Upload System I'm Working On

Started by MeltingIce, February 14, 2007, 04:22:58 am

Previous topic - Next topic

MeltingIce

Well, I got my Learning PHP/MySQL book in the mail yesterday and lets say I've become a bit... addicted  :P  I was coding for about 6 hours straight tonight working on my first big project.  Its going to be a personal file management system where you can upload files to your own folder on a server protected by a password, then once they are uploaded, you can access them later, delete them, move them, ect.  If you know the website imageshack.us, it will be like that except with all files in general instead of just images.  I threw together a little promotion page tonight since I needed a break from PHP and best of all, sleep: http://www.meltingice.net/meltingiceupload/

I will keep you guys updated on my progress if you want.  If there are any users here who are experienced with PHP/MySQL as well, I have a question or two that I will ask tomorrow.

MeltingIce Network | Wii Number: 3881 9574 8304 0277

Will

Neat, i'm intrested. Oh and I hope to finsih that tutorial some time soon ;)

Regards,

Will
The world is round... so you have to use spherical projection.

old_blaggard

I've done some PHP and MySQL, although I've never taken a class in it or read a book ;).  I really like your temporary page, by the way; it looks very clean and sharp, just like the rest of your site.
http://www.terragen.org - A great Terragen resource with models, contests, galleries, and forums.

MeltingIce

Alright guys, here's my question.  I have usernames and passwords stored in a MySQL database in a table named up_users.  In the table, there is a column named username and a column named password.  I would like to search the table for a specific username, then return its corresponding password.  Anyone know the correct syntax for this?  I think its something like "SELECT password FROM users WHERE username=something" but I'm not entirely sure.

MeltingIce Network | Wii Number: 3881 9574 8304 0277

buzzzzz

Really nice clean gui. I wish I had the time and knowhow to redo my site like this. I stsrted messing with php awhile back and never got back to it because Terragen keeps getting in the way. ;) Well anyway if I had the money and you had the time perhaps someday I could contract you to give mine a makeover if you were interested.

3DGuy

February 14, 2007, 03:17:28 pm #5 Last Edit: February 14, 2007, 03:20:59 pm by 3DGuy
That is correct:
SELECT password from up_users where username='MeltingIce'

You need to put the username in quotes.

I would advise you not to store the passwords though and certainly not in cleartext. Always only store password hashes. Hashes can't be reverse engineerd to the original password. Instead when a user enters his name and password, hash the password and compare that to the stored hash. If you continue, make sure you look into SQL injection prevention techniques.

Instead of reinventing the wheel, you might look at something like Coppermine. I use it on my own site with a customised template. It allows user galleries with private and public images etc.

edit: whoops link fixed.

Will

The world is round... so you have to use spherical projection.

MeltingIce

Quote from: 3DGuy on February 14, 2007, 03:17:28 pm
That is correct:
SELECT password from up_users where username='MeltingIce'

You need to put the username in quotes.

I would advise you not to store the passwords though and certainly not in cleartext. Always only store password hashes. Hashes can't be reverse engineerd to the original password. Instead when a user enters his name and password, hash the password and compare that to the stored hash. If you continue, make sure you look into SQL injection prevention techniques.

Instead of reinventing the wheel, you might look at something like Coppermine. I use it on my own site with a customised template. It allows user galleries with private and public images etc.

edit: whoops link fixed.

Thanks, I got it on my own though and forgot to post back here haha.  The passwords are encrypted with sha256 encryption so don't worry about that :P.  Right now I have a good portion of the thing working.  You can register to create a new user and upload your files to your own folder with your username and password which is stored in the MySQL database.  Next I will be writing a script that basically does a directory view of your uploads folder.

MeltingIce Network | Wii Number: 3881 9574 8304 0277

3DGuy

Point is to not store passwords. Not even crypted ;)

Will

Well you could just make a password bar but no password....they'll never see it coming!

Regards,

Will
The world is round... so you have to use spherical projection.

MeltingIce

Quote from: 3DGuy on February 14, 2007, 03:53:24 pm
Point is to not store passwords. Not even crypted ;)

Well I meant I store hashed passwords with hash('sha256', $password)

MeltingIce Network | Wii Number: 3881 9574 8304 0277


MeltingIce

 ;)

One quick question, I have the database information stored in config.php.  What should i CHMOD that as in order to protect it?  755?

MeltingIce Network | Wii Number: 3881 9574 8304 0277

3DGuy

Move it to a folder the user can't access (preferably out of the www folder). Then just reference it. If you can't because it's not your own server stick it in a special folder (like config) and put a .htaccess in it preventing access to it by webusers.

Dark Fire

That looks like a very interesting project, MeltingIce.

Quote from: old_blaggard on February 14, 2007, 09:40:09 am
I've done some PHP and MySQL, although I've never taken a class in it or read a book ;).  I really like your temporary page, by the way; it looks very clean and sharp, just like the rest of your site.

Same here - I never learn languages the way I'm meant to. Also, I agree - the whole of MeltingIce's site looks great.