Reply To: Chat room not working

[__]

Let’s take a quick look at this:

$saveto = "$user.jpg";

Is the $user variable defined anywhere? If not, your “saveto” filename is just .jpg. Also, why are you labelling the file as a jpeg when you also accept gif and ong formats (and don’t yet know which was uploaded)?

move_uploaded_file($_FILES['image']['tmp_name'], $saveto);

You’re saving the uploaded file before you do any validation. Basically, nothing matters after this point, because you have already accepted the file.

$typeok = TRUE;

What’s the point of this?

switch($_FILES['image']['type'])

Remember, the “mime type is however not checked on the PHP side and therefore don’t take its value for granted.”

$src = imagecreatefromgif($saveto);  // and fromjpg, frompng

Are you using $src for some purpose later on? as mentioned above, if this is supposed to be a security check, it’s too late.

default:            $typeok = FALSE;

What’s the point of this?

I am getting no error. The file is just not uploaded.

→ Are you sure you’re not getting an error? you’ve made sure that error reporting is enabled? you’ve checked your error logs and made sure there were no error messages output to your page source?

→ You’re sure the file is not uploaded? how did you check? Keep in mind that, if your $saveto begins with a dot, the filesystem will consider it “hidden” and not display it by default.

tl;dr: This should not be on your server. It is an open door for someone to take over.

I am also not sure if this is the same problem you originally posted about. (It would seem not.) If you’re interested in uploading files, you should do some research, start over, and then ask any specific questions.

If you’re still asking about the chat server, “there are security problems” is not an idle comment. It means, “DO NOT USE THIS.” If you want to make your own, my advice is to start without ajax (so it works via normal form submissions), and then add ajax to it once you get things figured out.