Electronic documents are all well and good - but when you work onthem collaboratively, they can end up being more difficult to handle thanordinary pieces of paper. Multiple versions, competing standards, accesspermissions and revision history tracking are just some of the issues thatarise in a paperless office. This article discusses building and deployinga document management system across your network - and also teachesbeginnners a little bit about designing Web-based applications with PHP andmySQL in the process.
With the database design out of the way, it's time to actually start creating the scripts. We'll begin at the top, with the scripts which verify the user's password. Here's the initial login form, "start.html".
Once the form is submitted, the data is processed by "login.php", which connects to the database to verify the username and password against the "user" table.
// check login and password
// connect and execute query
$connection = mysql_connect($hostname, $user, $pass) or die ("Unable to
$query = "SELECT id, username, password from user WHERE username =
'$frmuser' AND password = PASSWORD('$frmpass')";
$result = mysql_db_query($database, $query, $connection) or die ("Error in
query: $query. " . mysql_error());
// if row exists - login/pass is correct
if (mysql_num_rows($result) == 1)
// initiate a session
// register the user's ID
list($id, $username, $password) = mysql_fetch_row($result);
$SESSION_UID = $id;
// redirect to main page
// close connection
// login/pass check failed
// redirect to error page
Assuming the username and password is correct, the script
initiates a session, and registers a session variable named $SESSION_UID, containing the user's ID; this variable will remain available throughout the session, and will be used in many of the subsequent scripts. The script then redirects the browser to "out.php", which forms the main interface to the system, via an HTTP header.
A login failure will redirect the browser to the generic error handler, "error.php", with an error code indicating the type of error. I'll be using this error handler extensively, to handle the different types of errors possible.
It is important to note that calls to header() and session_start() must take place before *any* output is sent to the browser. Even something as minor as whitespace or a carriage return outside the PHP tags can cause these calls to barf all over your script.
Finally, the include()d file, "config.php", contains some useful variables - the database name, user name and password, together with the location of the data storage area and a list of allowed file types.
// database parameters
// alter this as per your configuration
$user = "mark347";
$pass = "h23590f2";
$hostname = "localhost";
// location of file repository
// this should ideally be outside the Web server root
// make sure the server has permissions to read/write files!
$dataDir = "/data/";
// list of allowed file types
$allowedFileTypes = array("image/gif", "text/html", "text/plain",
"image/jpeg", "image/pjpeg", "image/png");
This article copyright Melonfire 2001. All rights reserved.