Page 1 of 1
Help needed adding echo to single line of script
Posted: Thu Mar 31, 2011 4:25 pm
by nickharambee
Hi,
I am pretty much a new newbie when it comes to PHP, and have a problem that I need to solve, for a website that has to go live tomorrow.
Basically I have been using a javascript upload script called 'uploadify' which had an option for the upload folder which was added to the script in the form:
Code: Select all
'folder' : '/songs/<?php echo $_SESSION["name"];?>',
I added the php echo to return the username from a PHP login, so it gets added to the path to the upload folder (each user has their own subfolder for uploading to).
With the new version of the uploadify script, the folder option has been moved to a separate PHP file where it is now in the form:
I need to find a way of adding the username variable to this line. I have tried using echo in various ways, and googled about, but it has stumped me, simple as it may be.
If anyone could let me know how I construct this line I'd be very grateful. Time is of the essence, as they say...
Thanks,
Nick
Re: Help needed adding echo to single line of script
Posted: Thu Mar 31, 2011 4:46 pm
by McInfo
The string on this line is output directly to the browser, which is why echo is appropriate here.
Code: Select all
'folder' : '/songs/<?php echo $_SESSION["name"];?>',
On this line, however, the string is assigned to a variable.
Therefore, concatenation is appropriate.
Code: Select all
$targetFolder = '/songs/' . $_SESSION["name"];
Re: Help needed adding echo to single line of script
Posted: Thu Mar 31, 2011 4:58 pm
by nickharambee
Thanks. I added that line and the uploads are getting added to the directory 'songs', and not the (username) subfolders. I added
to the top of the main html page to make sure that
is returning the correct string/name, and it is.
Re: Help needed adding echo to single line of script
Posted: Thu Mar 31, 2011 5:25 pm
by McInfo
Maybe it needs a trailing slash?
Code: Select all
$targetFolder = '/songs/' . $_SESSION["name"] . '/';
Re: Help needed adding echo to single line of script
Posted: Sat Apr 02, 2011 5:57 am
by nickharambee
I now have the session variable available to the uploadify.php page, by adding
above
Now when I add
it returns the correct path: '/songs/nick', but the uploads are still going to the parent directory 'songs'. When I manually enter
all works fine. Which seems rather weird. Does anyone have any ideas as to what might be going on?
Thanks,
Nick
string returned by variable not working as it should
Posted: Sat Apr 02, 2011 11:12 am
by nickharambee
Hi,
I am trying to make some adjustments to uploadify.php which comes with the latest version of uploadify (3.0 beta), so that it works with a session variable that stores the login username and adds it to the path for uploads. Here is uploadify.php as it currently looks:
Code: Select all
<?php
session_name("MyLogin");
session_start();
$targetFolder = '/songs/' . $_SESSION['name']; // Relative to the root
if (!empty($_FILES)) {
$tempFile = $_FILES['Filedata']['tmp_name'];
$targetPath = $_SERVER['DOCUMENT_ROOT'] . $targetFolder;
$targetFile = rtrim($targetPath,'/') .'/'. $_FILES['Filedata']['name'];
// Validate the file type
$fileTypes = array('m4a','mp3','flac','ogg'); // File extensions
$fileParts = pathinfo($_FILES['Filedata']['name']);
if (in_array($fileParts['extension'],$fileTypes)) {
move_uploaded_file($tempFile,$targetFile);
echo '1';
} else {
echo 'Invalid file type.';
}
}
echo $targetFolder;
?>
I added
at the bottom so that I could make sure that the string returned was correct, and it is, i.e. '/songs/nick'. For some reason though, uploads are not going the correct folder, i.e. the username folder, but instead are going to the parent folder 'songs'. The folder for username exists, with correct permissions, and when I manually enter
all works fine. Which strikes me as rather strange. I have limited experience of using php, but wonder how if the correct string is returned by the session variable, the upload works differently than with the manually entered string.
Any help would be much appreciated. It's the last issue with a website that was due to go live 2 days ago!
Thanks,
Nick
Re: Help needed adding echo to single line of script
Posted: Sat Apr 02, 2011 12:02 pm
by McInfo
Can you post the entire script?
Re: Help needed adding echo to single line of script
Posted: Sat Apr 02, 2011 12:09 pm
by nickharambee
sure:
Code: Select all
<?php
session_name("MyLogin");
session_start();
$targetFolder = '/songs/nick'; // Relative to the root
if (!empty($_FILES)) {
$tempFile = $_FILES['Filedata']['tmp_name'];
$targetPath = $_SERVER['DOCUMENT_ROOT'] . $targetFolder;
$targetFile = rtrim($targetPath,'/') .'/'. $_FILES['Filedata']['name'];
// Validate the file type
$fileTypes = array('m4a','mp3','flac','ogg'); // File extensions
$fileParts = pathinfo($_FILES['Filedata']['name']);
if (in_array($fileParts['extension'],$fileTypes)) {
move_uploaded_file($tempFile,$targetFile);
echo '1';
} else {
echo 'Invalid file type.';
}
}
?>
Re: Help needed adding echo to single line of script
Posted: Sat Apr 02, 2011 12:57 pm
by McInfo
So that is the version that works correctly and when you replace the "nick" folder with the name stored in the session it's as if the name is an empty string? Where does $_SESSION['name'] get set?
Re: Help needed adding echo to single line of script
Posted: Sat Apr 02, 2011 1:10 pm
by nickharambee
Yes, you got it.
$_SESSION['name'] gets set in my log.php:
Code: Select all
<?
session_name("MyLogin");
session_start();
if($_GET['action'] == "login") {
$conn = mysql_connect("","",""); // your MySQL connection data
$db = mysql_select_db(""); //put your database name in here
$name = $_POST['user'];
$q_user = mysql_query("SELECT * FROM USERS WHERE login='$name'");
if(mysql_num_rows($q_user) == 1) {
$query = mysql_query("SELECT * FROM USERS WHERE login='$name'");
$data = mysql_fetch_array($query);
if($_POST['pwd'] == $data['password']) {
$_SESSION["name"] = $name;
header("Location: http://monthlymixup.com/index.php"); // success page. put the URL you want
exit;
} else {
header("Location: login.php?login=failed&cause=".urlencode('Wrong Password'));
exit;
}
} else {
header("Location: login.php?login=failed&cause=".urlencode('Invalid User'));
exit;
}
}
// if the session is not registered
if(session_is_registered("name") == false) {
header("Location: login.php");
}
?>
I have now looked at my php_error.log and see the following error:
PHP Notice: Undefined index: name in /Library/WebServer/Documents/uploadify/uploadify.php on line 27
Re: Help needed adding echo to single line of script
Posted: Sat Apr 02, 2011 1:58 pm
by McInfo
- Assuming that the "action" key exists in the $_GET array permits an "undefined index" error. Test first with isset() or array_key_exists().
- $_POST['user'] is not filtered or escaped, making the query vulnerable to SQL injection.
- The query is executed twice, unnecessarily.
- Assuming that mysql_fetch_array() returns an array may result in $data['password'] being NULL, which could have unexpected results.
- Rather than relying on just a single assignment statement buried under multiple conditions, give $_SESSION['name'] a default value immediately after session_start() (maybe NULL). You can then test its value against the default value to see if the user has successfully logged in.
- session_is_registered() is deprecated. Use isset() or array_key_exists() on the $_SESSION array, or (better) test $_SESSION['name'] against the default value. (Remember to use the more explicit === and not == when comparing a string to NULL.)
Re: string returned by variable not working as it should
Posted: Sat Apr 02, 2011 3:37 pm
by social_experiment
Two questions : 1. What is displayed if you print $targetFolder to the browser? 2. Where is the $_SESSION variable set, can you paste that code?
Re: string returned by variable not working as it should
Posted: Sat Apr 02, 2011 3:42 pm
by nickharambee
print $targetfolder returns the correct path, i.e. '/songs/nick'
$_SESSION variable is set in log.php:
Code: Select all
<?
session_name("MyLogin");
session_start();
if($_GET['action'] == "login") {
$conn = mysql_connect("","",""); // your MySQL connection data
$db = mysql_select_db(""); //put your database name in here
$name = $_POST['user'];
$q_user = mysql_query("SELECT * FROM USERS WHERE login='$name'");
if(mysql_num_rows($q_user) == 1) {
$query = mysql_query("SELECT * FROM USERS WHERE login='$name'");
$data = mysql_fetch_array($query);
if($_POST['pwd'] == $data['password']) {
$_SESSION["name"] = $name;
header("Location: http://monthlymixup.com/index.php"); // success page. put the URL you want
exit;
} else {
header("Location: login.php?login=failed&cause=".urlencode('Wrong Password'));
exit;
}
} else {
header("Location: login.php?login=failed&cause=".urlencode('Invalid User'));
exit;
}
}
// if the session is not registered
if(session_is_registered("name") == false) {
header("Location: login.php");
}
?>
Re: string returned by variable not working as it should
Posted: Sat Apr 02, 2011 4:00 pm
by social_experiment
Code: Select all
<?php
$targetFolder = '/songs/' . $_SESSION['name'] . '/'; // Relative to the root
?>
Change your target folder variable to the above.
Hth
Re: string returned by variable not working as it should
Posted: Sat Apr 02, 2011 4:09 pm
by nickharambee
I have already tried that. It doesn't work. Somehow, even though $targetFolder is generating the correct string, whether it be '/songs/nick/' or '/songs/nick', it isn't working with the upload script, and php_error.log shows this:
Undefined index: name in /Library/WebServer/Documents/uploadify/uploadify.php on line 27
which corresponds to the $targetfolder line