I'll go through it function by function
function fetch_users()
{
$query = 'SELECT user_id, user_username FROM users';
$result = mysql_query('SELECT user_id AS `id`, user_username AS `username` FROM users');
$users = array();
while(($row = mysql_fetch_assoc($result)) !==false)
{
$users[] = $row;
}
return $users;
}
What is the point of the
$query = 'SELECT user_id, user_username FROM users';
line since you set it in the mysql_query() itself?
That line can be deleted.
The
$users = array();
shouldn't be needed, since when you do
$users[]
It will be set to an array automatically.
The
while(($row = mysql_fetch_assoc($result)) !==false)
doesnt need the quantifier (!== false, since thats the same as === true, which while() checks for automatically if nothing else is provided.
function fetch_user_info($uid)
{
$uid=(int)$uid;
$sql = "SELECT
`user_username` AS `username`,
`user_firstname` AS `firstname`,
`user_lastname` AS `lastname`,
`user_email` AS `email`,
`user_location` AS `location`,
`user_about` AS `about`,
`user_gender` AS `gender`
FROM `users`
WHERE `user_id` = {$uid}";
$result = mysql_query($sql);
return mysql_fetch_assoc($result);
$info['avatar'] = "core/user_avatars/{$info['id']}.jpg";
return $info;
}
I dont think this part gets ran:
$info['avatar'] = "core/user_avatars/{$info['id']}.jpg";
return $info;
because you have already returned something, which i think ends the function. But, i could be wrong.
If i am right, then simply make the user info get into the $info array (maybe a foreach loop will do that) and then add the avatar to it also.
$info['id']
I think you meant to have it as just
{$uid} since you provided the uid.
function fetch_user_id($username){
$username = mysql_real_escape_string($username);
$result = mysql_query("SELECT`user_id` FROM `users` WHERE `user_username` = '{$_SESSION['username']}'");
return mysql_result($result,0);
}
you pass the $username, so why are you referencing the $_SESSION one?
Surely the $_SESSION is what you pass into the function, and thats what gets used?
I think you need to change the
$_SESSION['username'];
to just
$username
since you also do SQL injection checks on that variable also, but not on the $_SESSION one.
This bit is in the set_profile_info function. The first bit looks fine to me, but this bit Im confused about.
if (file_exists($avatar))
{
$src_size = getimagesize($avatar);
if ($src_size['mime'] === 'image/jpeg')
{
$src_img = imagecreatefromjpeg($avatar);
}
else if ($src_size['mime'] === 'image/png')
{
$src_img = imagecreatefrompng($avatar);
}
else if ($src_size['mime'] === 'image/gif')
{
$src_img = imagecreatefromgif($avatar);
}
else
{
$src_img = false;
}
if ($src_img !== false)
{
$thumb_width= 200;
if($src_size[0] <= $thumb_width)
{
$thumb = $src_img;
}
else
{
$new_size[0] = $thumb_width;
$new_size[1] = ($src_size[1] / $src_size[0]) * $thumb_width;
$thumb = imagecreatetruecolor($new_size[0], $new_size[1]);
imagecopyresampled($thumb, $src_img, 0, 0, 0, 0, $new_size[0], $new_size[1], $src_size[0], $src_size[1]);
}
imagejpeg($thumb, "{$GLOBALS['path']}/user_avatars/{$_SESSION['uid']}.jpg");
}
Why do you need to do all those checks? Why can't you just have it uploaded as it is, not use the image functions since they are really slow, and store the image type in the database, so you can reference the image easily anyway?
If you want help doing that, just ask. If there is a reason you did it this way, then that code looks fine to me. Just very inefficient / slow.
To make this function faster, dont use MySQL functions like count, as there is no need.
function user_exists($user)
{
$user = mysql_real_escape_string($user);
$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_username` = '{$user}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
Change
$total = mysql_query("SELECT '1' FROM `users` WHERE `user_username` = '{$user}'");
return (mysql_result($total, 0) == '1') ? true : false;
In add_user function
$user = mysql_real_escape_string(htmlentities($user));
No where else in your code you do the htmlentities() check, which means that if htey did enter something like that, whenever you dont use it in a check, the values wont be the same.
You should put that check on all of them, or none of them, Not just one.
Next Page
error_reporting(E_ALL);
is slow and inefficient, and shouldnt be used in production. Once code is working, remove this line
I believe that:
if (isset($_POST['email'], $_POST['location'], $_POST['about']))
is more efficient if written using in_array() function. But im not 100% sure. The code you have there should work, but i think this is more efficient.
if(in_array(array('email','location','about'),$_POST))
Same as before:
$errors = array();
isnt needed
Okay, with regards to your error.
What you have there is the temporary image, you need to move it. Which I mentioned higher above, so I recommend that you use
move_uploaded_file() function.
Here is the code that I use, and it works. You'll have to adapt it to your code though.
<?php
if(isset($_POST['submit'])){
$target_path = "upload/";
$target_path .= basename($_POST['file_name'].'.jpg');
if(move_uploaded_file($_FILES['file_to_upload']['tmp_name'],$target_path)){
echo "The file has been uploaded";
} else {
echo "There was an error";
}
}
?>
<html>
<head>
<title>Chapter 6 Lecture 3</title>
</head>
<body>
<form method="post" action="#" enctype="multipart/form-data">
<input type="text" name="file_name" placeholder="Rename file to:"/><br />
<input type="file" name="file_to_upload"/><br />
<input type="submit" name="submit" value="Upload" />
</form>
</body>
</html>
If you want that explaining atall, I have a video that does that online.
http://www.udemy.com/php-basics-for-beginners/ use promo code: BetterPHP_FREE_12 and its chapter 6 Lecture 3.
Hope that helps you
If i made any mistakes above anybody , just let me know
