Uploading PDF

[RidgeandGable]

Hi Guys

 

I run a small roofing company and have been asked by many customers to be able to view / print / save Invoices & Estimates online rather than post etc.

I host my own private site using IIS 7, with PHP and MySQL installed and setup properly, I also have a hosted domain from 1and1

What I would like is:

Login Area (I can do this using the MySQL for the database)

Once the user logs in, I want them to be directed to their "own" page with links to Their Own Invoices, Estimates and PIctures

I would like an option somewhere for them to upload pictures into their own folder so if anything happens to their roof, they can simply log onto their account upload the pic of the damage and I can see it. and vice versa

Can someone help me out a little?

All I have so far is the Login page
 

[ginerjm]

Create a naming convention using the userid (or some token) for all your docs and store them with that token as a prefix to the name.  Use a tree of folders that divides them into the various types of files you will expect to host and display.  Then when user logs in use their id (or token) and pull together all the files in all those folders using that id as a search argument.  Build your user's web page using these items. 

 

Fancy touches - make thumbnails for the initial user page display with links around them to take them to a full-size image. 

 

I'm sure you can find several good examples file uploading to use - just be sure to get a decent, modern one using adequate security precautions.

[RidgeandGable]

Wow thanks for the quick reply. Your reply sounds good. I understand very basic PHP and HTML as I've been playing around with it for years but have never actually used it for something like this.

I have Dreamweaver 2004 and Mysql, I have been able to create dynamic content to play around with and can get the info from the DB by using a "username" but not 100% sure how to implement all that into a single page privately for the user.

Do you have time to spare over the next few weeks etc to sort of walk through this?

[RidgeandGable]

Forgot to mention, I was thinking of using "User Cakes" for the entire login / logout

[ginerjm]

You will not be writing 'private user pages'.  You will be writing a set page that handles a specific user by getting his id and using it to pull together the 'dynamic' data and then outputs that in a web page containing static things like appl name and button options as well as the php-built divs (?) containing each set of docs that the user owns.  One page - many users.

 

"over the next few weeks"?  I know you are a noob but this really is not that complex.  Get familiar with how to create sql tables and then read up on using pdo as your db interface (do not use MySQL_* functions.  Check the manual to see why).  Be sure to use prepared queries!!   Write your file upload page - a good start actually - and do it safely.  Get some opinions after you have it working.  Then use the glob() function to take the userid and seek all the files for him/her and create the needed html for each result and then output it all.

 

Do not get in the habit of mixing tons of html with php code.  The beauty of php is that you can use code to get those filenames and build a chunk of html into a single php var.  Then you simply place that var inside your main html ( function perhaps?) so that when you output all your html (headers, names, backgrounds, etc.) you will also output the contents of that var (or vars).  Too many beginners like to mingle html and php results and more html, and repeat.  Not good practice and hell on reading and understanding it later.

 

Of course I have the time - I'm retired!

[RidgeandGable]

ok lol Thanks, So I've not to use Mysql but Sql Instead? Should I remove mysql from IIS and install SQL then?

[ginerjm]

HUH?  I didn't say to dump your db - I said to not use the MySQL_* functions of php.

[RidgeandGable]

ah ok now I see what you meant. I found a guide to help me a little, Its for creating a Auth Login with Dreamweaver MX and passes the Username to a redirect page which I think is what you were talking about with passing tokens? I'll try and follow that guide tonight and see if I can get that working

[ginerjm]

My use of the word token was simply to indicate "some piece of data".  Perhaps you don't (or shouldn't) use the userid as the identifier, but some other 'code' that you create for each user and maybe store in the db where the login credentials are stored.  The token that DW passes may not be the thing in this case, altho I don't know anything about dw other than it makes things tricky for newbies doing their first projects I've been told.

[RidgeandGable]

I have sage accounts and all my customers are given a Customer Accounts number which is First & Last Inital + 4 Digits, perhaps that would be a better ID to pass?

I've used dreamweaver for years to build sites, I don't know anything else lol?

[ginerjm]

Yes that works as long as you are comfortable with the possible exposure of that value. 

 

As I said I've never seen DW.  A couple friends who have used it though and who are new to this whole environment do use it and in our conversations the concepts they are dealing with are just so foreign to me that we tend to have difficulty communicating.  My impression is that DW has a way of arranging things and doesn't let you freely determine where things go and how projects/folders are organized on your site.  I'm used to having complete control over my site (and I do use 'control') and not having an IDE tell me where to put things.

[RidgeandGable]

Hi

I'm really struggling here. I managed to get User Cakes installed and working 100%, so now I have a full login page for the customers, but they all land on a generic page that isn't unique.

I tried messing with dreamweaver and create my own Login with Auth and starting a user variable in the form off MM_Username and when the cmr logs in it lands on a generic page but a filtered recoredset but everytime I run it, it shows nothing but the table headers and outlines no data, but if I click on Test within DW it works.

[ginerjm]

Whatever page any login process lands you on can easily be customized if you just have the user id that just logged in.  If it's your login page then you can easily pass the user id thru a session var and then use it to customize your 'real' page.

[RidgeandGable]

Yeah thats what I tried to do but it fails. I created a log in page and started session to catch the Username, created a recordset with filter on Username on the private.php page and once logged in it re-directs to private.php showing all the info for that username in the recordset but it always returns blank. Not sure if the sessions is working

Heres the code for the Login page

<?php require_once('Connections/new.php'); ?>
<?php
session_start();



$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
  $GLOBALS['PrevUrl'] = $accesscheck;
  session_register('PrevUrl');
}

if (isset($_POST['Username'])) {
  $loginUsername=$_POST['Username'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "private.php";
  $MM_redirectLoginFailed = "failed.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_new, $new);
  
  $LoginRS__query=sprintf("SELECT username, password FROM users WHERE username='%s' AND password='%s'",
    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 
   
  $LoginRS = mysql_query($LoginRS__query, $new) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
    
    //declare two session variables and assign them
    $GLOBALS['MM_Username'] = $loginUsername;
    $GLOBALS['MM_UserGroup'] = $loginStrGroup;	      

    //register the session variables
    session_register("MM_Username");
    session_register("MM_UserGroup");

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>

<body>
<form action="<?php echo $loginFormAction; ?>" method="POST" name="Login" id="Login">
  <p>Username: 
    <input name="Username" type="text" id="Username">
    <br>
  Password: 
  <input name="password" type="text" id="password">
</p>
  <p>
    <input type="submit" name="Submit" value="Submit">
</p>
</form>
</body>
</html>

[RidgeandGable]

and the code for Private.php

Forgot to say, IIS 7.5 with PHP 5.3 & Mysql

 

<?php require_once('Connections/new.php'); ?>
<?php
session_start();
$maxRows_Recordset1 = 10;
$pageNum_Recordset1 = 0;
if (isset($_GET['pageNum_Recordset1'])) {
  $pageNum_Recordset1 = $_GET['pageNum_Recordset1'];
}
$startRow_Recordset1 = $pageNum_Recordset1 * $maxRows_Recordset1;

$colname_Recordset1 = "1";
if (isset($_SESSION['MM_username'])) {
  $colname_Recordset1 = (get_magic_quotes_gpc()) ? $_SESSION['MM_username'] : addslashes($_SESSION['MM_username']);
}
mysql_select_db($database_new, $new);
$query_Recordset1 = sprintf("SELECT * FROM users WHERE username = '%s'", $colname_Recordset1);
$query_limit_Recordset1 = sprintf("%s LIMIT %d, %d", $query_Recordset1, $startRow_Recordset1, $maxRows_Recordset1);
$Recordset1 = mysql_query($query_limit_Recordset1, $new) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);

if (isset($_GET['totalRows_Recordset1'])) {
  $totalRows_Recordset1 = $_GET['totalRows_Recordset1'];
} else {
  $all_Recordset1 = mysql_query($query_Recordset1);
  $totalRows_Recordset1 = mysql_num_rows($all_Recordset1);
}
$totalPages_Recordset1 = ceil($totalRows_Recordset1/$maxRows_Recordset1)-1;
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>

<body>
<form name="form1" method="get" action="">
  <table border="1">
    <tr>
      <td>userid</td>
      <td>cmrid</td>
      <td>username</td>
      <td>password</td>
    </tr>
    <?php do { ?>
    <tr>
      <td><?php echo $row_Recordset1['userid']; ?></td>
      <td><?php echo $row_Recordset1['cmrid']; ?></td>
      <td><?php echo $row_Recordset1['username']; ?></td>
      <td><?php echo $row_Recordset1['password']; ?></td>
    </tr>
    <?php } while ($row_Recordset1 = mysql_fetch_assoc($Recordset1)); ?>
  </table>
</form>
</body>
</html>
<?php
mysql_free_result($Recordset1);
?>

Edited August 18, 2014 by RidgeandGable

[ginerjm]

Turn on error checking at the top of your php code.  BTW - you only need to turn on php once until you no longer need it.  Turning it on for one line, turning it off , and then turning it on for the next line is just so silly.

 

 

error_reporting(E_ALL | E_NOTICE);
ini_set('display_errors', '1');

 

This will show you your errors, of which I think you have several, hence the blank page.

[RidgeandGable]

Hi thanks for that

Here is what the error shows

 

Notice: Undefined index: MM_username in C:\inetpub\wwwroot\private.php on line 46

[ginerjm]

Pretty explicit message.  Handle it.