3raser Posted April 5, 2011 Share Posted April 5, 2011 I'm working on a file uploading project, and I want to let admins restrict the files uploaded to certain files only. Should this be saved in the database, or should I make a file that saves an array? If I do it via the file method, how would I update an array, say allowed.php? Example: How could I change <?php $allowed = array('zip', 'png'); ?> To <?php $allowed = array('gif', 'png'); ?> Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted April 5, 2011 Share Posted April 5, 2011 Either way will work. If you use a database, just query for the values and build your array in the while() loop. If you use a file, enter each value followed by a linefeed, and use file() to read them into an array. Quote Link to comment Share on other sites More sharing options...
3raser Posted April 5, 2011 Author Share Posted April 5, 2011 Thanks, I'll give it a try soon. But a little off-topic here, why does this say this is a loop? It checks once then creates a session, refreshes their page, and it should check within the function that they are an admin. My error, for google chrome: This webpage has a redirect loop The webpage at http://localhost/admin.php has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer. admin.php: <?php include_once('includes/config.php'); include_once('functions.php'); if(!$_SESSION['admin']) { $content = AccountRelated($_COOKIE['user'], null, 6); } else { $content = "Welcome to the Administrator Control Panel."; } ?> <html> <head> <link rel="stylesheet" type="text/css" href="style/style.css" /> <title><?php echo $title; ?></title> </head> <body> <div class="logo"><a href="index.php"><img src="style/images/logo.png" border="0"></a></div> <center> <div class="background"> <div class="container"> <?php echo $content; ?> </div> </div> </center> </body> </html> function (last bit of code) <?php function AccountRelated($username, $password, $query_type) { if($query_type == 1) { $set_query = mysql_query("SELECT COUNT(d.username), u.date, u.username FROM uploads d, users u WHERE d.username = '$username' AND u.username = '$username' LIMIT 1") or die(mysql_error()); //user must not exist if(mysql_num_rows($set_query) == 0) { $content_return = 'Sorry, no information was found'; } else { $grab = mysql_fetch_assoc($set_query); //login information if($grab['COUNT(d.username)'] > 0) { $welcome_return = "You have uploaded ". $grab['COUNT(d.username)'] ." files. You've registered on ". $grab['u.date'] ."!"; } else { $welcome_return = "You have uploaded 0 files. You've registered on ".$grab['date'] . "!"; } } } elseif($query_type == 2) { $set_query = mysql_query("SELECT title,views,downloads,description,username,date FROM uploads LIMIT 20"); if(mysql_num_rows($set_query) == 0) { $content_return = "Sorry, there are currently no files uploaded to view."; } else { //display all files while($row = mysql_fetch_assoc($set_query) == 0) { echo $row['title']."<br/>"; } } } elseif($query_type == 3) { $username = mysql_real_escape_string($_POST['username']); $password = sha1(sha1(md5($_POST['password']))); if(!$username || !$password) { $return_content = "All fields are required! <table><form action='register.php' method='POST'> <tr><td>Username</td><td><input type='text' name='username' maxlength='20'></td></tr> <tr><td>Password</td><td><input type='text' name='password' maxlength='30'</td></tr> <tr><td><input type='submit' value='Register'></td></tr> </form></table>"; } else { $set_query = mysql_query("SELECT username FROM users WHERE username = '$username' LIMIT 1"); if(mysql_num_rows($set_query) == 0) { $return_content = "You have successfully registered the account ". $username ." with the password ". $_POST['password'] ."! <a href='login.php'>Login now</a>!"; mysql_query("INSERT INTO users VALUES (null, '$username', '$password', 0, 0, '". date("M-d-Y") ."', '". $_SERVER['REMOTE_ADDR'] ."')") or die(mysql_error()); } else { $return_content = "An account with this username already exists."; } } return $return_content; } elseif($query_type == 4) { $username = mysql_real_escape_string($_POST['username']); $password = sha1(sha1(md5($_POST['password']))); if(!$username || !$password) { $return_content = "<table><form action='login.php' method='POST'> <tr><td>Username</td><td><input type='text' name='username' maxlength='20'></td></tr> <tr><td>Password</td><td><input type='text' name='password' maxlength='30'</td></tr> <tr><td><input type='submit' value='Login'></td></tr> </form></table>"; } else { $set_query = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password' LIMIT 1"); if(mysql_num_rows($set_query) == 0) { $return_content = "Hmm, it seems you've submitted the wrong username and/or password! <a href='login.php'>Try Again</a>"; } else { $return_content = "You have successfully logged in! <a href='index.php'>Home</a>"; setcookie('user', $username, time()+31556926); } } return $return_content; } elseif($query_type == 5) { //lets verify if they are banned or not $set_query = mysql_query("SELECT banned FROM users WHERE username = '$username' AND banned = 1 LIMIT 1"); if(mysql_num_rows($set_query) > 0) { $return_content = "Sorry, you account has been banned. Until you are unbanned, your account no longer has the option to upload files."; } else { //uploading files if(!$_FILES['file'] || !$_POST['title'] || !$_POST['description']) { $return_content = "<table><form action='upload.php' method='POST' enctype='multipart/form-data'> <tr><td>Title</td><td><input type='text' name='title' maxlength='25'></td></tr> <tr><td>Password (Optional)</td><td><input type='password' maxlength='15'></td></tr> <tr><td>Description</td><td><textarea name='description' rows='15' cols='35' maxlength='250'></textarea></td></tr> <tr><td>Choose File</td><td><input type='file' name='file'></td></tr> <tr><td><input type='submit' value='Upload'></td></tr> </form></table>"; } else { if($_FILES['file']['error'] > 0) { $content_return = "OOPS! Something went wrong! Make sure you have selected a file to upload, or try again later."; } elseif(strlen($_FILES['file']['name']) > 25) { $content_return = "The file name cannot be larger than 25 characters! Please go back and manually change the file name, and try uploading again."; } else { //lets get the required information to submit to the database $title = mysql_real_escape_string($_POST['title']); $password = mysql_real_escape_string($_POST['password']); $description = mysql_real_escape_string($_POST['description']); $date = date("M-d-Y"); $ip = $_SERVER['REMOTE_ADDR']; //lets get the file extension $extension = end(explode('.', $_FILES['file']['name'])); //insert the data into the database mysql_query("INSERT INTO uploads VALUES (null, '". $_COOKIE['user'] ."', '$password', '$title', '$description', '$extension', 0, 0, 0, '$date', '$ip')"); //file uploaded successfully, lets move it to the files directory move_uploaded_file($_FILES['file']['tmp_name'], "files/". mysql_insert_id() .".". $extension); $return_content = "File uploaded successfully! <a href='myfiles.php'>My Files</a>"; } } } return $return_content; } elseif($query_type == 6) { //lets verify they are an admin $set_query = mysql_query("SELECT status FROM users WHERE username = '$username' AND status = 2 LIMIT 1"); if(mysql_num_rows($set_query) > 0) { $_SESSION['is_admin'] = $username; header("location:admin.php"); } else { $content = "You are not an admin! This page is available to admins only."; } return $content; } else { //nothing to process } } ?> Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted April 5, 2011 Share Posted April 5, 2011 Yes, that is off topic. Using phone browser, so I didn't read all of the code, but if you redirect to a page, then redirect back to the original page, it has the potential to be aninfinite redirect loop. That may be what you're seeing. Quote Link to comment Share on other sites More sharing options...
3raser Posted April 5, 2011 Author Share Posted April 5, 2011 Hm, it seems it's not because of the redirection. I removed the header function, and made a success message. It showed up, but it seems the reason is because of the $_SESSION. How come the session isn't creating? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.