Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $servername = "localhost";
- $username = "root";
- $password = "";
- $dbname = "chhoe17";
- try {
- $conn = new PDO("mysql:host=$servername;dbname=$dbname",
- $username,
- $password,
- array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
- }
- catch(PDOException $e) {
- echo $e->getMessage();
- }
- <?php
- include_once 'header.php';
- ?>
- <section class="main-container">
- <div class="main-wrapper">
- <h2>Manage your pictures</h2>
- <?php
- //display a message and images if logged in!
- if (isset($_SESSION['u_id'])) {
- echo "Upload your pictures";
- echo '<div class="picture-upload">
- <h2>Upload</h2>
- <br>
- <br>
- <br>
- <form action="includes/picture-upload.inc.php" method="post" enctype="multipart/form-data">
- <input type="text" name="filename" placeholder="File name">
- <input type="text" name="filetitle" placeholder="Image title">
- <input type="text" name="filedesc" placeholder="Image description">
- <input type="file" name="file">
- <button type="submit" name="submit">Upload</button>
- </form>
- </div>';
- echo ' <section class="picture-links">
- <div class="wrapper">
- <h2>Pictures</h2>
- include_once "includes/dbh.inc.php";
- $query = $conn->query("SELECT * FROM pictures ORDER BY orderPicture DESC")->fetchAll();
- if (!$query->execute()) {
- header("Location: ../upload.php?upload=sqlStatementFail");
- exit();
- } else {
- $query = $conn->query("SELECT * FROM pictures ORDER BY orderPicture DESC")->fetchAll();
- foreach($query as $query) {
- echo <a href="#">
- <div style = "background-image: url(img/pictures/".$query["imageFullNamePicture"]");"></div>
- <h3> ".$query["titlePicture"]" </h3>
- <p> ".$query["descPicture"]" </p>
- </a>;
- }
- }
- <div class ="picture-container">
- <a href="#">
- <div></div>
- <h3> This is a title </h3>
- <p> This is a paragraph </p>
- </a>
- </div>
- </div>
- </section>
- '
- ?>
- <?php
- }
- ?>
- </div>
- </section>
- <?php
- include_once 'footer.php';
- ?>
- <?php
- if (isset($_POST['submit'])) {
- $newFilenName = $_POST['filename'];
- //If filename has been left empty, create default name for file
- if (empty($newFilenName )) {
- $newFilenName = "unnamed";
- //Remove potential spaces and replace, plus change letters to lowercase
- } else {
- $newFilenName = strtolower(str_replace(" ", "-", $newFilenName));
- }
- $imageTitle = $_POST['filetitle'];
- $imageDesc = $_POST['filedesc'];
- $file = $_FILES["file"];
- //Get information for the error handlers
- $fileName = $file["name"];
- $fileType = $file["type"];
- $fileTempName = $file["tmp_name"];
- $fileError = $file["error"];
- $fileSize = $file["size"];
- //explode to to only take the exstension of the file etc .jepg
- $fileExt = explode(".", $fileName);
- $fileActualExt = strtolower(end($fileExt));
- $allowed = array("jpg", "jpeg", "png");
- if (in_array("fileActualExt", $allowed)) {
- if($fileError === 0) {
- if($fileSize < 2000000) {
- $imageFullName = $newFilenName . "." . uniqid("", true) . "." . $fileActualExt;
- $fileDestination = "../img/pictures/" . $imageFullName;
- include_once "dbh.inc.php";
- if (empty(imageTitle) || ($imageDesc)) {
- header("Location: ../upload.php?upload=empty");
- exit();
- } else {
- $stmt = $conn->prepare("SELECT * FROM pictures");
- $stmt->bindParam(':titlePicture', $titlePicture, PDO::PARAM_STR);
- $stmt->bindParam(':descPicture', $descPicture, PDO::PARAM_STR);
- $stmt->bindParam(':imageFullNamePicture', $imageFullNamePicture, PDO::PARAM_STR);
- $stmt->bindParam(':orderPicture', $orderPicture, PDO::PARAM_STR);
- if (!$stmt->execute()) {
- header("Location: ../upload.php?upload=sqlError");
- exit();
- } else {
- $row = $stmt->fetch(PDO::FETCH_ASSOC);
- $setImageOrder = $row + 1;
- $stmt = "INSERT INTO pictures (titlePicture, descPicture, imageFullNamePicture, orderPicture)
- VALUES (?, ?, ?, ?);";
- if (!$stmt->execute()) {
- header("Location: ../upload.php?upload=sqlError");
- exit();
- } else {
- $stmt->bindParam(':titlePicture', $titlePicture);
- $stmt->bindParam(':descPicture', $descPicture);
- $stmt->bindParam(':imageFullNamePicture', $imageFullNamePicture);
- $stmt->bindParam(':orderPicture', $orderPicture);
- if (!$stmt->prepare()) {
- header("Location: ../upload.php?upload=sqlStatementFail");
- exit();
- } else {
- $sql = "SELECT * FROM pictures";
- $result = $con->prepare($sql);
- $result->execute();
- $number_of_rows = $result->fetchColumn();
- $setImageOrder = $number_of_rows + 1;
- $stmt = "INSERT INTO pictures (titlePicture, descPicture, imageFullNamePicture, orderPicture)
- VALUES (?, ?, ?, ?);";
- if (!$stmt->prepare()) {
- header("Location: ../upload.php?upload=sqlStatementFail");
- exit();
- } else {
- $stmt->bindParam(':imageTitle', $imageTitle);
- $stmt->bindParam(':imageDesc', $imageDesc);
- $stmt->bindParam(':imageFullName', $imageFullName);
- $stmt->bindParam(':setImageOrder', $setImageOrder);
- $stmt->execute();
- move_uploaded_file($fileTempName, $fileDestination);
- header("Location: ../upload.php?upload=Success");
- }
- }
- }
- }
- }
- } else {
- header("Location: ../upload.php?upload=FileTooBig");
- exit();
- }
- } else {
- header("Location: ../upload.php?upload=ErrorOccured");
- exit();
- }
- } else {
- header("Location: ../upload.php?upload=FileTypeNotAllowed");
- exit();
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement