Jump to content

Changeable array list, via a file?


3raser

Recommended Posts

I'm working on a file uploading project, and I want to let admins restrict the files uploaded to certain files only. Should this be saved in the database, or should I make a file that saves an array?

 

If I do it via the file method, how would I update an array, say allowed.php?

 

Example:

 

How could I change

 

<?php
$allowed = array('zip', 'png');
?>

 

To

 

<?php
$allowed = array('gif', 'png');
?>

Link to comment
Share on other sites

Thanks, I'll give it a try soon.

 

But a little off-topic here, why does this say this is a loop? It checks once then creates a session, refreshes their page, and it should check within the function that they are an admin.

 

My error, for google chrome:

 

This webpage has a redirect loop
The webpage at http://localhost/admin.php has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.

 

admin.php:

 

<?php

include_once('includes/config.php');
include_once('functions.php');

if(!$_SESSION['admin'])
{
$content = AccountRelated($_COOKIE['user'], null, 6);
}
else
{
$content = "Welcome to the Administrator Control Panel.";
}


?>

<html>
<head>
<link rel="stylesheet" type="text/css" href="style/style.css" />
<title><?php echo $title; ?></title>
</head>
<body>

<div class="logo"><a href="index.php"><img src="style/images/logo.png" border="0"></a></div>

<center>

<div class="background">

<div class="container">
<?php echo $content; ?>
</div>

</div>
</center>

</body>
</html>

 

function (last bit of code)

 

<?php

function AccountRelated($username, $password, $query_type)
{

if($query_type == 1)
{
	$set_query = mysql_query("SELECT COUNT(d.username), u.date, u.username FROM uploads d, users u WHERE d.username = '$username' AND u.username = '$username' LIMIT 1") or die(mysql_error());

	//user must not exist
	if(mysql_num_rows($set_query) == 0)
	{

		$content_return = 'Sorry, no information was found';

	}
	else
	{
		$grab = mysql_fetch_assoc($set_query);

		//login information
		if($grab['COUNT(d.username)'] > 0)
		{
			$welcome_return = "You have uploaded ". $grab['COUNT(d.username)'] ." files. You've registered on ". $grab['u.date'] ."!";
		}
		else
		{	
			$welcome_return = "You have uploaded 0 files. You've registered on ".$grab['date'] . "!";
		}
	}
}
elseif($query_type == 2)
{
	$set_query = mysql_query("SELECT title,views,downloads,description,username,date FROM uploads LIMIT 20");

	if(mysql_num_rows($set_query) == 0)
	{

		$content_return = "Sorry, there are currently no files uploaded to view.";

	}
	else
	{
		//display all files
		while($row = mysql_fetch_assoc($set_query) == 0)
		{
			echo $row['title']."<br/>";
		}

	}	
}
elseif($query_type == 3)
{
	$username = mysql_real_escape_string($_POST['username']);
	$password = sha1(sha1(md5($_POST['password'])));

	if(!$username || !$password)
	{
		$return_content = "All fields are required! <table><form action='register.php' method='POST'>
		<tr><td>Username</td><td><input type='text' name='username' maxlength='20'></td></tr>
		<tr><td>Password</td><td><input type='text' name='password' maxlength='30'</td></tr>
		<tr><td><input type='submit' value='Register'></td></tr>
		</form></table>";
	}
	else
	{
		$set_query = mysql_query("SELECT username FROM users WHERE username = '$username' LIMIT 1");

		if(mysql_num_rows($set_query) == 0)
		{
			$return_content = "You have successfully registered the account ". $username ." with the
			password ". $_POST['password'] ."! <a href='login.php'>Login now</a>!";

			mysql_query("INSERT INTO users VALUES (null, '$username', '$password', 0, 0, '". date("M-d-Y") ."', '". $_SERVER['REMOTE_ADDR'] ."')") or die(mysql_error());
		}
		else
		{
			$return_content = "An account with this username already exists.";
		}
	}
return $return_content;

}
elseif($query_type == 4)
{

	$username = mysql_real_escape_string($_POST['username']);
	$password = sha1(sha1(md5($_POST['password'])));

	if(!$username || !$password)
	{
		$return_content = "<table><form action='login.php' method='POST'>
		<tr><td>Username</td><td><input type='text' name='username' maxlength='20'></td></tr>
		<tr><td>Password</td><td><input type='text' name='password' maxlength='30'</td></tr>
		<tr><td><input type='submit' value='Login'></td></tr>
		</form></table>";
	}
	else
	{
		$set_query = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password' LIMIT 1");

		if(mysql_num_rows($set_query) == 0)
		{
			$return_content = "Hmm, it seems you've submitted the wrong username and/or password! 
			<a href='login.php'>Try Again</a>";
		}
		else
		{
			$return_content = "You have successfully logged in! <a href='index.php'>Home</a>";
			setcookie('user', $username, time()+31556926);
		}
	}

return $return_content;
}
elseif($query_type == 5)
{

	//lets verify if they are banned or not
	$set_query = mysql_query("SELECT banned FROM users WHERE username = '$username' AND banned = 1 LIMIT 1");

	if(mysql_num_rows($set_query) > 0)
	{
		$return_content = "Sorry, you account has been banned. Until you are unbanned, your 
		account no longer has the option to upload files.";
	}
	else
	{
		//uploading files
		if(!$_FILES['file'] || !$_POST['title'] || !$_POST['description'])
		{
			$return_content = "<table><form action='upload.php' method='POST' enctype='multipart/form-data'>
			<tr><td>Title</td><td><input type='text' name='title' maxlength='25'></td></tr>
			<tr><td>Password (Optional)</td><td><input type='password' maxlength='15'></td></tr>
			<tr><td>Description</td><td><textarea name='description' rows='15' cols='35' maxlength='250'></textarea></td></tr>
			<tr><td>Choose File</td><td><input type='file' name='file'></td></tr>
			<tr><td><input type='submit' value='Upload'></td></tr>
			</form></table>";
		}
		else
		{
			if($_FILES['file']['error'] > 0)
			{
				$content_return = "OOPS! Something went wrong! Make sure you have selected a file to
				upload, or try again later.";
			}
			elseif(strlen($_FILES['file']['name']) > 25)
			{
				$content_return = "The file name cannot be larger than 25 characters! Please go back
				and manually change the file name, and try uploading again.";
			}
			else
			{

				//lets get the required information to submit to the database
				$title = mysql_real_escape_string($_POST['title']);
				$password = mysql_real_escape_string($_POST['password']);
				$description = mysql_real_escape_string($_POST['description']);
				$date = date("M-d-Y");
				$ip = $_SERVER['REMOTE_ADDR'];

				//lets get the file extension
				$extension = end(explode('.', $_FILES['file']['name']));

				//insert the data into the database
				mysql_query("INSERT INTO uploads VALUES (null, '". $_COOKIE['user'] ."', '$password', '$title', '$description', '$extension', 0, 0, 0, '$date', '$ip')");


				//file uploaded successfully, lets move it to the files directory
				move_uploaded_file($_FILES['file']['tmp_name'],
				"files/". mysql_insert_id() .".". $extension);

				$return_content = "File uploaded successfully! <a href='myfiles.php'>My Files</a>";
			}
		}
	}

return $return_content;
}
elseif($query_type == 6)
{

	//lets verify they are an admin
	$set_query = mysql_query("SELECT status FROM users WHERE username = '$username' AND status = 2 LIMIT 1");

	if(mysql_num_rows($set_query) > 0)
	{
		$_SESSION['is_admin'] = $username;
		header("location:admin.php");
	}
	else
	{
		$content = "You are not an admin! This page is available to admins only.";
	}

return $content;
}
else
{
	//nothing to process
}
}
?>

Link to comment
Share on other sites

Yes, that is off topic.

 

Using phone browser, so I didn't read all of the code, but if you redirect to a page, then redirect back to the original page, it has the potential to be aninfinite redirect loop. That may be what you're seeing.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.