mkdir help

[nathanvolker123]

I need help im building a website that is around social networking. each user has their own profile page. I have my registering code done. But now i want to add into it where when a user registers it adds a folder for them by their username. for example on my database side I have a folder called user. So when EX: Johnny registers then under that folder user he will have a folder for him called Johnny. Inside of johnnys folder is where I want to store his Pics ETC.
The code I currently have is this just dont know how to make this mkdir happen. Please any response will help.

<?php

$submit = $_POST['submit'];

// form data
$fullname = strip_tags($_POST['fullname']);
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$confirmpassword = strip_tags($_POST['confirmpassword']);
$date = date("Y-m-d");

if($submit)
{

//connect to database
$connect = mysql_connect("XXXX", "XXXX", "XXXX");
mysql_select_db("XXXX");

$namecheck = mysql_query("SELECT username FROM user WHERE username='$username'");
$count = mysql_num_rows($namecheck);

if ($count!=0)
{
die("Username is already taken!");
}

// check for existance
if($fullname&&$username&&$password&&$confirmpassword)
{

if($password==$confirmpassword)
{

if (strlen($username)>25||strlen($fullname)>25)
{
echo "Length of username or full name is too long!";
}
else
{

if (strlen($password)>25||strlen($password)<6)
{
echo "Your password must be between 6 and 25 characters!";
}
else
{
//register the user

// encrypt password
$password = md5($password);
$confirmpassword = md5($confirmpassword);

$queryreg = mysql_query("

INSERT INTO user VALUES('','$fullname','$username','$password','$date')

");

die("You've successfully registered! <a href='index.php'>Click here to return to the login page!</a>");

}

}

}
else
echo "Your password does not match!";

}
else
echo "Please enter all fields!";
}
?>

<html>

<head>
<meta charset="UTF-8">
<title>My Web Page</title>
<link rel="stylesheet" href="style/style.css">
</head>
<?php include_once("templates/template_pageTop.php"); ?>
<body>
<div id="pageMiddle">
<?php echo "<h1>Sign Up</h1>"; ?>
<p>
<form action='register.php' method='POST'>
<table>
<tr>
<td>
Full Name:
</td>
<td>
<input type='text' name='fullname' value='<?php echo $fullname ?>'>
</td>
</tr>
<tr>
<td>
Username:
</td>
<td>
<input type='text' name='username' value='<?php echo $username ?>'>
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type='password' name='password'>
</td>
</tr>
<tr>
<td>
Confirm Password:
</td>
<td>
<input type='password' name='confirmpassword'>
</td>
</tr>
</table>
<p>
<input type='submit' name='submit' value='Create Account'>
</form>
</div>
<?php include_once("templates/template_pageBottom.php"); ?>
</body>
</html>

Edited February 21, 2014 by nathanvolker123

[Psycho]

I would not add a folder for each user. Just store the images in a single folder - or is different folders by type. You will want to ensure the files have a unique name - then add a reference to them in the database. As for your code - it needs some help. I see many problems. For example you are using strip_tags() on the password. Why? It will be hashed before putting into the database. By doing that you would be reducing the security. A user might enter "<mypassword>" as their password and you would be reducing their password to an empty string! Plus, what is the need to strip_tags() on any of the values? You should be using htmlentities() (or the other function to escape content for HTML) when outputting any user submitted data to the page. Besides, you would be changing the value the user entered without them knowing. If you were to change the value of the username - the user would not be able to log in! If you don't want to allow html code in the values, then make those validation errors. Never change the value without the user knowing. The one exception is to trim() values.

 

Here is a quick and dirty rewrite. I didn't test it so there may be a few typos

 

<?php

if(isset($_POST['submit']))
{
    //Create array to hold validation errors
    $errors = array();

    //Parse form data
    $fullname = trim($_POST['fullname']);
    $username = trim($_POST['username']);
    //Do NOT modify the password
    $password = $_POST['password'];
    $confirmpassword = $_POST['confirmpassword'];

    //Perform Non DB validations first
    if($fullname=='' || $username=='' || $password=='' || $confirmpassword=='')
    {
        $errors[] = "All fields are required.";
    }
    else
    {
        //Validate username content
        if (strlen($username)>25)
        {
            $errors[] = "Username cannot be longer than 25 characters.";
        }
        if ($username != strip_tags($username))
        {
            $errors[] = "Username cannot contain HTML code";
        }
        //Validate fullname content
        if (strlen($fullname)>25)
        {
            $errors[] = "Fullname cannot be longer than 25 characters.";
        }
        if ($fullname != strip_tags($fullname))
        {
            $errors[] = "Fullname cannot contain HTML code";
        }
        //Validate password content
        if (strlen($password)>25||strlen($password)<6)
        {
            $errors[] = "Your password must be between 6 and 25 characters.";
        }
        elseif($password==$confirmpassword)
        {
            $errors[] = "Your password and confiormation do not match.";
        }
    }

    //If no content errors do DB validations
    if(!count($errors))
    {
        //connect to database
        $connect = mysql_connect("XXXX", "XXXX", "XXXX");
        mysql_select_db("XXXX");
        
        //Verify username uniqueness
        $query = "SELECT username FROM user WHERE username='$username'";
        $result = mysql_query($query);
        if(!$result)
        {
            $errors[] = "Error checking username.";
        }
        elseif (mysql_num_rows($result))
        {
            $errors[] = "Username is already taken.";
        }
        else
        {
            //Attempt to register user

            // encrypt password ## You should really have a better hashing method!!!
            $passwordSQL = md5($password);

            $query = "INSERT INTO user VALUES(NULL, '$fullname', '$username', '$password', NOW())":
            $result = mysql_query($query);
            if(!$result)
            {
                $errors[] = "Error checking username.";
            }
        }
    }

    if(!count($errors))
    {
        //This should really be replaced with a redirect to a fully built confirmation page
        die("You've successfully registered! <a href='index.php'>Click here to return to the login page!</a>");
    }

    //There were errors - display them
    $errorMessage = "The following errors occured:<ul>\n";
    foreach($errors as $err)
    {
        $errorMessage .= "<li>{$err}</li>\n";
    }
    $errorMessage .= "</ul>\n";
}
?>

<html>

<head>
<meta charset="UTF-8">
<title>My Web Page</title>
<link rel="stylesheet" href="style/style.css">
</head>
<?php include_once("templates/template_pageTop.php"); ?>
<body>
<div id="pageMiddle">
<?php echo "<h1>Sign Up</h1>"; ?>
<p>
    <?php if(isset($errorMessage)) { echo $errorMessage; } ?>
    <form action='register.php' method='POST'>
    <table>
        <tr>
            <td>Full Name:</td>
            <td><input type='text' name='fullname' value='<?php if(isset($fullname) { echo $fullname; } ?>'></td>
        </tr>
        <tr>
            <td>Username:</td>
            <td><input type='text' name='username' value='<?php if(isset($username) { echo $username; } ?>'></td>
        </tr>
        <tr>
            <td>Password:</td>
            <td><input type='password' name='password'></td>
        </tr>
        <tr>
            <td>Confirm Password:</td>
            <td><input type='password' name='confirmpassword'></td>
        </tr>
    </table>
    <input type='submit' name='submit' value='Create Account'>
    </form>
</p>
</div>
<?php include_once("templates/template_pageBottom.php"); ?>
</body>
</html>

[Augury]

Well, do you have a linux?  Or a windows?

 

I personally like XFS filesystem.  I've never used quotas before but they are available.  I think the most difficult thing would be receiving and then providing the stats should something extraordinary happen.  There are kernel mods for userspace file access management but I don't know that it would help to know what you've obviously just accessed.

 

Maybe the trickiest thing would be granting users enough privileges to make a lot of transactions.  You'd could use duplicity with mysql attributes but it would be error prone.  If you can get mysql to swollow the files for you it would might be best.

 

I'd use php's ability to make systems calls and a bash script.  you would say from php something like:  MY_MKDIR arg arg arg arg. . .  Then in the script the args go: $1 $2 $3 to the commands inside of the script. (unless ive forgotten).  In that way you could do useradd $1 &&  passwd $2 && mkdir /home/$3 && chmod etcetera... ordinary userfile systems have some basic quota constraints.

 

I almost said you could use postfix.  Its nice if you intend to garbage collect alot but it takes a week to learn.

Edited February 21, 2014 by Augury

[WebStyles]

Totally agree with Psycho, he sort of beat me to it on a lot of things. I was also going to say: If you MUST add a folder for each user (it is still not a very good idea) at least add the folder with the database id and not the username (what if the user decides he wants a different username after a while?).

 

Also, you've managed to include pages you're going to use several times (like template_pageBottom.php), which is a good, but the database connection, which will probably be used more often than anything else is embedded into the code... I would create a separate file for the connection and include when necessary. (otherwise, if you need to change databases or database passwords later, you'll have to go searching through all the files instead of just one)