Administration
AJAX
Apache
BrainDump
DHTML
Flash
Java
JavaScript
Multimedia
MySQL
Oracle
Perl
PHP
Practices
Python
Reviews
Security
Style-Sheets
Web Services
XML
Zend
Zope

Forums Sitemap
IBM® developerWorks
Sun Developer Network

E-Commerce Hosting
Linux Web Hosting
Managed Hosting
Small Business Hosting
Moblin
JMSL Numerical Library
VPS Hosting

Weekly Newsletter
Developer Updates
Free Website Content

Articles

Forums

All Feeds

Write For Us Get Paid

Request Media Kit

Site Map

Privacy Policy
Support

USERNAME

PASSWORD

>>> SIGN UP!

Lost Password?

PHP

RSS

Cracking The Vault (part 1)

By: Vikram Vaswani, (c) Melonfire	Search For More Articles! Disclaimer Author Terms
Rating: / 2
2001-05-14

Table of Contents:

Cracking The Vault (part 1)

Just Another Day At The Office

An Evil Plan Is Born

Setting The Ground Rules

	ADD THIS ARTICLE TO:
	Del.ici.ous	Digg
	Blink	Simpy
	Google	Spurl
	Y! MyWeb	Furl

Email Me Similar Content When Posted

Add Developer Shed Article Feed To Your Site

Email Article To Friend

Print Version Of Article

PDF Version Of Article

Cracking The Vault (part 1) - Red And Green Clouds

(Page 9 of 12 )

Let's now take a look at "out.php", the PHP code used to generate the file list.


<table border="0" cellspacing="0" cellpadding="0">
<?
// get a list of documents the user has "view" permission for
$connection = mysql_connect($hostname, $user, $pass) or die ("Unable to
connect!");
$query = "SELECT data.id, user.username, data.realname, data.created,
data.description, data.comment, data.status FROM data, user, perms WHERE
data.id = perms.fid AND user.id = data.owner AND perms.uid = '$SESSION_UID'
AND perms.rights = '1'";
$result = mysql_db_query($database, $query, $connection) or die ("Error in
query: $query. " . mysql_error());
// how many records returned?
$count = mysql_num_rows($result);
?>
<tr>
<td><? echo $count; ?> document(s) found<p></td>
</tr>
<?
// iterate through resultset
while(list($id, $owner, $realname, $created, $description, $comment,
$status) = mysql_fetch_row($result))
{
// correction for empty description
if ($description == "") { $description = "No description available"; }
// set filename for filesize() call below
$filename = $dataDir . $id . ".dat";
// begin displaying file list with basic information
?>
<tr>
<td><b><? echo "<a href=\"details.php?id=$id\">$realname</a>"; ?></b></td>
</tr>
<tr>
<td><font size="-1"><? echo $description; ?></font></td>
</tr>
<tr>
<td><font size="-1">Document created on <? echo fixDate($created); ?> by
<b><? echo $owner; ?></b> | <? echo filesize($filename); ?>
bytes</font></td>
</tr>
<?
// code to display status message and icon for each file - snipped
?>
<tr>
<td>
 
</td>
</tr>
<?
}
// clean up
mysql_free_result ($result);
mysql_close($connection);
?>
</table>

Pay attention to the query - I'm joining the "user", "data" and "perms" tables together to obtain detailed information (description, creation date, owner) for those files which contain the logged-in user's ID and a permission value of 1 (view). Once I have a dataset, I use a "while" loop to iterate through it and display the file list.

Next, the $filename variable. As I've already mentioned, once a document is entered into the repository, I don't plan to retain the original file name, but rather hope to rename it in the form "fileID.dat". So I've generated a filename on the basis of each file ID, and am using the filesize() function to display the size of the file as part of the description.

The fixDate() function is used to turn the mySQL timestamp into something a little more readable.


// function to format mySQL DATETIME values
function fixDate($val)
{
//split it up into components
$arr = explode(" ", $val);
$timearr = explode(":", $arr[1]);
$datearr = explode("-", $arr[0]);
// create a timestamp with mktime(), format it with date()
return date("d M Y (H:i)", mktime($timearr[0], $timearr[1], $timearr[2],
$datearr[1], $datearr[2], $datearr[0]));
}

Finally, before we leave this script, let's explore the section used to display a message indicating whether or not the file is available for check-out.


<?
// check the status of each file
// 0 -> file is not checked out
// display appropriate message and icon
if ($status == 0)
{
?>
<tr>
<td><img src="images/a.jpg" width=40 height=33 alt="" border=0
align="absmiddle"><font size="-1" color="#43c343"><b>This document is
available to be checked out</b></font></td>
</tr>
<?
}
else
{
// not 0 -> implies file is checked out to another user
// run a query to find out user's name
$query2 = "SELECT username FROM user WHERE id = '$status'";
$result2 = mysql_db_query($database, $query2, $connection) or die ("Error
in query: $query2 . " . mysql_error());
list($username) = mysql_fetch_row($result2);
// and display message and icon
?>
<tr>
<td>
<img src="images/na.jpg" width=40 height=33 alt="" border=0
align="absmiddle"><font size="-1" color="#e9202a">This document is
currently checked out to <b><? echo $username; ?></b></font>
</td>
</tr>
<?
}
?>

Depending on the value of the "status" column, an icon and message is displayed for each file; green indicates that the file is available, while red indicates that it is not.

And here's what it all looks like.

Next: Digging Deeper >>

More PHP Articles
More By Vikram Vaswani, (c) Melonfire

Comments On: Cracking The Vault (part 1)

>>> Be the FIRST to comment on this article!

PHP ARTICLES

- Building a Content Management System with Co...
- Filters and Login Systems for Web Applicatio...
- Working with the Email Class in Code Igniter
- Building Your Own System Tray Application Us...
- Structuring Your Projects for Web Applicatio...
- Inserting, Updating and Deleting Database Ro...
- Building Your Own Desktop Notepad Applicatio...
- Web Application Security Overview
- Working with the Active Record Class in Code...
- Generate PDF Documents with PHP on the Windo...
- Sending Email with PHP Networking
- Performing Strict Validation with the Code I...
- The preg_replace_callback() function in PHP
- PHP Networking
- Validating Web Forms with the Code Igniter P...
Find More PHP Articles