diff options
Diffstat (limited to 'dash')
| -rw-r--r-- | dash/dash_functions.php | 6 | ||||
| -rw-r--r-- | dash/profile.php | 15 |
2 files changed, 11 insertions, 10 deletions
diff --git a/dash/dash_functions.php b/dash/dash_functions.php index 56785a5..9aaa78f 100644 --- a/dash/dash_functions.php +++ b/dash/dash_functions.php @@ -19,8 +19,12 @@ function typestr ($type) { function rating_format ($rating = null, $typestr = 'Employer') { return '<span class="ratingdata" data-rating="'.(is_null($rating) ? 'undef' : number_format($rating, 1)).'"></span>'; } +function genpicstr () { + global $b_user; + return 'uimg/'.uniqid($b_user['id'].'_', true).'.png'; +} function picture_format ($picstr = null) { - return is_null($picstr) ? 'uimg/default.png' : 'uimg/'.htmlentities($picstr).'.png'; + return is_null($picstr) ? 'uimg/default.png' : htmlentities($picstr); } function draw_norate_p () { ?> diff --git a/dash/profile.php b/dash/profile.php index d730dc9..fa3ee8e 100644 --- a/dash/profile.php +++ b/dash/profile.php @@ -57,7 +57,7 @@ while ($row = $result->fetch_assoc()) { <div class="review"> <div class="reviewleft"> <p class="revname"><a href="profile.php?id=<?=$row['uid'];?>"><?=htmlentities($row['name']);?></a></p> - <p class="revpic"><img src="uimg/<?=is_null($row['picture']) ? 'default.png' : intval($row['picture']).'.png';?>" alt="Profile Picture" /></p> + <p class="revpic"><img src="<?=picture_format($row['picture']);?>" alt="Profile Picture" /></p> <p class="revjob">Based on <a href="ads.php?id=<?=$row['adid'];?>"><?=htmlentities($row['title']);?></a></p> </div> <div class="reviewright"> @@ -97,11 +97,13 @@ $result->free(); ), 'changed.tpl')) or dash_fatal('We couldn\'t send mail to your new email address, so your profile has not been updated.'); } if (!empty($_FILES['picture']['tmp_name'])) { - $usepropic = ', picture = id'; + $picstr = genpicstr(); + $usepropic = ', picture = \''.$db->escape_string($picstr).'\''; $tmpfile = $_FILES['picture']['tmp_name']; if (getimagesize($tmpfile) === false) dash_fatal('Your uploaded file is not an image.'); @$img = imagecreatefromstring(file_get_contents($tmpfile)); - @imagepng($img, 'uimg/'.$b_user['id'].'.png'); + @imagepng($img, $picstr) or dash_fatal('Your new profile picture could not be saved to the server.'); + @unlink($b_user['picture']); @imagedestroy($img); } $db->query('UPDATE users SET email = \''.$db->escape_string($_POST['email']).'\', zipcode = \''.$db->escape_string($_POST['zip']).'\', phone = \''.$db->escape_string($_POST['phone']).'\', address = '.$addr.', bio = '.$bio.$usepropic.$deactivate.' WHERE id = '.$b_user['id']) or dash_fatal($db->error); @@ -121,12 +123,7 @@ $result->free(); <div id="proleft"> <h4>Profile Picture</h4> <div id="propic"> -<?php - if (is_null($user['picture'])) - echo ' <img src="uimg/default.png" alt="Profile Picture" />'.PHP_EOL; - else - echo ' <img src="uimg/'.$user['picture'].'.png" alt="Profile Picture" />'.PHP_EOL; -?> + <img src="<?=picture_format($user['picture']);?>" alt="Profile Picture" /> <p id="hoverupload">Upload New</p> </div> <p class="hidden"><input id="chpic" type="file" name="picture" type="image/*" value="Upload New" /></p> |