R0xxy

i have my upload process working that uploads documents to the server and then displays in onto the user page like this: <?php function find_all_files($dir) { $root = scandir($dir); foreach($root as $value) { if($value === '.' || $value === '..') {continue;} if(is_file("$dir/$value")) {$result[]="$dir/$value"; continue; } foreach(find_all_files("$dir/$value") as $value) { $result[]=$value; } } return $result; } $fileupload = 'fileupload'; $getem = find_all_files($fileupload); foreach($getem as $key => $value) { echo '<a href="'.$value.'">'.$value.'</a><br />'; } ?> <?php if($handle = opendir('members/')) { while (false !== ($entry = readdir($handle))) { if($entry != "." && $enrty != "..") { echo "<a href='download.php?file=".$entry."'>".$entry."</a>\n"; } } closedir($handle); } ?> here they can download the files to their computer however is there a way to only display the file of the user that is logged in through their session?

<?php error_reporting(E_ALL); include_once("conninfo2.php"); include_once('classes/bcrypt.php'); class User { private $_bcrypt; $this->_bcrypt = new Bcrypt; if($this->_bcrypt->verify($password, $this->data()->password)){ } if(isset($_POST['username'])) { $firstname = strip_tags($_POST['firstname']); $surname = strip_tags($_POST['surname']); $pnumber = strip_tags($_POST['pnumber']); $username = strip_tags($_POST['username']); $email1 = strip_tags($_POST['email1']); $email2 = strip_tags($_POST['email2']); $password1 = $_POST['password1']; $password2 = $_POST['password2']; //code below will make sure all fields are filled in if(trim($firstname) == "" || trim($surname) == "" || trim($pnumber) == "" || trim($username) == "username" || trim($email1) == "" || trim($email2) == "" ||trim($password1) == "" || trim($password2) == "") { echo "Error, all fileds need to be filled in"; $db = null; exit(); } //code below checks that the emails entered both match one another if($email1 != $email2) { echo "Emails do not match, please try again"; $db = null; exit(); } //code below matches the passwords entered else if($password1 != $password2) { echo "Passwords do not match please try again"; exit(); } if(!filter_var($email1, FILTER_VALIDATE_EMAIL)) { echo "Your email is invalid, please try again"; $db = null; exit(); } //checks if the email exists within the database $stmt = $db->prepare("SELECT email FROM login WHERE email=:email1 LIMIT 1"); $stmt->bindValue(':email1',$email1, PDO::PARAM_STR); try{ $stmt->execute(); $count = $stmt->rowCount(); } catch(PDOException $e) { echo $e->getMessage(); $db = null; exit(); } //checks if the username exists $usernameSQL = $db->prepare("SELECT username FROM login WHERE username=:username LIMIT 1"); $usernameSQL->bindValue(':username',$username,PDO::PARAM_STR); try{ $usernameSQL->execute(); $usernameCount = $usernameSQL->rowCount(); } catch(PDOExemption $e) { echo $e->getMessage(); $db = null; exit(); } //checks if the email is already within the database if($count > 0) { echo "This email already exists"; $db = null; exit(); } //checks the username if($usernameCount > 0) { echo "This username is unavailable please try another"; $db = null; exit(); } $user = new User; $bcrypt = new Bcrypt; try { $email1->create(array( 'username' => Input::get('username'), 'password1' => $bcrypt->hash(Input::get('password')), 'firstname' => Input::get('name'), 'surname' => Input::get('surname'), 'pnumber' => Input::get('pnumber'), 'email1' => Input::get('email'), 'ipaddress' => Input::get('ipaddress'), 'signup_date' => date('Y-m-d H:i:s'), 'group' => 1 )); //grab the last id used within the database $lastId = $db->lastInsertId(); $stmt3 = $db->prepare("INSERT INTO activated (user, token) VALUES ('$lastId', :token)"); $stmt3->bindValue(':token',$token,PDO::PARAM_STR); $stmt3->execute(); //email activation $from = "From Auto Responder @ Mediaedit <admin@mediaedit.com>"; $subject = "IMPORTANT: Please activate your account"; $link = 'http://mediaed.it/roxanne/activate.php?user='.$lastId.'&token='.$token.''; //email body $message = " Thanks for register with Mediaedit, before your able to use our services you will need to verify your email so that we know your human $link "; //headers $headers = 'MIME-Version: 1.0' . "rn"; $headers .= "Content-type: textrn"; $headers .= "From: Mediaedit"; //send email now mail($email1, $subject, $message, $headers, '-f noreply@mediated.it'); $db->commit(); echo "Thanks for registering, before you can us our services you need to activate your account an email has been sent which you will recieve shortly"; $db = null; exit(); } catch(PDOException $e){ $db->rollBack(); echo $e->getMessage(); $db = null; exit(); } } ?> i keep getting Parse error: syntax error, unexpected T_VARIABLE, expecting T_FUNCTION

i understand were your coming from but were covering elements in class i just can't figure out why the user log gin in always receives an error message saying incorrect password when in fact it is correct I've run the queries within my db and i receive results so why is it that they can't login to the system? <?php include_once("conninfo2.php"); if(isset($_POST['email']) && trim($_POST['email']) != ""){ $email = strip_tags($_POST['email']); $password = $_POST['password']; $hmac = hash_hmac('sha512', $password, file_get_contents('textfiles/key.txt')); $stmt1 = $db->prepare("SELECT usersid, username, password FROM login WHERE email=:email AND activated='1' LIMIT 1"); $stmt1->bindValue(':email',$email,PDO::PARAM_STR); try{ $stmt1->execute(); $count = $stmt1->rowCount(); if($count > 0){ while($row = $stmt1->fetch(PDO::FETCH_ASSOC)){ $uid = $row['usersid']; $username = $row['username']; $hash = $row['password']; } if (crypt($hmac, $hash) === $hash) { $db->query("UPDATE login SET lastlog=now() WHERE usersid='$uid' LIMIT 1"); $_SESSION['uid'] = $uid; $_SESSION['username'] = $username; $_SESSION['password'] = $hash; setcookie("usersid", $uid, strtotime( '+30 days' ), "/", "", "", TRUE); setcookie("username", $username, strtotime( '+30 days' ), "/", "", "", TRUE); setcookie("password", $hash, strtotime( '+30 days' ), "/", "", "", TRUE); header("location: index.php"); exit(); } else { echo 'Invalid password Press back and try again<br />'; exit(); } } else { echo "A user with that email address does not exist here"; $db = null; exit(); } } catch(PDOException $e){ echo $e->getMessage(); $db = null; exit(); } } ?>

hi im testing out my site and basically when users register their passwords and encrypted for security obs however when i go to test the login with the exact same password as the one used to register the system detects it as invalid when its not, I've literally copy pasted the password so that i was sure it was the same therefore the issue is within the encryption does anyone have an idea how to overcome this I've tested changed names of variables but nothing seems to help I've even got an error reporting function but no error is detected <?php error_reporting(E_ALL); include_once("conninfo2.php"); if(isset($_POST['username']) && trim($_POST['username']) != ""){ $username = strip_tags($_POST['username']); $password = $_POST['password']; $hmac = hash_hmac('sha512', $password, file_get_contents('textfiles/key.txt')); $stmt1 = $db->prepare("SELECT usersid, password FROM login WHERE username=:username AND activated='1' LIMIT 1"); $stmt1->bindValue(':username',$username,PDO::PARAM_STR); try{ $stmt1->execute(); $count = $stmt1->rowCount(); if($count > 0){ while($row = $stmt1->fetch(PDO::FETCH_ASSOC)){ $uid = $row['usersid']; $hash = $row['password']; } if (crypt($hmac, $hash) === $hash) { $db->query("UPDATE login SET lastlog=now() WHERE usersid='$uid' LIMIT 1"); $_SESSION['uid'] = $uid; $_SESSION['username'] = $username; $_SESSION['password'] = $hash; setcookie("usersid", $uid, strtotime( '+30 days' ), "/", "", "", TRUE); setcookie("username", $username, strtotime( '+30 days' ), "/", "", "", TRUE); setcookie("password", $hash, strtotime( '+30 days' ), "/", "", "", TRUE); echo 'Valid password<br />'.$_SESSION['uid'].'<br />'.$_SESSION['username'].'<br />'.$_SESSION['password'].' <br />'.$_COOKIE['usersid']; /*header("location: index.php");*/ exit(); } else { echo 'Invalid password Press back and try again<br />'; exit(); } } else{ echo "A user with that email address does not exist here"; $db = null; exit(); } } catch(PDOException $e){ echo $e->getMessage(); $db = null; exit(); } } ?>

thanks its put it to an easier perspective i already have a register and login process working along with a file upload the next step is to enable a file download feature

hi sorry i meant the old php syntax i would like to learn pro as it is a project and by extending my knowledge i can get a higher mark which i really want I'm just not sure how to go on about this file sharing system my teacher hadn't covered it in class she just set it as a task. been looking online but I'm sort of dyslexic and reading about code doesn't help me much i need visual guidelines do you know of any good tutorials or videos online i tried look in youtube and didn't find what i need thanks

during lesson time we're developing php systems and our topic is virtual storage like dropbox, google drive etc. My teacher has now set the task to enable the ability to share files within the server but also restrict access within the server folder. I'm being taught MySQL however I've read a lot about PDO being better and decided to use this method to try and get a higher grade for my project although I'm having difficulty understanding how to go about it what i want to achieve is: creating file sharing capability (i.e. students can share group projects) restricting users (only those working on a particular document can view it) don't worry this is not for my own benefit I'm just trying to get a grade here, I mainly just want advice on what I need I've read quite a bit but unfortunately I'm more of a visual learner.

i just removed it thanks for the help

I'm getting the error parameter needs to be equal to 1 and or Invalid parameter number: number of bound variables does not match number of tokens ​i read that parameters start at 1 but i want the root folder to be set to 0 is there a way round this if(isset($_FILES['files'])){ $query = "INSERT into files(`filename`,`fsize`,`ftype`,`usid`,`subfolder`) VALUES(:filename,:fsize,:ftype,:usid,0)"; $stmt = $db->prepare($query); $errors= array(); foreach($_FILES['files']['tmp_name'] as $key => $error ){ if ($error != UPLOAD_ERR_OK) { $errors[] = $_FILES['files']['name'][$key] . ' the file was not uploaded.'; continue; } $filename = $key.$_FILES['files']['name'][$key]; $fsize = $_FILES['files']['size'][$key]; $file_tmp = $_FILES['files']['tmp_name'][$key]; $ftype = $_FILES['files']['type'][$key]; if($fsize > 2097152){ $errors[] = 'File size must be less than 2 MB'; continue; } try{ $stmt->bindParam( ':filename', $filename , PDO::PARAM_STR ); $stmt->bindParam( ':fsize', $fsize, PDO::PARAM_STR ); $stmt->bindParam( ':ftype', $ftype, PDO::PARAM_STR ); $stmt->bindParam( ':usid', $usid, PDO::PARAM_STR ); $stmt->bindParam( ':0', $subfolder, PDO::PARAM_STR ); $stmt->execute();

the subfolder as the root folder will be known as 0 once folders are created they will be assigned numbers higher than 0 if(isset($_FILES['files'])){ $query = "INSERT into files(`filename`,`fsize`,`ftype`,`usid`,`subfolder`) VALUES(:filename,:fsize,:ftype,:usid,:0)"; $stmt = $db->prepare($query); $errors= array(); foreach($_FILES['files']['tmp_name'] as $key => $error ){ if ($error != UPLOAD_ERR_OK) { $errors[] = $_FILES['files']['name'][$key] . ' the file was not uploaded.'; continue; }

thanks its help although i've encountered this error SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'subfolder' cannot be null i change the column to null to see if it solves the issue which it does however i dont want the column to be null is there a way round this ??

Fatal error: Call to a member function prepare() on a non-object on line 8 <? $db_host = "localhost"; $db_username = "user1"; $db_pass = "pass1"; $db_name = "roxy"; try{ $db = new PDO('mysql:host='.$db_host.';dbname='.$db_name,$db_username,$db_pass); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch(PDOException $e){ echo $e->getMessage(); exit(); } ?>

i binded the other 2 values and it goes back to the original error $stmt = $db->prepare($query); i know its the $db thats causing the issue but I have it in my connection php file or do i need a separate like a functions file

do mean defined in the connection of the database coz i changed the $conn to $db like in my conn info.php and got this error SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens

I'm new to PHP and PDO however i've read about how effective PDO is I'm working on a file upload and so far i think the code is alright however i keep receiving this error Fatal error: Call to a member function prepare() on a non-object on line 10 ​I've read that it is to do with the database connection but looking at it from my perpesctive i can't seem to find where the code has gone wrong <?php session_start(); $usid=$_SESSION["usersid"]; include_once "conninfo2.php"; if(isset($_FILES['files'])){ $query = "INSERT into files(`filename`,`fsize`,`ftype`,`usid`,`subfolder`) VALUES(:filename,:fsize,:ftype,:usid,:0)"; $stmt = $con->prepare($query); $errors= array(); foreach($_FILES['files']['tmp_name'] as $key => $error ){ if ($error != UPLOAD_ERR_OK) { $errors[] = $_FILES['files']['name'][$key] . ' the file was not uploaded.'; continue; } $filename = $key.$_FILES['files']['name'][$key]; $fsize = $_FILES['files']['size'][$key]; $file_tmp = $_FILES['files']['tmp_name'][$key]; $ftype = $_FILES['files']['type'][$key]; if($fsize > 2097152){ $errors[] = 'File size must be less than 2 MB'; continue; } try{ $stmt->bindParam( ':filename', $filename , PDO::PARAM_STR ); $stmt->bindParam( ':fsize', $fsize, PDO::PARAM_STR ); $stmt->bindParam( ':ftype', $ftype, PDO::PARAM_STR ); $stmt->execute(); $desired_dir="fileupload/"; if(is_dir($desired_dir)==false){ mkdir($desired_dir, 0700);// Create directory if it does not exist } if(is_file($desired_dir.'/'.$filename)==false){ move_uploaded_file($file_tmp,$desired_dir.'/'.$filename); }else{ //rename the file if another one exist $new_file=$desired_dir.'/'.$filename.time(); move_uploaded_file($file_tmp,$new_file) ; } }catch(PDOException $e){ $errors[] = $filename . 'not saved in the database.'; echo $e->getMessage(); } } if(empty($error)){ echo "The upload has been successful"; } } ?>