SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Member
    Join Date
    Jul 2007
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Need PHP guru advice- mkdr() & include'' problems

    I'm hoping some brilliant PHP programmer out there can help with this nebulous script I've pieced together. Most of it seems the work. However, I'm having trouble with the include " " function (I think), which is in the very last script. Feel free to skim the rest, as it's rather basic (not to me, but to you anyway)

    Here's part one. A login form.
    Code:
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 TRANSITIONAL//EN">
    <html>
    
    
    	<head>
    		<title></title>
    	</head>
    	<body>
    <form enctype="multipart/form-data" action="verify.php" method="POST">
    Username: <input name="username" type="text" maxlength="40" /><br />
    Password: <input name="password" type="password" maxlength="40" /><br />
    <input type="submit" value="Submit" />
    </form>
    
    	</body>
    </html>
    Which is handled by this script here
    Code:
    <?php
    //This script is called verify.php
    //getting the username and password from the html form
    $username = $_POST['username'];
    $password = $_POST['password'];
    
    //connecting to the SQL server and retreiving the username and password there
    
    mysql_connect("**********", "*********", "*********") or die(mysql_error());
    mysql_select_db("*********") or die(mysql_error());
    $data = mysql_query("SELECT * FROM USERS")
    or die(mysql_error());
    $info = mysql_fetch_array($data);
    $db_username = $info['Username'];
    $db_password = $info['Password'];
    
    //comparing the two usrnm/psswd combinations and setting a cookie if they match
    if ($username == $db_username && $password == $db_password)
    {
    setcookie("client", $password, time()+3600);
    
    //if they match go to this form
    header("Location: batch.html");
    }
    else 
    {
    //if they don't match, go back to login form 
    header("Location: login.html");
    }
    ?>
    This all works fine so far. But here is where things start to go wrong. This is another HTML form:
    Code:
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 TRANSITIONAL//EN">
    <html>
    
    	<head>
    		<title></title>
    	</head>
    	<body>
    <form enctype="multipart/form-data" action="batch.php" method="POST">
    Input Client Name: <input type="text" name="client" MAXLENGTH="10"/><br />
    Description of Files: <textarea cols="50" rows="4" name="comment"></textarea><br />
    <input type="submit" value="Submit"
    </form>
    	</body>
    </html>
    The information from this form gets handled by the following script:
    Code:
    <?php
    //this script is called batch.php
    //these lines set variables for the "client" and "comment" fields from batch.html
    $client = $_POST['client'];
    $comment = $_POST['comment'];
    
    
    //creates a date timestamp like: 8-4-07_09:23:29AM
    $timestamp = date('n-j-y_h:i:sA');
    
    //combines client field and timestamp into a new variable, $dirname
    $dirname = $client . $timestamp;
    
    //creates a new directory named after $dirname and sets chmod to 705
    $path = $_SERVER['DOCUMENT_ROOT'] . '/upload/' . $dirname;
    $umask = umask(0);
    mkdir($path,0705);
    $undo_umask = umask($umask);
    
    //creates a text file and writes the "comment" field into it
    $filepath = $_SERVER['DOCUMENT_ROOT'] . '/upload/'.$dirname.'/comments.txt';
    $filehandle = fopen($filepath, "w");
    fwrite($filehandle, $comment);
    fclose($filehandle);
    //redirects to the upload form
    header("Location: upload.html");
    ?>
    At this point, a new directory is successfully created under the "upload" directory and a text file is written to that directory. Next I try to allow the user to upload files to this newly created directory with the following:
    Code:
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 TRANSITIONAL//EN">
    <html>
    
    	<head>
    		<title></title>
    	</head>
    	<body>
    <!--This is just a single file upload form with input name "uploaded"-->
    <form enctype="multipart/form-data" action="upload.php" method="POST">
    Please choose a file: <input name="uploaded" type="file" /><br />
    <input type="submit" value="Upload" />
    </form>
    
    	</body>
    </html>
    And I try to process this file with this:
    Code:
    <?php 
    //this is upload.php
    //the first line checks for the login cookie that was set earlier
    if(isset($_COOKIE['client']))
    {
    include "batch.php";
    $target = $_SERVER['DOCUMENT_ROOT'] . '/upload/'.$dirname.'/'; 
    $target = $target . basename( $_FILES['uploaded']['name']) ; 
    $ok=1; 
    
    //This is our size condition 
    if ($uploaded_size > 350000) 
    { 
    echo "Your file is too large.<br>"; 
    $ok=0; 
    } 
    
    //This is our limit file type condition 
    if ($uploaded_type =="text/php") 
    { 
    echo "No PHP files<br>"; 
    $ok=0; 
    } 
    
    //Here we check that $ok was not set to 0 by an error 
    if ($ok==0) 
    { 
    Echo "Sorry your file was not uploaded"; 
    } 
    
    //If everything is ok we try to upload it 
    else 
    { 
    if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) 
    { 
    echo "The file ".basename( $_FILES['uploadedfile']['name']). " has been uploaded"; 
    } 
    else 
    { 
    echo "Sorry, there was a problem uploading your file."; 
    } 
    } 
    }
    else
    print "Not allowed"."<br>"."<p><a href=\"login.html\">Login first</a><p>";
    ?>
    And it works! Sort of... well, not really. The purpose of all this is to 1) login a user 2) create a new directory for the sake of neatness and 3) allow the user to upload a file to that directory. The file gets uploaded, but to an entirely new directory, one which I never intended to create. I believe I'm somehow mis-using the include" " function in the final part, because instead of uploading the selected file to the directory which was created earlier, the script creates a new directory and puts the file there. I've tried to get around this by setting a session variable that contains the appropriate directory name, but I can't get that to work either. I've heard that it's possible to use a query string to pass variables between scripts...

    Well, if anyone has read all the way to the end of this, I'd appreciate your advice.

  2. #2
    SitePoint Member
    Join Date
    Nov 2006
    Posts
    14
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Things to check

    Hi,
    when you include batch.php, I assume you rerun the following code:
    PHP Code:
    //creates a date timestamp like: 8-4-07_09:23:29AM
    $timestamp date('n-j-y_h:i:sA');

    //combines client field and timestamp into a new variable, $dirname
    $dirname $client $timestamp
    This will re-create the variable $dirname from a new $timestamp which will be created at a new time so will be different from your previous one. So I guess the 'wrong' directory will follow the same naming convention but with a different timestamp?
    As you need a way to pass the second script the name of the directory, you have two options (well more really but these two are nice and simple);
    1. Change upload.html to upload.php and pass it the directory name in the query string in your redirect thus:
    PHP Code:
    //redirects to the upload form
    header("Location: upload.php?directory=nameofdirectory"); 
    where 'nameofdirectory' is the combination of $client and $timestamp. Then in upload.php include a hidden input field and set the value to 'nameofdirectory', this will then be passed back to your second script in the POST array.
    2. Set a session variable containing the directory name in the first script, then it will be available to the second script. This involves having a line:
    PHP Code:
    session_start(); 
    in your first script, then set a variable just like a GET or POST array, so for this you might use:
    PHP Code:
    $_SESSION['user_directory']=$directory
    just after you create the directory variable, then in your second script you can call:
    PHP Code:
    $directory $_SESSION['user_directory']; 
    and $directory should now have the right directory to pass to the move_uploaded_file function.
    Just two little thoughts before I go, first always hash your passwords (look up md5 hash) and second can I recommend my favorite image upload and general file handling class:
    http://www.verot.net/php_class_upload.htm
    It is truly great, the best thing to come out of France since that nice little bottle of Merlot Village.
    Last edited by AppSol; Aug 15, 2007 at 14:12. Reason: Had to stop to go and watch Heroes, sorry.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •