Jump to content

[SOLVED] Displaying filtered results in a table

larry777

By larry777
in PHP Coding Help

 Share

Recommended Posts

larry777 Newbie

larry777

Posted
Posted
Greetings!

Here's a tricky one. Below is the code of my page, I've created a page where you can upload images to a MySql database.  It has a registration and login system in place, and so this page uses a session variable $_SESSION['MM_Username'] 
After you browse, select and upload your image it is displayed in the page in a table that shows the thumbnail, file name, file type and 2 links allowing you to download or delete the file. I have a MySql database which holds the image data including the username who uploaded the image.

My task is to only display the images of the logged in user.  Please help!!!
So I think I need to do something like:

// User is retrieving a file
  $sql = "SELECT filename, mimetype, filedata
      FROM filestore WHERE username = $_SESSION['MM_Username']";





****************************************************************************
//This is the code for the entire page
****************************************************************************

<?php require_once('Connections/con1.php'); ?><?php

//initialize the session
if (!isset($_SESSION)) {
  session_start();
}

// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles
  $_SESSION['MM_Username'] = NULL;
  $_SESSION['MM_UserGroup'] = NULL;
  $_SESSION['PrevUrl'] = NULL;
  unset($_SESSION['MM_Username']);
  unset($_SESSION['MM_UserGroup']);
  unset($_SESSION['PrevUrl']);

  $logoutGoTo = "logout.php";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}


$dbcnx = @mysql_connect('localhost', 'root', 'square');
if (!$dbcnx) {
  exit('<p>Unable to connect to the ' .
      'database server at this time.</p>');
}

if (!@mysql_select_db('login')) {
  exit('<p>Unable to locate the image ' .
      'database at this time.</p>');
}

if (isset($_GET['action'])) {
  $action = $_GET['action'];
} else {
  $action = '';
}

if (($action == 'view' or $action == 'dnld') and isset($_GET['id'])) {
  $id = $_GET['id'];

  // User is retrieving a file
  $sql = "SELECT filename, mimetype, filedata
      FROM filestore WHERE id = '$id'";
  $result = @mysql_query($sql);
  if (!$result) {
    exit('Database error: ' . mysql_error());
  }
 
  $file = mysql_fetch_array($result);
  if (!$file) {
    exit('File with given ID not found in database!');
  }
   
  $filename = $file['filename'];
  $mimetype = $file['mimetype'];
  $filedata = $file['filedata'];
  $disposition = 'inline';
 
  if ($action == 'dnld') {
    $disposition = 'attachment';
    if (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE 5') or
        strpos($_SERVER['HTTP_USER_AGENT'], 'Opera 7')) {
      $mimetype = 'application/x-download';
    }
  }
 
  header("content-disposition: $disposition; filename=$filename");
  header("content-type: $mimetype");
  header('content-length: ' . strlen($filedata));
   
  echo($filedata);
  exit();
 
} elseif ($action == 'del' and isset($_GET['id'])) {
  $id = $_GET['id'];
   
  // User is deleting a file
  $sql = "DELETE FROM filestore WHERE id = '$id'";
  $ok = @mysql_query($sql);
  if (!$ok) {
    exit('Database error: ' . mysql_error());
  }

  header('location: ' . $_SERVER['PHP_SELF']);
  exit();

} elseif (isset($_FILES['upload'])) {

  // Bail out if the file isn’t really an upload.
  if (!is_uploaded_file($_FILES['upload']['tmp_name'])) {
    exit('There was no file uploaded!');
  }
  $uploadfile = $_FILES['upload']['tmp_name'];
  $uploadname = $_FILES['upload']['name'];
  $uploadtype = $_FILES['upload']['type'];
  $uploaddesc = $_POST['desc'];

  // Open file for binary reading ('rb')
  $tempfile = fopen($uploadfile, 'rb');

  // Read the entire file into memory using PHP's
  // filesize function to get the file size.
  $filedata = fread($tempfile, filesize($uploadfile));

  // Prepare for database insert by adding backslashes
  // before special characters.
  $filedata = addslashes($filedata);
 

  // Create the SQL query.

  $sql = "INSERT INTO filestore SET
      filename = '$uploadname',
      mimetype = '$uploadtype',
      description = '$uploaddesc',
      filedata = '$filedata',
      username = '".$_SESSION['MM_Username']."'";
 
 
  // Perform the insert.
  $ok = @mysql_query($sql);
  if (!$ok) {
    exit('Database error storing file: ' . mysql_error());
  }

  header('location: ' . $_SERVER['PHP_SELF']);
  exit();

}

// Default page view: lists stored files

$sql = 'SELECT id, filename, mimetype, description FROM filestore';
$filelist = @mysql_query($sql);
if (!$filelist) {
  exit('Database error: ' . mysql_error());
}
?>


<?php




//initialize the session
if (!isset($_SESSION)) {
  session_start();
}

// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles
  $_SESSION['MM_Username'] = NULL;
  $_SESSION['MM_UserGroup'] = NULL;
  $_SESSION['PrevUrl'] = NULL;
  unset($_SESSION['MM_Username']);
  unset($_SESSION['MM_UserGroup']);
  unset($_SESSION['PrevUrl']);

  $logoutGoTo = "logout.php";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}
?>

<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "visitor,admin";
$MM_donotCheckaccess = "false";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
  // For security, start by assuming the visitor is NOT authorized.
  $isValid = False;

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
  // Therefore, we know that a user is NOT logged in if that Session variable is blank.
  if (!empty($UserName)) {
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
    // Parse the strings into arrays.
    $arrUsers = Explode(",", $strUsers);
    $arrGroups = Explode(",", $strGroups);
    if (in_array($UserName, $arrUsers)) {
      $isValid = true;
    }
    // Or, you may restrict access to only certain users based on their username.
    if (in_array($UserGroup, $arrGroups)) {
      $isValid = true;
    }
    if (($strUsers == "") && false) {
      $isValid = true;
    }
  }
  return $isValid;
}

$MM_restrictGoTo = "login.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { 
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo);
  exit;
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>MyPhotoAlbum</title>
<meta http-equiv="content-type"
    content="text/html; charset=iso-8859-1" />
<link href="css/newland.css" rel="stylesheet" type="text/css" />
<style type="text/css">
<!--
.style2 {color: #FFFFFF}
.style3 {color: #FF6833}
-->
</style>
</head>
<body>

<table width="750" border="0" align="center" cellpadding="0" cellspacing="0">
  <tr>
    <td><img src="images/logo4.jpg" alt="logo" width="343" height="55" /></td>
  </tr>
  <tr>
    <td height="22" background="images/navbar3.gif"><a href="index.php">Home</a> <span class="style2">|</span> <a href="registration.php">Register</a> <span class="style2">|</span> <a href="login.php">Log in</a> <span class="style2">|</span> <a href="<?php echo $logoutAction ?>">Log out</a> <span class="style2">|</span> <a href="secret.php">Members Area</a> <span class="style2">|</span> <a href="top_secret.php">Admin Area</a></td>
  </tr>
  <tr>
    <td><table width="750" border="0" cellspacing="0" cellpadding="0">
      <tr>
        <td colspan="3"><img src="images/001spacer.gif" width="62" height="10" /></td>
        </tr>
      <tr>
        <td width="12"><img src="images/001top_left.jpg" width="12" height="31" /></td>
        <td width="725" background="images/001top1.jpg">&nbsp;</td>
        <td width="13"><img src="images/001top_right.jpg" width="12" height="31" /></td>
      </tr>
      <tr>
        <td height="127" valign="top" background="images/leftbarnew1.gif"><img src="images/001sidetop2.jpg" width="4" height="72" /></td>
        <td valign="top">



    <h5><span class="style3">Welcome <?php echo $_SESSION['MM_Username']; ?>!</span><br />
          <br />
    Image Store</h5>
    <form action="<?php echo $_SERVER['PHP_SELF']; ?>"
    method="post" enctype="multipart/form-data">
  <p><label>Upload File:<br />
    <input type="file" name="upload" /></label></p>
  <p><label>File Description:<br />
    <input type="text" name="desc" maxlength="255" /></label></p>
  <p><input type="submit" value="Upload" /></p>
</form>

<p><strong>You have the  following images stored in the database:</strong></p>
<table>
<tr>
  <th bgcolor="#9DCC32">Thumb</th>
  <th bgcolor="#9DCC32">Filename</th>
  <th bgcolor="#9DCC32">Type</th>
  <th bgcolor="#9DCC32">Description</th>
</tr>
<?php

if (mysql_num_rows($filelist) > 0) {
  while ($f = mysql_fetch_array($filelist)) {
    ?>





<tr valign="top">
<td bgcolor="#9CC938"><a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=view&id=<?php echo $f['id']; ?>" target="_blank"><img src="<?php echo $_SERVER['PHP_SELF']; ?>?action=dnld&id=<?php echo $f['id']; ?>"  width="70" height="5%"/></a>
</td>
  <td bgcolor="#9CC938">
    <a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=view&id=<?php echo $f['id']; ?>" target="_blank">
      <?php echo $f['filename']; ?></a>  </td>
  <td bgcolor="#9CC938"><?php echo $f['mimetype']; ?></td>
  <td bgcolor="#9CC938"><?php echo $f['description']; ?></td>
  <td bgcolor="#9CC938">
    [<a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=dnld&id=<?php echo $f['id']; ?>"
      >Download</a> |
    <a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=del&id=<?php echo $f['id']; ?>"
      onclick="return confirm('Delete this file?');"
      >Delete</a>]  </td>
</tr>








    <?php
  }
} else {
  ?>
  <tr><td colspan="3">No Files!</td></tr>
  <?php
}
?>
</table>



<p>&nbsp;</p>
        <p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p></td>
        <td align="right" valign="top" background="images/rightbarnew3.gif">&nbsp;</td>
      </tr>

      <tr>
        <td valign="top"><img src="images/001btm_left.jpg" width="12" height="12" /></td>
        <td background="images/001btm_bar.jpg">&nbsp;</td>
        <td valign="top"><img src="images/001btm_right.jpg" width="12" height="12" /></td>
      </tr>
    </table>
      <p><img src="images/btmbar.gif" alt="bottom of page" width="750" height="14" /></p>
    <p>&nbsp;</p>
    </td>
  </tr>
</table>

</body>
</html>
<?php
mysql_free_result($PicsTable);
?>
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.