Uploading default avatars with php

Question

It keeps giving me same error message when I don't want to upload an avatar and keep a default 'avatar1.jpg'. "Invalid File Type!" What could be wrong? When I upload an avatar, it works fine.

This code is the function which stays in the functions.php

public function uploadAvatar(){
        $allowedExts = array("gif", "jpeg", "jpg", "png");
        $temp = explode(".", $_FILES["avatar"]["name"]);
        $extension = end($temp);
        if ((($_FILES["avatar"]["type"] == "image/gif")
                || ($_FILES["avatar"]["type"] == "image/jpeg")
                || ($_FILES["avatar"]["type"] == "image/jpg")
                || ($_FILES["avatar"]["type"] == "image/pjpeg")
                || ($_FILES["avatar"]["type"] == "image/x-png")
                || ($_FILES["avatar"]["type"] == "image/png"))
                && ($_FILES["avatar"]["size"] < 1000000)
                && in_array($extension, $allowedExts)) {
            if ($_FILES["avatar"]["error"] > 0) {
                redirect('register.php', $_FILES["avatar"]["error"], 'error');
            } else {
                if (file_exists("images/avatars/" . $_FILES["avatar"]["name"])) {
                    redirect('register.php', 'File already exists', 'error');
                } else {
                    move_uploaded_file($_FILES["avatar"]["tmp_name"],
                    "images/avatars/" . $_FILES["avatar"]["name"]);

                    return true;
                }
            }

        } 

        else {
            redirect('register.php', 'Invalid File Type!', 'error');
        }
    }

This code is getting the function, " if($user->uploadAvatar()){ ... } "to set up a default image if nothing is uploaded.

if(isset($_POST['register-input'])){
    //Create Data Array
    $data = array();
    $data['name'] = $_POST['name'];
    $data['email'] = $_POST['email'];
    $data['username'] = $_POST['username'];
    $data['password'] = md5($_POST['password']);
    $data['password2'] = md5($_POST['password2']);
    $data['about'] = $_POST['about'];
    $data['last_activity'] = date("Y-m-d H:i:s");

    //Required Fields
    $field_array = array('name','email','username','password','password2');

        if($validate->isRequired($field_array)){
            if($validate->isValidEmail($data['email'])){
                if($validate->passwordsMatch($data['password'],$data['password2'])){
                        //Upload Avatar Image
                        if($user->uploadAvatar()){
                            $data['avatar'] = $_FILES["avatar"]["name"];
                        }   else{

                            $data['avatar'] = 'avatar1.jpg';
                        }

                        //Register User
                        if($user->register($data)){
                            redirect('index.php', 'You are registered and can now log in', 'success');
                        } else {
                            redirect('index.php', 'Something went wrong with registration', 'error');
                        }
                } else {
                    redirect('register.php', 'Your passwords did not match', 'error');
                }
            } else {
                redirect('register.php', 'Please use a valid email address', 'error');
            }
        } else {
            redirect('register.php', 'Please fill in all required fields', 'error');
        }

}

Danny you said you tried my code and it wouldn't work when there was no upload. With my solution, does the script execution path enter the `$data['avatar']='avatar1.jpg'` path? What error do you get? — BeetleJuice, Jul 22 '16 at 12:22
I get this error actually, it is in the function. else { redirect('register.php', 'Invalid File Type!', 'error'); } } — Danny, Jul 22 '16 at 12:29
did you put my code block at the very beginning of the function? (not the beginning of the main script). If so, what shows up when you do `print_r($_FILES['avatar'])` at the top of that function when you have not uploaded any file? — BeetleJuice, Jul 22 '16 at 12:34
***You really shouldn't use [MD5 password hashes](http://security.stackexchange.com/questions/19906/is-md5-considered-insecure)*** and you really should use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. Make sure you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Jul 22 '16 at 17:34

Justinas · Answer 1 · 2016-07-22T11:46:27.147

If you don't upload avatar file, than when checking for $_FILES["avatar"]["type"] you will always receive false null == "image/gif" || null == "image/jpeg"....

First check if you have this file by doing if (!empty($_FILES['avatar']))

Side note You can change this code:

($_FILES["avatar"]["type"] == "image/gif")
    || ($_FILES["avatar"]["type"] == "image/jpeg")
    || ($_FILES["avatar"]["type"] == "image/jpg")
    || ($_FILES["avatar"]["type"] == "image/pjpeg")
    || ($_FILES["avatar"]["type"] == "image/x-png")
    || ($_FILES["avatar"]["type"] == "image/png")

to

in_array($FILES['avatar']['type'], ["image/gif", "image/jpeg", "image/pjpeg", "image/x-png", "image/png"])

Ehsan · Answer 2 · 2016-07-22T11:44:19.633

0

you can use :

                    if($user->uploadAvatar()){
                        $data['avatar'] = $_FILES["avatar"]["name"];
                    }   else{

                       $file =      'avatar1.jpg';

                       // Open the file to get existing content
                      $data = file_get_contents($file);

                     // New file
                        $new = 'new_name.jpg';

                     // Write the contents back to a new file
                      file_put_contents($new, $data);
                    }

edited Jul 22 '16 at 11:44

answered Jul 22 '16 at 11:41

Ehsan

439
3
15

1

@Justinas this is sample , to convey meaning upload from file – Ehsan Jul 22 '16 at 11:43
I think there must be something wrong in the uploadavatar() function. Because the error text is coming from there. What do you think? – Danny Jul 22 '16 at 11:49

BeetleJuice · Answer 3 · 2016-07-22T11:49:24.720

0

At the top of uploadAvatar, you need to check whether there is a file to process before you start the work. Start the function with these lines

if(empty($_FILES['avatar']) ||
   !file_exists($_FILES['avatar']['tmp_name']) ||
   !is_uploaded_file($_FILES['avatar']['tmp_name'])
) return false;

edited Jul 22 '16 at 11:49

answered Jul 22 '16 at 11:44

BeetleJuice

39,516
19
105
165

Uploading default avatars with php

3 Answers3