I have a user registration script that includes image upload. Everything works, but each time a user registers, the image he/she uploads replaces the image (userimage) of every other user. What I need is to only update the userimage of that user based on ID. Any help would be much appreciated. Here is my code:
<?php
// configuration
require("../../includes/config.php");
// query users table to retrieve admin homepage's contents
// $users = query("SELECT * FROM users WHERE id = ?");
//Class import for image uploading
//classes is the map where the class file is stored (one above the root)
include ("../../classes/upload/upload_class.php");
$id = $_GET["id"];
$users = query("SELECT * FROM users WHERE id = '$id'");
// if form was submitted, modify user
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
// validate submission
if (empty($_POST["firstname"]))
{
adminapologize("Provide your first name.");
}
if (empty($_POST["lastname"]))
{
adminapologize("Provide your last name.");
}
if (empty($_POST["username"]))
{
adminapologize("Provide a username.");
}
if (empty($_POST["usersex"]))
{
adminapologize("Select your sex.");
}
else if (empty($_POST["password"]))
{
adminapologize("Enter a password.");
}
else if (empty($_POST["confirmation"]))
{
adminapologize("Confirm your password.");
}
else if ($_POST["password"] != $_POST["confirmation"])
{
adminapologize("Password and confirmation do not match.");
}
if (empty($_POST["email"]))
{
adminapologize("Provide your email address.");
}
if (empty($_POST["phone"]))
{
adminapologize("Enter your phone number.");
}
//This is the directory where images will be saved
$max_size = 1024*250; // the max. size for uploading
$my_upload = new file_upload;
$my_upload->upload_dir = "../images/user/"; // "files" is the folder for the uploaded files (you have to create this folder)
$my_upload->extensions = array(".png", ".gif", ".jpeg", ".jpg"); // specify the allowed extensions here
// $my_upload->extensions = "de"; // use this to switch the messages into an other language (translate first!!!)
$my_upload->max_length_filename = 50; // change this value to fit your field length in your database (standard 100)
$my_upload->rename_file = true;
$my_upload->the_temp_file = $_FILES['userimage']['tmp_name'];
$my_upload->the_file = $_FILES['userimage']['name'];
$my_upload->http_error = $_FILES['userimage']['error'];
$my_upload->replace = "y";
$my_upload->do_filename_check = "n"; // use this boolean to check for a valid filename
if ($my_upload->upload()) // new name is an additional filename information, use this to rename the uploaded file
{
if (!empty($_POST["username"]))
{
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$usersex = $_POST['usersex'];
$password = crypt($_POST['password']);
$email = $_POST["email"];
$phone = $_POST["phone"];
$userimage = $_FILES["userimage"]["name"];
$helpduration = $_POST["helpduration"];
$userfunds = $_POST["userfunds"];
// validate username
$username = ($_POST["username"]);
if (!preg_match("/^[a-zA-Z0-9]*$/", $username))
{
adminapologize("Username must contain only letters and numbers.");
}
if (strlen($username) < 4 || strlen($username) > 10)
{
adminapologize("Username must be from 4 to 10 characters.");
}
// validate email address
$email = ($_POST["email"]);
if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/", $email))
{
adminapologize("Invalid email address.");
}
if ($_POST["email"] === false)
{
adminapologize("The email has already been taken.");
}
// Don't allow country codes to be included (assumes a leading "+")
if (preg_match('/^(\+)[\s]*(.*)$/',$phone))
{
adminapologize("You should not include the country code.");
}
// Remove hyphens - they are not part of a telephone number
$phone = str_replace ('-', '', $phone);
// Now check that all the characters are digits
if (!preg_match('/^[0-9]{10,11}$/',$phone))
{
adminapologize("Phone number should be either 10 or 11 digits");
}
// Now check that the first digit is 0
if (!preg_match('/^0[0-9]{9,10}$/',$phone))
{
adminapologize("The telephone number should start with a 0");
}
if ($_POST["phone"] === false)
{
adminapologize("The phone number is already in the database.");
}
// insert form input into database
$result = query("UPDATE users SET firstname = '$firstname', lastname = '$lastname', username = '$username', usersex = '$usersex', hash = '$password', email = '$email', phone = '$phone', userimage = '$userimage', helpduration = '$helpduration', userfunds = '$userfunds' WHERE id = '$id'");
// if username is in database
if ($result === false)
{
adminapologize("There was an error modifying this user.");
}
// update users' DB table to reference the image's new file name
query(sprintf("UPDATE users SET userimage = '%s'", $my_upload->file_copy));
// find out user's ID
$rows = query("SELECT LAST_INSERT_ID() AS id");
$id = $rows[0]["id"];
// redirect to portfolio
redirect("list-users.php");
}
}
}
// render portfolio
adminrender("modify-user_template.php", ["title" => "Admin - Modify User"]);
?>