Uploading a file to a users directory

[Nelalen]

The code works but it puts the files into /uploadir/. The users directories go by their email addresses ($email). 

 

Using the error reporting it tells me:

 

! ) Notice: Undefined variable: email in /var/www/html/Lab5/uploadfile.php on line 10 Call Stack # Time Memory Function Location 1 0.0010 129288 {main}( ) ../uploadfile.php:0

 

Any help is much appreciated!!

 

<?php
error_reporting(E_ALL | E_NOTICE);
ini_set('display_errors','1');
session_start();




if ($_COOKIE["auth"] == "1") {
  


$file_dir = "/var/www/html/uploaddir/$email";


foreach($_FILES as $file_name => $file_array) {
echo "path: ".$file_array["tmp_name"]."<br/>\n";
echo "name: ".$file_array["name"]."<br/>\n";
echo "type: ".$file_array["type"]."<br/>\n";
echo "size: ".$file_array["size"]."<br/>\n";


if (is_uploaded_file($file_array["tmp_name"])) {
move_uploaded_file($file_array["tmp_name"], "$file_dir/".$file_array["name"]) or die ("Couldn't copy");
echo "File was moved!<br/>";
}
  }
  


} else {
      //redirect back to login form if not authorized
header("Location: userlogin.html");
exit;
}
?>

Edited October 23, 2014 by Ch0cu3r

[ginerjm]

So?  Define $email.

 

Next time - please post your code properly.  And when you have a line you want looked at - POINT IT OUT!

[cyberRobot]

please post your code properly

 

@Nelalen - Just to clarify, you can surround your code with

when posting. This makes your code and post easier to follow. 

 

 

Also, as ginerjm suggested, where is $email supposed to come from for this line:

$file_dir = "/var/www/html/uploaddir/$email";

If the information is stored in a COOKIE or SESSION variable, you'll need to assign it to $email for the code to work.

[Nelalen]

Sorry, wasn't sure how to do it and was getting ready for bed. We created a form previously to create a new user where they can input their email as well as some other information. I then used something like

mkdir(var/www/html/$email,0733)

to create their directory and figured I should be able to use that again on this page. I tried defining it like this:

$email = (filter_input(_POST["email"]));

previously but it would break the page. Where should I be defining $email? and if I used the post method on the form it should be stored as POST correct? I'm a little confused as to how I can retrieve the variable from the form. When I put in the query to the server I had to make it lowercase

$targetemail = strtolower($email);

Do I need to use this as the email from the form may not be written in lowercase? 

[Psycho]

 

Sorry, wasn't sure how to do it and was getting ready for bed. We created a form previously to create a new user where they can input their email as well as some other information. I then used something like

mkdir(var/www/html/$email,0733)

to create their directory and figured I should be able to use that again on this page. I tried defining it like this:

$email = (filter_input(_POST["email"]));

previously but it would break the page. Where should I be defining $email? and if I used the post method on the form it should be stored as POST correct? I'm a little confused as to how I can retrieve the variable from the form. When I put in the query to the server I had to make it lowercase

$targetemail = strtolower($email);

Do I need to use this as the email from the form may not be written in lowercase? 

 

 

Let's back up a second. When a user signs up you need them to provide their email address. You are apparently doing this through a form submission and the code receives the submitted value via $_POST['email']. You then use that to create a folder. OK, great.

 

But, after the user has created their account you should not have to prompt them for their email address in the future. Well, unless you provide a way for them to change it. Since you allow them to "sign up" you should have some sort of login system to know who they are when they are on your site. You should then get their email address where you have stored their account info (would assume a database).

[Nelalen]

Sorry, yes I just thought of the login script where I require the email as input. It matches it to an existing entry into the database. I'm guessing I need to query the database to assign the email? Apologies if I seem like a bit of an idiot...I've only been learning programming this first semester. Very little prior experience..

 

Here's the login script:

<?php
 
//check for required fields from the form
if ((!filter_input(INPUT_POST, 'email'))
        || (!filter_input(INPUT_POST, 'password'))) {
//if ((!isset($_POST["username"])) || (!isset($_POST["password"]))) {
header("Location: userlogin.html");
exit;
}
 
 
 
//connect to server and select database
$mysqli = mysqli_connect("localhost", "cs213user", "letmein", "testDB");
 
//create and issue the query
$targetname = filter_input(INPUT_POST, 'email');
$targetpasswd = filter_input(INPUT_POST, 'password');
$sql = "SELECT firstname, lastname FROM members WHERE email = '".$targetname.
        "' AND password = PASSWORD('".$targetpasswd."')";
 
$result = mysqli_query($mysqli, $sql) or die(mysqli_error($mysqli));
 
//get the number of rows in the result set; should be 1 if a match
if (mysqli_num_rows($result) == 1) {
 
//if authorized, get the values of firstname lastname
while ($info = mysqli_fetch_array($result)) {
$firstname = stripslashes($info['firstname']);
$lastname = stripslashes($info['lastname']);
}
 
//set authorization cookie
setcookie("auth", "1", time()+60*30, "/", "", 0);
 
//create display string
$display_block = "
<p>".$firstname." ".$lastname." is authorized!</p>
<p>Authorized Users' Menu:</p>
<ul>
<li><a href=\"secretpage.php\">Lottery Ticket Selection</a></li>
        <li><a href=\"fileupload.html\">Upload A File</a></li>
</ul>";
} else {
//redirect back to login form if not authorized
//header("Location: userlogin.html");
//exit;
    echo "wrongone";
}
?>
<html>
<head>
<title>User Login</title>
</head>
<body>
<?php echo "$display_block"; ?>
</body>
</html>

 

And the html form:

<html>
<head>
<title>User Login Form</title>
</head>
<body>
<h1>Login Form</h1>
<form method="post" action="userlogin.php">
<p><strong>Email:</strong><br/>
<input type="text" name="email"/></p>
<p><strong>Password:</strong><br/>
<input type="password" name="password"/></p>
<p><input type="submit" name="submit" value="login"/></p>
</form>
 
<h1> Don't have an account?</h1>
<a href ='applyaccount.php'>Click here!</a>
</body>
</html>

 

[Psycho]

O'm not going to read through all your code.

 

Once a user logs in you need to store something into the session so you know they are logged in as they navigate from page to page. At a minimum, you would store something such as the userID. You can use that to query the database whenever you need additional data about the user. But, you can store any other data about the user into the session when they log in (taking care not to store sensitive information). Then you can get that data directly from the session array rather than having to query the database.

 

But, it looks like you are using a cookie for this. That is completely wrong. Anyone could simply create a cookie and make it seem as if they are logged in!

 

When the user logs in, simply save a session value such as

 

//set authorization cookie
//setcookie("auth", "1", time()+60*30, "/", "", 0); //DON'T USE THIS!
$session['userid'] = $targetname; //Set user ID to the email sent for login

 

Now, on your pages that check to see if the user is logged in, just check that $session['userid'] has a value. And, you can now use that in the code to determine where to save a file that the user uploads.

 

To be honest, there are a lot of problems in your code, but now is not the right place to go over everything. I understand you are still learning.