I have been using this script for years. I realise it is a little old and probably not well written, however it has been functional. I suspect the problem is that maybe they have turned the register_globals off at the server and the script is no longer working. I don’t know if that is the problem. The error I get when I attempt to upload an image is this:
Error:
MySQL error reported!
Query: INSERT INTO photos values(NULL,‘corrobex’, 1, 10, , ‘makinti’, ‘’, ‘’, ‘makinti.jpg’, 571, 381, 42520, ‘0’, 0, 0, 0, ‘1’, , ‘0’, ‘no’, ‘’, ‘’, ‘’, ‘’, ‘’)
Result: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ’ ‘makinti’, ‘’, ‘’, ‘makinti.jpg’, 571, 381, 42520, ‘0’, 0, 0, 0, ‘1’, , ‘0’, ‘n’ at line 1
Database handle: Resource id #3
Now here is the script:
<? include("pp-inc.php"); include("login-inc.php"); include("image-inc.php"); if ( is_array($HTTP_POST_FILES) ) { while(list($key,$value) = each($HTTP_POST_FILES)) { ${$key} = $value; } } function handleupload( $location = "data" ) { global $HTTP_POST_FILES, $userid, $Globals, $category; $tmpname = $HTTP_POST_FILES['theimage']['tmp_name']; $realname = $HTTP_POST_FILES['theimage']['name']; $tmpcloseup = $HTTP_POST_FILES['closeup']['tmp_name']; if (is_uploaded_file($tmpname) ) { $realname = fixfilenames( $realname ); $closeup = preg_replace("/(\.[A-Za-z]+)$/", "-closeup\\1", $realname); if ( $location != "data" ) { $dst_file = $location; } else { $dst_file = $Globals{'datafull'}."$category/$userid$realname"; $closeup_file = $Globals{'datafull'}."$category/$userid$closeup"; } copy($tmpname, $dst_file); copy($tmpcloseup, $closeup_file); } else { dieWell("Uploaded file not found: $realnameTypical reason is that the file exceeded allowed limits."); exit; } return; } authenticate(); $nolimit = 0; if ( $Globals{'adminnolimit'} == "yes" && $adminedit == 1 ) { $nolimit = 1; } $adminexclude = 0; if ( $Globals{'adminexclude'} == "yes" && $adminedit == 1 ) { $adminexclude = 1; } if ( $adminedit == 0 ) { if ( $Globals{'allowup'} == "no" ) { dieWell( "User uploads not allowed" ); } } $querystring = findenv("QUERY_STRING"); if ( ($useruploads == 0 && $gologin==1) || $querystring == "gologin" ) { $furl=$Globals{'maindir'}; $furl= str_replace( $Globals{'domain'}, "", $furl ); $furl="$furl/uploadphoto.php"; login( $furl ); exit; } if ( $gologin != 0 ) { if ( $useruploads == 0 ) { dieWell("Sorry, you don't have permission to upload photos."); exit; } } topmenu(); if ( !isset($theimage) ) { $catdefault = ""; if ( !empty($cat) ) { $query = "SELECT id,catname,thumbs FROM categories WHERE id=$cat LIMIT 1"; $resultb = ppmysql_query($query,$link); while ( list( $subid, $subcatname, $subthumbs ) = mysql_fetch_row($resultb) ) { if ( $ugcat{$subid} != 1 ) { $catdefault = "$subcatname"; } } ppmysql_free_result( $resultb ); } $header = str_replace( "titlereplace", "Upload Photo", $header ); $output = "$header
$menu2 | $menu |
|
".$Globals{'cright'}."$footer"; print $output; } else { if (empty($skipupload)) $skipupload=""; if ( $category == "" ) { dieWell( "You must choose a category before uploading."); exit; } if ( $skipupload == "skipupload" ) { $deftitle = urlencode($title); $defdesc = urlencode($desc); $furl = $Globals{'zipuploadurl'}."/$userid"; forward( $Globals{'maindir'}."/bulkupload.php?ppaction=addphotos&do=preview&photopath=$userid&deftitle=$deftitle&defdesc=$defdesc&defcat=$category&keywords=$keywords&numprocess=$numprocess&dthumbs=$dthumbs&furl=$furl", "Preparing to process image list!" ); exit; } $realname = $HTTP_POST_FILES['theimage']['name']; if ( $realname == "" ) { dieWell( "You need to enter the name of a file to upload! $thevideo / $theimage" ); exit; } $realname = fixfilenames( $realname ); $theext = get_ext( $realname ); $filepath = $Globals{'datafull'}."$category/$userid$realname"; $outfilename = "$userid$realname"; $query = "SELECT userid,bigimage FROM photos where userid=$userid"; $resulta = ppmysql_query($query,$link); while( list( $uid, $bgimage ) = mysql_fetch_row($resulta) ) { if ($uid == $userid && $uid != 0) { if ( $bgimage == $realname ) { dieWell("Sorry, you already uploaded an image called $realname. Try a different name."); exit; } } } ppmysql_free_result($resulta); $title = fixmessage( $title ); $keywords = fixmessage( $keywords ); $desc = fixmessage( $desc ); if ( $category == "notcat" ) { $emessage = "The category you chose is a top level category.
Please go back and choose one of its subcategories to upload your image.";
dieWell($emessage);
}
//####// Write the file to a directory #####
//#// Do you wish to allow all file types? yes/no (no capital letters)
$allowall = "no";
//#// If the above = "no"; then which is the only extention to allow?
//#// Remember to have the LAST 4 characters i.e. .ext
if ($realname != "") {
$isfilegood = "yes";
if ( $allowall != "yes" ) {
if ( !is_image($outfilename) ) {
$isfilegood = "no";
}
}
if ($isfilegood == "yes") {
handleupload();
}
//
// ZIP Uploads for Users
//
if ( $Globals{'allowzip'} ) {
if (strtolower(substr($outfilename,strlen($outfilename) - 4,4)) == ".zip" ) {
$filepath = $Globals{'zipuploaddir'}."/$userid";
$filedir = "$filepath/$outfilename";
if ( !file_exists( $filepath ) ) {
mkdir( $filepath, 0755 );
chmod( $filepath, 0777 );
}
chdir( $filepath );
handleupload( $filedir );
$sys_cmd = $Globals{'zip_command'}." -qq $filedir";
system( $sys_cmd );
unlink( $filedir );
$deftitle = urlencode($title);
$defdesc = urlencode($desc);
$furl = $Globals{'zipuploadurl'}."/$userid";
if ( empty($numprocess) ) $numprocess = 10;
if ( empty($dthumbs) ) $dthumbs = "yes";
forward( $Globals{'maindir'}."/bulkupload.php?ppaction=addphotos&do=preview&photopath=$userid&deftitle=$deftitle&defdesc=$defdesc&defcat=$category&keywords=$keywords&numprocess=$numprocess&dthumbs=$dthumbs&furl=$furl", "Preparing to process image list!" );
exit;
}
}
}
if ( file_exists($filepath) ) {
$insize = filesize( $filepath );
}
else {
dieWell("File upload error. Cannot find uploaded file.
Path: [$filepath]");
exit;
}
if ( $isfilegood != "yes" ) {
dieWell( "Image must be a .jpg, .gif, .tif or .png file." );
exit;
}
$thumbsize = create_thumb( $realname, $filepath, $category );
process_image( $realname, $filepath, $category );
$query = "SELECT id FROM photos WHERE userid=$userid AND bigimage='$realname'";
$resulta = ppmysql_query($query,$link);
list( $forwardid ) = mysql_fetch_row($resulta);
ppmysql_free_result($resulta);
if ( empty($forwardid) ) {
dieWell( "There was a problem processing your image: $realname.
Please notify the System Administrator." ); exit; } forward( $Globals{'maindir'}."/showphoto.php?photo=$forwardid", "Your image was uploaded successfully!" ); } ?>
Do Globals need to be on for this to work? Or is there another problem?
thanks
Paul