Jump to content

debmc99

Member
  • Posts

    58
  • Joined

  • Last visited

Everything posted by debmc99

  1. Perfect - thanks Ben!
  2. Hello, I have a login system working (which I did from the Killersites University videos). I have a member's table set up in my database and all works well. My question is, what is an easy way to only have the admin username and password redirect to a page called download.php? Currently, when the admin logs in they are redirected to a page called members.php along with all other users in the db. So I made a new page for the admin to login. What I would like is for them to type in the username and password and go to download.php. The site is hosted on godaddy (not my choice) and I don't think I have access to privileges for the db. This is part of the code I am using, is there any way to specify the username and password? As in $_POST['username'] == 'specific name here' or is this not a good thing to do? I hope I am making sense. Any help would be appreciated. Thank you very much. if (isset($_POST['submit'])) { // if form has been submitted, process form if ($_POST['username'] == '' || $_POST['password'] == '') { // both fields need to be filled in if ($_POST['username'] == '') { $error['user'] = 'required!'; } if ($_POST['password'] == '') { $error['pass'] = 'required!'; } $error['alert'] = 'Please fill in required fields!';
  3. Yes, that makes sense. I don't think I can do that though, at my skill level. I have spent about 3 days on this already. I may have to just save the files in the db because then I can follow your CRUD tutorials and also add the Delete option like you have in your records table. But I will give your suggestion a try. Thanks Ben.
  4. Hello, Yes, I did try your code earlier to see if I could read what was in the db and it worked fine (thank you!). I can list the file names in the db, but again, I am only storing information, the actual file is in a directory on the server, which is what I need to get to, but also how do you make those files downloadable, as in show up as URLs or something that are clicked on and then the Save As dialogue box opens?
  5. Hello, I am trying to download files from a server. I need the file names to display and then, from what I have researched, I need to force downloads. However, the original file names, file types and paths are stored in mysql and the file itself, when uploaded, gets moved to its own directory and has md5 added to the name. BeeDev was kind enough to post the code below, which is helpful, but it seems to look for a specific file and I need to list all .doc, .pdf files, etc. I have been looking on Google for two days to find out how to do this. Can anyone tell me how I would list all the files in the db, but have the file paths show up as links to download? Or if you know of a tutorial, please point me in the right direction. Thank you. And thanks BeeDev. $f contains the file path and name (for example: "/home/mysite.com/secure/files/23123kjlk3231.doc"), and $af contains the display name (for example: "mysecuredoc.doc") which needs to be URL Encoded, and last parameter $ftype is the file MIME type. function sendFile($f, $af, $ftype) { // common MIME types: // use application/msword for .doc files // use application/vnd.openxmlformats-officedocument.wordprocessingml.document for .docx // use application/octet-stream for any binary file // use application/x-executable-file for executables // use application/x-zip-compressed for zip files // use application/pdf for pdf documents // Visit http://filext.com/faq/office_mime_types.php for more MS Office Mime Types if($f != '') { header("Content-Type: ".$ftype); header("Content-Length: " . filesize($f)); header("Content-Disposition: attachment; filename=\"$af\""); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); $fp = fopen($f,"r"); fpassthru($fp); fclose($fp); return true; }else{ return; } }
  6. Thank you for the help. I will give it a try. Another question I have is, regarding this line of code: $dbLink = new mysqli('$host','$user','$pass','$db'); Is it ok to hard code the connection like this? I looked at the manual on php.net and the example shows this: $mysqli = new mysqli('localhost', 'my_user', 'my_password', 'my_db'); Just wondering if this was ok or if I should be using includes. Thank you.
  7. Hello, I now have an upload form that stores the uploaded file outside the database and in its own directory on the server. The name, type, size, and path are stored in the database. I have two questions: First, I am concerned about security and want to make sure I didn't make a glaring mistake. If anyone could take a look at my code below and let me know if I left a vulnerability somewhere, I would greatly appreciate it. The upload form itself can only be accessed by members who login, not the general public. The upload page will have an SSL certificate. Upon uploading, the original file name is changed to a unique name and the directory is hidden. I am also planning on adding sessions. Can anyone tell me if I am missing something in terms of security? The easier the explanation the better as I am new to this. Second, I now need to be able to download the files. I am not sure how to go about this since the unique file name uses md5. Would you try to list files by date uploaded? Any pointing in the right direction would be a great help. Thank you. <?php /* * PROCESSFILE.PHP * Password protected area to process members' uploaded files // begin Dave B's Q&D file upload security code $allowedExtensions = array("doc","docx","pdf","jpg","jpeg","gif","png"); foreach ($_FILES as $file) { if ($file['tmp_name'] > '') { if (!in_array(end(explode(".", strtolower($file['name']))), $allowedExtensions)) { die($file['name'].' Sorry, this is an invalid file type!<br/>'. '<a href="javascript:history.go(-1);">'. '<&lt Go Back</a>'); } } } // end Dave B's Q&D file upload security code $uploadDir = "./uploaded/"; // Check if file has been uploaded if(isset($_POST['upload'])) { $fileName = $_FILES['userfile']['name']; $tmpName = $_FILES['userfile']['tmp_name']; $fileSize = $_FILES['userfile']['size']; $fileType = $_FILES['userfile']['type']; $filePath = $uploadDir . $fileName; // get the file extension first $ext = substr(strrchr($fileName, "."), 1); // make the random file name $randName = md5(rand() * time()); // and now we have the unique file name for the upload file $filePath = $uploadDir . $randName . '.' . $ext; $result = move_uploaded_file($tmpName, $filePath); if (!$result) { echo "Error uploading file"; exit; } // Connect to the database $dbLink = new mysqli('$host','$user','$pass','$db'); if(mysqli_connect_errno()) { die("MySQL connection failed: ". mysqli_connect_error()); } if(!get_magic_quotes_gpc()) { $fileName = addslashes($fileName); $filePath = addslashes($filePath); } $query = "INSERT INTO uploadpath (name, type, size, path ) ". "VALUES ('$fileName', '$fileSize', '$fileType', '$filePath')"; mysqli_query($dbLink, $query) or die('Error, query failed : ' . mysqli_error($dbLink)); // close db connection $dbLink->close(); echo "<p> The file, $fileName, has been successfully uploaded </p>"; } ?>
  8. Actually, I am setting up a website where only a few people will have access to a login area, and upon successful login, will be directed to a page where they can upload some Word docs and pdf files, etc. It is not meant to be a heavy storage thing, just something that is secure since the files will have personal information in them and easy for me to set up. It also needs to be easy for the client to access the files. That being the case, I was wondering if storing the files outside the database is still the best option? I just want to do what works best in a situation like this. And again, unfortunately, it needs to be relatively easy since I am still learning. Any advice would be appreciated. Thank you.
  9. Hello, Your solution worked perfectly! Thank you very much!
  10. Hello, I am trying to use this script below to store a .pdf or .doc file in a MySQL database. I am getting the following errors when I test it in WAMP: An error accured while the file was being uploaded. Error code: 2 Notice: Undefined variable: dbLink in C:\wamp\www\my_php\blob\myblob\processfile.php on line 47 Fatal error: Call to a member function close() on a non-object in C:\wamp\www\my_php\blob\myblob\processfile.php on line 47 I am trying to understand how all of this works, but it seems like $dbLink was defined in script already when I connect to the database. Can anyone explain what may be causing the error? Thank you very much. <?php // Check if a file has been uploaded if(isset($_FILES['uploaded_file'])) { // Make sure the file was sent without errors if($_FILES['uploaded_file']['error'] == 0) { // Connect to the database $dbLink = new mysqli('localhost', 'root', '', 'blob'); if(mysqli_connect_errno()) { die("MySQL connection failed: ". mysqli_connect_error()); } // Gather all required data $name = $dbLink->real_escape_string($_FILES['uploaded_file']['name']); $mime = $dbLink->real_escape_string($_FILES['uploaded_file']['type']); $data = $dbLink->real_escape_string(file_get_contents($_FILES ['uploaded_file']['tmp_name'])); $size = intval($_FILES['uploaded_file']['size']); // Create the SQL query $query = " INSERT INTO `testblob` ( `name`, `mime`, `size`, `data`, `created` ) VALUES ( '{$name}', '{$mime}', {$size}, '{$data}', NOW() )"; // Execute the query $result = $dbLink->query($query); // Check if it was successfull if($result) { echo 'Success! Your file was successfully added!'; } else { echo 'Error! Failed to insert the file' . "<pre>{$dbLink->error}</pre>"; } } else { echo 'An error accured while the file was being uploaded. ' . 'Error code: '. intval($_FILES['uploaded_file']['error']); } //Close the mysql connection $dbLink->close(); } else { echo 'Error! A file was not sent!'; } // Echo a link back to the main page echo '<p>Click <a href="index.html">here</a> to go back</p>'; ?>
  11. Hello, I just finished the php login tutorial which was great and I learned a lot. My question is how would you go about stopping the php pages with your database connectivity information from being crawled? Do you use a robots.txt file or use a meta tag? Thank you.
  12. Sorry, that worked. Thanks.
  13. Hello, I am doing the simple login tutorial. I am currently on video #3. When I test the login.php page I get this error: Fatal error: Call to undefined function mysql_report() in C:\wamp\www\my_php\login\login_project\includes\config.php on line 10 Here is the config.php code: <?php /* * LOGIN.PHP * Log in members */ //start session / load configs session_start(); include('includes/config.php'); include('includes/db.php'); include('views/v_login.php'); ?> I am using WAMP and Eclipse. Perhaps I don't have the path to the database configured correctly? Do I need to do something special in WAMP for that? Thank you!
  14. Thanks Ben, There was a problem with the get_shopping_cart() function. It is working at the moment. Thanks for your help!
  15. Here is the exact error message: Fatal error: Call to a member function AddItem() on a non-object in C:\wamp\www\my_php\shoppingcart\PaypalShoppingCart\html\addToCart.php on line 14 Line 14 is this: $shopping_cart->AddItem($product_id); Here is the code: <?php require_once '../functions/functions.php'; $shopping_cart = get_shopping_cart(); ?> <?php echo render_header('Pasta Shop: Catalog');?> <?php $product_id= $_REQUEST['id']; if (product_exists($product_id)) { $shopping_cart->AddItem($product_id); } ?> <?php function render_shopping_cart_row(ShoppingCart $shopping_cart , $product_id , $line_item_counter) { $quantity = $shopping_cart->GetItemQuantity($product_id); $output = " <tr> <th> $product_id </th> <th> $quantity </th> <th> $ Amount </th> </tr> "; return $output; } ?> <table class='shoppingCart'> <?php $line_item_counter = 1; foreach ($shopping_cart->GetItems() as $product_id) { echo render_shopping_cart_row($shopping_cart , $product_id , $line_item_counter); $line_item_counter ++; } ?> <tr> <td> product_id </td> <td> quantity </td> <td> $amount </td> </tr> </table> <?php set_shopping_cart($shopping_cart); ?> <?php echo render_footer();?> Thank you for your help.
  16. Hi. I hope I am in the right forum. Sorry if these are dumb questions but I am a beginner. I purchased the PHP Shopping Cart video tutorial, I have wamp and eclipse installed. Everything was going fine up until video #7 - Building the Shopping Cart Object. I am typing the code along with the video. But when it is time to test it I keep getting errors like this: Fatal error: Call to a member function EmptyCart() on a non-object Eclipse is not showing any errors. I have typed everything exactly. When I look at the source file in Firefox I see this: EmptyCart(); echo render_notification('Shopping Cart Emptied'); } set_shopping_cart($shopping_cart); ?> Any advice would be appreciated. Thank you.
  17. Hello, I accidentally replaced the index.php file in Wampserver (I am doing the killerphp tutorials). Is there any way to get another copy of that ir do I have to reinstall the whole thing again? Thank you.
  18. Thank you both very much, your comments were very helpful!
  19. I know a little WordPress. A possible client wants me to set up a site for them using Joomla. I have never used Joomla before and I certainly do not want to charge them for my learning time, nor do I want to charge the going rate for a Joomla site since I am no expert. Does anyone ever have this problem? I would love to know what you do in these situations. Thank you.
  20. I read recently that more and more people are accessing the web content on their cell phones and mobile devices and that the trend will only continue. If that is the case, would it be wise to (first learn) and then try to offer current clients mobile versions of their sites? Or do you think most people will go to an online resource to convert their sites to a mobile version. I guess I am trying to decide if developing mobile content is worth learning how to do or not. I have googled for hours trying to research this. I have also tried to find current tutorials to start to learn how to create website for mobile devices, but many are old. So my questions are: as a small web design company (just myself) is it worth learning how to create mobile websites in terms of keeping current? If it is worth learning, does anyone know of good resources to get one started? Or would you use an online service like .mobi? Any advice would be appreciated.
  21. All is working now - he just needed to refresh the page. Thanks for your help!
×
×
  • Create New...