Need help with Upload Code for a Tweaked Submit News Module.

Audioslaved

Hi all,

I have taken a Submit News module (Nuke 6.0) and tweaked it to become a "Discography module" for a band website I run. When I try to upload a file, the file does get uploaded, stored in the tmp dir, then transferred to my upload directory. The preview even shows the file. The problem occurs when submitting it to the database, it does not write the file path to it, so when i check my submission or the table in PHPMyAdmin, there is nothing placed in the row. What can I change on the below script to write the image path to the database.

Code:

<?php 

/************************************************************************/ 
/* PHP-NUKE: Web Portal System                                          */ 
/* ===========================                                          */ 
/*                                                                      */ 
/* Copyright (c) 2002 by Francisco Burzi                                */ 
/* http://phpnuke.org                                                   */ 
/*                                                                      */ 
/* This program is free software. You can redistribute it and/or modify */ 
/* it under the terms of the GNU General Public License as published by */ 
/* the Free Software Foundation; either version 2 of the License.       */ 
/************************************************************************/ 

if (!eregi("modules.php", $PHP_SELF)) { 
    die ("You can't access this file directly..."); 
} 
require_once("mainfile.php"); 
$module_name = basename(dirname(__FILE__)); 
get_lang($module_name); 
$pagetitle = "- "._SUBMITDISC.""; 
function defaultDisplay() { 
    global $AllowableHTML, $prefix, $user, $cookie, $anonymous, $currentlang, $multilingual, $dbi, $module_name, $HTTP_POST_FILES; 
    include ('header.php'); 
   include ('wysiwyg.php'); 
    OpenTable(); 
    echo "<center><font class="title">"._SUBMITDISC."</font>

"; 
    echo "<font class="content">"._SUBMITADVICE."</font></center>
"; 
    CloseTable(); 
    echo "
"; 
    OpenTable(); 
    if (is_user($user)) getusrinfo($user); 
    echo "<form enctype="multipart/form-data" action="modules.php?name=$module_name" method="post">" 
   .""._YOURNAME.": "; 
    if (is_user($user)) { 
   cookiedecode($user); 
   echo "$cookie[1] <font class="content">[ "._LOGOUT." ]</font>"; 
    } else { 
       echo "$anonymous <font class="content">[ "._NEWUSER." ]</font>"; 
    } 
    echo "

" 
        ."Album Title " 
        ."("._BEDESCRIPTIVE.")
" 
        ."<input type="text" name="subject" size="50" maxlength="80">
<font class="content">("._BADTITLES.")</font>" 
        ."

" 
        ."Category <select name="topic">"; 
    $toplist = sql_query("select secid, secname from ".$prefix."_discography order by secname", $dbi); 
    echo "<option value="">Select One</option>n"; 
    while(list($secid, $discography) = sql_fetch_row($toplist, $dbi)) { 
        if ($secid==$topic) { 
       $sel = "selected "; 
   } 
       echo "<option $sel value="$secid">$discography</option>n"; 
   $sel = ""; 
    } 
    echo "</select>"; 
    if ($multilingual == 1) { 
   echo "

"._LANGUAGE.": " 
       ."<select name="alanguage">"; 
   $handle=opendir('language'); 
   while ($file = readdir($handle)) { 
       if (preg_match("/^lang-(.+).php/", $file, $matches)) { 
           $langFound = $matches[1]; 
           $languageslist .= "$langFound "; 
       } 
   } 
   closedir($handle); 
   $languageslist = explode(" ", $languageslist); 
   sort($languageslist); 
   for ($i=0; $i < sizeof($languageslist); $i++) { 
       if($languageslist[$i]!="") { 
      echo "<option value="$languageslist[$i]" "; 
       if($languageslist[$i]==$currentlang) echo "selected"; 
      echo ">".ucfirst($languageslist[$i])."</option>n"; 
       } 
   } 
   echo "</select>"; 
    } else { 
   echo "<input type="hidden" name="alanguage" value="$language">"; 
    } 
   echo "

" 
                ."Track Listing
(Please include any album notes under the track listing)
" 
   ."<textarea cols="50" rows="12" name="story"></text>
" 
   ."("._AREYOUSURE.")</font>

" 
                ."<font class="content">"._ALLOWEDHTML."
"; 
    while (list($key,) = each($AllowableHTML)) echo " <".$key.">"; 
                echo "

"._RELDATE."
" 
                ."<input type="text" name="reldate" size="50" maxlength="80">

"; 
                echo ""._RECCOMPANY."
" 
                ."<input type="text" name="recomp" size="50" maxlength="80">

"; 
                echo "Image Path
" 
                ."<input type="file" name="userfile">
"; 
                echo "

<input type="submit" name="op" value=""._PREVIEW."">  " 
   ."<select name="posttype">n" 
   ."<option value="exttrans">"._EXTRANS."</option>n" 
   ."<option value="html" >"._HTMLFORMATED."</option>n" 
   ."<option value="plaintext" selected>"._PLAINTEXT."</option>n" 
   ."</select>" 
   ."
("._SUBPREVIEW.")</form>"; 
    CloseTable(); 
   include ('wysiwygf.php'); 
    include ('footer.php'); 
} 

function PreviewStory($name, $address, $subject, $story, $storyext, $topic, $alanguage, $posttype, $reldate, $recomp, $userfile) { 
    global $user, $cookie, $bgcolor1, $bgcolor2, $anonymous, $prefix, $multilingual, $AllowableHTML, $dbi, $module_name, $HTTP_POST_FILES; 
    include ('wysiwyg.php'); 
    include ('header.php'); 
    $subject = stripslashes($subject); 
    $story = stripslashes($story); 
    $storyext = stripslashes($storyext); 
    if ($posttype=="exttrans") { 
        $f_story = nl2br(htmlspecialchars($story)); 
   $f_storyext = nl2br(htmlspecialchars($storyext)); 
    } elseif ($posttype=="plaintext") { 
        $f_story = nl2br($story); 
   $f_storyext = nl2br($storyext); 
    } else { 
   $f_story = $story; 
   $f_storyext = $storyext; 
    } 
    $reldate = stripslashes($reldate); 
    $recomp = stripslashes($recomp); 
    $story2 = "$f_story

$f_storyext"; 
    OpenTable(); 
    echo "<center><font class="title">"._NEWSUBPREVIEW."</font>"; 
    CloseTable(); 
    echo "
"; 
    OpenTable(); 
    echo "<center>"._STORYLOOK."</center>

"; 
    echo "<table width="70%" bgcolor="$bgcolor2" cellpadding="0" cellspacing="1" border="0"align="center"><tr><td>" 
   ."<table width="100%" bgcolor="$bgcolor1" cellpadding="8" cellspacing="1" border="0"><tr><td>"; 
    if ($topic=="") { 
        $image="all.gif"; 
        $warning = "<center><blink>"._SELECTTOPIC."</blink></center>"; 
    } else { 
        $warning = ""; 
        $result = sql_query("select image from ".$prefix."_discography where secid='$topic'", $dbi); 
        list($image) = sql_fetch_row($result, $dbi); 
    } 
    echo "[img]images/discography/$image[/img]"; 
    themepreview($subject, $story2, $reldate, $recomp); 
if ($userfile != '') {echo "[img][/img]</a>
Album Picture

";} 
    echo "$warning" 
   ."</td></tr></table></td></tr></table>" 
   ."

<center><font class="tiny">"._CHECKSTORY."</font></center>"; 
    CloseTable(); 
    echo "
"; 
    OpenTable(); 
    echo "<form enctype="multipart/form-data" action="modules.php?name=$module_name" method="post">" 
   .""._YOURNAME.": "; 
    if (is_user($user)) { 
       cookiedecode($user); 
   echo "$cookie[1] <font class="content">[ "._LOGOUT." ]</font>"; 
    } else { 
   echo "$anonymous"; 
    } 
    echo "

Album Title
" 
   ."<input type="text" name="subject" size="50" maxlength="80" value="$subject">" 
   ."

Category<select name="topic">"; 
    $toplist = sql_query("select secid, secname from ".$prefix."_discography order by secname", $dbi); 
    echo "<OPTION VALUE="">Select One</option>n"; 
    while(list($secid, $discography) = sql_fetch_row($toplist, $dbi)) { 
        if ($secid==$topic) { $sel = "selected "; } 
       echo "<option $sel value="$secid">$discography</option>n"; 
       $sel = ""; 
        } 
    echo "</select>"; 
    if ($multilingual == 1) { 
   echo "

"._LANGUAGE.": " 
       ."<select name="alanguage">"; 
   $handle=opendir('language'); 
   while ($file = readdir($handle)) { 
       if (preg_match("/^lang-(.+).php/", $file, $matches)) { 
           $langFound = $matches[1]; 
           $languageslist .= "$langFound "; 
       } 
   } 
   closedir($handle); 
   $languageslist = explode(" ", $languageslist); 
   sort($languageslist); 
   for ($i=0; $i < sizeof($languageslist); $i++) { 
       if($languageslist[$i]!="") { 
      echo "<option value="$languageslist[$i]" "; 
      if($languageslist[$i]==$alanguage) echo "selected"; 
      echo ">".ucfirst($languageslist[$i])."</option>n"; 
       } 
   } 
   echo "</select>"; 
    } 
                echo "

Track Listing
(Please include any album notes under the track listing)
" 
                ."<textarea cols="50" rows="12" name="story">$story</text>
" 
     ."<font class="content">("._AREYOUSURE.")</font>

" 
   .""._ALLOWEDHTML."
"; 
    while (list($key,) = each($AllowableHTML)) echo " <".$key.">"; 
                echo "

"._RELDATE."
" 
                ."<input type="text" name="reldate" size="50" maxlength="80" value="$reldate">

"; 
                echo ""._RECCOMPANY."
" 
                ."<input type="text" name="recomp" size="50" maxlength="80" value="$recomp">
"; 
                echo "

" 
                ."<input type="hidden" name="suserfile" value="$userfile">"; 
                echo "<input type="submit" name="op" value=""._PREVIEW."">  " 
   ."<input type="submit" name="op" value=""._OK."">  " 
   ."<select name="posttype"><option value="exttrans""; 
    if ($posttype=="exttrans") { 
        echo " selected"; 
    } 
    echo ">"._EXTRANS."</option>n" 
   ."<OPTION value="html"";; 
    if ($posttype=="html") { 
        echo " selected"; 
    } 
    echo ">"._HTMLFORMATED."</option>n" 
   ."<OPTION value="plaintext""; 
    if (($posttype!="exttrans") && ($posttype!="html")) { 
        echo " selected"; 
    } 
    echo ">"._PLAINTEXT."</option></select>" 
   ."</form>"; 
    CloseTable(); 
    include ('wysiwygf.php'); 
    include ('footer.php'); 
} 

function submitStory($name, $address, $subject, $story, $storyext, $topic, $alanguage, $posttype, $reldate, $recomp, $suserfile) { 
    global $user, $EditedMessage, $cookie, $anonymous, $notify, $notify_email, $notify_subject, $notify_message, $notify_from, $prefix, $dbi, $HTTP_POST_FILES;  
$uploaddir = 'images/discography/'; 

if (move_uploaded_file($_FILES['suserfile']['tmp_name'], $uploaddir . $_FILES['suserfile']['name'])) { 
   $imagepath = 'images/discography/' . $_FILES['suserfile']['name']; 
} else { 
   $imagepath = ''; 
}    
    if (is_user($user)) { 
       cookiedecode($user); 
   $uid = $cookie[0]; 
   $name = $cookie[1]; 
    } else { 
       $uid = 1; 
   $name = "$anonymous"; 
    } 
    $subject = ereg_replace(""", "''", $subject); 
    $subject = FixQuotes(filter_text($subject, "nohtml")); 
    if($posttype=="exttrans") { 
       $story = FixQuotes(nl2br(htmlspecialchars(check_words($story)))); 
   $storyext = FixQuotes(nl2br(htmlspecialchars(check_words($storyext)))); 
    } elseif($posttype=="plaintext") { 
       $story = FixQuotes(nl2br(filter_text($story))); 
   $storyext = FixQuotes(nl2br(filter_text($storyext))); 
    } else { 
   $story = FixQuotes(filter_text($story)); 
   $storyext = FixQuotes(filter_text($storyext)); 
    } 
    $result = sql_query("insert into ".$prefix."_queue3 values (NULL, '$uid', '$name', '$subject', '$story', '$storyext', now(), '$topic', '$alanguage', '$reldate', '$recomp', '$imagepath')", $dbi); 
    if(!$result) { 
       echo ""._ERROR."
"; 
   exit(); 
    } 
    if($notify) { 
   $notify_message = "$notify_messagennn========================================================n$subjectnnn$storynn$storyextnn$name"; 
       mail($notify_email, $notify_subject, $notify_message, "From: $notify_fromnX-Mailer: PHP/" . phpversion()); 
    } 
    include ('header.php'); 
    OpenTable(); 
    $result = sql_query("select * from ".$prefix."_queue3", $dbi); 
    $waiting = sql_num_rows($result, $dbi); 
    echo "<center><font class="title">"._SUBSENT."</font>

" 
   ."<font class="content">"._THANKSSUB."

" 
   .""._SUBTEXT."" 
   ."
"._WEHAVESUB." $waiting "._WAITING.""; 
    CloseTable(); 
    include ('footer.php'); 
} 

switch($op) { 

    case ""._PREVIEW."": 
   PreviewStory($name, $address, $subject, $story, $storyext, $topic, $alanguage, $posttype, $reldate, $recomp, $userfile); 
   break; 

    case ""._OK."": 
   SubmitStory($name, $address, $subject, $story, $storyext, $topic, $alanguage, $posttype, $reldate, $recomp, $suserfile); 
   break; 

    default: 
   defaultDisplay(); 
   break; 

} 

?>

Thanks for your help,

-Bill

Kristic · 06-16-2003, 01:22 AM

ok, just a forwarning, I didnt look at all of the code...but I saw this at the end

Code:

   case ""._PREVIEW."": 
   PreviewStory($name, $address, $subject, $story, $storyext, $topic, $alanguage, $posttype, $reldate, $recomp, $userfile); 
   break; 

    case ""._OK."": 
   SubmitStory($name, $address, $subject, $story, $storyext, $topic, $alanguage, $posttype, $reldate, $recomp, $suserfile); 
   break;

shouldnt the submit story be

Code:

   SubmitStory($name, $address, $subject, $story, $storyext, $topic, $alanguage, $posttype, $reldate, $recomp, $userfile); 

and not

   SubmitStory($name, $address, $subject, $story, $storyext, $topic, $alanguage, $posttype, $reldate, $recomp, $suserfile);

mikem · 06-16-2003, 09:53 AM

I think you may need some sort of INSERT command to make sure the file path is written to that row in the table.

Example

Code:

	$db->sql_query("INSERT INTO ".$user_prefix."_users_temp (user_id, username, user_email, user_password, user_regdate, check_num, time) VALUES (NULL, '$username', '$user_email', '$new_password', '$user_regdate', '$check_num', '$time')");

I just grabbed some code from the Your Acount module for reference.

mikem