what information is in the "files" field? is it the URL of the file, or lists of files?

hi d40. it would be files like: pdf,txt,doc etc. these need to be presented to logged in user as well as system messages. thanks

yes but you said you have a table with a field "files" whats stored in this field? if its just the URL you can just pull it out with a simple query

it can either store files or i can store files in a folder in the secure area and ref it via mysql. however, there must be a way to confirm that the user is logged in either by cookie or some other method. many thanks.

ok. lets try and make this easier. assume that the file oo1.jpg is in a field 'files' in idx_link_user and i need it to be retrieved by 'bob' when he logs in. how would i write that? thanks

oh i see.
from my understanding, theres only one way to secure a file, and thats to chmod it.
but then, only you or people in your groups will be able to access it(dpeending on your chmod settings) when ogged into the Unix server (not the website).

in the context of what you're refering to, the only way to "secure" a file on a website is to hide it to the best of your ability. of course, this means that you'll need to give it enough rihgts so anyone can access it, but only provide the URL to the "logged in" user.
i dont have any snippets of code to do this, but it seems like a simple problem if you still want to go on wth in.
for the sake of it, lets say you have 001.jpg and lets say you only want the user "bob" to access it.
(1) you would first need a "account" table to store bob's information, password, and his id(unique pk auto_increment), etc.
(2) in the idx_link_user table, you would have at least two fields: "file", "owner". the "file" would ahve the url to the actual file (ie. "/files/bob/oo1.jpg"). the "owner" field would contain the id of the owner, in this case bob's id.
(3)when you run your query ("select file from idx_link_user where id=$id") you would retrieve all files that wold be "owned" by the user. $id would be retrieved by the logged in user.

if you want more security,
(1)you should not make the url so obvious.
(2)you can change the directory name everytime the user logs in/out and update the table idx_link_user to reflect that.
(3)disbale directory listing.

thanks for that d40. at the moment, there is a table idx_users, which as: username, password etc. or there is idx_link_user which stores: id, username. would it make sense to add fields to either table or create a new one? i am totally new to php, is there some code somewhere that would give me what i am looking for? many thanks

did you not create the tables yourself?
it doesnt matter if you create a new table or add more fields to the existing ones. just pick the easiest path for you.
oh and i had a small typo on my last comment, the query is suppose to be "Select file from idx_user_link where owner=$id" (not "...where id=$id").
i see that you are new to php. well php is pretty easy to learn. you'll probably havea hard time finding the exact code for what you're trying to do. its best to do it yourself anyway, you'll get a lot more out of it.

for the purpose of this project, you should be able to do connect to the database, do simple queries, retrieve data. the more advance stuff will fall in.

here;s something that might get you started, of course you'l need to change some information in there to reflect your website. it can be found: [us2.php.net...]

<?php

$conn = mysql_connect("localhost", "mysql_user", "mysql_password");

if (!$conn) {
echo "Unable to connect to DB: " . mysql_error();
exit;
}

if (!mysql_select_db("mydbname")) {
echo "Unable to select mydbname: " . mysql_error();
exit;
}

$sql = "SELECT id as userid, fullname, userstatus
FROM sometable
WHERE userstatus = 1";

$result = mysql_query($sql);

if (!$result) {
echo "Could not successfully run query ($sql) from DB: " . mysql_error();
exit;
}

if (mysql_num_rows($result) == 0) {
echo "No rows found, nothing to print so am exiting";
exit;
}

// While a row of data exists, put that row in $row as an associative array
// Note: If you're expecting just one row, no need to use a loop
// Note: If you put extract($row); inside the following loop, you'll
// then create $userid, $fullname, and $userstatus
while ($row = mysql_fetch_assoc($result)) {
echo $row["userid"];
echo $row["fullname"];
echo $row["userstatus"];
}

mysql_free_result($result);

?>

thanks very much d40 will check that out. and i agree that i will get more out the more i read and learn from others. 1 other thing, i have a php file that connects to db. db_conn.php which have all the settings to connect. in your example, do i just include_once the db file? many thanks.

yea thats how i do it too and i think most people. write the db connection function to another file and include it in your page. www.php.net has a nice library of php functions and information. i always go there when i get stumped or when i forget the syntax of a function. of course, if you run into any trouble, you can always post your code here and people will try and help you out.
<?
//require_once("db_conn.php");
include_once("db_conn.php");
?>

thanks very much d40. will start to put it together but no doubt will be back for help :-) thanks once again for your patience.

d40. cannot seem to get that to work, probably because of the way the script for the site uses smarty and the code does not seem to output. as an example, i have included a sample file that shows the layout of the php complete with variable etc.

 
/*===================================================
 ShowFormUserFiles()
 ===================================================*/
 function ShowFormUserFiles() {
 // vars global configuration
 global $theme_path;
 // vars messages
 global $msg;
 // vars template
 global $error_msg, $id, $name, $type, $size, $path;
 $users_obj = new clsUsers;
 $users_obj->table_name = "idx_link2_users";
 $users_obj->template_file = $theme_path . "cp/showfiles_form.html";
 $users_obj->UserFiles("display_form", $_COOKIE['COOKIE_USERNAME']);
 }
 /*===================================================
 ProcessFormUserFiles()
 ===================================================*/
 function ProcessFormUserFiles() {
 // vars global configuration
 global $theme_path;
 // vars url & form
 global $id, $name, $type, $size, $path;
 // vars messages
 global $msg;
 // vars template
 global $error_msg;
 $name = stripslashes($name);
 $type = stripslashes($type);
 $size = stripslashes($size);
 $path = stripslashes($path);
 }
 /*===================================================
 main
 ===================================================*/
 include "../application.php";
 RunPreFilter(__FILE__);
 if (empty($pflag)) {
 ShowFormUserFiles();
 }
 elseif ($pflag == 'user') {
 ProcessFormUserFiles();
 }
 RunPostFilter(__FILE__);

all variables can be changed to include what you included earlier, just not sure how to code and still trying to make sense of the id in table. you will also not that the php passes output to html file. perhaps you could comment? many thanks

looks like you have 2 functions, but i dont see how they would help you in what you're trying to do.

-the first one ShowFormUserFiles() will show some html form, when the var $pnflag is empty.i guess this is when a user is not logged in(not sure)

-the other ProcessFormUserFiles() is just stripping variables (user inputs?) of slashes. other than that it doesnt seem to display anything.

i guess you didnt write this yourself(or did you?). also is this site managed by a CMS? what you need to find out how your site manages user logins...does it use cookies or sessions?
if its using cookies, you can do something like this.
<?
if(isset($_COOKIE['COOKIE_USERNAME'])){
//user is logged in->execute code to get files here
}
else{
//user is not logged in->display form
}
?>
if sessions, use $_SESSION['USERNAME']

thanks d40. here is the login php:

/*===================================================
 ShowFormLogin()
 ===================================================*/
 function ShowFormLogin() {
 // vars global configuration
 global $theme_path;
 // vars url & form
 global $f, $b;
 // vars template
 global $error_msg;
 if ($f == 1)
 DisplayTemplate($theme_path . "permission_error.html", "\$error_msg,\$username,\$password,\$f,\$b");
 else
 DisplayTemplate($theme_path . "login_form.html", "\$error_msg,\$username,\$password,\$f,\$b");
 }
 
 
 /*===================================================
 ProcessFormLogin()
 ===================================================*/
 function ProcessFormLogin() {
 // vars global configuration
 global $dbConn, $theme_path, $user_auth_type;
 // vars url & form
 global $username, $password, $remember_me, $f, $b, $u, $p;
 // vars messages
 global $msg;
 // vars template
 global $error_msg;
 // verify input
 if (empty($u) && empty($p)) {
 if (empty($username))
 $error_msg = $msg["10091"];
 elseif (strlen($username) < 3)
 $error_msg = $msg["10092"];
 elseif (empty($password))
 $error_msg = $msg["10093"];
 }
 else {
 $username = $u;
 $password = $p;
 }
 if (empty($error_msg)) {
 $users_obj = new clsUsers;
 $users_obj->table_name = "idx_users";
 if ($remember_me) {
 $expire = time() + (3600 * 24 * 1000); // 1000 days
 } 
 else {
 $expire = 0; // expire when browser closed
 }
 
 $auth = new auth();
 $login = $users_obj->Login($username, $auth->Convert($password), $expire);
 if ($login == '1') {
 $error_msg = $msg["10094"];
 ShowFormLogin();
 }
 else {
 if ($f == 1 &&!empty($b) && $b!= 'http://') {
 Redirect($b);
 }
 else {
 Redirect('index.php');
 }
 }
 }
 else {
 ShowFormLogin();
 }
 }
 /*===================================================
 main
 ===================================================*/
 include "application.php";
 RunPreFilter(__FILE__);
 if (empty($pflag)) {
 ShowFormLogin();
 }
 elseif ($pflag == 'login') {
 ProcessFormLogin();
 }
 RunPostFilter(__FILE__);

and this is placed in a php file called: users.class.php which resides in lib.

// method to handle user login
 // return : 0: success
 // 1: sql error
 // --------------------------------
 function Login($username, $password, $expire) {
 global $dbConn;
 // get password
 $query = "select password from $this->table_name where username = '$username' and status = 1";
 $result = $dbConn->Execute($query);
 $pwd = $result->Fields("password");
 if ($password == $pwd) {
 setcookie("COOKIE_USER_AUTHENTICATED", //string name
 "1", //string value
 $expire, //int expire
 "", //string path
 "", //string domain
 0 //int secure
 );
 $username = strtolower($username);
 setcookie("COOKIE_USERNAME", //string name
 "$username", //string value
 $expire, //int expire
 "", //string path
 "", //string domain
 0 //int secure
 );
 setcookie("COOKIE_PASSWORD", //string name
 "$pwd", //string value
 $expire, //int expire
 "", //string path
 "", //string domain
 0 //int secure
 );
 $_SESSION['session_username'] = $username;
 session_write_close();
 return 0;
 }
 else
 return 1;
 }

does thsi help? many thanks

ok looks like your website is maintaining state by using both cookies and session. so what you could do is write somethng like this

<?
if($_COOKIE['COOKIE_USER_AUTHENTICATED'] == 1
&& isset($_COOKIE['COOKIE_USERNAME')
&& isset($_COOKIE['COOKIE_PASSWORD')
&& isset($_SESSION['session_username'])){

/*
*****
-code to display user files here
-you may need to find your user's id first if you do plan to use the system i proposed earlier and store it in $id
-then you can just do "select files from idx_user_link where owner=$id"
*****
*/

}//end if valid user

thanks d40. so can this code be used in the above script 'ShowFormUserProfiles' just replacing the code to reflect what we are trying to access then pass results to html file? many thanks

ok. heres where i am at. have tried to this:

/*===================================================
 ShowMyFiles()
 ===================================================*/
 function ShowMyFiles() {
 // vars global configuration
 global $dbConn, $theme_path, $category_separator, $username, $status;
 // vars messages
 global $msg;
 // vars template
 global $error_msg, $files, $date;
 if ($err) {
 $error_msg = $msg['20191'];
 }
 
 $links_obj = new clsLink;
 // get file listing
 $query = "select * from idx_users where username = '$_COOKIE[COOKIE_USERNAME]'";
 $links_obj->query = $query;
 $links_obj->table_name = "idx_users";
 $links_obj->date_format = $msg["10151"];
 $links_obj->max_rows = 100;
 $files = $links_obj->Display();
$query = "select files, group_id from idx_users where status = 1";
 $result = $dbConn->Execute($query);
$files = $result->Fields("files");
$group_id = $result->Fields("group_id");
$date = $result->Fields("date");
 
 DisplayTemplate($theme_path . "cp/myfiles.html", "\$files,\$date\$error_msg");
 }
 
 /*===================================================
 main
 ===================================================*/
 include "../application.php";
 RunPreFilter(__FILE__);
 ShowMyFiles();
 RunPostFilter(__FILE__);

and the html file:

<%include file="cp/header.html"
 title="My Files"
 meta_keywords=""
 meta_description=""
%>
 </td>
 </tr>
 <tr>
 <td>
 <!-- main content here -->
 <br />
 <div align="left">
 
 [ <a href="<%$files%>"></a>Your files</a> ]
 [ <%$date%> ]
 
 </div>
 <%if $error_msg%>
 <center><p><font color="Red"><b><%$error_msg%></b></font></p></center>
 <%/if%>
 <%if $files%>
 <table cellpadding="4" cellspacing="1" border="0" align="center" width="100%" class="tbl_border">
 <tr class="tbl_caption">
 <td colspan="2">
 My Listings
 </td>
 </tr>
 <%$files%>
 </table>
 <%else%>
 <p>You have no files yet.</p>
 <%/if%>
 <br />
 <br />
 <!-- end of main content -->
 </td>
 </tr>
 <tr>
 <td>
<%include file="cp/footer.html"%>

in the idx_users table there is:

username
files
status

this table is called when a user logs in or joins. i cannot call by id because the id function is used elsewhere, so have to call by username. however, the script is not displaying at all. i should see 'You have no files yet' but i am not seeing anything. obviously coded wrong, but as stated i am new to php but willing to learn and try to code myself. any help gretaly received. many thanks

PS. ignore the % tags they are just there for smarty.

personally i've never used smarty...so those if statements are rather confusing. so idk if you're using the right syntax. plus if you're new to php, starting to learn with smarty might be harder. i assume the "main" is in a diffrernt .php file?
why dont u replace it with something like this

<!-- main content here -->
<br>
<div align="left">
[ <a href="<? echo $files;?>">Your files</a> ]
[ <? echo $date;?> ]
</div>

<?
if(!empty($error_msg)){
echo "<center><p><font color=\"Red\"><b>$error_msg</b></font></p></center>";
}

elseif(!empty($files)){
echo
"<table cellpadding=\"4\" cellspacing=\"1\" border=\"0\" align=\"center\" width=\"100%\" class=\"tbl_border\">
<tr class=\"tbl_caption\">
<td colspan=\"2\">
My Listings
</td>
</tr>
$files
</table> ";
}

else{
echo "<p>You have no files yet.</p>";
}
?>
<br />
<br />

<!-- end of main content -->

</td>
</tr>
<tr>
<td>

<%include file="cp/footer.html"%>

if you llok above d40, you will see that the 'main' is in html file. the problem i have having is that the php is not passing results to html file. here is updated php file:

 /*===================================================
 ShowMyFiles()
 ===================================================*/
 function ShowMyFiles() {
 // vars global configuration
 global $dbConn, $theme_path, $category_separator;
 // vars messages
 global $msg;
 // vars template
 global $error_msg, $username, $status, $owner, $files;
 if ($err) {
 $error_msg = $msg['20191'];
 }
 
 $links_obj = new clsLink;
 // get file listing
 $query = "select * from idx_users where username = '$_COOKIE[COOKIE_USERNAME]'";
 $links_obj->query = $query;
 $links_obj->table_name = "idx_users";
 $links_obj->date_format = $msg["10151"];
 $links_obj->max_rows = 100;
 $files = $links_obj->Display();
$query = "select files from idx_users where owner = '$_COOKIE[COOKIE_USERNAME]'";
 $result = $dbConn->Execute($query);
$files = $result->Fields("files");
$owner = $result->Fields("owner");
$date = $result->Fields("date");
 
 DisplayTemplate($theme_path . "cp/myfiles.html", "\$files,\$owner,\$date\$error_msg");
 }
 
 /*===================================================
 main
 ===================================================*/
 include "../application.php";
 RunPreFilter(__FILE__);
 ShowMyFiles();
 RunPostFilter(__FILE__);

i am confused as to why this is not passing results to html file? thanks

if main is in a .html file(instead of php), you cannot make statements like ShowMyFiles(); or include "../application.php";

all sorted. thanks d40 for all your help. cheers