BetterPHP

I was making the profile picture thing! Like...Uploading a profile picture and all!

It Always Shows "Your profile picture must be an image." even though I upload a picture!

Here are my edit_profile.php script!

<?php
include('core/init.inc.php');

if (isset ($_POST ['email'], $_POST ['location'], $_POST ['about'])) {
	$errors = array () ;
	if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)=== false) {
		$errors [] = 'The email address you entered is invalid.' ;
	}
	if (preg_match('#^[a-z0-9]+$#i', $_POST['location']) === 0) {
		$errors[] = 'Your location must only contain \'a-z\', \'0-9\' and spaces.' ;
	}
	if (empty($_FILES['avatar']['tmp_name']) === false) {
		$file_ext = end(explode('.', $_FILES['avatar']['tmp_name'])) ;
	if (in_array (strtolower($file_ext), array('jpg','jpeg','png','gif')) === false) {
		$errors[] = 'Your profile picture must be an image.' ;
	}
	}
	if (empty($errors)) {
		set_profile_info ($_POST['email'],$_POST['about'],$_POST ['location'], (empty($_FILES['avatar']['tmp_name']) ? false : $_FILES['avatar']['tmp_name']));
	}
	$user_info = array (
	$email => htmlentities($_POST ['email']),
	$about => htmlentities($_POST ['about']),
	$location => htmlentities($_POST ['location'])
) ;
} else {
	$user_info = fetch_user_info ($_SESSION['uid']);
}


?>

<html>
<head></head>
<body>
<div>
<?php

if (isset ($errors)=== false) {
	echo 'Click the update button to edit your profile.' ;
} else if  (empty ($errors)){
	echo 'Your profile has been updated.' ;
} else {
	echo '<ul><li>', implode ('</li><li>', $errors), '</li></ul>' ;
}
?>
</div>
<form action="" method="POST" enctype = "multipart/form-data">
	<div>
		<label for="email">Email:</label>
		<input type="text" name="email" id="email" value="<?php echo $_POST ['email'] ; ?>"/>
	</div>
	<div>
		<label for="location">Location:</label>
		<input type="text" name="location" id="location" value="<?php echo $_POST ['location'] ; ?>" />
	</div>
	<div>
		<label for="about">About Me:</label>
		<textarea name="about" id="about" rows="14" cols="50"><?php echo strip_tags($_POST ['about']) ; ?></textarea>
	</div>
	<div>
		<label for="avatar">Avatar</label>
		<input type="file" name="avatar" id="avatar" />
	</div>
	<div>
		<input type="submit" value="Update"/>
	</div>
</form>
</body>
</html>

$file_ext = end(explode('.', $_FILES['avatar']['tmp_name'])) ;

You need to use $_FILES['avatar']['name'] here. tmp_name contains the temporary name of the file on the server which does not have a file extension usually.

It still doesn't work!
And When I Go to ..../profile.php?uid=098347
It just shows the profile...even if there is no user with that id.

My scripts : (profile.php)

<?php
include('core/init.inc.php');
$user_info = fetch_user_info($_GET['uid']);
?>
<html>
<head><title><?php echo $user_info ['username'] ;?>'s Profile</title></head>
<body>
<div>
<?php
if ($user_info === false ) {
        echo 'That user does not exist.' ;
} else {
?>
<h1><?php echo $user_info ['firstname'] ;?> <?php $user_info ['lastname'] ;?></h1>
<img src="<?php echo $user_info ['avatar']?>" alt="Avatar" />
<p>Username : <?php echo $user_info ['username'] ;?></p>
 
<p>Gender : <?php echo ($user_info ['gender'] == 1 ? 'Male' : 'Female') ;?></p>
 
<p>Email : <?php echo $user_info ['email'] ;?></p>
 
<p>Location : <?php echo $user_info ['location'] ;?></p>
 
<?php echo $user_info ['about'] ;?>
<?php
}
?>
</div>
</body>
</html>

edit_profile.php

<?php
include('core/init.inc.php');

if (isset ($_POST ['email'], $_POST ['location'], $_POST ['about'])) {
	$errors = array () ;
	if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)=== false) {
		$errors [] = 'The email address you entered is invalid.' ;
	}
	if (preg_match('#^[a-z0-9]+$#i', $_POST['location']) === 0) {
		$errors[] = 'Your location must only contain \'a-z\', \'0-9\' and spaces.' ;
	}
	if (empty($_FILES['avatar']['tmp_name']) === false) {
		$file_ext = end(explode('.', $_FILES['avatar']['name'])) ;
	if (in_array (strtolower($file_ext), array('jpg','jpeg','png','gif')) === false) {
		$errors[] = 'Your profile picture must be an image.' ;
	}
	}
	if (empty($errors)) { 
		set_profile_info ($_POST['email'],$_POST['about'],$_POST ['location'], (empty($_FILES['avatar']['tmp_name']) ? false : $_FILES['avatar']['tmp_name']));
	}
	$user_info = array (
	$email => htmlentities($_POST ['email']),
	$about => htmlentities($_POST ['about']),
	$location => htmlentities($_POST ['location'])
) ;
} else {
	$user_info = fetch_user_info ($_SESSION['uid']);
}


?>

<html>
<head></head>
<body>
<div>
<?php

if (isset ($errors)=== false) {
	echo 'Click the update button to edit your profile.' ;
} else if  (empty ($errors)){
	echo 'Your profile has been updated.' ;
} else {
	echo '<ul><li>', implode ('</li><li>', $errors), '</li></ul>' ;
}
?>
</div>
<form action="" method="POST" enctype = "multipart/form-data">
	<div>
		<label for="email">Email:</label>
		<input type="text" name="email" id="email" value="<?php echo $_POST ['email'] ; ?>"/>
	</div>
	<div>
		<label for="location">Location:</label>
		<input type="text" name="location" id="location" value="<?php echo $_POST ['location'] ; ?>" />
	</div>
	<div>
		<label for="about">About Me:</label>
		<textarea name="about" id="about" rows="14" cols="50"><?php echo strip_tags($_POST ['about']) ; ?></textarea>
	</div>
	<div>
		<label for="avatar">Avatar</label>
		<input type="file" name="avatar" id="avatar" />
	</div>
	<div>
		<input type="submit" value="Update"/>
	</div>
</form>
</body>
</html>

user_list.php

<?php
 
error_reporting(E_ALL ^ E_WARNING) ;
 
include 'core/init.inc.php' ;
 
 
?>
 
 
<html>
<head>
<title>Registered Users!</title>
</head>
<body>
<div>
<?php
 
foreach (fetch_users() as $user)  {
 
?>
<p>
        <a href="profile.php?uid=<?php echo $user['id'] ?>" ><?php echo $user ['username'] ; ?></a>
 
</p>
<?php
}
?>
<div>
</body>
</html>

init.inc.php

<?php
error_reporting (E_ALL ^ E_NOTICE) ;
session_start () ;
 
mysql_connect ('localhost','root','shahlin') ;
mysql_select_db ('user_profile') ;
 
$path = dirname (__FILE__);
 
include ("{$path}/inc/user.inc.php") ;
 
$_SESSION ['uid']= 1 ;
 
?>

user.inc.php

<?php
// fetches all of the users from the table!
function fetch_users() {
        $result = mysql_query ("SELECT `user_id` AS `id`, `user_username` AS `username` FROM `users`") ;
        $users = array () ;
 
while (($row = mysql_fetch_assoc($result)) !== false) {
        $users [] = $row ;
 
        }      
          return $users ;
}
 
function fetch_user_info ($uid) {
        $uid = (int)$uid;
        $sql = "SELECT
                              `user_username` AS `username`,
                              `user_firstname` AS `firsntame`,
                              `user_lastname` AS `lastname`,
                              `user_email` AS `email`,
                              `user_about` AS `about`,
                              `user_location` AS `location`,
                              `user_gender` AS `gender`
                      FROM `users`
                      WHERE `user_id`= ($uid)" ;
 
        $result = mysql_query($sql) ;
       
        $info = mysql_fetch_assoc($result) ;
		
		$info ['avatar']  = (file_exists("{$GLOBAL ['path']}/user_avatars/{$info['id']}.jpg")) ? "core/user_avatars/{$info['id']}.jpg" : "core/user_avatars/default.jpg" ;
		
		return $info ;
}
//updates the current users proifle
function set_profile_info ($email, $about, $location, $avatar){
$email          = mysql_real_escape_string (htmlentities($email)) ;
$about          = mysql_real_escape_string (nl2br(htmlentities($about))).
$location       = mysql_real_escape_string ($location) ;

if (file_exists($avatar)){ 
	$src_size = getimagesize($avatar) ;
	
if ($src_size ['mime'] === 'image/jpeg') {
	$src_img = imagecreatefromjpeg ($avatar) ;
	} else if ($src_size ['mime'] === 'image/png') {
	$src_img = imagecreatfrompng ($avatar) ;
	} else if ($src_size ['mime'] === 'image/gif') {
	$src_img = imagecreatfromgif ($avatar) ;
	} else {
		$src_img = false ;
	}
if ($src_img !== false) {
		$thumb_width = 100 ;
		
	if ($src_size[0] <= $thumb_width) {
		$thumb = $src_img ;
		} else {
			$new_size [0] = $thumb_width ;
			$new_size [1] = ($src_size[1] / $src_size [0]) * $thumb_width ;
			
			$thumb = imagecreatetruecolor ($new_size[0], $new_size [1]) ;
			imagecopyresampled ($thumb, $src_img, 0, 0, 0, 0, $new_size[0], $new_size[1], $src_size[0], $src_size[1]) ;
		}
		imagejpeg ($thumb, "{$GLOBALS['path']}/user_avatars/{$_SESSION['uid']}.jpg") ;
	}
}
$sql = "UPDATE `users` SET
                                `user_email` = '{$email}' ,
                                `user_about` = '{$about}',
                                `user_location` = '{$location}'
                WHERE `user_id` = {$_SESSION ['uid']}" ;
               
                mysql_query ($sql) ;
 
 
}
?>

WHERE `user_id`= ($uid)

You should not have the brackets around $uid on this line

file_exists("{$GLOBAL ['path']}/user_avatars/{$info['id']}.jpg")

$GLOBAL should be $GLOBALS and you don't want that space there. Also you are trying to use the users id, when you haven’t selected it from the table.

error_reporting (E_ALL ^ E_NOTICE) ;

You should not be hiding notice level errors, they often show up problems that are otherwise hard to find, for example they would have highlighted the above.

It Still Doesn't Work!
and where should I select the user id from?

Shahlin wrote:It Still Doesn't Work!

Post your code and explain the problem.

Shahlin wrote:and where should I select the user id from?

the database or the session.

edit_profile.php

<?php
include('core/init.inc.php');

if (isset ($_POST ['email'], $_POST ['location'], $_POST ['about'])) {
	$errors = array () ;
	if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)=== false) {
		$errors [] = 'The email address you entered is invalid.' ;
	}
	if (preg_match('#^[a-z0-9]+$#i', $_POST['location']) === 0) {
		$errors[] = 'Your location must only contain \'a-z\', \'0-9\' and spaces.' ;
	}
	if (empty($_FILES['avatar']['tmp_name']) === false) {
		$file_ext = end(explode('.', $_FILES['avatar']['name'])) ;
	if (in_array (strtolower($file_ext), array('jpg','jpeg','png','gif')) === false) {
		$errors[] = 'Your profile picture must be an image.' ;
	}
	}
	if (empty($errors)) { 
		set_profile_info ($_POST['email'],$_POST['about'],$_POST ['location'], (empty($_FILES['avatar']['tmp_name']) ? false : $_FILES['avatar']['tmp_name']));
	}
	$user_info = array (
	$email => htmlentities($_POST ['email']),
	$about => htmlentities($_POST ['about']),
	$location => htmlentities($_POST ['location'])
) ;
} else {
	$user_info = fetch_user_info ($_SESSION['uid']);
}


?>

<html>
<head></head>
<body>
<div>
<?php

if (isset ($errors)=== false) {
	echo 'Click the update button to edit your profile.' ;
} else if  (empty ($errors)){
	echo 'Your profile has been updated.' ;
} else {
	echo '<ul><li>', implode ('</li><li>', $errors), '</li></ul>' ;
}
?>
</div>
<form action="" method="POST" enctype = "multipart/form-data">
	<div>
		<label for="email">Email:</label>
		<input type="text" name="email" id="email" value="<?php echo $_POST ['email'] ; ?>"/>
	</div>
	<div>
		<label for="location">Location:</label>
		<input type="text" name="location" id="location" value="<?php echo $_POST ['location'] ; ?>" />
	</div>
	<div>
		<label for="about">About Me:</label>
		<textarea name="about" id="about" rows="14" cols="50"><?php echo strip_tags($_POST ['about']) ; ?></textarea>
	</div>
	<div>
		<label for="avatar">Avatar</label>
		<input type="file" name="avatar" id="avatar" />
	</div>
	<div>
		<input type="submit" value="Update"/>
	</div>
</form>
</body>
</html>

profile.php

<?php
include('core/init.inc.php');
$user_info = fetch_user_info($_GET['uid']);
?>
<html>
<head><title><?php echo $user_info ['username'] ;?>'s Profile</title></head>
<body>
<div>
<?php
if ($user_info === false ) {
        echo 'That user does not exist.' ;
} else {
?>
<h1><?php echo $user_info ['firstname'] ;?> <?php $user_info ['lastname'] ;?></h1>
<img src="<?php echo $user_info ['avatar']?>" alt="Avatar" />
<p>Username : <?php echo $user_info ['username'] ;?></p>
 
<p>Gender : <?php echo ($user_info ['gender'] == 1 ? 'Male' : 'Female') ;?></p>
 
<p>Email : <?php echo $user_info ['email'] ;?></p>
 
<p>Location : <?php echo $user_info ['location'] ;?></p>
 
<?php echo $user_info ['about'] ;?>
<?php
}
?>
</div>
</body>
</html>

user_list.php

<?php
 
include 'core/init.inc.php' ;
 
 
?>
 
 
<html>
<head>
<title>Registered Users!</title>
</head>
<body>
<div>
<?php
 
foreach (fetch_users() as $user)  {
 
?>
<p>
        <a href="profile.php?uid=<?php echo $user['id'] ?>" ><?php echo $user ['username'] ; ?></a>
 
</p>
<?php
}
?>
<div>
</body>
</html>

init.inc.php

<?php
session_start () ;
 
mysql_connect ('localhost','root','shahlin') ;
mysql_select_db ('user_profile') ;
 
$path = dirname (__FILE__);
 
include ("{$path}/inc/user.inc.php") ;
 
$_SESSION ['uid']= 1 ;
 
?>

user.inc.php

<?php
// fetches all of the users from the table!
function fetch_users() {
        $result = mysql_query ("SELECT `user_id` AS `id`, `user_username` AS `username` FROM `users`") ;
        $users = array () ;
 
while (($row = mysql_fetch_assoc($result)) !== false) {
        $users [] = $row ;
 
        }      
          return $users ;
}
 
function fetch_user_info ($uid) {
        $uid = (int)$uid;
        $sql = "SELECT
                              `user_username` AS `username`,
                              `user_firstname` AS `firsntame`,
                              `user_lastname` AS `lastname`,
                              `user_email` AS `email`,
                              `user_about` AS `about`,
                              `user_location` AS `location`,
                              `user_gender` AS `gender`
                      FROM `users`
                      WHERE `user_id`= $uid" ;
 
        $result = mysql_query($sql) ;
       
        $info = mysql_fetch_assoc($result) ;
		
		$info ['avatar']  = (file_exists("{$GLOBALS['path']}/user_avatars/{$info['id']}.jpg")) ? "core/user_avatars/{$info['id']}.jpg" : "core/user_avatars/default.jpg" ;
		
		return $info ;
}
//updates the current users proifle
function set_profile_info ($email, $about, $location, $avatar){
$email          = mysql_real_escape_string (htmlentities($email)) ;
$about          = mysql_real_escape_string (nl2br(htmlentities($about))).
$location       = mysql_real_escape_string ($location) ;

if (file_exists($avatar)){ 
	$src_size = getimagesize($avatar) ;
	
if ($src_size ['mime'] === 'image/jpeg') {
	$src_img = imagecreatefromjpeg ($avatar) ;
	} else if ($src_size ['mime'] === 'image/png') {
	$src_img = imagecreatfrompng ($avatar) ;
	} else if ($src_size ['mime'] === 'image/gif') {
	$src_img = imagecreatfromgif ($avatar) ;
	} else {
		$src_img = false ;
	}
if ($src_img !== false) {
		$thumb_width = 100 ;
		
	if ($src_size[0] <= $thumb_width) {
		$thumb = $src_img ;
		} else {
			$new_size [0] = $thumb_width ;
			$new_size [1] = ($src_size[1] / $src_size [0]) * $thumb_width ;
			
			$thumb = imagecreatetruecolor ($new_size[0], $new_size [1]) ;
			imagecopyresampled ($thumb, $src_img, 0, 0, 0, 0, $new_size[0], $new_size[1], $src_size[0], $src_size[1]) ;
		}
		imagejpeg ($thumb, "{$GLOBALS['path']}/user_avatars/{$_SESSION['uid']}.jpg") ;
	}
}
$sql = "UPDATE `users` SET
                                `user_email` = '{$email}' ,
                                `user_about` = '{$about}',
                                `user_location` = '{$location}'
                WHERE `user_id` = {$_SESSION ['uid']}" ;
               
                mysql_query ($sql) ;
 
 
}
?>

Please help!

Explain the problem

jacek wrote:Explain the problem

When I Upload A Picture And Submit The Form. It says your profile has been updated! But when I go to the profile page. Only the info's updated, the picture isn't. And The Location Is Shown In 'Location' Field And The 'About' Field!
And One More Problem Is That....If I Go To A Profile Which Doesn't Exist! It Still Shows Me 'Username' ,'Email' , etc...!

Please Help!

Thanks!

Nevermind.... I Fixed The Profile Picture Part!

Shahlin wrote:Nevermind.... I Fixed The Profile Picture Part!

Awesome ! Because I cant see anything that would cause that

There Was No Problem In that Set Of Codes!

Actually I Mixed This File With My Profile Page...So There Was A Bit Of Confusion..!