-
-
Save gyprosetti/46002e29676a88c43000 to your computer and use it in GitHub Desktop.
edit.php with session id
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
require("authenticate.php"); | |
error_reporting(E_ERROR); | |
$message = $_GET['message']; | |
//var_dump($_FILES); | |
function uploadimage($dir){ | |
global $tcgimages; | |
global $DBName; | |
global $Host; | |
global $User; | |
global $errmsgi; | |
if(!empty($_FILES)){ | |
$url =''; | |
$image = getimagesize($_FILES["image"]["tmp_name"]); | |
$allowedExts = array("gif", "jpeg", "jpg", "png", "JPG", "JPEG", "PNG", "GIF"); | |
$temp = explode(".", $_FILES["image"]["name"]); | |
$extension = end($temp); | |
if ((($image["mime"] == "image/gif") | |
|| ($image["mime"] == "image/jpeg") | |
|| ($image["mime"] == "image/jpg") | |
|| ($image["mime"] == "image/pjpeg") | |
|| ($image["mime"] == "image/x-png") | |
|| ($image["mime"] == "image/png")) | |
&& ($_FILES["image"]["size"] < 2000000) | |
&& in_array($extension, $allowedExts)) | |
{ | |
if ($_FILES["image"]["error"] > 0) | |
{ | |
echo "Return Code: " . $_FILES["image"]["error"] . "<br>"; | |
} | |
else | |
{ | |
$path = $dir . $_FILES["image"]["name"]; | |
if (file_exists($dir . $_FILES["image"]["name"])) | |
{ | |
echo $_FILES["image"]["name"] . " already exists. "; | |
$path = $dir . $_FILES["image"]["name"]; | |
} | |
else | |
{ | |
move_uploaded_file($_FILES["image"]["tmp_name"], | |
$dir . $_FILES["image"]["name"]); | |
//echo "Stored in: " . $dir . $_FILES["image"]["name"]; | |
$path = $dir . $_FILES["image"]["name"]; | |
} | |
} | |
} | |
else | |
{ | |
echo $errmsgi = "Please check that you uploaded the correct file."; | |
} | |
} | |
return $path; | |
} | |
$nameErr = $intelligenceErr = $strengthErr = $speedErr = $energyErr = $fightingErr = $googleErr = $biographyErr = ""; | |
$name = $intelligence = $strength = $speed = $energy = $fighting = $google = $biography = ""; | |
function validate_input($data) | |
{ | |
$data = trim($data); | |
$data = stripslashes($data); | |
$data = htmlspecialchars($data); | |
$data = mysql_real_escape_string($data); | |
return $data; | |
} | |
if (isset($_POST['Submit']) && $_POST['Submit'] == "Save") | |
{ | |
$has_errors = false; | |
if(empty($_FILES["image"]["tmp_name"])){ | |
//$has_errors = true; | |
$path = mysql_real_escape_string($_POST['path']); | |
//$imageErr = "Missing image"; | |
}else{ | |
$dir = "uploads/"; | |
} | |
if (empty($_POST["name"])) { | |
$has_errors = true; | |
$nameErr = "Enter a name"; | |
}else{ | |
$pname = validate_input($_POST["name"]); | |
} | |
if (empty($_POST["intelligence"])) { | |
$has_errors = true; | |
$intelligenceErr = "Enter 1-100"; | |
} else { | |
$pintelligence = validate_input($_POST["intelligence"]); | |
} | |
if (empty($_POST["strength"])) { | |
$has_errors = true; | |
$strengthErr = "Enter 1-100"; | |
} else { | |
$pstrength = validate_input($_POST["strength"]); | |
} | |
if (empty($_POST["speed"])) { | |
$has_errors = true; | |
$speedErr = "Enter 1-100"; | |
} else { | |
$pspeed = validate_input($_POST["speed"]); | |
} | |
if (empty($_POST["energy"])) { | |
$has_errors = true; | |
$energyErr = "Enter 1-100"; | |
} else { | |
$penergy = validate_input($_POST["energy"]); | |
} | |
if (empty($_POST["fighting"])) { | |
$has_errors = true; | |
$fightingErr = "Enter 1-100"; | |
} else { | |
$pfighting = validate_input($_POST["fighting"]); | |
} | |
if (empty($_POST["google"])) { | |
$has_errors = true; | |
$googleErr = "Enter the googleindex"; | |
} else { | |
$pgoogle = validate_input($_POST["google"]); | |
} | |
if (empty($_POST["biography"])) { | |
$has_errors = true; | |
$biographyErr = "Enter a biography"; | |
} else { | |
$pbiography = validate_input($_POST["biography"]); | |
} | |
if (!$has_errors) | |
{ | |
$Link = mysql_connect($Host, $User, $Password); | |
$user = $_SESSION['UserName']; | |
if(empty($path)){ | |
$path = uploadimage($dir); | |
} | |
$cid = mysql_real_escape_string($_POST['cid']); | |
$Query = "UPDATE tcgcomics SET name='$pname', intelligence='$pintelligence', strength='$pstrength', speed='$pspeed', energy='$penergy', fighting='$pfighting', google='$pgoogle', biography='$pbiography' WHERE id='$cid'"; | |
if(mysql_db_query ($DBName, $Query, $Link)) { | |
$Query = "UPDATE tcgimages SET path='$path' WHERE id='$cid'"; | |
} else { | |
die("Query was: $Query. Error: ".mysql_error($Link)); | |
} | |
if($sql = mysql_db_query ($DBName, $Query, $Link)) { | |
//$message = "Card created"; | |
//header("Location: comics.php?message=".urlencode($message)); | |
} else { | |
die("Query was: $Query. Error: ".mysql_error($Link)); | |
} | |
} | |
} | |
//$name = array(); | |
$result = mysql_query("SELECT * FROM tcgcomics JOIN tcgimages ON tcgcomics.id = tcgimages.id") | |
or die(mysql_error()); | |
$count = mysql_num_rows($result); | |
// check that the 'id' matches up with a row in the databse | |
while($row = mysql_fetch_array($result)) | |
{ | |
// display the updated values | |
$name[] = $row['name']; | |
$intelligence[] = $row['intelligence']; | |
$strength[] = $row['strength']; | |
$speed[] = $row['speed']; | |
$energy[] = $row['energy']; | |
$fighting[] = $row['fighting']; | |
$google[] = $row['google']; | |
$biography[] = $row['biography']; | |
$img_paths[] = $row['path']; | |
} | |
if(empty($_GET['page'])){ | |
$i = 0; | |
$current = $i + 1; | |
}else{ | |
$i = $_GET['page']; | |
$current = $i; | |
$i = $i - 1; | |
} | |
if($i == 0){ | |
$prevlink = ""; | |
$next = $current + 1; | |
$nextlink = "<a href='?page=$next'>Next</a>"; | |
}elseif($current > 0 && $current < $count){ | |
$prev = $current - 1; | |
$next = $current + 1; | |
$prevlink = "<a href='?page=$prev'>Previous</a>"; | |
$nextlink = "<a href='?page=$next'>Next</a>"; | |
}elseif($current == $count){ | |
$prev = $current - 1; | |
$prevlink = "<a href='?page=$prev'>Previous</a>"; | |
$nextlink = ""; | |
} | |
?> | |
<!doctype html> | |
<html> | |
<head> | |
<meta charset="utf-8"> | |
<link rel="stylesheet" href="styles/all.css" /> | |
<link rel="stylesheet" href="styles/forms.css" /> | |
<link rel="stylesheet" href="styles/slideshow1.css" /> | |
<script type="text/javascript" src="javascript/jquery-1.7.1.min.js"></script> | |
<link href='//fonts.googleapis.com/css?family=Ubuntu:400,500' rel='stylesheet' type='text/css'> | |
<link href='//fonts.googleapis.com/css?family=Voltaire' rel='stylesheet' type='text/css'> | |
<link href='//fonts.googleapis.com/css?family=Nova+Square' rel='stylesheet' type='text/css'> | |
<link href='//fonts.googleapis.com/css?family=Marvel:400,400italic,700,700italic' rel='stylesheet' type='text/css'> | |
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" /> | |
<title>Trading Card Generator</title> | |
<meta name="Description" content="Trading Card Generator" /> | |
<meta name="Keywords" content="Trading Card Generator" /> | |
<style> | |
@font-face { | |
font-family: TCG; | |
src: url(GearsOfPeace.ttf); | |
} | |
@font-face { | |
font-family: TCGHEADING; | |
src: url(OratorStd.otf); | |
} | |
div {font-family:TCG;} | |
div {font-family:TCGHEADING;} | |
</style> | |
</head> | |
<body id="bodyform"> | |
<br style="clear:left;"/> | |
<form action="edit.php?page=<?php echo $current; ?>" method ="post" enctype="multipart/form-data" name="myForm"> | |
<fieldset> | |
<div class="legendcreate">Edit Card</div> | |
<div class="cardcontainer"> | |
<p class="phpmessage"><?php print $message; ?></p> | |
<table id="tabletcg"> | |
<tr> | |
<td class="tcgcellheading">Name</td> | |
<td class="tcgcell"> | |
<div><input id="name" class="insetcard" name="name" type="text" placeholder="Name" value="<?PHP print $name[$i] ; ?>"/> | |
<p class="errorcard"><?php echo $nameErr;?></p></div></td> | |
</tr> | |
<tr> | |
<td class="tcgcellheading">Intelligence</td> | |
<td class="tcgcell"> | |
<div><input id="intelligence" class="insetcard" name="intelligence" type="text" placeholder="Intelligence" value="<?PHP print $intelligence[$i] ; ?>"/> | |
<p class="errorcard"><?php echo $intelligenceErr;?></p></div></td> | |
</tr> | |
<tr> | |
<td class="tcgcellheading">Strength</td> | |
<td class="tcgcell"> | |
<div><input id="strength" class="insetcard" name="strength" type="text" placeholder="Strength" value="<?PHP print $strength[$i] ; ?>"/> | |
<p class="errorcard"><?php echo $strengthErr;?></p></div> | |
</td> | |
</tr> | |
<tr> | |
<td class="tcgcellheading">Speed</td> | |
<td class="tcgcell"> | |
<div><input id="speed" class="insetcard" name="speed" type="text" placeholder="Speed" value="<?PHP print $speed[$i] ; ?>"/> | |
<p class="errorcard"><?php echo $speedErr;?></p></div> | |
</td> | |
</tr> | |
<tr> | |
<td class="tcgcellheading">Energy</td> | |
<td class="tcgcell"> | |
<div><input id="energy" class="insetcard" name="energy" type="text" placeholder="Energy" value="<?PHP print $energy[$i] ; ?>"/> | |
<p class="errorcard"><?php echo $energyErr;?></p></div> | |
</td> | |
</tr> | |
<tr> | |
<td class="tcgcellheading">Fighting</td> | |
<td class="tcgcell"> | |
<div><input id="fighting" class="insetcard" name="fighting" type="text" placeholder="Fighting" value="<?PHP print $fighting[$i] ; ?>"/> | |
<p class="errorcard"><?php echo $fightingErr;?></p></div> | |
</td> | |
</tr> | |
<tr> | |
<td class="tcgcellheading">Google Index</td> | |
<td class="tcgcell"> | |
<div><input id="google" class="insetcard" name="google" type="text" placeholder="Google Index" value="<?PHP print $google[$i] ; ?>"/> | |
<p class="errorcard"><?php echo $googleErr;?></p></div> | |
</td> | |
</tr> | |
<tr> | |
<td colspan="5"> | |
<div><textarea id="biography" name="biography" class="textareabiography" placeholder="Enter character biography"><?php | |
$out = htmlspecialchars_decode($biography[$i]); | |
$out = str_replace( '\n', '<br />', $out ); | |
echo $out; | |
?></textarea> | |
<p class="errorbio"><?php echo $biographyErr;?></p></div> | |
</tr> | |
</table> | |
<input type="hidden" name="path" value="<?php echo $img_paths[$i]; ?>"/> | |
<img src="<?php echo $img_paths[$i]; ?>" alt="image placeholder" class="imgplaceholder"/> | |
<p class="errorimage"><?php echo $imageErr;?> | |
<p class="errorcard"><?php echo $errmsgi;?> | |
<div class="uploadimgbtn"><p class="upload">Upload Image<input id="upfile" type="file" name="image" class="uplbtn"/></p></div> | |
<div class="submit"><input name="Submit" type="submit" class="savebtn" value="Save"/></div> | |
<input type="hidden" name="cid" value="<?php echo $current; ?>"/> | |
</div> | |
</fieldset> | |
</form> | |
<div class="previouscardedit"><?php echo $prevlink; ?></a></div> | |
<div class="nextcardedit"><a class="tcg"><?php echo $nextlink; ?></a></div> | |
<div class="countpreviousedit"><?php echo $prev."/".$count; ?></div> | |
<div class="countnextedit"><?php echo $next."/".$count; ?></div> | |
<div class="currentcardedit"><?php echo "Card ".$current." of ".$count; ?></div> | |
</div> | |
<br style="clear:left;"/> | |
</body> | |
</html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment