yiaggi

Hi guys, I hope you may be able to shed some light on a problem I am having. I am fairly new to PHP although do understand bits and peices such as login system. Basically - I have a website with lets say 10 users (more like 500 but that will do for now!) - Each user has their own page wich is password protected. Each month - I want to be able to upload PDF files to the server - which CAN ONLY BE ACCESSED BY THE RELEVANT user. They must not be able to see each others PDF files. To do this I have been advised to have a non-web accessible folder on my server to put the PDF's in and then use PHP to handle the operation. Therefore my path would be: 1/ User logs into page 2/ User clicks the PDF link 3/ PF link goes to PHP page that checks they are logged in and then the PDF they want before delivering to the server. I do actually understand the theory but my PHP is not at the stage where I can just write the code that will handle the operation. I am also very confused over how to access the non-web accessible files! Could anyone please give me an example of the code I will need to use to a) check the user is logged in (I guess I can use the same code I used for the login) and then b) call the relevant PDF and display it? I have been given a path of c:\blahblahblah to access my PDF files but don't even know how to begin implimenting this! Here is the code I use for my login system. Could anyone show me how to adapt it to get what I need? Thank so much for anyone that can help - hopefully I will be in a position to give back one day! -------------------------------------------- if(isset($_SESSION['loggedin'])) { header("Location:" . strtolower($username) . ".php"); if(isset($_POST['submit'])) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $mysql = mysql_query("SELECT * FROM mydb WHERE username = '{$username}' AND password = '{$password}'"); if(mysql_num_rows($mysql) < 1) { die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again"); } $_SESSION['loggedin'] = "YES"; $_SESSION['username'] = $username; header("Location:" . strtolower($username) . ".php"); AND THEN IN THE HEADER OF THE PAGES <?php session_start(); if(!isset($_SESSION['loggedin'])) { header('Location: /login.php'); } elseif ($_SESSION['username'] . '.php' != basename($_SERVER['SCRIPT_FILENAME']) ) { // Logged in user attempting to view someone else's page header("Location:" . strtolower($_SESSION['username']) . ".php"); exit; } ?> Again - any help would be truly appreciated. I will say now that the last person I asked said "Use the open() function - that'll work!" ...... answers like that are a bit lost on me at the moment and leave me even more confused! Cheers in advance

Any idea's on this guys?

Thanks mate. That has done the trick Whilst I have you - I dont suppose you know how to create an admin page with a file upload area? I basically want the secretarys to be able to log in and upload PDF's that are specific to each user via a simple form. Once uploaded the PDF will then have to appear as a download link on the users page. Any idea's? Cheers for your help

Hi guys, I am trying to put together a little system that allows users to log onto my website and access there own personal page. I am creating each page myself and uploading content specific to them which cannot be viewed by anyone else. I have got the system to work up as far as: 1/ The user logs in 2/ Once logged in they are re-directed to their own page using 'theirusername.php' Thats all good and working how I need it too. The problem I have is this. If I log onto the website using USER A details - I get taken to USER A's page like I should but - If I then go to my browser and type in USERBdetails.php I can then access USER B's page. This cannot happen!! I need for USER A not to be able to access USER B profile - there is obviously no point in the login otherwise! If you are not logged in you obviously cannot access any secure page. That much is working! Please find below the code I am using: LOGIN <?php session_start(); function dbconnect() { $link = mysql_connect("localhost", "username", "password") or die ("Error: ".mysql_error()); } ?> <?php if(isset($_SESSION['loggedin'])) { header("Location:" . strtolower($username) . ".php"); if(isset($_POST['submit'])) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $mysql = mysql_query("SELECT * FROM clients WHERE username = '{$username}' AND password = '{$password}'"); if(mysql_num_rows($mysql) < 1) { die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again"); } $_SESSION['loggedin'] = "YES"; $_SESSION['username'] = $username; $_SESSION['name'] header("Location:" . strtolower($username) . ".php"); } ?> HEADER ON EACH PHP PAGE <?php session_start(); if(!isset($_SESSION['loggedin'])) { die(Access to this page is restricted without a valid username and password); ?> --------------------------------------------------- Am I right in thinking it is something to do with the "loggedin" part? The system I have here is adapted from a normal login system I have been using for years. The original just checks the details and then does a 'session start'. This one obviously has to re-direct to a user specific page. To do this I used the <<header("Location:" . strtolower($username) . ".php");>> line to redirect to a page such as "usera.php" or "userb.php" Any help would be greatly appreciated! Ta

Hi guys, I have created a php script (with alot of help from others) that allows me to have a login area on my website. When the user logs onto their page - they obviously cannot see the others profile. My next task is to be able to upload PDF documents to appear on their profiles. The PDF's will be specific to them. The main problems I have are: 1/ They cannot be able to view any PDF but their own. 2/ How do I create a form that knows where to send and display the link? I guess it is using the user id & name etc? I will not actually be the one uploading the files else I would just sit and tediously link each form to each profile. This must be done by my secretary via a file upload form that I will password protect. I basically want her to be able to log in and be presented with a document upload form. The form will have a dropdown list of the clients name and a document upload part. From uploading it will then appear on the users page. If anyone could help it would be amazing! I am fairly new to PHP although am getting better with my understanding. Hopefully I will become as good as you lot one day! Cheers in advance

Hi there, Thanks very much for your help already. To help you understand a bit - There is 'My End' - 'The Client End' (who i'm building for) and the 'User' (the person with the protected page) ... I know that is obvious but to avoid confusion! The documents will be uploaded by the Client at their end - I can do it myself if that makes it easier? This would be the scenario ..... 1/ Joe Bloggs (our user) will request their own page. 2/ This page can either be set up by me or by the Client at their end. 3/ On a monthly basis the Client will recieve documents that they want to distribute to each individual User without the other users seeing any documents but their own. 4/ The documents can be uploaded to the server at the Client end or by me .... which ever proves to be the easiest. If it was just one or two documents - I would obviously just attach myself and not use PHP to control it but it is hundreds! It would take me forever to create a link and add each document to each clients page - It has to be easier than that! Thanks again for your help :0

Hi guys, I am hoping someone here can help me with a confusing php project I have!? I am not too bad with php and am able to create simple password protected area's etc which, up until now, is all I have really needed. Basically ..... I need to create a password protected members area for a website I am building. That in itself is easy enough. The client wants to be able to add new users easily so the user is set up with their own password protected page. When the user logs in they should be presented to a 'global page' which all users can see. I can pretty much cover all that ..... now the bit I can't do ........ On the users page there needs to be a link that says "documents". When the user clicks this link it should go through to a further page with their past documents and new documents displayed for download. This is confusing the hell out of me! If I had to do it as a website from my end it would be easy but this all needs to be controlled at the clients end with php. On top of this I have no idea how to enable the client to attch the documents to each users page. They need to be attched monthly to around 500 people. I've thought of easier ways of dealing with the problem but if I can find a system that achieves the above it would make my life easier! We don't mind paying for an already established system if it works well or if someone points me to a decent tutorial that would also greatly help. The important thing is that each user cannot see the others documents. Any help would be very much appreciated - I am slowly learning the wonders of php and will give back to the forum what I can in the future. Cheers guys

Hi guys, Thank you for your answers! It will work fine for me if they are taken to a page with there own details so like you said - 'Member 1' goes off to 'Member1.php' and 'Member 2' off to 'Member2.php' etc. It does not have to call their details from a database as I will be adapting each page myself.

Hi guru's! I am fairly new to PHP and the forum so you will have to excuse my ignorance! I am trying to learn PHP at the moment but my job often needs me to go a bit beyond what I completely understand .... My problem is basically this: I have been using the same script to do member login pages for sometime now. It is very simple and just lets the user login - checks the details against the database and then if they pass - they go through to a protected page that all who have access can see. That has been excellent in the past but now I have a new need! I now need the same style of login - but instead of each person being able to view one main page - I need for them to go to their own area where there will be member specific information for them. They cant be able to go to each others pages. I will add the script I use at the moment below. In the database I very simply use ID - NAME - USERNAME - PASSWORD. Would I be right in thinking the solution is within the database? Here goes for the login script: <?php session_start(); function dbconnect() { $link = mysql_connect("localhost", "username", "password") or die ("Error: ".mysql_error()); return($link); } ?> <?php $link = dbconnect(); if(isset($_SESSION['loggedin'])) { header("Location: members2.php"); } if(isset($_POST['submit'])) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $mysql = mysql_query("SELECT * FROM worker WHERE username = '{$username}' AND password = '{$password}'"); if(mysql_num_rows($mysql) < 1) { die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again"); } $_SESSION['loggedin'] = "YES"; $_SESSION['username'] = $username; header("Location: members2.php"); } ?> AND IN THE HEAD OF EACH PROTECTED PAGE <?php session_start(); if(!isset($_SESSION['loggedin'])) { Any help would be truly amazing! I'm scratching my head over this one and am a while away from learning it all properly. I have started right at the beginning as to get a better understanding. I do understand how this works etc ...... Thanks in advance!

Hi guys, I am really stuck with a bit of coding and hope you can help! I am fairly new to PHP although I have got a few trusted scripts that have been tweaked throughout the last few years that I call upon whenever I need to use it. I am trying to expand my knowledge so have a fair idea I will be on this forum a bit! I am a web designer but would like to move onto programming soon. Basically - I have been using a FormToEmail script to do web forms for a long while now as it has never let me down and always gives me the result I need. The form is very simple and i'm sure will offer no suprises to you PHP geniuses! It simply activates when submit is clicked and pushes an email to the user saying 'thank you' and one to the company giving the details from the form. The email sent to the user is where I have my issue. Instead of just plain text saying thank you - this group want the email to have their company logo at the top. I am used to HTML emails and what is required to make them work. My first guess was to just add a line in my code within the <html> tags that display the message. When I do this thou and go to my form to hit submit - I get a very strange result. Instead of displaying the "Thank You" text on screen like it normally does - I get a blank screen and the emails do not send to either party. I'm obviously going about this the wrong way but am a bit stumped as to what I am doing wrong. I have a feeling that I need to add something to the PHP but I have no idea what! Here is the part of the code that relates to sending the email to the site user: ------------------------------------------------------------------------------------------- $headers = "To: ".$email. "\r\n"; // this is the email given by the visitor $headers .= "From: ".$my_email. "\r\n"; $headers .= "MIME-Version: 1.0" . "\r\n"; $headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n"; $subject = "Thank you for your interest"; $msg = " <html> <head> <title>Thank You! </title> </head> <body> <p> Thank you for your email etc .......... </p> </body> </html> "; mail($email,$subject,$msg,$headers); } ?> </head> <body> ------------------------------------------------------------------------------------------------ Can anyone help me? Please feel free to email direct! I can post more of the code if it is needed. Would be most grateful to anyone who has a spare 5 mins to tell me what i'm doing wrong!