if ($fsize <= $MAX_FILE_SIZE) {
if (isset($_POST['title']) && isset($_POST['text'])) {
$title = sanitizeString($db, $_POST['title']);
$text = sanitizeString($db, $_POST['text']);
// add necessary css attributes
$filter_string = '';
if ($_POST['filter'] == 'myNostalgia') {
$filter_string = "style='-webkit-filter:sepia(100%);filter:sepia(100%);'";
} elseif ($_POST['filter'] == 'grayscale') {
$filter_string = "style='-webkit-filter:grayscale(100%);filter:grayscale(100%);'";
} elseif ($_POST['filter'] == 'lomo') {
$filter_string = '';
}
move_uploaded_file($_FILES['upload']['tmp_name'], $folder_name . DIRECTORY_SEPARATOR . $fname);
// save to database
SavePostToDB($db, $_SESSION['Username'], $title, $text, $_SERVER['REQUEST_TIME'], $fname, $filter_string);
}
} else {
$message = 'The size of the image is too big';
}
}
} else {
?>
<meta http-equiv="refresh" content="0; url=./index.php"> <?php
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
$time = $_SERVER['REQUEST_TIME'];
$file_name = $time . '.jpg';
// Get filter setting.
if (isset($_POST['filter'])) {
$filter = $_POST['filter'];
} else {
$filter = "NULL";
}
// Get image file, upload to 'users' folder.
if ($_FILES) {
$tmp_name = $_FILES['upload']['name'];
$dstFolder = '../project/users';
move_uploaded_file($_FILES['upload']['tmp_name'], $dstFolder . DIRECTORY_SEPARATOR . $file_name);
}
// Input post data to table.
SavePostToDB($db, $name, $title, $text, $time, $file_name, $filter);
// Prevent duplicate submissions on page refresh.
header("Location: wall.php");
exit;
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="COP3813 Homework 8 PHP Photo Sharing App Nick Petty">
<meta name="author" content="Nick Petty">
<link rel="icon" href="icons/favicon.ico">
$time = $_SERVER['REQUEST_TIME'];
$file_name = $time . '.jpg';
$result = queryMysql("SELECT * FROM users WHERE USERNAME='******'");
if ($result->num_rows) {
$error = "The username you have entered already exists.";
} else {
if ($_FILES) {
$tmp_name = $_FILES['upload']['name'];
//file on local host
if ($tmp_name == NULL) {
$file_name = NULL;
}
$dstFolder = 'users';
move_uploaded_file($_FILES['upload']['tmp_name'], $dstFolder . DIRECTORY_SEPARATOR . $file_name);
}
SavePostToDB($connection, $username, $password, $file_name);
$success = 'Your account has been created successfully! Please sign in.';
}
}
} else {
$username = sanitizeString($_POST['username']);
$password = sanitizeString($_POST['password']);
if ($username == "" || $password == "") {
$error = "Please enter both username and password.";
} else {
$result = queryMysql("SELECT USERNAME, PASSWORD FROM users WHERE USERNAME = '******'\n AND PASSWORD = '******'");
if ($result->num_rows) {
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
$success = "You have now logged in";
header("location:profile.php");
