Wie würde ich das Bild vor oder während des Uploads verändern?php Bildgröße ändern vor oder während des Uploads
<?php
// Start a session for error reporting
session_start();
?>
<?php
// Check, if username session is NOT set then this page will jump to login page
if (!isset($_SESSION['username'])) {
header('Location: index.html');
exit;
}
// *** Include the class
include("resize-class.php");
// Call our connection file
include('config.php');
// Check to see if the type of file uploaded is a valid image type
function is_valid_type($file)
{
// This is an array that holds all the valid image MIME types
$valid_types = array("image/jpg", "image/JPG", "image/jpeg", "image/bmp", "image/gif", "image/png");
if (in_array($file['type'], $valid_types))
return 1;
return 0;
}
// Just a short function that prints out the contents of an array in a manner that's easy to read
// I used this function during debugging but it serves no purpose at run time for this example
function showContents($array)
{
echo "<pre>";
print_r($array);
echo "</pre>";
}
// Set some constants
// Grab the User ID we sent from our form
$user_id = $_SESSION['username'];
$category = $_POST['category'];
// This variable is the path to the image folder where all the images are going to be stored
// Note that there is a trailing forward slash
$TARGET_PATH = "img/users/$category/$user_id/";
if (! is_dir($TARGET_PATH)) {
mkdir($TARGET_PATH, 0775, true);
}
// Get our POSTed variables
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$contact = $_POST['contact'];
$price = $_POST['price'];
$conditional = $_POST['conditional'];
$image = $_FILES['image'];
// Build our target path full string. This is where the file will be moved do
// i.e. images/picture.jpg
$TARGET_PATH .= $image['name'];
// Make sure all the fields from the form have inputs
if ($fname == "" || $lname == "" || $image['name'] == "" || $category['category'] == "" || $conditional['conditional'] == "" || $price['price'] == "")
{
$_SESSION['error'] = "All fields required";
header("Location: securedpage1.php");
exit;
}
// Check to make sure that our file is actually an image
// You check the file type instead of the extension because the extension can easily be faked
if (!is_valid_type($image))
{
$_SESSION['error'] = "You must upload a jpeg, gif, or bmp";
header("Location: securedpage1.php");
exit;
}
// Here we check to see if a file with that name already exists
// You could get past filename problems by appending a timestamp to the filename and then continuing
if (file_exists($TARGET_PATH))
{
$_SESSION['error'] = "A file with that name already exists";
header("Location: securedpage1.php");
exit;
}
// Lets attempt to move the file from its temporary directory to its new home
if (move_uploaded_file($image['tmp_name'], $TARGET_PATH))
{
// NOTE: This is where a lot of people make mistakes.
// We are *not* putting the image into the database; we are putting a reference to the file's location on the server
$imagename = $image['name'];
$sql = "insert into people (price, contact, category, username, fname, lname, expire, filename, conditional, posttime) values (:price, :contact, :category, :user_id, :fname, :lname, now() + INTERVAL 1 MONTH, :imagename, :conditional, now())";
$q = $conn->prepare($sql) or die("failed!");
$q->bindParam(':price', $price, PDO::PARAM_STR);
$q->bindParam(':contact', $contact, PDO::PARAM_STR);
$q->bindParam(':category', $category, PDO::PARAM_STR);
$q->bindParam(':user_id', $user_id, PDO::PARAM_STR);
$q->bindParam(':fname', $fname, PDO::PARAM_STR);
$q->bindParam(':lname', $lname, PDO::PARAM_STR);
$q->bindParam(':imagename', $imagename, PDO::PARAM_STR);
$q->bindParam(':conditional', $conditional, PDO::PARAM_STR);
$q->execute();
$sql1 = "UPDATE people SET firstname = (SELECT firstname FROM user WHERE username=:user_id1) WHERE username=:user_id2";
$q = $conn->prepare($sql1) or die("failed!");
$q->bindParam(':user_id1', $user_id, PDO::PARAM_STR);
$q->bindParam(':user_id2', $user_id, PDO::PARAM_STR);
$q->execute();
$sql2 = "UPDATE people SET surname = (SELECT surname FROM user WHERE username=:user_id1) WHERE username=:user_id2";
$q = $conn->prepare($sql2) or die("failed!");
$q->bindParam(':user_id1', $user_id, PDO::PARAM_STR);
$q->bindParam(':user_id2', $user_id, PDO::PARAM_STR);
$q->execute();
header("Location: success.php");
exit;
}
else
{
// A common cause of file moving failures is because of bad permissions on the directory attempting to be written to
// Make sure you chmod the directory to be writeable
$_SESSION['error'] = "Could not upload file. Check read/write permissions on the directory";
header("Location: securedpage1.php");
exit;
}
?>
Dieser Code ist nicht sicher. Gehen Sie nicht davon aus, dass der vom Client übergebene Typ tatsächlich der Typ der hochgeladenen Datei ist. Auch ist nicht ganz klar, was Sie tun möchten. – Brad
@Brad danke für Ihre Antwort, wie würde ich es verbessern, um es sicherer zu machen? Dies ist auch ein Bild-Upload-Skript, ich würde gerne die Größe des Bildes ändern, wenn die Auflösung zu groß ist. – neeko
benutze ['imagecopyresized'] (http://www.php.net/manual/en/function.imagecopyresized.php) um die Größe des Bildes zu ändern. – air4x