PHP GD extension) to determin weather the file is an Image to allow the file to be stored or subsequently removed.
  • SQL Injection - Database driven things are notorious for haveing inadiqu

If you are going about it manually and requre help,
we can provide Snippets and/or Source.
Jim,
Message 18 of 19
(290 Views)
0 Thanks
MikeWhitehead
Grafter
Posts: 748
Registered: ‎19-08-2007

Re: Photographs

‎21-07-2008 2:12 PM

Yea like I said, it was a pretty rough hash-up so that they could see roughly what they needs - wrote it up quickly before I headed out for a night out so didn't have any time to do extension checks (although to be fair it wouldn't have taken that much longer). The SQL injection is not so much of an issue, since the only person that will be uploading will be the webmaster, but I agree that it should be done for security-sake.
If this is the way you are looking to do things then I, as well as Prod_Man, will be happy to provide help for you to get your desired outcome.
Message 19 of 19
(290 Views)
0 Thanks