string returned by variable not working as it should

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
nickharambee
Forum Newbie
Posts: 12
Joined: Thu Mar 03, 2011 3:55 pm

Help needed adding echo to single line of script

Post by nickharambee »

Hi,

I am pretty much a new newbie when it comes to PHP, and have a problem that I need to solve, for a website that has to go live tomorrow.

Basically I have been using a javascript upload script called 'uploadify' which had an option for the upload folder which was added to the script in the form:

Code: Select all

'folder'    : '/songs/<?php echo $_SESSION["name"];?>',
I added the php echo to return the username from a PHP login, so it gets added to the path to the upload folder (each user has their own subfolder for uploading to).

With the new version of the uploadify script, the folder option has been moved to a separate PHP file where it is now in the form:

Code: Select all

$targetFolder = '/songs/';
I need to find a way of adding the username variable to this line. I have tried using echo in various ways, and googled about, but it has stumped me, simple as it may be.

If anyone could let me know how I construct this line I'd be very grateful. Time is of the essence, as they say...

Thanks,

Nick
User avatar
McInfo
DevNet Resident
Posts: 1532
Joined: Wed Apr 01, 2009 1:31 pm

Re: Help needed adding echo to single line of script

Post by McInfo »

The string on this line is output directly to the browser, which is why echo is appropriate here.

Code: Select all

'folder'    : '/songs/<?php echo $_SESSION["name"];?>',
On this line, however, the string is assigned to a variable.

Code: Select all

$targetFolder = '/songs/';
Therefore, concatenation is appropriate.

Code: Select all

$targetFolder = '/songs/' . $_SESSION["name"];
nickharambee
Forum Newbie
Posts: 12
Joined: Thu Mar 03, 2011 3:55 pm

Re: Help needed adding echo to single line of script

Post by nickharambee »

Thanks. I added that line and the uploads are getting added to the directory 'songs', and not the (username) subfolders. I added

Code: Select all

<?php echo $_SESSION["name"];?>
to the top of the main html page to make sure that

Code: Select all

$_SESSION["name"]
is returning the correct string/name, and it is.
User avatar
McInfo
DevNet Resident
Posts: 1532
Joined: Wed Apr 01, 2009 1:31 pm

Re: Help needed adding echo to single line of script

Post by McInfo »

Maybe it needs a trailing slash?

Code: Select all

$targetFolder = '/songs/' . $_SESSION["name"] . '/';
nickharambee
Forum Newbie
Posts: 12
Joined: Thu Mar 03, 2011 3:55 pm

Re: Help needed adding echo to single line of script

Post by nickharambee »

I now have the session variable available to the uploadify.php page, by adding

Code: Select all

session_name("MyLogin");
above

Code: Select all

session_start();
Now when I add

Code: Select all

echo $targetFolder;
it returns the correct path: '/songs/nick', but the uploads are still going to the parent directory 'songs'. When I manually enter

Code: Select all

$targetFolder = '/songs/nick';
all works fine. Which seems rather weird. Does anyone have any ideas as to what might be going on?

Thanks,

Nick
nickharambee
Forum Newbie
Posts: 12
Joined: Thu Mar 03, 2011 3:55 pm

string returned by variable not working as it should

Post by nickharambee »

Hi,

I am trying to make some adjustments to uploadify.php which comes with the latest version of uploadify (3.0 beta), so that it works with a session variable that stores the login username and adds it to the path for uploads. Here is uploadify.php as it currently looks:

Code: Select all

<?php
session_name("MyLogin");
session_start();

$targetFolder = '/songs/' . $_SESSION['name']; // Relative to the root

if (!empty($_FILES)) {
	$tempFile = $_FILES['Filedata']['tmp_name'];
	$targetPath = $_SERVER['DOCUMENT_ROOT'] . $targetFolder;
	$targetFile = rtrim($targetPath,'/') .'/'. $_FILES['Filedata']['name'];
	
	// Validate the file type
	$fileTypes = array('m4a','mp3','flac','ogg'); // File extensions
	$fileParts = pathinfo($_FILES['Filedata']['name']);
	
	if (in_array($fileParts['extension'],$fileTypes)) {
		move_uploaded_file($tempFile,$targetFile);
		echo '1';
	} else {
		echo 'Invalid file type.';
	}
}

echo $targetFolder;

?>
I added

Code: Select all

echo $targetFolder;
at the bottom so that I could make sure that the string returned was correct, and it is, i.e. '/songs/nick'. For some reason though, uploads are not going the correct folder, i.e. the username folder, but instead are going to the parent folder 'songs'. The folder for username exists, with correct permissions, and when I manually enter

Code: Select all

 $targetFolder = '/songs/nick';
all works fine. Which strikes me as rather strange. I have limited experience of using php, but wonder how if the correct string is returned by the session variable, the upload works differently than with the manually entered string.

Any help would be much appreciated. It's the last issue with a website that was due to go live 2 days ago!

Thanks,

Nick
User avatar
McInfo
DevNet Resident
Posts: 1532
Joined: Wed Apr 01, 2009 1:31 pm

Re: Help needed adding echo to single line of script

Post by McInfo »

Can you post the entire script?
nickharambee
Forum Newbie
Posts: 12
Joined: Thu Mar 03, 2011 3:55 pm

Re: Help needed adding echo to single line of script

Post by nickharambee »

sure:

Code: Select all

<?php
session_name("MyLogin");
session_start();

$targetFolder = '/songs/nick'; // Relative to the root

if (!empty($_FILES)) {
	$tempFile = $_FILES['Filedata']['tmp_name'];
	$targetPath = $_SERVER['DOCUMENT_ROOT'] . $targetFolder;
	$targetFile = rtrim($targetPath,'/') .'/'. $_FILES['Filedata']['name'];
		
	// Validate the file type
	$fileTypes = array('m4a','mp3','flac','ogg'); // File extensions
	$fileParts = pathinfo($_FILES['Filedata']['name']);
	
	if (in_array($fileParts['extension'],$fileTypes)) {
		move_uploaded_file($tempFile,$targetFile);
		echo '1';
	} else {
		echo 'Invalid file type.';
	}
}


?>
User avatar
McInfo
DevNet Resident
Posts: 1532
Joined: Wed Apr 01, 2009 1:31 pm

Re: Help needed adding echo to single line of script

Post by McInfo »

So that is the version that works correctly and when you replace the "nick" folder with the name stored in the session it's as if the name is an empty string? Where does $_SESSION['name'] get set?
nickharambee
Forum Newbie
Posts: 12
Joined: Thu Mar 03, 2011 3:55 pm

Re: Help needed adding echo to single line of script

Post by nickharambee »

Yes, you got it.

$_SESSION['name'] gets set in my log.php:

Code: Select all

<?
session_name("MyLogin");
session_start();

if($_GET['action'] == "login") {
$conn = mysql_connect("","",""); // your MySQL connection data
$db = mysql_select_db(""); //put your database name in here 
$name = $_POST['user'];
$q_user = mysql_query("SELECT * FROM USERS WHERE login='$name'");

if(mysql_num_rows($q_user) == 1) {

$query = mysql_query("SELECT * FROM USERS WHERE login='$name'");
$data = mysql_fetch_array($query);
if($_POST['pwd'] == $data['password']) { 
$_SESSION["name"] = $name;
header("Location: http://monthlymixup.com/index.php"); // success page. put the URL you want 
exit;
} else {
header("Location: login.php?login=failed&cause=".urlencode('Wrong Password'));
exit;
}
} else {
header("Location: login.php?login=failed&cause=".urlencode('Invalid User'));
exit;
}
}

// if the session is not registered
if(session_is_registered("name") == false) {
header("Location: login.php");
}

?>
I have now looked at my php_error.log and see the following error:

PHP Notice: Undefined index: name in /Library/WebServer/Documents/uploadify/uploadify.php on line 27
User avatar
McInfo
DevNet Resident
Posts: 1532
Joined: Wed Apr 01, 2009 1:31 pm

Re: Help needed adding echo to single line of script

Post by McInfo »

  • Assuming that the "action" key exists in the $_GET array permits an "undefined index" error. Test first with isset() or array_key_exists().
  • $_POST['user'] is not filtered or escaped, making the query vulnerable to SQL injection.
  • The query is executed twice, unnecessarily.
  • Assuming that mysql_fetch_array() returns an array may result in $data['password'] being NULL, which could have unexpected results.
  • Rather than relying on just a single assignment statement buried under multiple conditions, give $_SESSION['name'] a default value immediately after session_start() (maybe NULL). You can then test its value against the default value to see if the user has successfully logged in.
  • session_is_registered() is deprecated. Use isset() or array_key_exists() on the $_SESSION array, or (better) test $_SESSION['name'] against the default value. (Remember to use the more explicit === and not == when comparing a string to NULL.)
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: string returned by variable not working as it should

Post by social_experiment »

Two questions : 1. What is displayed if you print $targetFolder to the browser? 2. Where is the $_SESSION variable set, can you paste that code?
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
nickharambee
Forum Newbie
Posts: 12
Joined: Thu Mar 03, 2011 3:55 pm

Re: string returned by variable not working as it should

Post by nickharambee »

print $targetfolder returns the correct path, i.e. '/songs/nick'

$_SESSION variable is set in log.php:

Code: Select all

<?
session_name("MyLogin");
session_start();

if($_GET['action'] == "login") {
$conn = mysql_connect("","",""); // your MySQL connection data
$db = mysql_select_db(""); //put your database name in here 
$name = $_POST['user'];
$q_user = mysql_query("SELECT * FROM USERS WHERE login='$name'");

if(mysql_num_rows($q_user) == 1) {

$query = mysql_query("SELECT * FROM USERS WHERE login='$name'");
$data = mysql_fetch_array($query);
if($_POST['pwd'] == $data['password']) { 
$_SESSION["name"] = $name;
header("Location: http://monthlymixup.com/index.php"); // success page. put the URL you want 
exit;
} else {
header("Location: login.php?login=failed&cause=".urlencode('Wrong Password'));
exit;
}
} else {
header("Location: login.php?login=failed&cause=".urlencode('Invalid User'));
exit;
}
}

// if the session is not registered
if(session_is_registered("name") == false) {
header("Location: login.php");
}

?>
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: string returned by variable not working as it should

Post by social_experiment »

Code: Select all

<?php
 $targetFolder = '/songs/' . $_SESSION['name'] . '/'; // Relative to the root
?>
Change your target folder variable to the above.
Hth
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
nickharambee
Forum Newbie
Posts: 12
Joined: Thu Mar 03, 2011 3:55 pm

Re: string returned by variable not working as it should

Post by nickharambee »

I have already tried that. It doesn't work. Somehow, even though $targetFolder is generating the correct string, whether it be '/songs/nick/' or '/songs/nick', it isn't working with the upload script, and php_error.log shows this:

Undefined index: name in /Library/WebServer/Documents/uploadify/uploadify.php on line 27

which corresponds to the $targetfolder line
Post Reply