Fixing upload file

df17127f · Tegar Aji Pangestu · 49d43c44 · df17127f · df17127f
Commit df17127f authored 9 years ago by Tegar Aji Pangestu
--- a/code/edit_post_action.php
+++ b/code/edit_post_action.php
@@ -44,42 +44,39 @@ if (isset($_SESSION["isLogin"]) && (isset($_POST['csrf_token']) && $_POST['csrf_
 		} else {
 		    if (move_uploaded_file($_FILES["image"]["tmp_name"], $target_file)) {
 		        echo "The file ". basename( $_FILES["image"]["name"]). " has been uploaded.<br>";
-		    } else {
-		        echo "Sorry, there was an error uploading your file.<br>";
-		    }
-		}
-
-	}
-
-
    $con = phpsqlconnection();

    $getpostresult = getspecificpost($con,$postid);
        $row = mysqli_fetch_array($getpostresult);

-	if ($row['Nama'] != $_SESSION['myNama']) {
-		echo "Maaf Anda bukan pemilik post ini!";
-	} else {
-		if (isset($_FILES["image"])) {
-			$stmt = $con->prepare("UPDATE post SET Title=?,Date=?, Contents=?, Image=? WHERE Post_Id=?");
-			$stmt->bind_param('ssssi', $Judul, $Tanggal, $Konten, $target_file, $postid);
-			$stmt->execute();
+		if ($row['Nama'] != $_SESSION['myNama']) {
+			echo "Maaf Anda bukan pemilik post ini!";
+		} else {
+			if (isset($_FILES["image"])) {
+				$stmt = $con->prepare("UPDATE post SET Title=?,Date=?, Contents=?, Image=? WHERE Post_Id=?");
+				$stmt->bind_param('ssssi', $Judul, $Tanggal, $Konten, $target_file, $postid);
+				$stmt->execute();

-			// mysqli_query($con,"UPDATE post SET Title='".$Judul."'".","."Date='".$Tanggal."'".","."Contents='".$Konten."'".", Image='".$target_file."' WHERE Post_Id=".$postid);			
-			// echo "UPDATE post SET Title='".$Judul."'".","."Date='".$Tanggal."'".","."Contents='".$Konten."'".", Image='".$target_file."' WHERE Post_Id=".$postid;
-		}
-		else {
-			$stmt = $con->prepare("UPDATE post SET Title=?,Date=?, Contents=? WHERE Post_Id=?");
-			$stmt->bind_param('sssi', $Judul, $Tanggal, $Konten, $postid);
-			$stmt->execute();
+				// mysqli_query($con,"UPDATE post SET Title='".$Judul."'".","."Date='".$Tanggal."'".","."Contents='".$Konten."'".", Image='".$target_file."' WHERE Post_Id=".$postid);			
+				// echo "UPDATE post SET Title='".$Judul."'".","."Date='".$Tanggal."'".","."Contents='".$Konten."'".", Image='".$target_file."' WHERE Post_Id=".$postid;
+			}
+			else {
+				$stmt = $con->prepare("UPDATE post SET Title=?,Date=?, Contents=? WHERE Post_Id=?");
+				$stmt->bind_param('sssi', $Judul, $Tanggal, $Konten, $postid);
+				$stmt->execute();

-			// mysqli_query($con,"UPDATE post SET Title='".$Judul."'".","."Date='".$Tanggal."'".","."Contents='".$Konten."'"."WHERE Post_Id=".$postid);
-			// echo "UPDATE post SET Title='".$Judul."'".","."Date='".$Tanggal."'".","."Contents='".$Konten."'"."WHERE Post_Id=".$postid;
+				// mysqli_query($con,"UPDATE post SET Title='".$Judul."'".","."Date='".$Tanggal."'".","."Contents='".$Konten."'"."WHERE Post_Id=".$postid);
+				// echo "UPDATE post SET Title='".$Judul."'".","."Date='".$Tanggal."'".","."Contents='".$Konten."'"."WHERE Post_Id=".$postid;
+			}
+			header("Location: index.php");
 		}
-		header("Location: index.php");
-	}

-	die();
+		die();    	
+
+		    } else {
+		        echo "Sorry, there was an error uploading your file.<br>";
+		    }
+
 }else{
    header("Location: login.php"); /* Redirect browser */
 }

--- a/code/new_post_action.php
+++ b/code/new_post_action.php
@@ -40,29 +40,29 @@ if (isset($_SESSION["isLogin"]) && (isset($_POST['csrf_token']) && $_POST['csrf_
 	} else {
 	    if (move_uploaded_file($_FILES["image"]["tmp_name"], $target_file)) {
 	        echo "The file ". basename( $_FILES["image"]["name"]). " has been uploaded.<br>";
-	    } else {
-	        echo "Sorry, there was an error uploading your file.<br>";
-	    }
-	}
+			$con = phpsqlconnection();

-	$con = phpsqlconnection();
+			$stmt = $con->prepare("INSERT INTO post (Post_Id, Creator_Id, Title, Date, Contents, Image) 
+				VALUES (NULL,?,?,?,?,?)");
+			$stmt->bind_param('issss', $creatorid, $Judul, $Tanggal, $Konten, $target_file);
+			$stmt->execute();
+			// $result = $stmt->get_result();

-	$stmt = $con->prepare("INSERT INTO post (Post_Id, Creator_Id, Title, Date, Contents, Image) 
-		VALUES (NULL,?,?,?,?,?)");
-	$stmt->bind_param('issss', $creatorid, $Judul, $Tanggal, $Konten, $target_file);
-	$stmt->execute();
-	// $result = $stmt->get_result();
+			// $sql = "INSERT INTO post (Post_Id, Creator_Id, Title, Date, Contents, Image) 
+			// 	VALUES (NULL".",".$creatorid.","."'".$Judul."'".","."'".$Tanggal."'".","."'".$Konten."'".","."'".$target_file."')";
+			if ($stmt->execute()) {
+				// echo "Huba";
+			   	header("Location: index.php");
+			} else {
+			    echo "Error: " . $sql . "<br>" . mysqli_error($con);
+			}

-	// $sql = "INSERT INTO post (Post_Id, Creator_Id, Title, Date, Contents, Image) 
-	// 	VALUES (NULL".",".$creatorid.","."'".$Judul."'".","."'".$Tanggal."'".","."'".$Konten."'".","."'".$target_file."')";
-	if ($stmt->execute()) {
-		// echo "Huba";
-	   	header("Location: index.php");
-	} else {
-	    echo "Error: " . $sql . "<br>" . mysqli_error($con);
-	}
+			die();

-	die();
+	    } else {
+	        echo "Sorry, there was an error uploading your file.<br>";
+	    }
+	}

 }else{
    header("Location: login.php"); /* Redirect browser */