Page 1 of 1

If the user has permission to download the file_name or the

Posted: Tue Dec 26, 2006 6:11 am
by oskare100
Hello,
I've a file downloading script that hides the real location from the person who is trying to download the file.

First I run this (don't know if it's right) to get the file_pack and the file_name of the file:

Code: Select all

$result2 = mysql_query('select `file_name` , `file_pack` from '$file_tbl' where `file_id` = "'.$_GET['serve'].'"')
    or die( mysql_error() );
Then I run this (don't know if it's right) to get the file_pack and file_name from the user permission table:

Code: Select all

$result3 = mysql_query('select `file_name` , `file_pack` from '$user_tbl' where `username` = "'$_SESSION['username']'"')
    or die( mysql_error() );
If one of the "file_name"s from the uuser permissions table matches the "file_name" from the requested file OR if one of the "file_pack"s from the user permissions table matches the "file_pack" of the current file then go ahead and continue with the script. If not, then die. I hope that you understand what I want to do with this and I really hope that you can help me..


IF YOU NEED IT, here is the database structure:

Code: Select all

The user permission table where I will store which users has permission to download which files.
CREATE TABLE `user_perm` (
  `perm_id` int(11) NOT NULL auto_increment,
  `perm_user` varchar(50) NOT NULL default '',
  `file_pack` varchar(30) NOT NULL default '',
  `file_name` varchar(100) NOT NULL default '',
  `perm_date` varchar(30) NOT NULL default '',
  `perm_timestamp` varchar(30) NOT NULL default '',
  PRIMARY KEY  (`perm_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

The file table where I will store the files:
CREATE TABLE `files` (
  `file_id` int(11) NOT NULL auto_increment,
  `file_pack` varchar(50) NOT NULL default '',
  `file_pack_cat` varchar(50) NOT NULL default '',
  `file_cat` varchar(50) NOT NULL default '',
  `file_name` varchar(100) NOT NULL default '',
  `file_desc` text NOT NULL,
  `file_fullname` varchar(100) NOT NULL default '',
  `file_downloads` varchar(11) NOT NULL default '',
  `file_date` varchar(30) NOT NULL default '',
  `file_timestamp` varchar(30) NOT NULL default '',
  PRIMARY KEY  (`file_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;
Thanks in advance,
Best Regards
Oskar R

Posted: Tue Dec 26, 2006 6:50 am
by volka
file_pack is like a permission group, like e.g. if I buy the sixth season of DS9 I'm allowed to download all the epsiodes?

Posted: Tue Dec 26, 2006 6:51 am
by dibyendrah
why are you putting file information in users table again ? Just put the file_id only and you can do that in once. If i had made a table, I would have made those tables with many to many relationship concept. What do you think ?

Posted: Tue Dec 26, 2006 7:07 am
by oskare100
Hello,
Yes, file_pack is a group and if you are allowed to download the package you are allowed to download all files within the package regardless of if you have permission to download the file_name or not as long as the file belongs to that file_pack. In other words; Files that are included in a package have both a file_name and a file_pack so the user has to have permission to download the file_pack that the file belongs to OR just the file_name.

dibyendrah, I don't really understand.. What happends then if I for example add a file to a file_pack or something like that? The file ID would change but the user should still be able to download it if it has permission to download the file_pack.

Best Regards

Posted: Tue Dec 26, 2006 10:54 am
by oskare100
Hello again,
I still need help with how to do it? Or isn't it possible to do? :?:

/Oskar
[url=http://forums.devnetwork.net/viewtopic.php?t=30037]Forum Rules[/url] Section 1.1 wrote:4. All users of any level are restricted to bumping (as defined here) any given thread within twenty-four (24) hours of its last post. Non-trivial posts are not considered bumping. A bump post found in violation will be deleted, and you may or may not receive a warning. Persons bumping excessively be considered as spammers and dealt with accordingly.

Posted: Tue Dec 26, 2006 11:50 am
by RobertGonzalez
Please do not bump your threads. It is against our forum rules.

I think the suggestion was maintain a table of users, a table of packages, a table of files and a table of users/files/packages. This keeps user data out of the packages, package data out of the users and allows for extensible data. You get the information you want from JOIN queries.

Posted: Wed Dec 27, 2006 3:49 am
by dibyendrah
Okay, I understood what you mean now.

I guess design should be changed a bit to be able to do according to your description.

I think there must be following tables :
1. file_pack
2. files
3. users
4. permissions

Description : file_pack contains multiple files but is one file related to multiple packages ? If yes, file and pack will have many to many relationship.
Then permission to that file or user can be given using permissions. Are permission given to users or files ?
If database normalization is done, there will be many tables to handle your operation. I think, paperwork is needed to solve your problem. I'll come back with an idea again in this thread.

Posted: Wed Dec 27, 2006 4:05 am
by timvw
(untested)

Code: Select all

SELECT COUNT(*) AS count 
FROM user_perm 
WHERE user_perm='$user' AND 
 (
        (file_name='$file') 
         OR 
        (file_name IN (SELECT file_name FROM files INNER JOIN perm_user ON files.file_pack=user_perm.file_pack WHERE user_perm='$user'))
)