Javrixx

Well I got the second issue fixed, but I'm still working on the first issue.  I think I'm close to getting it solved but not yet.  :(  Any other suggestions or help is much appreciated.  I've got the user's id and I think my count code is correct, but I need to define it as a variable so I can later use it in a page and I guess I'm not doing it right because all of the things I have tried aren't working.  Any help is much appreciated. [code=php:0] $sql = 'SELECT * FROM '.$mysql['prefix'].'users WHERE username="'.$_SESSION['username'].'"'; if(!$result = mysql_query($sql)) { die('The following MySQL query failed. User data could not be retrieved. '.$sql); } // assign the user info to variables while (($row = mysql_fetch_array($result)) != false) { $user_folder = $row['user_folder']; $id = $row['id']; } $sql2 = "SELECT count(*) FROM results WHERE id=$id"; [/code]

I did get this working yesterday, thanks for all your help.  Below is the code I am using for it to work: [code=php:0] if($userid != 1) {     header('Location: ../../support/');     exit; } ?>

[quote author=roopurt18 link=topic=110614.msg448181#msg448181 date=1160159498] Are you familiar with joins on MySQL tables? [/quote] Not at all, sorry.  :(

I guess that's a good point.  I'll move the folder to the users table.

[quote author=roopurt18 link=topic=110614.msg447427#msg447427 date=1160074818] 2) In the results table, does the folder column have the same value for a user in all of that user's rows?  I.E. if Steve's folder is "steve," does every row in the results table have the value "steve" where the user is also steve?  Or is it possible that Steve's results are stored in multiple, different folders? [/quote] Thank you so much for the response, I won't have time to try your suggestion until tomorrow or really late today, but it looks good, exactly what I was looking for. Ok I'll try to explain this the best I can, but it might be complicated.  So in table "users" steve is unique, his id is let's say 8.  In the "results" table, the way I link it to the user is by their id.  The "results" table has the following columns: id, folder, date completed, and file.  So if user steve, or user 8, has 3 results, I would make something like: id      |      folder        |    date        |    file 8      |  stevefolder/    |  10/03/06    |  filename.xls 8      |  stevefolder/    |  10/04/06    |  filename2.xls 8      |  stevefolder/    |  10/05/06    |  filename3.xls The id and folder will always be the same.  So what I need is when steve logs in with his username, I need to be able to pull his id, which is 8, and then use that to pull the folder location from the results table by his id. Basically I need a link on the page that will change for every user that points to that folder.  I really hope this makes sense and I'm not being confusing.  Thanks again for the help.

Ok, all I need to is perform what sounds like a simple command, but maybe it's the way it is setup that is making it hard for me. I have 5 tables in my database.  The only two relevant tables for this is the "users" table and the "results" table.  The users table holds all information, id, username, password, etc.  Results is where the actual information for what I am doing is kept.  Filenames, foldernames, etc. So there are 2 things I need to do... 1) On one page I need to display how many results someone has.  The way I have set this up is each user has an id, say user 50.  Then in the results, I create a new row with that users information, in the results there is also a user field.  So say user 50 has 5 results or files, each one is entered with 50 in the user field.  All I need to do on this page is say "Welcome <name>, you have <XX> amounts of results ready to view/download."  I already have the <name> part working, I only need the XX amounts to work. So I need a code snippet to insert into this page that will check the results table for how many in that table under users is equal to 50.  Hopefully this makes sense, and I've tried tons of stuff and I just cannot get it to work. 2) Kind of similar but much simpler.  On this page, I need to have a link to a user's folder.  Each user is assigned a folder according to their userid.  The folder is in the "results" table.  When on this page they are already logged in, so all I need to do is pull the userid with whatever user they are logged into... So say user "steve" is logged in and he is user 8.  He logs in with his information, on this page I need it to be dynamic (everyone views this page, but I need the link to their specific folder to be different).  So I need it first identify what the user id is from the "users" table.  Then I need to find that user id in the "results" table.  In the results table is a column called "folder".  I need it to dynamically put that folder information into the page. I hope someone can help, I know this is pretty basic stuff.  I'm using templates for both pages, so I need to do all of that above and then define it as a variable and use it, which that part I know how to do. Any help is MUCH appreciated.

So I'm building the second part of this project I'm doing for work.  I've learned TONS of php to do this, but I don't know if I'm overthinking or what about this problem. Basically, I've made certain folders for users.  Each user gets a folder.  I need to make it so if the user's ID doesn't equal to X, they are given a message or are redirected.  And if the user's ID is equal to X, they are shown the rest of the page.  I've tried like a million little scripts but none work, any experts know how to do this right off the bat? Here is the INCOMPLETE .php file I am using. (Note that the user must already be logged in at this point to even get this far) results.php [code=php:0] <?php require('../../db_config.php'); require('../../global.php'); db_connect($mysql['username'],$mysql['password'],$mysql['database'],$mysql['host']); $config = get_config($mysql['prefix']); debug_mode($config['debug_mode']); require('../auth.inc.php'); require('../../lib/MiniTemplator.class.php'); $template = new MiniTemplator; $templatedir = '../../templates/'; if(isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['verify'])) { remove_user($_SESSION['username'],$mysql['prefix']); generate_htpasswd($mysql['prefix']); session_destroy(); redirect('../../index.php'); } $sql= 'SELECT * FROM '.$mysql['prefix'].'users WHERE username="'.$_SESSION['username'].'"'; if(!$result = mysql_query($sql)) { die('The following MySQL query failed. User data could not be retrieved. '.$sql); } while (($row = mysql_fetch_array($result)) != false) { $firstname = $row['firstname']; } $template->readFileIntoString($templatedir."results_overall_header.html",$header); $template->readFileIntoString($templatedir."results_results.html",$main); $template->readFileIntoString($templatedir."results_overall_footer.html",$footer); $template->setTemplateString($header . $main . $footer); $template->setVariable("firstname",$firstname); $template->setVariable("code",$javascript); $template->addBlock("code"); $template->addBlock("javascript"); $template->setVariable("footer",show_user_footer($software_signature)); $template->setVariable("pagename","My Account"); $template->generateOutput(); ?> [/code]

*bump*

Ok so I'm almost to the point where I need to implement this. I think I'm down to 2 options... 1) Use the users ID and make a random folder, stores the files in it... for example, say user123 logsin and wants to see their files.  On the database, they're userid is say... 555.  So I make a new folder in the userfiles folder, starting with the user ID and then some random stuff after that: 555fdjf78nab5jk6diap227yu46/file1afd87b93bfi3a.xls So the path to download that would be http://www.mysite.com/userfiles/555fdjf78nab5jk6diap227yu46/file1afd87b93bfi3a.xls It will be easy for me to find, because the user ID is still the first part of the directory, as would be the file name that they need, but the rest is so random people would PROBABLY never find the full path for that file...  Am I right about this? 2) Someone had mentioned to me that I can store the files on the server, but not public.  When the user logins in, I would make a php script to create a random temporary folder and move the needed files for that user to the new temporary folder.  After the user logs out the temporary folder is deleted, thus the user's files are never really public, only for a short time when that user is logged in and needs the files. Now, my big issue with this is, I lack the knowledge to set something up like this that is so complicated.  I haven't looked for any tutorials, but that it is pretty specific and don't know if I'll be able to find something.  I'm about 2 weeks away from having to really set this up so ANY feedback on this is highly appreciated.

Ok I will try that.  I'm not really up to that stage yet, but I will be within the week.  Do you by chance know what script that is or where to get it?

Thanks for the responses guys. Ok so I can do either one of those, but what if someone finds the users directory or finds the directory with all the users in it. I just don't want someone to be able to find out the download path and download files, I need it to be secure so only those people can download the files.  Even if I only list it for one particular user, anyone who KNOWS what that user directory is could still download it.  For example: http://www.mydomain.com/users/useridrandom1234/file1.xls So say someone goes to http://www.mydomain.com/users They can then see the directory, then it's just a matter of trial and error before they could possibly find the files. I know the chances are unlikely, but we're talking about pretty secure information about people and I need it to be protected.

*** UPDATE ON MY LAST POST, PLEASE READ THAT AFTER READING THIS FIRST POST, THANK YOU *** Hi, I'm really new to PHP.  Basically I'm setting up a few things for my work.  I'm adding a feature that lets clients login and view certain .xls files and what not.  It will be their results that our company provides for them... So I've almost got the login part of it done, I don't think I'll have too hard of a time getting the rest setup, but now that I'm thinking about it, I think I have a problem. Client A needs to access his .xls files. Client B needs to do the same thing. All the files are stored in, let's say, /clientfiles directory. I need to make it so only Client A can access his files and no one else's files. Maybe I can make it a bit clearer.  Client A logs in with the username and password I provide him (he can change his pass).  On the next page it says welcome so and so and you have X amount of results ready for download.  I was thinking I was just going to generate the link using php according to what the filename is in the mySQL database.  So anyway, he clicks the link that lists all the results .xls files to download... Let's say they're all stored at http://www.mydomain.com/clientfiles.  So he has 3 files listed there: http://www.mydomain.com/clientfiles/file1.xls http://www.mydomain.com/clientfiles/file2.xls http://www.mydomain.com/clientfiles/file3.xls Now, what is to stop him, and anyone else to just going to http://www.mydomain.com/clientfiles/ and seeing all the files in that directory and being able to download them?  Is there a way I can fix this so only the logged in client can access only those files?  Or am I going to have to do something totally different as a solution? Any help is much appreciated.  I really don't know too much about PHP, so far I've been using tutorials and using "trial and error" changing the code here and there to suit my needs.  I do know HTML like the back of my hand, so I do understand the basics and how PHP functions, I just don't know the commands, etc, for it yet.  Thanks again.

I've been searching for 3 days and can't find the answer. Either the code I put in doesn't work or I'm a moron. I am pretty new to PHP, so that could be a major issue. What I have setup is a page where people can upload images. This works just fine, the script as of right now works perfect, no problems. But after reading around, I found people can just rename a .php or some other file to just a .jpg or .gif, upload it, and then execute it... I do not want this to happen! So the solution everyone is talking about is using one of two codes to verify the file is actually an image that is being uploaded. getimagesize() and exif_imagetype() are the two codes. I can't get either to work. I'm just learning PHP for the first time, so I'm very unfamiliar with it. What I need to know is... what code do I use and where do I put it in my script so it will verify the file is really an image. I don't care which one is used. The exif is supposed to be faster, but I don't really care. Below is my script. Thanks! [code] <? $num_of_uploads=1; $file_types_array=array("jpg","gif"); $max_file_size=110000; $upload_dir="images_public/"; function uploaderFILES($num_of_uploads=1, $file_types_array=array("jpg","gif"), $max_file_size=110000, $upload_dir="images_public/"){   if(!is_numeric($max_file_size)){   $max_file_size = 110000;   }   foreach($_FILES["file"]["error"] as $key => $value)   {     if($_FILES["file"]["name"][$key]!="")     {       if($value==UPLOAD_ERR_OK)       {         $origfilename = $_FILES["file"]["name"][$key];         $filename = explode(".", $_FILES["file"]["name"][$key]);         $filenameext = $filename[count($filename)-1];         unset($filename[count($filename)-1]);         $filename = implode(".", $filename);         $filename = substr($filename, 0, 15).".".$filenameext;         $file_ext_allow = FALSE; if (file_exists('images_public/' . $filename)) {   $tmpVar = 1;   while(file_exists('images_public/' . $tmpVar . '-' . $filename)) {   $tmpVar++;   }   $filename= $tmpVar . '-' . $filename;   }              for($x=0;$x<count($file_types_array);$x++){           if($filenameext==$file_types_array[$x])           {             $file_ext_allow = TRUE;           }         }         if($file_ext_allow){           if($_FILES["file"]["size"][$key]<$max_file_size){             if(move_uploaded_file($_FILES["file"]["tmp_name"][$key], $upload_dir.$filename)){               echo("<center>File uploaded successfully. Your image can be found at <a href='http://www.averageguysteve.com/".$upload_dir.$filename."' target='_blank'>http://www.averageguysteve.com/".$upload_dir.$filename."</a><br /><br /><br /><img src='".$upload_dir.$filename."' border='0' alt=''></center>");             }             else { echo('<center><font color="#FF0000">'.$origfilename."</font> was not successfully uploaded.<br /></center>");}           }           else  { echo('<center><font color="#FF0000">'.$origfilename."</font> was too big and was not uploaded. Max file size is 100k!<br /></center>"); }         }         else{ echo('<center><font color="#FF0000">'.$origfilename." </font>had an invalid file extension and was not uploaded. Valid file types are .jpg or .gif.<br /></center>");  }       }       else{ echo('<center><font color="#FF0000">'.$origfilename." </font>was not successfully uploaded.<br /></center>");  } // else     }   } } ?> <HTML> <BODY>   <FORM action='<?=$PHP_SELF;?>' method='post' enctype='multipart/form-data'>Upload file:<BR /><INPUT type='hidden' name='submitted' value='TRUE' id='<?=time();?>' >   <INPUT type='hidden' name='MAX_FILE_SIZE' value='<?=$max_file_size;?>' > <?  for($x=0;$x<$num_of_uploads;$x++){     $form .= "<input type='file' name='file[]'><br />";   }   $form .= "<input type='submit' value='Upload'><br /><br />   <font color='red'>*</font>Max file size is 100k.  Valid file types are .";   for($x=0;$x<count($file_types_array);$x++){     if($x<count($file_types_array)-1){       $form .= $file_types_array[$x]." or .";     }else{       $form .= $file_types_array[$x].".";     }   }   echo($form); ?>   </FORM> </BODY> </HTML> <? if(isset($_POST["submitted"])){   uploaderFILES($num_of_uploads, $file_types_array, $max_file_size, $upload_dir); } ?> [/code]