[SOLVED] Displaying filtered results in a table

[larry777]

Greetings!

Here's a tricky one. Below is the code of my page, I've created a page where you can upload images to a MySql database.  It has a registration and login system in place, and so this page uses a session variable $_SESSION['MM_Username'] 
After you browse, select and upload your image it is displayed in the page in a table that shows the thumbnail, file name, file type and 2 links allowing you to download or delete the file. I have a MySql database which holds the image data including the username who uploaded the image.

My task is to only display the images of the logged in user.  Please help!!!
So I think I need to do something like:

// User is retrieving a file
  $sql = "SELECT filename, mimetype, filedata
      FROM filestore WHERE username = $_SESSION['MM_Username']";





****************************************************************************
//This is the code for the entire page
****************************************************************************

<?php require_once('Connections/con1.php'); ?><?php

//initialize the session
if (!isset($_SESSION)) {
  session_start();
}

// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles
  $_SESSION['MM_Username'] = NULL;
  $_SESSION['MM_UserGroup'] = NULL;
  $_SESSION['PrevUrl'] = NULL;
  unset($_SESSION['MM_Username']);
  unset($_SESSION['MM_UserGroup']);
  unset($_SESSION['PrevUrl']);

  $logoutGoTo = "logout.php";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}


$dbcnx = @mysql_connect('localhost', 'root', 'square');
if (!$dbcnx) {
  exit('<p>Unable to connect to the ' .
      'database server at this time.</p>');
}

if (!@mysql_select_db('login')) {
  exit('<p>Unable to locate the image ' .
      'database at this time.</p>');
}

if (isset($_GET['action'])) {
  $action = $_GET['action'];
} else {
  $action = '';
}

if (($action == 'view' or $action == 'dnld') and isset($_GET['id'])) {
  $id = $_GET['id'];

  // User is retrieving a file
  $sql = "SELECT filename, mimetype, filedata
      FROM filestore WHERE id = '$id'";
  $result = @mysql_query($sql);
  if (!$result) {
    exit('Database error: ' . mysql_error());
  }
 
  $file = mysql_fetch_array($result);
  if (!$file) {
    exit('File with given ID not found in database!');
  }
   
  $filename = $file['filename'];
  $mimetype = $file['mimetype'];
  $filedata = $file['filedata'];
  $disposition = 'inline';
 
  if ($action == 'dnld') {
    $disposition = 'attachment';
    if (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE 5') or
        strpos($_SERVER['HTTP_USER_AGENT'], 'Opera 7')) {
      $mimetype = 'application/x-download';
    }
  }
 
  header("content-disposition: $disposition; filename=$filename");
  header("content-type: $mimetype");
  header('content-length: ' . strlen($filedata));
   
  echo($filedata);
  exit();
 
} elseif ($action == 'del' and isset($_GET['id'])) {
  $id = $_GET['id'];
   
  // User is deleting a file
  $sql = "DELETE FROM filestore WHERE id = '$id'";
  $ok = @mysql_query($sql);
  if (!$ok) {
    exit('Database error: ' . mysql_error());
  }

  header('location: ' . $_SERVER['PHP_SELF']);
  exit();

} elseif (isset($_FILES['upload'])) {

  // Bail out if the file isn’t really an upload.
  if (!is_uploaded_file($_FILES['upload']['tmp_name'])) {
    exit('There was no file uploaded!');
  }
  $uploadfile = $_FILES['upload']['tmp_name'];
  $uploadname = $_FILES['upload']['name'];
  $uploadtype = $_FILES['upload']['type'];
  $uploaddesc = $_POST['desc'];

  // Open file for binary reading ('rb')
  $tempfile = fopen($uploadfile, 'rb');

  // Read the entire file into memory using PHP's
  // filesize function to get the file size.
  $filedata = fread($tempfile, filesize($uploadfile));

  // Prepare for database insert by adding backslashes
  // before special characters.
  $filedata = addslashes($filedata);
 

  // Create the SQL query.

  $sql = "INSERT INTO filestore SET
      filename = '$uploadname',
      mimetype = '$uploadtype',
      description = '$uploaddesc',
      filedata = '$filedata',
      username = '".$_SESSION['MM_Username']."'";
 
 
  // Perform the insert.
  $ok = @mysql_query($sql);
  if (!$ok) {
    exit('Database error storing file: ' . mysql_error());
  }

  header('location: ' . $_SERVER['PHP_SELF']);
  exit();

}

// Default page view: lists stored files

$sql = 'SELECT id, filename, mimetype, description FROM filestore';
$filelist = @mysql_query($sql);
if (!$filelist) {
  exit('Database error: ' . mysql_error());
}
?>


<?php




//initialize the session
if (!isset($_SESSION)) {
  session_start();
}

// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles
  $_SESSION['MM_Username'] = NULL;
  $_SESSION['MM_UserGroup'] = NULL;
  $_SESSION['PrevUrl'] = NULL;
  unset($_SESSION['MM_Username']);
  unset($_SESSION['MM_UserGroup']);
  unset($_SESSION['PrevUrl']);

  $logoutGoTo = "logout.php";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}
?>

<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "visitor,admin";
$MM_donotCheckaccess = "false";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
  // For security, start by assuming the visitor is NOT authorized.
  $isValid = False;

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
  // Therefore, we know that a user is NOT logged in if that Session variable is blank.
  if (!empty($UserName)) {
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
    // Parse the strings into arrays.
    $arrUsers = Explode(",", $strUsers);
    $arrGroups = Explode(",", $strGroups);
    if (in_array($UserName, $arrUsers)) {
      $isValid = true;
    }
    // Or, you may restrict access to only certain users based on their username.
    if (in_array($UserGroup, $arrGroups)) {
      $isValid = true;
    }
    if (($strUsers == "") && false) {
      $isValid = true;
    }
  }
  return $isValid;
}

$MM_restrictGoTo = "login.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { 
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo);
  exit;
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>MyPhotoAlbum</title>
<meta http-equiv="content-type"
    content="text/html; charset=iso-8859-1" />
<link href="css/newland.css" rel="stylesheet" type="text/css" />
<style type="text/css">
<!--
.style2 {color: #FFFFFF}
.style3 {color: #FF6833}
-->
</style>
</head>
<body>

<table width="750" border="0" align="center" cellpadding="0" cellspacing="0">
  <tr>
    <td><img src="images/logo4.jpg" alt="logo" width="343" height="55" /></td>
  </tr>
  <tr>
    <td height="22" background="images/navbar3.gif"><a href="index.php">Home</a> <span class="style2">|</span> <a href="registration.php">Register</a> <span class="style2">|</span> <a href="login.php">Log in</a> <span class="style2">|</span> <a href="<?php echo $logoutAction ?>">Log out</a> <span class="style2">|</span> <a href="secret.php">Members Area</a> <span class="style2">|</span> <a href="top_secret.php">Admin Area</a></td>
  </tr>
  <tr>
    <td><table width="750" border="0" cellspacing="0" cellpadding="0">
      <tr>
        <td colspan="3"><img src="images/001spacer.gif" width="62" height="10" /></td>
        </tr>
      <tr>
        <td width="12"><img src="images/001top_left.jpg" width="12" height="31" /></td>
        <td width="725" background="images/001top1.jpg">&nbsp;</td>
        <td width="13"><img src="images/001top_right.jpg" width="12" height="31" /></td>
      </tr>
      <tr>
        <td height="127" valign="top" background="images/leftbarnew1.gif"><img src="images/001sidetop2.jpg" width="4" height="72" /></td>
        <td valign="top">



    <h5><span class="style3">Welcome <?php echo $_SESSION['MM_Username']; ?>!</span><br />
          <br />
    Image Store</h5>
    <form action="<?php echo $_SERVER['PHP_SELF']; ?>"
    method="post" enctype="multipart/form-data">
  <p><label>Upload File:<br />
    <input type="file" name="upload" /></label></p>
  <p><label>File Description:<br />
    <input type="text" name="desc" maxlength="255" /></label></p>
  <p><input type="submit" value="Upload" /></p>
</form>

<p><strong>You have the  following images stored in the database:</strong></p>
<table>
<tr>
  <th bgcolor="#9DCC32">Thumb</th>
  <th bgcolor="#9DCC32">Filename</th>
  <th bgcolor="#9DCC32">Type</th>
  <th bgcolor="#9DCC32">Description</th>
</tr>
<?php

if (mysql_num_rows($filelist) > 0) {
  while ($f = mysql_fetch_array($filelist)) {
    ?>





<tr valign="top">
<td bgcolor="#9CC938"><a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=view&id=<?php echo $f['id']; ?>" target="_blank"><img src="<?php echo $_SERVER['PHP_SELF']; ?>?action=dnld&id=<?php echo $f['id']; ?>"  width="70" height="5%"/></a>
</td>
  <td bgcolor="#9CC938">
    <a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=view&id=<?php echo $f['id']; ?>" target="_blank">
      <?php echo $f['filename']; ?></a>  </td>
  <td bgcolor="#9CC938"><?php echo $f['mimetype']; ?></td>
  <td bgcolor="#9CC938"><?php echo $f['description']; ?></td>
  <td bgcolor="#9CC938">
    [<a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=dnld&id=<?php echo $f['id']; ?>"
      >Download</a> |
    <a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=del&id=<?php echo $f['id']; ?>"
      onclick="return confirm('Delete this file?');"
      >Delete</a>]  </td>
</tr>








    <?php
  }
} else {
  ?>
  <tr><td colspan="3">No Files!</td></tr>
  <?php
}
?>
</table>



<p>&nbsp;</p>
        <p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p></td>
        <td align="right" valign="top" background="images/rightbarnew3.gif">&nbsp;</td>
      </tr>

      <tr>
        <td valign="top"><img src="images/001btm_left.jpg" width="12" height="12" /></td>
        <td background="images/001btm_bar.jpg">&nbsp;</td>
        <td valign="top"><img src="images/001btm_right.jpg" width="12" height="12" /></td>
      </tr>
    </table>
      <p><img src="images/btmbar.gif" alt="bottom of page" width="750" height="14" /></p>
    <p>&nbsp;</p>
    </td>
  </tr>
</table>

</body>
</html>
<?php
mysql_free_result($PicsTable);
?>

[otuatail]

I would have a login table and supply a unique UserID number, but the amount of code here is too large. Just the sections that are relivent would do.

Desmond.