upload.php

希望这个对大家有用

<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "message.php?error=5";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<?php 
$fileinfo = "";
if ( !isset ( $_SESSION ) ) session_start();
if ( isset ( $_POST["btnUpload"] ) ) { 
    $uploaddir = "photos/";
  if ( !file_exists ( $uploaddir ) ) mkdir ( $uploaddir );
  $path = pathinfo( $_FILES["filePhoto"]["name"] );
  $ext = $path["extension"];
  $uploadfile = $uploaddir .$_SESSION["MM_Username"] . "." . $ext;
  if ( move_uploaded_file ( $_FILES["filePhoto"]["tmp_name"], $uploadfile ) ) {
    $fileinfo = "<br />原文件名: " . $_FILES["filePhoto"]["name"].  ";<br />\n";
    $fileinfo .= "文件类型: " . $_FILES["filePhoto"]["type"] . ";<br />\n";	
    $fileinfo .= "文件大小: " . $_FILES["filePhoto"]["size"] . "字节。<br />\n";
    $fileinfo .= "文件上传成功!<br /><br />\n";
	$link = mysql_connect ( "localhost", "root", "123456" ) or die ( mysql_error() );
	mysql_select_db ( "member" );
	mysql_query ( "SET NAMES gbk" );
	$sql = sprintf ( "UPDATE members SET photo='%s' WHERE username='%s'", $uploadfile, $_SESSION["MM_Username"]);
	$rs = mysql_query ( $sql ) or die ( mysql_error() );
	if ( $rs ) $fileinfo .= "照片信息已保存到数据库中。<br />\n";
  } else {
    $fileinfo = "<p>文件上传失败。</p>\n";
  }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title>上传照片</title>
<link href="style/style.css" rel="stylesheet" type="text/css" />
</head>

<body>
<?php include( "menu.php" ); ?>
<?php if ( !isset ( $_POST["btnUpload"] ) ) { ?>
<form action="" method="post" enctype="multipart/form-data" name="form1" id="form1">
  <table width="336" border="1" align="center" rules="none">
    <tr>
      <th colspan="2" bgcolor="#0066CC" class="title" scope="col">上传照片</th>
    </tr>
    <tr>
      <td width="78" height="32" align="right">选择文件：</td>
      <td width="242" height="32"><input name="filePhoto" type="file" id="filePhoto" /></td>
    </tr>
    <tr>
      <td height="36" colspan="2" align="center"><input name="btnUpload" type="submit" id="btnUpload" value="上传文件" /></td>
    </tr>
  </table>
</form>
<?php } else { ?>
<br />
<table width="300" border="1" align="center" rules="none">
  <tr>
    <th colspan="2" bgcolor="#0066CC" class="title" scope="col">照片上传成功</th>
  </tr>
  <tr>
    <td width="80" height="60" align="center" valign="middle">
	<img src="<?php echo $uploadfile; ?>" alt="<?php echo $_SESSION["MM_Username"]; ?>" /></td>
    <td width="204" valign="middle"><?php echo $fileinfo; ?></td>
  </tr>
</table>
<?php } ?>
</body>
</html>