Need help writing a few PhP plugins (Commenting/Search Tags/Profile Page)

[FrickenTrevor]

Hey there, I am writing a bunch of Php, however I am not sure how to go about writing a few of them:

Tags for easier searching
Different categories to organise uploads
Restricted 'Adult' category/ Filter by maturity rating
Commenting on pictures
Profile page with each user's uploads
Favourites list on the profile page
Map for users to tag their location

Also I wrote some code for a video upload, just need someone to check it:

PHP Code:

<?php


      $allowed_filetypes = array('.jpg','.gif','.png','.jpeg','.wmv','.avi','.mp4','.m4v','.mkv','.mov','.mpeg','.mpg','.3g2','.3gp','.swf',);
      $max_filesize = 20971520; // Maximum filesize in bytes (currently 20 MB)
      $upload_path = './files/'; 
 
   $filename = $_FILES['userfile']['name']; 
   $ext = substr($filename, strpos($filename,'.'), strlen($filename)-1);
 
   if(!in_array($ext,$allowed_filetypes))
      die("Whoops you can't upload that type of file!");
 
   if(filesize($_FILES['userfile']['tmp_name']) > $max_filesize)
      die("That file is too big, please upload a file smaller than 20 MB.");
 
   if(!is_writable($upload_path))
      die("You cannot upload to the specified directory.");
 
   if(move_uploaded_file($_FILES['userfile']['tmp_name'],$upload_path . $filename))
         echo 'Your file upload was successful, view the file <a href="' . $upload_path . $filename . '">here</a>'; 
      else
         echo 'Something went wrong during the upload, please try again.'; 
         
class media_handler
{
    function convert_media($filename, $rootpath, $inputpath, $outputpath, $width, $height, $bitrate, $samplingrate)
    {
        $outfile = "";
        $rPath = $rootpath."\ffmpeg";
        $size = $width."x".$height;
        $outfile =$filename;
        $out=explode(".",$outfile);
        $size = Width & "x" & Height;
        $outfile = $out[0].".flv";
        
        $ffmpegcmd1 = "/usr/local/bin/ffmpeg -i ".$inputpath."/".$filename. " -ar ".$samplingrate." -ab ".$bitrate." -f flv -s ".$size." ".$outputpath."/".$outfile;
        //$ffmpegcmd1 = "/usr/local/bin/ffmpeg -i ".$inputpath."/".$filename. " -b 500 -r 25 -s 320×240 -hq -deinterlace -ab 56 -ar 22050 -ac 1 ".$outputpath."/".$outfile." 2>&1";
        $ret = shell_exec($ffmpegcmd1);
        return $ffmpegcmd1;
    }
}

[FrickenTrevor]

Update: 70+ views and no responses?
Anyone out there?

[Nile]

My guess is that nobody responded because you're asking a ton of questions that all require a ton of work, then you ask us to review your code for you. Anyways, that's just my 2 cents (note: I probably wouldn't reply anyway if you were asking those questions individually, though I bet some will). A better way to get responses is to split up your questions, try a few things, do some research (it's clear you haven't), and know what you're asking.

[traq]

Update: 70+ views and no responses?
Anyone out there?

Have a little patience, my friend. 10 hours and 70 views is nothing in the grand scheme.

Also, Nile is right: you have eight distinct (but poorly defined) questions in your OP. Try narrowing the scope and providing some context.

Your request for a code review is probably the best candidate for an answer at this point, so I'll give it a shot:

PHP Code:

<?php


      $allowed_filetypes = array('.jpg','.gif','.png','.jpeg','.wmv','.avi','.mp4','.m4v','.mkv','.mov','.mpeg','.mpg','.3g2','.3gp','.swf',);
      $max_filesize = 20971520; // Maximum filesize in bytes (currently 20 MB)
      $upload_path = './files/'; 
 
   $filename = $_FILES['userfile']['name']; 
   $ext = substr($filename, strpos($filename,'.'), strlen($filename)-1);
 

# checking the file extension is pointless:  I can upload virus.exe.jpg, and it will still run just fine if you try to open it.
# use some mime magic checking instead.
# in the case of images, the get_image_size function is useful in determining if a file _really is_ an image (and what type).
   if(!in_array($ext,$allowed_filetypes))
      die("Whoops you can't upload that type of file!");
 
# you set a variable for the max filesize, but then hardcode the amount in your user message.
   if(filesize($_FILES['userfile']['tmp_name']) > $max_filesize)
      die("That file is too big, please upload a file smaller than 20 MB.");
 
# die() is, in general, a bad way to handle errors.
# it usually leaves the user on a broken page.

# in this case, it's not even an error that was the user's fault, or one that they could fix:
# write permissions should be taken care of by the time anyone uses it.
# if something like this _does_ go wrong, then it should be logged for the admin
# and the user should get a generic apology.
 if(!is_writable($upload_path))
      die("You cannot upload to the specified directory.");
 
   if(move_uploaded_file($_FILES['userfile']['tmp_name'],$upload_path . $filename))
         echo 'Your file upload was successful, view the file <a href="' . $upload_path . $filename . '">here</a>'; 
      else
         echo 'Something went wrong during the upload, please try again.'; 
         

# if you're going to make this a class, why not make _all_ the code object-oriented?
class media_handler
{
    function convert_media($filename, $rootpath, $inputpath, $outputpath, $width, $height, $bitrate, $samplingrate)
    {

# are there other method in this class?
# how is this method called - where do the method args come from?
# before you execute a system command,
# I would _highly_ recommend using escapeshellcmd() on any data that the user provided.
        $outfile = "";
        $rPath = $rootpath."\ffmpeg";
        $size = $width."x".$height;
        $outfile =$filename;
        $out=explode(".",$outfile);
        $size = Width & "x" & Height;
        $outfile = $out[0].".flv";
        
        $ffmpegcmd1 = "/usr/local/bin/ffmpeg -i ".$inputpath."/".$filename. " -ar ".$samplingrate." -ab ".$bitrate." -f flv -s ".$size." ".$outputpath."/".$outfile;
        //$ffmpegcmd1 = "/usr/local/bin/ffmpeg -i ".$inputpath."/".$filename. " -b 500 -r 25 -s 320×240 -hq -deinterlace -ab 56 -ar 22050 -ac 1 ".$outputpath."/".$outfile." 2>&1";
        $ret = shell_exec($ffmpegcmd1);

# why are you returning the command string?
        return $ffmpegcmd1;
    }
}