-1

I'm trying to create a profile page for my members that allows them to change their avatar, but I'm having some issues with the upload part.

if ($_POST['avatar']) {
    $avatar = $_POST['avatar'];
    $avatype = $_FILES['avatar']['type'];
    $avasize = $_FILES['avatar']['size'];
    $avatemp = $_FILES['avatar']['tmp_name']; //edited, removed the e in tmp
    $avaname = $_SESSION['login'];
    if ($avasize > 512000) { 
        echo 'too big';
    } else { 
        $avapath = 'images/avatar/'.$avaname;
        if (is_uploaded_file($avatemp)) {
            if (move_uploaded_file($avatemp, $avapath)) {
                $avaIsSet = $db->query('UPDATE `users` SET `hasavatar`="1" WHERE `id`="'.$_SESSION['id'].'"');
                $avaIsSet->execute();
        } else {
                echo 'not moved';
            }
        } else {
            echo 'not uploaded';
        }
    }
}

The fact is that when I'm trying to get it to work, I always have the same error code: not uploaded

I really hope you guys will be able to help me,
Thanks

EDIT:

Here is the html code that leads to the php file which applies the modifications: 

<?php if ($selfmodify) { ?>
<form action="updateprofile.php"  method="post">
                <div class="form-group">
            <? } ?>
        <div class="col-md-2 col-sm-2"></div>
        <div class="col-md-3 col-sm-3" id="avatar">
            <br/>
            <img src="images/avatar/<?php if ($pdata[hasavatar] == 1) { echo $pdata[id]; } else { echo "default"; } ?>" style="width: 100%" class="img-rcor">
            <?php if ($selfmodify) { ?>
            <input type="file" name="avatar" accept="image/*">
            <? } ?>
        </div>
        <div class="col-md-1 col-sm-1"></div>
        <div class="col-md-4 col-sm-4">
            <h3><?php echo $pdata[login]; ?></h3>
            <br/>
            <p align="left">Prénom: <?php if ($selfmodify) echo '<input type="text" class="form-control" name="firstname" value="'; ?><?php echo $pdata[fname]; ?><?php if ($selfmodify) echo '">'; ?><br/><br/>
            Nom: <?php if ($selfmodify) echo '<input type="text" class="form-control" name="lastname" value="'; ?><?php echo $pdata[famname]; ?><?php if ($selfmodify) echo '">'; ?><br/><br/>
            <?php if (($pdata[showmail] == 1) || ($selfmodify)) echo 'E-mail: '.$pdata[email]. '<br/>'; if ((!$selfmodify) && ($pdata[showmail] == 1)) echo '<br/>'; ?>
            <?php if ($selfmodify) { ?>
            <input type="checkbox" name="showmail" value="showmail" <?php if ($pdata[showmail] == 1) echo 'checked'; ?>> Rendre mon e-mail visible
            <br/><br/>
            <? } ?>
            Dernière connexion: <?php if ($pdata[isonline] == 1) { echo 'Actuellement en ligne'; } else { echo $pldate.' à '.substr($pdata[lasttime], 0, -3).' (GMT)'; } ?></p>
            <br/>
            <?php if ($selfmodify) { ?>
                    <br/><br/>
                    <input type="submit" class="btn btn-info" name="confirm" value="Confirmer">
                </div>
            </form>

I know that my code is a real mess, but I'm focusing on the result that it gives, not the way my code is structured. I'm unexperienced, I guess it will come later, but for now I'm trying my best.

Pyrewolf
  • 35
  • 6
  • Adding to what @DominiqueLorre said below, are you sure this is correct, `$avaname = $_SESSION['login'];`? Don't you think it should be `$avaname = $_FILES['avatar']['name'];`? – Rajdeep Paul Sep 11 '16 at 12:39
  • I want $avaname to be the final name of the file (a custom one that's compatible with my profile page methods), so I guess I'm not that wrong – Pyrewolf Sep 11 '16 at 18:28

1 Answers1

1

Try with this:

$avatemp = $_FILES['avatar']['tmp_name'];

NB: Answer in the comments

Pyrewolf
  • 35
  • 6
Dominique Lorre
  • 1,168
  • 1
  • 10
  • 19
  • I've checked and re-checked, I'm still getting the error. I've also checked the PHP permissions I've been granted by my host, and upload_file is 'On' and even when trying on another Browser or computer, the error is still the same. – Pyrewolf Sep 11 '16 at 18:43
  • try these: `var_dump($_POST); var_dump($_FILES); var_dump($_SESSION);` to see what you get. – Dominique Lorre Sep 11 '16 at 18:54
  • Here is what I get when I `var_dump()` for those expressions: `array(5) { ["avatar"]=> string(11) "images.jpeg" ["firstname"]=> string(6) "Déven" ["lastname"]=> string(6) "Esteve" ["showmail"]=> string(8) "showmail" ["confirm"]=> string(9) "Confirmer" } array(0) { } array(3) { ["connected"]=> int(1) ["login"]=> string(9) "Aurgelmir" ["id"]=> string(1) "0" }` If I'm right, $_FILES returns nothing – Pyrewolf Sep 11 '16 at 19:24
  • OK, you're probably missing an ``, check [this tutorial](http://www.w3schools.com/php/php_file_upload.asp) – Dominique Lorre Sep 11 '16 at 19:38
  • No, the image is supposed to be sent with this code: `` I've put it in a form that `POST` to my php page (the one that is supposed to upload the image) By the way I've read this tutorial a few times before trying to make my own code portion – Pyrewolf Sep 11 '16 at 19:48
  • Then post the relevant code, I can only make educated guesses. – Dominique Lorre Sep 11 '16 at 19:51
  • I added the html code, I hope it will be enough for you to help – Pyrewolf Sep 11 '16 at 20:10
  • Try with `enctype="multipart/form-data"`, as explained [here](http://stackoverflow.com/questions/2509024/files-is-null-post-is-not-null) – Dominique Lorre Sep 11 '16 at 20:27
  • OK, it solved the `not uploaded` issue, and now the `var_dump($_FILES)` returns `array(1) { ["avatar"]=> array(5) { ["name"]=> string(11) "images.jpeg" ["type"]=> string(10) "image/jpeg" ["tmp_name"]=> string(14) "/tmp/php6Zv0IR" ["error"]=> int(0) ["size"]=> int(9702) } }`, so it seems to indicate that the file exists and is stocked as a temp file, but no upload is done, I don't have any new file in my target dir – Pyrewolf Sep 11 '16 at 20:46
  • does it echo "not moved"? – Dominique Lorre Sep 11 '16 at 20:53
  • add `echo moved` after `move_uploaded_file` – Dominique Lorre Sep 11 '16 at 21:18
  • Well, I didn't change the code and now it works with the `enctype` modification you have suggested, I think that's due to a necessary refresh that didn't occur the first time, when I echo the error, there's nothing, and the dump says `["error"]=> int(0)`, I think we're done there Thank you very much for your help – Pyrewolf Sep 11 '16 at 21:27