Jump to content


Photo

System related


  • Please log in to reply
1 reply to this topic

#1 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 24 June 2006 - 05:02 AM

Ok well I have finished my entire script so far, and this is what it does.
It takes the form information on [a href=\"http://www.funnyemailforwards.com\" target=\"_blank\"]http://www.funnyemailforwards.com[/a] and does the following(the form with the attachment).
I did full custom error handling and think I covered everything.
It checks for blank spaces in form, it checks to see if the file was uploaded, it checks the extensions. It checks to see if the file already is in the directory, if not then it moves it there. After that it connects to the database, checks for the existence of the data and if it's not there it enters
The name of the funny, The type, the keywords, I have it set to get the url, and the date. All 100% functional, fast, and working. Now I have some questions and advice, first here is what I have now, as a finished script(what I have so far anyway).

<?php
$management = true;
$errorhandler = "";
$filemanager = true;
$dateinfo = strtotime("now");
$dateformatted = date("n-d-y", $dateinfo);

if ($_POST['name'] == "") {
    $errorhandler .= "The Name field has been left blank<br />";
    }
if ($_POST['keywords'] == "") {
    $errorhandler .= "The Keywords were left blank<br />";
    }
if(!is_uploaded_file($_FILES['file']['tmp_name'])){
    $errorhandler .= "No file has been uploaded<br />";
    $filemanager = false;
    }
        
if ($filemanager === true) {
$_accepted_extensions = array('.mpeg', '.mpg', '.wav', '.avi', '.mid', '.jpg', '.jpeg', '.jfif', '.pdf', '.txt', '.wav', '.gif', '.mp2', '.mp3', '.bmp');
   if ($filemanager == true) {
        $tmp = pathinfo($_FILES['file']['name']);
        if (in_array('.' . $tmp['extension'],$_accepted_extensions)) {
            $filemanager = true;
            $management = true;
            }else {
            $filemanager = false;
            $management = false;
            $errorhandler .= "You have attempted to upload the wrong file type<br />";
            $errorhandler .= "We only accept mpeg, mpg, wav, avi, mid, jpg<br />";
            $errorhandler .= "jpeg, jfif, pdf, txt, wav, gif, qt, mp2, mp3 bmp formats<br />";
            $errorhandler .= "To request new file types email<br />";
            $errorhandler .= "information@theyellowpagesnetwork.com";
            }
        }
    }
                
// Relative URL with desired folder name and the name of the file on the user's machine
if ($management === true && $filemanager === true) {
    $newfile = "uploads/".basename($_FILES['file']['name']);
    $newfiletemp = "{$_FILES[file][tmp_name]}";
    if (file_exists($newfile)) {
        $errorhandler .= "The file already exists";
        $filemanager = false;
    }
    if($filemanager === true) {
        if (!move_uploaded_file($newfiletemp, $newfile)) {
            $errorhandler .= "The file was not moved properly";
            $filemanager = false;
            $manager = false;
        }
    }
 }


if ($filemanager === true || $manager === true) {
    $connect = mysql_connect("#####", "#####", "#####");
    $select = mysql_select_db("funnyemailforwards");
 if (!$connect && !$select) {
     $errorhandler .= "The database could not connect, or selected";
     $management = false;
     $filemanager = false;
    }
  }

if ($filemanager === true && $management === true) {
$query = "SELECT * from fileinfo WHERE type = '" . implode("", $_POST['type']) . "' AND nameoffunny = '" . mysql_real_escape_string($_POST['name']) . "' AND keywords = '" . mysql_real_escape_string($_POST['keywords']) . "' AND funnyurl = '" . mysql_real_escape_string($newfile) . "' AND entrydate = '" . mysql_real_escape_string($dateinfo) . "'";
$result = mysql_query($query);
$matches = mysql_num_rows($result); 
    if ($matches == 0) {
$inserter = "INSERT INTO fileinfo (type, nameoffunny, keywords, funnyurl, entrydate) VALUES ('" . implode("", $_POST['type']) . "', '" . mysql_real_escape_string($_POST['name']) . "', '" . mysql_real_escape_string($_POST['keywords']) . "', '" . mysql_real_escape_string($newfile) . "', '" . mysql_real_escape_string($dateinfo) . "')";
    if(mysql_query($inserter)){ 
            $management = true;
            $filemanager = true;
            }else {
            $management = false;
            $filemanager = false;
            $errorhandler .= "The information was not inserted into the database properly";
            echo mysql_error();
            }
    } else {
        $filemanager = false;
        $managment = false;
        $errorhandler .= "The information was already in the database, could not complete";
    }    
}




if ($management === false || $filemanager === false) {
    echo "{$errorhandler}";
    }
    
    



?>
Ok and here is my database information for this specifically.

I have the table name and fields listed in the script.
Here are the questions I wanted to ask before I move on, I have learnt a lot from doing what I have so far, more than I would have ever imagined, but as I look forward into the rest of the project, I am at a standstill and need some enlightenment.

1. Is there anything else I can do to the file handling aspect of my script to make it more secure?

2. Is saving the url like that going to work right later when I do other things with the files.

3. How do I go about using my stored information to send an email to my client with each entry so he can accept/decline, I don't understand how to make the email be related to each specific entry, I can send an email but not make the email and current entry attached, how do I do this?

4. I need to decide what to do with the files, should I embed them in the pages, or make them links

5. Also on top of that I have no idea how to do either, any advice might give me something to think about when I start all of this on monday?
6. What do I do when I get ready to call this data on the homepage with the three most recent entries, I won't do this until the other part is done, but how do i get the file url to be a url where someone can use, or either embed each file individual into a page as it is downloaded, or make it a link, I don't understand specifically how to make each file do it, everytime someone uploads one.

ANY other advice, opinions, or theories relating to anything like this would help a lot and give me more to think about when it's time for me to do the hardest part on monday.
Thanks for all of the help.

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#2 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 24 June 2006 - 12:52 PM

bump

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users