Skip to content

Instantly share code, notes, and snippets.

@gyprosetti

gyprosetti/edit.php Secret

Last active August 29, 2015 13:55
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save gyprosetti/46002e29676a88c43000 to your computer and use it in GitHub Desktop.
Save gyprosetti/46002e29676a88c43000 to your computer and use it in GitHub Desktop.
Download ZIP
edit.php with session id
Raw
edit.php
<?php
require("authenticate.php");
error_reporting(E_ERROR);
$message = $_GET['message'];
//var_dump($_FILES);
function uploadimage($dir){
global $tcgimages;
global $DBName;
global $Host;
global $User;
global $errmsgi;
if(!empty($_FILES)){
$url ='';
$image = getimagesize($_FILES["image"]["tmp_name"]);
$allowedExts = array("gif", "jpeg", "jpg", "png", "JPG", "JPEG", "PNG", "GIF");
$temp = explode(".", $_FILES["image"]["name"]);
$extension = end($temp);
if ((($image["mime"] == "image/gif")
|| ($image["mime"] == "image/jpeg")
|| ($image["mime"] == "image/jpg")
|| ($image["mime"] == "image/pjpeg")
|| ($image["mime"] == "image/x-png")
|| ($image["mime"] == "image/png"))
&& ($_FILES["image"]["size"] < 2000000)
&& in_array($extension, $allowedExts))
{
if ($_FILES["image"]["error"] > 0)
{
echo "Return Code: " . $_FILES["image"]["error"] . "<br>";
}
else
{
$path = $dir . $_FILES["image"]["name"];
if (file_exists($dir . $_FILES["image"]["name"]))
{
echo $_FILES["image"]["name"] . " already exists. ";
$path = $dir . $_FILES["image"]["name"];
}
else
{
move_uploaded_file($_FILES["image"]["tmp_name"],
$dir . $_FILES["image"]["name"]);
//echo "Stored in: " . $dir . $_FILES["image"]["name"];
$path = $dir . $_FILES["image"]["name"];
}
}
}
else
{
echo $errmsgi = "Please check that you uploaded the correct file.";
}
}
return $path;
}
$nameErr = $intelligenceErr = $strengthErr = $speedErr = $energyErr = $fightingErr = $googleErr = $biographyErr = "";
$name = $intelligence = $strength = $speed = $energy = $fighting = $google = $biography = "";
function validate_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
$data = mysql_real_escape_string($data);
return $data;
}
if (isset($_POST['Submit']) && $_POST['Submit'] == "Save")
{
$has_errors = false;
if(empty($_FILES["image"]["tmp_name"])){
//$has_errors = true;
$path = mysql_real_escape_string($_POST['path']);
//$imageErr = "Missing image";
}else{
$dir = "uploads/";
}
if (empty($_POST["name"])) {
$has_errors = true;
$nameErr = "Enter a name";
}else{
$pname = validate_input($_POST["name"]);
}
if (empty($_POST["intelligence"])) {
$has_errors = true;
$intelligenceErr = "Enter 1-100";
} else {
$pintelligence = validate_input($_POST["intelligence"]);
}
if (empty($_POST["strength"])) {
$has_errors = true;
$strengthErr = "Enter 1-100";
} else {
$pstrength = validate_input($_POST["strength"]);
}
if (empty($_POST["speed"])) {
$has_errors = true;
$speedErr = "Enter 1-100";
} else {
$pspeed = validate_input($_POST["speed"]);
}
if (empty($_POST["energy"])) {
$has_errors = true;
$energyErr = "Enter 1-100";
} else {
$penergy = validate_input($_POST["energy"]);
}
if (empty($_POST["fighting"])) {
$has_errors = true;
$fightingErr = "Enter 1-100";
} else {
$pfighting = validate_input($_POST["fighting"]);
}
if (empty($_POST["google"])) {
$has_errors = true;
$googleErr = "Enter the googleindex";
} else {
$pgoogle = validate_input($_POST["google"]);
}
if (empty($_POST["biography"])) {
$has_errors = true;
$biographyErr = "Enter a biography";
} else {
$pbiography = validate_input($_POST["biography"]);
}
if (!$has_errors)
{
$Link = mysql_connect($Host, $User, $Password);
$user = $_SESSION['UserName'];
if(empty($path)){
$path = uploadimage($dir);
}
$cid = mysql_real_escape_string($_POST['cid']);
$Query = "UPDATE tcgcomics SET name='$pname', intelligence='$pintelligence', strength='$pstrength', speed='$pspeed', energy='$penergy', fighting='$pfighting', google='$pgoogle', biography='$pbiography' WHERE id='$cid'";
if(mysql_db_query ($DBName, $Query, $Link)) {
$Query = "UPDATE tcgimages SET path='$path' WHERE id='$cid'";
} else {
die("Query was: $Query. Error: ".mysql_error($Link));
}
if($sql = mysql_db_query ($DBName, $Query, $Link)) {
//$message = "Card created";
//header("Location: comics.php?message=".urlencode($message));
} else {
die("Query was: $Query. Error: ".mysql_error($Link));
}
}
}
//$name = array();
$result = mysql_query("SELECT * FROM tcgcomics JOIN tcgimages ON tcgcomics.id = tcgimages.id")
or die(mysql_error());
$count = mysql_num_rows($result);
// check that the 'id' matches up with a row in the databse
while($row = mysql_fetch_array($result))
{
// display the updated values
$name[] = $row['name'];
$intelligence[] = $row['intelligence'];
$strength[] = $row['strength'];
$speed[] = $row['speed'];
$energy[] = $row['energy'];
$fighting[] = $row['fighting'];
$google[] = $row['google'];
$biography[] = $row['biography'];
$img_paths[] = $row['path'];
}
if(empty($_GET['page'])){
$i = 0;
$current = $i + 1;
}else{
$i = $_GET['page'];
$current = $i;
$i = $i - 1;
}
if($i == 0){
$prevlink = "";
$next = $current + 1;
$nextlink = "<a href='?page=$next'>Next</a>";
}elseif($current > 0 && $current < $count){
$prev = $current - 1;
$next = $current + 1;
$prevlink = "<a href='?page=$prev'>Previous</a>";
$nextlink = "<a href='?page=$next'>Next</a>";
}elseif($current == $count){
$prev = $current - 1;
$prevlink = "<a href='?page=$prev'>Previous</a>";
$nextlink = "";
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<link rel="stylesheet" href="styles/all.css" />
<link rel="stylesheet" href="styles/forms.css" />
<link rel="stylesheet" href="styles/slideshow1.css" />
<script type="text/javascript" src="javascript/jquery-1.7.1.min.js"></script>
<link href='//fonts.googleapis.com/css?family=Ubuntu:400,500' rel='stylesheet' type='text/css'>
<link href='//fonts.googleapis.com/css?family=Voltaire' rel='stylesheet' type='text/css'>
<link href='//fonts.googleapis.com/css?family=Nova+Square' rel='stylesheet' type='text/css'>
<link href='//fonts.googleapis.com/css?family=Marvel:400,400italic,700,700italic' rel='stylesheet' type='text/css'>
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
<title>Trading Card Generator</title>
<meta name="Description" content="Trading Card Generator" />
<meta name="Keywords" content="Trading Card Generator" />
<style>
@font-face {
font-family: TCG;
src: url(GearsOfPeace.ttf);
}
@font-face {
font-family: TCGHEADING;
src: url(OratorStd.otf);
}
div {font-family:TCG;}
div {font-family:TCGHEADING;}
</style>
</head>
<body id="bodyform">
<br style="clear:left;"/>
<form action="edit.php?page=<?php echo $current; ?>" method ="post" enctype="multipart/form-data" name="myForm">
<fieldset>
<div class="legendcreate">Edit Card</div>
<div class="cardcontainer">
<p class="phpmessage"><?php print $message; ?></p>
<table id="tabletcg">
<tr>
<td class="tcgcellheading">Name</td>
<td class="tcgcell">
<div><input id="name" class="insetcard" name="name" type="text" placeholder="Name" value="<?PHP print $name[$i] ; ?>"/>
<p class="errorcard"><?php echo $nameErr;?></p></div></td>
</tr>
<tr>
<td class="tcgcellheading">Intelligence</td>
<td class="tcgcell">
<div><input id="intelligence" class="insetcard" name="intelligence" type="text" placeholder="Intelligence" value="<?PHP print $intelligence[$i] ; ?>"/>
<p class="errorcard"><?php echo $intelligenceErr;?></p></div></td>
</tr>
<tr>
<td class="tcgcellheading">Strength</td>
<td class="tcgcell">
<div><input id="strength" class="insetcard" name="strength" type="text" placeholder="Strength" value="<?PHP print $strength[$i] ; ?>"/>
<p class="errorcard"><?php echo $strengthErr;?></p></div>
</td>
</tr>
<tr>
<td class="tcgcellheading">Speed</td>
<td class="tcgcell">
<div><input id="speed" class="insetcard" name="speed" type="text" placeholder="Speed" value="<?PHP print $speed[$i] ; ?>"/>
<p class="errorcard"><?php echo $speedErr;?></p></div>
</td>
</tr>
<tr>
<td class="tcgcellheading">Energy</td>
<td class="tcgcell">
<div><input id="energy" class="insetcard" name="energy" type="text" placeholder="Energy" value="<?PHP print $energy[$i] ; ?>"/>
<p class="errorcard"><?php echo $energyErr;?></p></div>
</td>
</tr>
<tr>
<td class="tcgcellheading">Fighting</td>
<td class="tcgcell">
<div><input id="fighting" class="insetcard" name="fighting" type="text" placeholder="Fighting" value="<?PHP print $fighting[$i] ; ?>"/>
<p class="errorcard"><?php echo $fightingErr;?></p></div>
</td>
</tr>
<tr>
<td class="tcgcellheading">Google Index</td>
<td class="tcgcell">
<div><input id="google" class="insetcard" name="google" type="text" placeholder="Google Index" value="<?PHP print $google[$i] ; ?>"/>
<p class="errorcard"><?php echo $googleErr;?></p></div>
</td>
</tr>
<tr>
<td colspan="5">
<div><textarea id="biography" name="biography" class="textareabiography" placeholder="Enter character biography"><?php
$out = htmlspecialchars_decode($biography[$i]);
$out = str_replace( '\n', '<br />', $out );
echo $out;
?></textarea>
<p class="errorbio"><?php echo $biographyErr;?></p></div>
</tr>
</table>
<input type="hidden" name="path" value="<?php echo $img_paths[$i]; ?>"/>
<img src="<?php echo $img_paths[$i]; ?>" alt="image placeholder" class="imgplaceholder"/>
<p class="errorimage"><?php echo $imageErr;?>
<p class="errorcard"><?php echo $errmsgi;?>
<div class="uploadimgbtn"><p class="upload">Upload Image<input id="upfile" type="file" name="image" class="uplbtn"/></p></div>
<div class="submit"><input name="Submit" type="submit" class="savebtn" value="Save"/></div>
<input type="hidden" name="cid" value="<?php echo $current; ?>"/>
</div>
</fieldset>
</form>
<div class="previouscardedit"><?php echo $prevlink; ?></a></div>
<div class="nextcardedit"><a class="tcg"><?php echo $nextlink; ?></a></div>
<div class="countpreviousedit"><?php echo $prev."/".$count; ?></div>
<div class="countnextedit"><?php echo $next."/".$count; ?></div>
<div class="currentcardedit"><?php echo "Card ".$current." of ".$count; ?></div>
</div>
<br style="clear:left;"/>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment