Adding Password to single function

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
fireman_gcfd
Forum Newbie
Posts: 5
Joined: Mon Feb 14, 2005 8:15 pm

Adding Password to single function

Post by fireman_gcfd »

Hello Everybody

I have a what I hope to be a simple code question. I have an upload/download script which originated as a download and I have been customizing to my likings. As I am still rather new to PHP, I have not been able to correctly write a code line for a password for a single function (the upload portion). I would like all of our members to be able to download but only a few of us to upload.

Here is what I have. The upload script starts at Line 45. Thank You.

Jaz

Code: Select all

<html>
<head>
<title>File Management System</title>
</head>
<body>
<p align="center"><img border="0" src="../images/boardareatitle.jpg" width="590" height="225"></p>
<?
$extlimit = "no"; //Do you want to limit the extensions of files uploaded
$limitedext = array(".gif",".jpg",".png",".jpeg",".doc",".xls"); //Extensions you want files uploaded limited to.
$sizelimit = "no"; //Do you want a size limit, yes or no?
$sizebytes = "2000000"; //size limit in bytes
$dl = "http://www.Mywebsite.ca/BoardMember/BoardMinutes"; //url where files are uploaded
$absolute_path = "/usr/home/public_html/www.Mywebsite.ca/BoardMember/BoardMinutes"; //Absolute path to where files are uploaded
$websiteurl = "http://www.Mywebsite.ca/CLASBoardMember/index.htm"; //Url to you website
$websitename = "My Web Site"; //Line 15

switch($action) &#123;
default:
case "download":
echo "
<html>
<head>
<title>Board Meeting MinutesFile Download</title>
</head>
<body>
<center><a href=$websiteurl>Return to $websitename</a>";
$list = "<center><table width=700 border=2 bordercolor=#000000 style="border-collapse: collapse">";
$list .= "<tr><td width=700><center><b>Click To Open</b></center></td></tr>";
$dir = opendir($absolute_path);
while($file = readdir($dir)) &#123;
if (($file != "..") and ($file != ".")) &#123;

$list .= "<tr><td width=700><center><a href='$dl/$file'>$file</a></center></td></tr>"; //Line 33
&#125;
&#125;
$list .= "</table></center>";
echo $list;
echo"
<br><br>
Having Trouble?  Conact the <a href=mailto:webmaster@Mywebsite.ca>Webmaster</a>
</body>
</html>";
break;

case "upload": //Line 45
echo"
<html>

<head>
<title>File Upload</title>
</head>

<body>

<form method=POST action=$PHP_SELF?action=doupload enctype=multipart/form-data>
<p>File to upload:<br>
<input type=file name=file size=30>
<p><button name=submit type=submit>
Upload
</button>
</form>
<br><br>

</body>

</html>";
break;


//File Upload
case "doupload":
$dir = "dir";
if ($file != "") &#123;

if (file_exists("$absolute_path/$file_name")) &#123;
die("File already exists");
&#125;

if (($sizelimit == "yes") && ($file_size > $sizebytes)) &#123;
die("File is to big. It must be $sizebytes bytes or less.");
&#125;

$ext = strrchr($file_name,'.');
if (($extlimit == "yes") && (!in_array($ext,$limitedext))) &#123;
die("The file you are uploading doesn't have the correct extension.");
&#125;

@copy($file, "$absolute_path/$file_name") or die("The file you are trying to upload couldn't be copied to the server");

&#125; else &#123;
die("Must select file to upload");
&#125;
echo "
<html>
<head>
<title>File Uploaded</title>
</head>
<body>";
echo $file_name." was uploaded";
echo "<br>
<a href=$PHP_SELF?action=upload>Upload Another File</a>
<a href=$PHP_SELF?action=download> Download File</a>
<a href=$websiteurl> Return to $websitename</a><br><br>

</body>
</html>";
break;

&#125;
?>
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

add a password field to the upload part. check the password in the doupload part. If you want to have differing passwords for each user or something, then use a database to match the password against the current user.
fireman_gcfd
Forum Newbie
Posts: 5
Joined: Mon Feb 14, 2005 8:15 pm

Where di I go wrong?

Post by fireman_gcfd »

Can you tell me where I am going wrong. All of my additions are in BOLD. I think I'm missing something for checking the password. Or maybe I'm an idiot and the answer is staring me right in the face??!??!

Thanks

<?
$extlimit = "no"; //Do you want to limit the extensions of files uploaded
$limitedext = array(".gif",".jpg",".png",".jpeg",".doc",".xls"); //Extensions you want files uploaded limited to.
$sizelimit = "no"; //Do you want a size limit, yes or no?
$sizebytes = "2000000"; //size limit in bytes
$dl = "http://www.Mywebsite.ca/BoardMember/BoardMinutes"; //url where files are uploaded
$absolute_path = "/usr/home/public_html/www.Mywebsite.ca/BoardMember/BoardMinutes"; //Absolute path to where files are uploaded
$websiteurl = "http://www.Mywebsite.ca/CLASBoardMember/index.htm"; //Url to you website
$websitename = "My Web Site"; //Line 15
$pass = "test";

break;

case "upload": //Line 45
echo"
<html>

<head>
<title>File Upload</title>
</head>

<body>

<form method=POST action=$PHP_SELF?action=doupload enctype=multipart/form-data>
<p>File to upload:<br>
<input type=file name=file size=30>
<p>Password:<br>
<input type="password" name="password">
<p><button name=submit type=submit>
Upload
</button>
</form>
<br><br>

</body>

</html>";
break;


//File Upload
case "doupload":
$dir = "dir";
if ($_POST[$password] = $pass)
else
echo("You are not Authorized for Uploads");

if ($file != "") {

if (file_exists("$absolute_path/$file_name")) {
die("File already exists");
}

if (($sizelimit == "yes") && ($file_size > $sizebytes)) {
die("File is to big. It must be $sizebytes bytes or less.");
}

$ext = strrchr($file_name,'.');
if (($extlimit == "yes") && (!in_array($ext,$limitedext))) {
die("The file you are uploading doesn't have the correct extension.");
}

@copy($file, "$absolute_path/$file_name") or die("The file you are trying to upload couldn't be copied to the server");

} else {
die("Must select file to upload");
}
echo "
<html>
<head>
<title>File Uploaded</title>
</head>
<body>";
echo $file_name." was uploaded";
echo "<br>
<a href=$PHP_SELF?action=upload>Upload Another File</a>
<a href=$PHP_SELF?action=download> Download File</a>
<a href=$websiteurl> Return to $websitename</a><br><br>

</body>
</html>";
break;

}
?>
d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

One of the first things I noticed was,

Code: Select all

$dir = "dir";
if ($_POST&#1111;$password] = $pass)
else
echo("You are not Authorized for Uploads");
Is completely wacky..

Try this:

Code: Select all

$dir = "dir";
if($_POST&#1111;'password'] != $pass)&#123;
  die("Error. Incorrect password. You do not have permission to upload files.");
&#125;
fireman_gcfd
Forum Newbie
Posts: 5
Joined: Mon Feb 14, 2005 8:15 pm

IT WORKS GREAT!!!

Post by fireman_gcfd »

Thank you ever so much. I appreciate all the help and the amazing speed in which you answered.

If I ever run into any other problems, I know where to come.


JAZ
Post Reply