-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathuploads.php
111 lines (103 loc) · 4.14 KB
/
uploads.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
<?php
//require 'secure_conn.php';
require 'includes/header.php';
require_once ('../../pdo_config.php'); // Connect to DB
echo "<main>";
echo "<div class='container'>";
// Get folder name from session
session_start();
$folder = $_SESSION['folders'];
//echo "<script type='text/javascript'>alert('folder: $folder')</script>";
$emailAddr = $_SESSION['email'];
//echo "<script type='text/javascript'>alert('email: $emailAddr')</script>";
//$name = $_FILES['upload']['name'];
//$type = $_FILES['upload']['type'];
// Check if the form has been submitted:
if (isset($_POST['submit'])) {
// Check for an uploaded file:
if (isset($_FILES['upload'])) {
// Validate the type. Should be JPEG or PNG.
$allowed = array ('image/pjpeg', 'image/jpeg', 'image/JPG', 'image/X-PNG', 'image/PNG', 'image/png', 'image/x-png');
if (in_array($_FILES['upload']['type'], $allowed)) {
// Move the file over.
if (move_uploaded_file ($_FILES['upload']['tmp_name'], "../../finance/{$folder}/{$_FILES['upload']['name']}")) {
echo '<h2>The file '.$_FILES['upload']['name'].' has been uploaded!</h2>';
echo "</main>";
$name = $_FILES['upload']['name'];
$type = $_FILES['upload']['type'];
// SQL insert into finance_user_images table
$sql = "INSERT into finance_user_images (emailAddr, filename, filetype) VALUES (:email, :filename, :filetype)";
$stmt= $conn->prepare($sql);
$stmt->bindValue(':email', $emailAddr);
$stmt->bindValue(':filename', $name);
$stmt->bindValue(':filetype', $type);
$stmt->execute();
include './includes/footer.php';
// Delete the file if it still exists:
if (file_exists ($_FILES['upload']['tmp_name']) && is_file($_FILES['upload']['tmp_name'])) {
unlink ($_FILES['upload']['tmp_name']);
}
exit;
} // End of move... IF.
} else { // Invalid type.
echo '<h2 class="warning">Please upload a JPEG or PNG image.</h2>';
}
} // End of isset($_FILES['upload']) IF.
// Check for an error:
if ($_FILES['upload']['error'] > 0) {
echo '<p class="warning">The file could not be uploaded because: <strong>';
// Print a message based upon the error.
switch ($_FILES['upload']['error']) {
case 1:
echo 'The file exceeds the upload_max_filesize setting in php.ini.';
break;
case 2:
echo 'The file exceeds the MAX_FILE_SIZE setting in the HTML form.';
break;
case 3:
echo 'The file was only partially uploaded.';
break;
case 4:
echo 'No file was uploaded.';
break;
case 6:
echo 'No temporary folder was available.';
break;
case 7:
echo 'Unable to write to the disk.';
break;
case 8:
echo 'File upload stopped.';
break;
default:
echo 'A system error occurred.';
break;
} // End of switch.
echo '</strong></p>';
} // End of error IF.
} // End of the submitted conditional.
?>
<h2>Upload an image</h2>
<?php
// Check to make sure the user is logged in.
if(isset($_SESSION['firstName'])){
?>
<form enctype="multipart/form-data" action="uploads.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="2097152">
<fieldset>
<legend>Select a JPEG or PNG image of 2M or smaller to be uploaded:</legend>
<label for="file">
File:<input type="file" name="upload" id="file"></label>
<label for = "submit">And press
<input type="submit" name="submit" value="Submit" id="submit"></label>
</fieldset>
</form>
<?php
}
else {
echo '<h2 class="warning">You need to be logged in to access this page.</h2>';
}
?>
</div>
</main>
<?php include './includes/footer.php'; ?>