$err
";
}
do {
// check if picture name variable has a value; if not, skip to the
// "while(false)" section of "do" statement
if(isset($picture)) {
// here is where the server transparently checks that the client picture file
// doesn't exceed maximum allowable size
if (checkEmail($email) == 0) {
print_error("$email is not a valid email address please re-enter you afro lovin' goofball");
break;
}
//prvent sql injections and other foul stuff in the strings
$desc = cleanSqlData($desc);
$name = cleanSqlData($name);
$picture_name = cleanSqlData($picture_name);
if(getenv("CONTENT_LENGTH") > MAX_FILE_SIZE) {
print_error("File too large: $picture_name");
break;
}
// open client picture file for read only; "@" prefix tells fopen not to print
// message if there is an error, since function print_error does that
// if there is an error, break out of "do" loop and continue at "while(false)"
$picture_parts = explode(".",$picture_name);
$ext = $picture_parts[1];
$just_name = $picture_parts[0];
if ( ($ext == "jpg") || ($ext == "gif") || ($ext == "png") || ($ext == "bmp") ) {
}
else {
print_error("only jpg - gif - png or bmp images are accepted - sorry email me at info@vanillaafro.com if you don't like it!");
break;
}
$fp = @fopen($picture,"r");
if(!$fp) {
print_error("Cannot open file: $picture_name");
break;
}
// generate unique name for session, use it to generate unique server
// directory name, and create the directory
srand((double) microtime() * 1000000);
$id = md5(uniqid(rand()));
$dirname = "$upload_dir/$id";
mkdir($dirname,0777);
// create the server picture file in the newly created server directory
$filename = $dirname ."/".$just_name.".".$ext;
// open server picture file for write only; "@" prefix tells fopen not to
// print message if there is an error, since function print_error does that
// if there is an error, break out of "do" loop and continue at "while(false)"
$out = @fopen($filename,"w");
if(!$out) {
print_error("Cannot open file: $filename");
break;
}
// copy client picture file to server picture file
while($buffer = fread($fp,8192)) {
fwrite($out,$buffer);
}
// close client picture file and server picture file
fclose($fp);
fclose($out);
// create server name file in picture file directory; this file will hold the
// name of the picture file
$filename = $dirname . "/name";
// open server name file for write only; "@" prefix tells fopen not to print
// message if there is an error, since function print_error does that
// if there is an error, break out of "do" loop and continue at "while(false)"
$out = @fopen($filename,"w");
if(!$out) {
print_error("Cannot open file: $filename");
break;
}
// write the server picture name to the server name file, and close the server
// name file
fputs($out,$name);
fclose($out);
// display message that client picture file was successfully copied to the
// server, display a prompt to look at updated server photo gallery, and supply
// the HTML link
mail("info@vanillaafro.com","afro submitted","file: $filename \n name: $name \n description: $desc \n email: $email \n");
?>
Picture added. Thanks.
// exit to the server photo gallery
exit();
}
} while(false);
// you get to here only when "if(isset($picture))" is false, which means that
// no picture name has been submitted, therefore go display the input form where
// the necessary information can be entered
$title="Submit an afro to vanillaafro.com i.e. 70s afros white afros black afros or fros";
$desc="submit an afro logo or a regular old afro including 70s afros and white guy afros";
$keywords="afro submission,white afros,white fros,70s afros,70s afros,60s afros,60s fros,1970s afros";
$header = getHeader($title,$desc,$keywords);
$body="
|
";
$footer=getFooter();
echo "$header $body $footer";