Changeable array list, via a file?

[3raser]

I'm working on a file uploading project, and I want to let admins restrict the files uploaded to certain files only. Should this be saved in the database, or should I make a file that saves an array?

 

If I do it via the file method, how would I update an array, say allowed.php?

 

Example:

 

How could I change

 

<?php
$allowed = array('zip', 'png');
?>

 

To

 

<?php
$allowed = array('gif', 'png');
?>

[Pikachu2000]

Either way will work. If you use a database, just query for the values and build your array in the while() loop. If you use a file, enter each value followed by a linefeed, and use file() to read them into an array.

[3raser]

Thanks, I'll give it a try soon.

 

But a little off-topic here, why does this say this is a loop? It checks once then creates a session, refreshes their page, and it should check within the function that they are an admin.

 

My error, for google chrome:

 

This webpage has a redirect loop
The webpage at http://localhost/admin.php has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.

 

admin.php:

 

<?php

include_once('includes/config.php');
include_once('functions.php');

if(!$_SESSION['admin'])
{
$content = AccountRelated($_COOKIE['user'], null, 6);
}
else
{
$content = "Welcome to the Administrator Control Panel.";
}


?>

<html>
<head>
<link rel="stylesheet" type="text/css" href="style/style.css" />
<title><?php echo $title; ?></title>
</head>
<body>

<div class="logo"><a href="index.php"><img src="style/images/logo.png" border="0"></a></div>

<center>

<div class="background">

<div class="container">
<?php echo $content; ?>
</div>

</div>
</center>

</body>
</html>

 

function (last bit of code)

 

<?php

function AccountRelated($username, $password, $query_type)
{

if($query_type == 1)
{
	$set_query = mysql_query("SELECT COUNT(d.username), u.date, u.username FROM uploads d, users u WHERE d.username = '$username' AND u.username = '$username' LIMIT 1") or die(mysql_error());

	//user must not exist
	if(mysql_num_rows($set_query) == 0)
	{

		$content_return = 'Sorry, no information was found';

	}
	else
	{
		$grab = mysql_fetch_assoc($set_query);

		//login information
		if($grab['COUNT(d.username)'] > 0)
		{
			$welcome_return = "You have uploaded ". $grab['COUNT(d.username)'] ." files. You've registered on ". $grab['u.date'] ."!";
		}
		else
		{	
			$welcome_return = "You have uploaded 0 files. You've registered on ".$grab['date'] . "!";
		}
	}
}
elseif($query_type == 2)
{
	$set_query = mysql_query("SELECT title,views,downloads,description,username,date FROM uploads LIMIT 20");

	if(mysql_num_rows($set_query) == 0)
	{

		$content_return = "Sorry, there are currently no files uploaded to view.";

	}
	else
	{
		//display all files
		while($row = mysql_fetch_assoc($set_query) == 0)
		{
			echo $row['title']."<br/>";
		}

	}	
}
elseif($query_type == 3)
{
	$username = mysql_real_escape_string($_POST['username']);
	$password = sha1(sha1(md5($_POST['password'])));

	if(!$username || !$password)
	{
		$return_content = "All fields are required! <table><form action='register.php' method='POST'>
		<tr><td>Username</td><td><input type='text' name='username' maxlength='20'></td></tr>
		<tr><td>Password</td><td><input type='text' name='password' maxlength='30'</td></tr>
		<tr><td><input type='submit' value='Register'></td></tr>
		</form></table>";
	}
	else
	{
		$set_query = mysql_query("SELECT username FROM users WHERE username = '$username' LIMIT 1");

		if(mysql_num_rows($set_query) == 0)
		{
			$return_content = "You have successfully registered the account ". $username ." with the
			password ". $_POST['password'] ."! <a href='login.php'>Login now</a>!";

			mysql_query("INSERT INTO users VALUES (null, '$username', '$password', 0, 0, '". date("M-d-Y") ."', '". $_SERVER['REMOTE_ADDR'] ."')") or die(mysql_error());
		}
		else
		{
			$return_content = "An account with this username already exists.";
		}
	}
return $return_content;

}
elseif($query_type == 4)
{

	$username = mysql_real_escape_string($_POST['username']);
	$password = sha1(sha1(md5($_POST['password'])));

	if(!$username || !$password)
	{
		$return_content = "<table><form action='login.php' method='POST'>
		<tr><td>Username</td><td><input type='text' name='username' maxlength='20'></td></tr>
		<tr><td>Password</td><td><input type='text' name='password' maxlength='30'</td></tr>
		<tr><td><input type='submit' value='Login'></td></tr>
		</form></table>";
	}
	else
	{
		$set_query = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password' LIMIT 1");

		if(mysql_num_rows($set_query) == 0)
		{
			$return_content = "Hmm, it seems you've submitted the wrong username and/or password! 
			<a href='login.php'>Try Again</a>";
		}
		else
		{
			$return_content = "You have successfully logged in! <a href='index.php'>Home</a>";
			setcookie('user', $username, time()+31556926);
		}
	}

return $return_content;
}
elseif($query_type == 5)
{

	//lets verify if they are banned or not
	$set_query = mysql_query("SELECT banned FROM users WHERE username = '$username' AND banned = 1 LIMIT 1");

	if(mysql_num_rows($set_query) > 0)
	{
		$return_content = "Sorry, you account has been banned. Until you are unbanned, your 
		account no longer has the option to upload files.";
	}
	else
	{
		//uploading files
		if(!$_FILES['file'] || !$_POST['title'] || !$_POST['description'])
		{
			$return_content = "<table><form action='upload.php' method='POST' enctype='multipart/form-data'>
			<tr><td>Title</td><td><input type='text' name='title' maxlength='25'></td></tr>
			<tr><td>Password (Optional)</td><td><input type='password' maxlength='15'></td></tr>
			<tr><td>Description</td><td><textarea name='description' rows='15' cols='35' maxlength='250'></textarea></td></tr>
			<tr><td>Choose File</td><td><input type='file' name='file'></td></tr>
			<tr><td><input type='submit' value='Upload'></td></tr>
			</form></table>";
		}
		else
		{
			if($_FILES['file']['error'] > 0)
			{
				$content_return = "OOPS! Something went wrong! Make sure you have selected a file to
				upload, or try again later.";
			}
			elseif(strlen($_FILES['file']['name']) > 25)
			{
				$content_return = "The file name cannot be larger than 25 characters! Please go back
				and manually change the file name, and try uploading again.";
			}
			else
			{

				//lets get the required information to submit to the database
				$title = mysql_real_escape_string($_POST['title']);
				$password = mysql_real_escape_string($_POST['password']);
				$description = mysql_real_escape_string($_POST['description']);
				$date = date("M-d-Y");
				$ip = $_SERVER['REMOTE_ADDR'];

				//lets get the file extension
				$extension = end(explode('.', $_FILES['file']['name']));

				//insert the data into the database
				mysql_query("INSERT INTO uploads VALUES (null, '". $_COOKIE['user'] ."', '$password', '$title', '$description', '$extension', 0, 0, 0, '$date', '$ip')");


				//file uploaded successfully, lets move it to the files directory
				move_uploaded_file($_FILES['file']['tmp_name'],
				"files/". mysql_insert_id() .".". $extension);

				$return_content = "File uploaded successfully! <a href='myfiles.php'>My Files</a>";
			}
		}
	}

return $return_content;
}
elseif($query_type == 6)
{

	//lets verify they are an admin
	$set_query = mysql_query("SELECT status FROM users WHERE username = '$username' AND status = 2 LIMIT 1");

	if(mysql_num_rows($set_query) > 0)
	{
		$_SESSION['is_admin'] = $username;
		header("location:admin.php");
	}
	else
	{
		$content = "You are not an admin! This page is available to admins only.";
	}

return $content;
}
else
{
	//nothing to process
}
}
?>

[Pikachu2000]

Yes, that is off topic.

 

Using phone browser, so I didn't read all of the code, but if you redirect to a page, then redirect back to the original page, it has the potential to be aninfinite redirect loop. That may be what you're seeing.

[3raser]

Hm, it seems it's not because of the redirection.

 

I removed the header function, and made a success message. It showed up, but it seems the reason is because of the $_SESSION. How come the session isn't creating?