artsyL

Thanks! The error was "Call to undefined function password_hash()." I had to call the hosting service to find out why it was reverting to 5.4.

I'm not sure what I'm missing, but the bcrypt code I have been using is generating a blank page, though I have tested for syntax errors and firebug says there are no errors. The php on the server is definitely set to php 5.5.; The db is set to varchar (60); Here is the only code I have changed. I added this: //password hash function $hash = password_hash($pw, PASSWORD_BCRYPT); if (password_verify($pw, $hash)) { // password valid! } else { // wrong password echo "wrong password"; } and I changed $pw: $q = 'INSERT INTO users (fn, ln, username, email, pw) VALUES (?, ?, ?, ?, ?)'; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 'ssssss', $fn, $ln, $username, $email, $pw); mysqli_stmt_execute($stmt); to $hash: $q = 'INSERT INTO users (fn, ln, username, email, pw) VALUES (?, ?, ?, ?, ?)'; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 'ssssss', $fn, $ln, $username, $email, $hash); mysqli_stmt_execute($stmt);

I ended up using Plupload, in case anyone is interested. It's pretty good, but the documentation is really sparse.

I'm rebuilding a registration system with the model from your book, but I keep coming across articles that say SHA1, SALT, and SHA256 are not very useful anymore. Therefore, I am thinking of using scrypt, or something like it to handle encryption. Is this an overblown issue? If it is a valid concern, do you have any advice on how to implement it with the code from the book? I am using a hosted server, in case that is important for downloading etc.

Welp, after four days on this, I'm done (for now anyway). Your next book (I have three - just started on the "advanced..." book) really should include a tutorial on this. It seems like it should be reasonably easy to figure out, but with all the loops, counts, and array issues, there are really too many things that could go wrong. It's difficult for a semi-beginner (me) to even identify a problem. Thanks anyway.

I'm officially stumped. Now I'm getting a blank screen. Here is the state of things. I feel like I'm close, but can't quite put my finger on the problem. I thought it was the code at first (and fooled around with it forever), but then I caught a problem with the form (no [] included, duh), then I started from scratch and something went wrong somewhere. The form: <p>Upload images: <input type="file" name="image[]" multiple/></p> The process: //Check for an image if (is_uploaded_file ($_FILES['image']['tmp_name'])){ for($i=0; $i<count($_FILES['image']['name']); $i++) { //Get the temp file path $tmp = $_FILES['image']['tmp_name'][$i]; //Make sure there is a filepath if ($tmp != ""){ //Setup new file path $temp = "../../uploads/" . $_FILES['image']['name'][$i]; //Move the file over. if (move_uploaded_file($tmp, $temp)){ echo '<p class="marked"><em>The file has been uploaded!</em></p>'; //set the $i variable to the image's name $i = $_FILES['image']['name'][$i]; } else {//couldn't move the file over $errors[] = 'the file could not be moved'; $temp = $_FILES['image']['tmp_name']; } } } }else{//no uploaded file $errors[] = 'No file was uploaded'; $temp = NULL; } The Insert: //add the image to the database $q = 'INSERT INTO image (image_name) VALUES (?)'; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 's', $i); foreach($_FILES['image']['name'][$i] as $i){ mysqli_stmt_execute($stmt); $img_id = mysqli_stmt_insert_id($stmt); if (mysqli_stmt_affected_rows($stmt)>0) { //print a message echo '<p class="marked">the img has been added</p>'; }else{ echo 'the img could not be added'; //Check the results if (mysqli_stmt_affected_rows($stmt)>0) { //print a message echo '<p class="marked">the image has been added</p>'; //rename the image $id = mysqli_stmt_insert_id($stmt);//Get the image id rename($temp, "../../uploads/$id"); //Clear $_POST $_POST = array(); }else{//Error! echo '<p style="font-weight:bold; color: #C00">Your submission could not be processed due to a system error.</p>'; } mysqli_stmt_close($stmt); }

Thanks for the advice!

I'm afraid that I'm barely beyond "monkey see, monkey do" when it comes to query loops and I can't find an adaptable example (did I miss something in the book? I'm not quite all the way through). Would you mind adding an example, please?

I already have three of your books (the most recent being effortless e-commerce...), and I'm looking to add a social media aspect to my current project. I know almost nothing about frameworks because I prefer doing things from scratch and never really looked into it. What I do know is that I would like to have it finished within a year (from scratch would take much more time); and that reviews tend to give Elgg the best reviews for what I want to accomplish. The only reason I am leaning toward Yii is that you are writing a book on it, so my question is: Would Yii be a good choice for an image heavy social media site?

This is where I got to since last night (adapted from http://stackoverflow.com/questions/12766035/php-upload-multiple-files): I am getting an error from the insert query("system error"), so I think the multiple upload might actually be working. How do I loop the insert query? Should I include it in the first IF statement, or would this be hackish? Am I getting ahead of myself? //Check for an image if(isset($_POST['image'])){ $count=0; foreach (($_FILES['image']['tmp_name']) as $file){ if (is_uploaded_file ($file)) { //create temporary file name $temp = '../../uploads/'. md5($_FILES['image']['name']); $tmp=$_FILES['image']['tmp_name'][$count]; $count=$count + 1; $temp=$temp.basename($file); //Move the file over. if (move_uploaded_file($file, $temp)){ //echo '<p class="marked"><em>The file has been uploaded!</em></p>'; //set the $i variable to the image's name $i = $_FILES['image']['name'][$count]; } else {//couldn't move the file over $errors[] = 'the file could not be moved'; $temp = $file; } } } }else{//no uploaded file $errors[] = 'No file was uploaded'; $temp = NULL; } if (empty($errors)){ //if everything is ok //add the image to the database $q = 'INSERT INTO image (image_name) VALUES (?)'; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 's', $i); mysqli_stmt_execute($stmt); $img_id = mysqli_stmt_insert_id($stmt); if (mysqli_stmt_affected_rows($stmt)== 1) { //print a message //echo '<p class="marked">the img has been added</p>'; }else{ echo 'the img could not be added'; } //Check the results if (mysqli_stmt_affected_rows($stmt)== 1) { //print a message //echo '<p class="marked">the image has been added</p>'; //rename the image $id = mysqli_stmt_insert_id($stmt);//Get the image id rename($temp, "../../uploads/$id"); //Clear $_POST $_POST = array(); }else{//Error! echo '<p style="font-weight:bold; color: #C00">Your submission could not be processed due to a system error.</p>'; } mysqli_stmt_close($stmt);

HTML 5 allows this kind of multiple upload input <p>Upload an image:</b> <input type="file" name="image" multiple/></p> so I'm wondering, has anyone come up with a fancy fix for dealing with the extreme awkwardness of $_FILES arrays? I'm having way too much trouble figuring out a count/foreach method for this. What I have is comically incomplete because I keep trying new things, but I'm also afraid to break what I already have that works. Any suggestions? if(isset($_POST['image'])){ $count=0 foreach (($_FILES['image']['tmp_name']) as $tmp) //This is as far as I get before becoming hopelessly confused as to what should be done next. //As you can see, the rest is pretty much from the book. if (is_uploaded_file ($_FILES['image']['tmp_name'])) { //create temporary file name $temp = '../../uploads/'. md5($_FILES['image']['name']); //Move the file over. if (move_uploaded_file($_FILES['image']['tmp_name'], $temp)){ //echo '<p class="marked"><em>The file has been uploaded!</em></p>'; //set the $i variable to the image's name $i = $_FILES['image']['name']; } else {//couldn't move the file over $errors[] = 'the file could not be moved'; $temp = $_FILES['image']['tmp_name']; } }else{//no uploaded file $errors[] = 'No file was uploaded'; $temp = NULL; } if (empty($errors)){ //if everything is ok //add the image to the database $q = 'INSERT INTO image (image_name, img_type, coll_id) VALUES (?, ?, ?)'; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 'ssi', $i, $it, $cid); mysqli_stmt_execute($stmt); $img_id = mysqli_stmt_insert_id($stmt); if (mysqli_stmt_affected_rows($stmt)== 1) { //print a message //echo '<p class="marked">the img has been added</p>'; }else{ echo 'the img could not be added'; } //Check the results if (mysqli_stmt_affected_rows($stmt)== 1) { //print a message //echo '<p class="marked">the image has been added</p>'; //rename the image $id = mysqli_stmt_insert_id($stmt);//Get the image id rename($temp, "../../uploads/$id"); //Clear $_POST $_POST = array(); }else{//Error! echo '<p>Your submission could not be processed due to a system error.</p>'; } mysqli_stmt_close($stmt);

This my abridged script with an image instead of a file name, and without the file extensions, in case you are interested. Thanks again! Love the book and the forum site! The Javascript <script language="JavaScript"> <!-- // Hide from old browsers. // Make a pop-up window function: function create_window (image, width, height) { // Add some pixels to the width and height: width = width + 10; height = height + 10; // If the window is already open, // resize it to the new dimensions: if (window.popup && !window.popup.closed) { window.popup.resizeTo(width, height); } // Set the window properties: var specs = "location=no, scrollbars=no, menubars=no, toolbars=no, resizable=yes, left=0, top=0, width=" + width + ", height=" + height; // Set the URL: var url = "show_image.php?image=" + image; // Create the pop-up window: popup = window.open(url, "ImageWindow", specs); popup.focus(); } // End of function. //--></script> The rest from Images //make the query $q = 'SELECT * FROM images $r = mysqli_query($dbc, $q); //count the number of returned rows $num = mysqli_num_rows($r); if ($num >0) {//if it ran ok display records //Print how many images there are echo "<p>There are currently $num objects/works in your collection.</p>\n"; echo '<table align="center" cellspacing="5" cellpadding="5" border="1" width="85%"> <tr> <td align="left"><b>Image</b></td> <td align="left"><b>Object/Work information</b></td> </tr>'; //fetch and print all the records: $dir = '../../uploads'; // Define the directory to view. while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) { $image = $row['img_id']; //if (substr($image, 0, 1) != '.') { // Ignore anything starting with a period. // Get the image's size in pixels: $image_size = getimagesize ("$dir/$image"); // Calculate the image's size in kilobytes: $file_size = round ( (filesize ("$dir/$image")) / 1024) . "kb"; // Make the image's name URL-safe: $image = urlencode($image); echo '<tr>'; echo "<td align=\"left\" width=\"25%\"><figure><a href=\"javascript:create_window('$image',$image_size[0],$image_size[1])\"><img src='../../uploads/$image' />"; echo '<figcaption><p>Click on the image to view in a separate window.</p></figcaption></figure></td> <td align="left"> <div><table> <tr><td style="width: 20%">Title:</td><td> '.$row['title_display'].' </tr> echo '</table></div> </td> </tr>'; } echo '</table>'; mysqli_free_result ($r); }else{//if no records returned echo '<p class="error">there are currently no images.</p>'; } mysqli_close($dbc); ?> And show_images.php <?php # Script 10.5 - show_image.php // This page displays an image. $name = FALSE; // Flag variable: // Check for an image name in the URL: if (isset($_GET['image'])) { // Full image path: $image = "../../uploads/{$_GET['image']}"; $name = $_GET['image']; } // If there was a problem, use the default image: if (!$name) { $image = 'images/unavailable.png'; $name = 'unavailable.png'; } // Get the image information: $info = getimagesize($image); $fs = filesize($image); // Send the content information: header ("Content-Type: {$info['mime']}\n"); header ("Content-Disposition: inline; filename=\"$name\"\n"); header ("Content-Length: $fs\n"); // Send the file: readfile ($image); ?>

Thank you! So, just for fun I stripped the file extension IF, and it now displays everything on my browser. If I decide to be lazy and leave it like this (If I apply this to my project I will have to change and test a bunch of pages to make it work everywhere), is it going to slow down the server/browser? Will it be a huge issue in lesser used browsers (so far it works in FF and Chrome)? By the way, do you have a book that teaches how to include navigation features in the pop-up (like pan, zoom, etc)?

Totally by accident, I discovered that because the image names are id numbers without image extensions, the images will not show. So here's my question. For security, is it best to strip the "make sure there is an image extension" portion of the show_images script, or should I change my upload method to include the extensions? Why?

Here is the test site (I'm a freshly minted digital librarian and not so freshly minted archivist, so I'm learning new skills). (removed by user) It has the scripts from the book and my attempts (prefaced with JS). Thanks!