<?php 
require_once ('includes/config.inc.php'); 
$page_title = 'YOUR PAGE TITLE GOES HERE';

// Start output buffering:
ob_start();

// Initialize a session:
session_start();

// Check for a $page_title value:
if (!isset($page_title)) {
	$page_title = 'User profile Edit';
}

// If no first_name session variable exists, redirect the user:
if (!isset($_SESSION['first_name'])) {
	
	$url = BASE_URL . 'index.php'; // Define the URL.
	ob_end_clean(); // Delete the buffer.
	header("Location: $url");
	exit(); // Quit the script.
	
}

?>
<?php

session_start();

// Validate log in, etc
$_SESSION['user_id'] = $user_id;
$_SESSION['user_name'] = $user_name;

?>

<?php
$con = mysql_connect("localhost","xxxxxxxxx","xxxxxxxxxxx");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("lenmat_registration", $con);
?>



<?php



//define a maxim size for the uploaded images in Kb
define ("MAX_SIZE","1000");
//This function reads the extension of the file. It is used to determine if the file is an image by checking the extension.
function getExtension($str) {
$i = strrpos($str,".");
if (!$i) { return ""; }
$l = strlen($str) - $i;
$ext = substr($str,$i+1,$l);
return $ext;
}
//This variable is used as a flag. The value is initialized with 0 (meaning no error found) and it will be changed to 1 if an errro occures. If the error occures the file will not be uploaded.
$errors=0;
//checks if the form has been submitted
if(isset($_POST['Submit']))
{
//reads the name of the file the user submitted for uploading
$image=$_FILES['image']['name'];
//if it is not empty
if ($image)
{
//get the original name of the file from the clients machine
$filename = stripslashes($_FILES['image']['name']);
//get the extension of the file in a lower case format
$extension = getExtension($filename);
$extension = strtolower($extension);
//if it is not a known extension, we will suppose it is an error and will not upload the file, otherwize we will do more tests
if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif"))
{
//print error message
echo '<h1>Unknown extension!</h1>';
$errors=1;
}
else
{
//get the size of the image in bytes
//$_FILES['image']['tmp_name'] is the temporary filename of the file in which the uploaded file was stored on the server
$size=filesize($_FILES['image']['tmp_name']);
//compare the size with the maxim size we defined and print error if bigger
if ($size > MAX_SIZE*1000)
{
echo '<h1>You have exceeded the size limit!</h1>';
$errors=1;
}
//we will give an unique name, for example the time in unix time format
$image_name=time() . '.'.$extension;
//the new name will be containing the full path where will be stored (images folder)
$newname="usergallery/".$image_name;
//we verify if the image has been uploaded, and print error instead
if ($errors != 1)
{
$copied = copy($_FILES['image']['tmp_name'], $newname);
$query="INSERT INTO usergallery (pimage, species, location, user_id, user_name) values ('$image_name', '$species','$location' ,'$user_id', '$user_name')"; //into database
mysql_query( $query ); 
}
else
{
$copied = false;
}
if (!$copied)
{
echo '<h1>Copy unsuccessfull!</h1>';
$errors=1;
}}}}
//If no errors registred, print the success message
if(isset($_POST['Submit']) && !$errors)
{
echo "<h1>File Uploaded Successfully! Try again!</h1>";
}  

?>
<form name="gallery" method="post" enctype="multipart/form-data" action="test1.php">
<table>
<tr><td><input type="file" name="image"></td></tr>
<input type="hidden" name="user_id" value="$_SESSION['user_id']" />
<input type="hidden" name="user_name" value="$_SESSION['user_name']" />
<tr><td>Species: <input type="text" name="species" /></td></tr>

<tr><td>Location: <input type="text" name="location" /></td></tr>

<tr><td><input name="Submit" type="submit" value="Upload image"></td></tr>
</table>
</form>