SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Member
    Join Date
    Feb 2012
    Posts
    14
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP Help! action.php HTTP 400 Bad Request - What 'am I missing?

    Building a photo album / upload image page in my website.
    I have a page that’s giving me trouble… action.php

    Error when I test in browser: HTTP 400 Bad Request / webpage cannot be found (highlighted below)

    <?php

    define('PHPWG_ROOT_PATH','./');
    include_once(PHPWG_ROOT_PATH.'include/common.inc.php');

    // Check Access and exit when user status is not ok
    check_status(ACCESS_GUEST);

    function guess_mime_type($ext)
    {
    switch ( strtolower($ext) )
    {
    case "jpe": case "jpeg":
    case "jpg": $ctype="image/jpeg"; break;
    case "png": $ctype="image/png"; break;
    case "gif": $ctype="image/gif"; break;
    case "tiff":
    case "tif": $ctype="image/tiff"; break;
    case "txt": $ctype="text/plain"; break;
    case "html":
    case "htm": $ctype="text/html"; break;
    case "xml": $ctype="text/xml"; break;
    case "pdf": $ctype="application/pdf"; break;
    case "zip": $ctype="application/zip"; break;
    case "ogg": $ctype="application/ogg"; break;
    default: $ctype="application/octet-stream";
    }
    return $ctype;
    }

    function do_error( $code, $str )
    {
    set_status_header( $code );
    echo $str ;
    exit();
    }


    if (!isset($_GET['id'])
    or !is_numeric($_GET['id'])
    or !isset($_GET['part'])
    or !in_array($_GET['part'], array('t','e','i','h') ) )
    {
    do_error(400, 'Invalid request - id/part');}

    $query = '
    SELECT * FROM '. IMAGES_TABLE.'
    WHERE id='.$_GET['id'].'
    ;';

    $result = pwg_query($query);
    $element_info = pwg_db_fetch_assoc($result);
    if ( empty($element_info) )
    {
    do_error(404, 'Requested id not found');
    }

    // $filter['visible_categories'] and $filter['visible_images']
    // are not used because it's not necessary (filter <> restriction)
    $query='
    SELECT id
    FROM '.CATEGORIES_TABLE.'
    INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON category_id = id
    WHERE image_id = '.$_GET['id'].'
    '.get_sql_condition_FandF(
    array(
    'forbidden_categories' => 'category_id',
    'forbidden_images' => 'image_id',
    ),
    ' AND'
    ).'
    LIMIT 1
    ;';
    if ( pwg_db_num_rows(pwg_query($query))<1 )
    {
    do_error(401, 'Access denied');
    }

    include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php');
    $file='';
    switch ($_GET['part'])
    {
    case 't':
    $file = get_thumbnail_path($element_info);
    break;
    case 'e':
    $file = get_element_path($element_info);
    break;
    case 'i':
    $file = get_image_path($element_info);
    break;
    case 'h':
    if ( $user['enabled_high']!='true' )
    {
    do_error(401, 'Access denied h');
    }
    $file = get_high_path($element_info);
    break;
    }

    if ( empty($file) )
    {
    do_error(404, 'Requested file not found');
    }

    if ($_GET['part'] == 'h') {
    pwg_log($_GET['id'], 'high');
    }
    else if ($_GET['part'] == 'e')
    {
    pwg_log($_GET['id'], 'other');
    }

    $http_headers = array();

    $ctype = null;
    if (!url_is_remote($file))
    {
    if ( !@is_readable($file) )
    {
    do_error(404, "Requested file not found - $file");
    }
    $http_headers[] = 'Content-Length: '.@filesize($file);
    if ( function_exists('mime_content_type') )
    {
    $ctype = mime_content_type($file);
    }

    $gmt_mtime = gmdate('D, d M Y H:i:s', filemtime($file)).' GMT';
    $http_headers[] = 'Last-Modified: '.$gmt_mtime;

    // following lines would indicate how the client should handle the cache
    /* $max_age=300;
    $http_headers[] = 'Expires: '.gmdate('D, d M Y H:i:s', time()+$max_age).' GMT';
    // HTTP/1.1 only
    $http_headers[] = 'Cache-Control: private, must-revalidate, max-age='.$max_age;*/

    if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) )
    {
    set_status_header(304);
    foreach ($http_headers as $header)
    {
    header( $header );
    }
    exit();
    }
    }

    if (!isset($ctype))
    { // give it a guess
    $ctype = guess_mime_type( get_extension($file) );
    }

    $http_headers[] = 'Content-Type: '.$ctype;

    if (!isset($_GET['view']))
    {
    $http_headers[] = 'Content-Disposition: attachment; filename="'.$element_info['file'].'";';
    $http_headers[] = 'Content-Transfer-Encoding: binary';
    }
    else
    {
    $http_headers[] = 'Content-Disposition: inline; filename="'
    .basename($file).'";';
    }

    foreach ($http_headers as $header)
    {
    header( $header );
    }

    // Looking at the safe_mode configuration for execution time
    if (ini_get('safe_mode') == 0)
    {
    @set_time_limit(0);
    }

    @readfile($file);

    ?>

  2. #2
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,747
    Mentioned
    64 Post(s)
    Tagged
    0 Thread(s)
    Welcome to SitePoint Forums!

    What is the exact URL you are using when you get this error?
    Never grow up. The instant you do, you lose all ability to imagine great things, for fear of reality crashing in.

  3. #3
    SitePoint Member
    Join Date
    Feb 2012
    Posts
    14
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  4. #4
    Avid Logophile silver trophy
    ParkinT's Avatar
    Join Date
    May 2006
    Location
    Central Florida
    Posts
    2,284
    Mentioned
    181 Post(s)
    Tagged
    4 Thread(s)
    Try this: http://mywebsite.com/root/photofolder/action.php?id=4

    Your code DEMANDS a "GET" value be passed in the URI

    The line you highlighted is being called because no such value exists.
    Don't be yourself. Be someone a little nicer. -Mignon McLaughlin, journalist and author (1913-1983)


    Literally, the best app for readers.
    Make Your P@ssw0rd Secure
    Leveraging SubDomains

  5. #5
    SitePoint Member
    Join Date
    Feb 2012
    Posts
    14
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Dont know if this is what you wanted me to do.

    if (!isset($_GET['id=4'])
    or !is_numeric($_GET['id=4'])
    or !isset($_GET['part'])
    or !in_array($_GET['part'], array('t','e','i','h')))
    {
    do_error(400, 'Invalid request - id/part');
    }

    Now my error is Invalid request - id/part

    I tried taking out that highlighted line but it just made more error.

  6. #6
    Avid Logophile silver trophy
    ParkinT's Avatar
    Join Date
    May 2006
    Location
    Central Florida
    Posts
    2,284
    Mentioned
    181 Post(s)
    Tagged
    4 Thread(s)
    Is this code that you wrote or are you trying use code from somewhere else?

    This code is well structured and designed to accept an ID (passed as part of the URI). That is what the $_GET['id'] does. It captures the parameter (GET) that is identified as "ID". For example:
    Code:
    blah.php?id=somevalue
    So, the page is responding exactly as it was designed to do. The error is a 'warning' that an id was NOT passed to this page; supposedly from another page - I suspect, a form.
    Don't be yourself. Be someone a little nicer. -Mignon McLaughlin, journalist and author (1913-1983)


    Literally, the best app for readers.
    Make Your P@ssw0rd Secure
    Leveraging SubDomains


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •