Well, I got my Learning PHP/MySQL book in the mail yesterday and lets say I've become a bit... addicted :P I was coding for about 6 hours straight tonight working on my first big project. Its going to be a personal file management system where you can upload files to your own folder on a server protected by a password, then once they are uploaded, you can access them later, delete them, move them, ect. If you know the website imageshack.us, it will be like that except with all files in general instead of just images. I threw together a little promotion page tonight since I needed a break from PHP and best of all, sleep: http://www.meltingice.net/meltingiceupload/
I will keep you guys updated on my progress if you want. If there are any users here who are experienced with PHP/MySQL as well, I have a question or two that I will ask tomorrow.
Neat, i'm intrested. Oh and I hope to finsih that tutorial some time soon ;)
Regards,
Will
I've done some PHP and MySQL, although I've never taken a class in it or read a book ;). I really like your temporary page, by the way; it looks very clean and sharp, just like the rest of your site.
Alright guys, here's my question. I have usernames and passwords stored in a MySQL database in a table named up_users. In the table, there is a column named username and a column named password. I would like to search the table for a specific username, then return its corresponding password. Anyone know the correct syntax for this? I think its something like "SELECT password FROM users WHERE username=something" but I'm not entirely sure.
Really nice clean gui. I wish I had the time and knowhow to redo my site like this. I stsrted messing with php awhile back and never got back to it because Terragen keeps getting in the way. ;) Well anyway if I had the money and you had the time perhaps someday I could contract you to give mine a makeover if you were interested.
That is correct:
SELECT password from up_users where username='MeltingIce'
You need to put the username in quotes.
I would advise you not to store the passwords though and certainly not in cleartext. Always only store password hashes. Hashes can't be reverse engineerd to the original password. Instead when a user enters his name and password, hash the password and compare that to the stored hash. If you continue, make sure you look into SQL injection prevention techniques.
Instead of reinventing the wheel, you might look at something like Coppermine (http://coppermine-gallery.net/). I use it on my own site with a customised template. It allows user galleries with private and public images etc.
edit: whoops link fixed.
links broken
Quote from: 3DGuy on February 14, 2007, 03:17:28 PM
That is correct:
SELECT password from up_users where username='MeltingIce'
You need to put the username in quotes.
I would advise you not to store the passwords though and certainly not in cleartext. Always only store password hashes. Hashes can't be reverse engineerd to the original password. Instead when a user enters his name and password, hash the password and compare that to the stored hash. If you continue, make sure you look into SQL injection prevention techniques.
Instead of reinventing the wheel, you might look at something like Coppermine (http://coppermine-gallery.net/). I use it on my own site with a customised template. It allows user galleries with private and public images etc.
edit: whoops link fixed.
Thanks, I got it on my own though and forgot to post back here haha. The passwords are encrypted with sha256 encryption so don't worry about that :P. Right now I have a good portion of the thing working. You can register to create a new user and upload your files to your own folder with your username and password which is stored in the MySQL database. Next I will be writing a script that basically does a directory view of your uploads folder.
Point is to not store passwords. Not even crypted ;)
Well you could just make a password bar but no password....they'll never see it coming!
Regards,
Will
Quote from: 3DGuy on February 14, 2007, 03:53:24 PM
Point is to not store passwords. Not even crypted ;)
Well I meant I store hashed passwords with hash('sha256', $password)
Ah ok. Top notch then. ;D
;)
One quick question, I have the database information stored in config.php. What should i CHMOD that as in order to protect it? 755?
Move it to a folder the user can't access (preferably out of the www folder). Then just reference it. If you can't because it's not your own server stick it in a special folder (like config) and put a .htaccess in it preventing access to it by webusers.
That looks like a very interesting project, MeltingIce.
Quote from: old_blaggard on February 14, 2007, 09:40:09 AM
I've done some PHP and MySQL, although I've never taken a class in it or read a book ;). I really like your temporary page, by the way; it looks very clean and sharp, just like the rest of your site.
Same here - I never learn languages the way I'm meant to. Also, I agree - the whole of MeltingIce's site looks great.
Quote from: 3DGuy on February 14, 2007, 04:12:51 PM
Move it to a folder the user can't access (preferably out of the www folder). Then just reference it. If you can't because it's not your own server stick it in a special folder (like config) and put a .htaccess in it preventing access to it by webusers.
It is my own server, but I think I will just use .htaccess rules since I want this script to be available for anyone to download and it would be easier if they don't have to change the config directory.
I do love the layout of the site and the GUI is very nice.
MeltingIce - You said you wanted to make this script available to everyone. That means that you can't hardcode the username and password to the MySQL database. How and where do you plan on storing that data?
I have written a register.php script that takes a username and password (and hashes the password of course) and sends it to MySQL ;)
By the way, when I say make the script available to anyone, I mean anyone can download the script, upload it to their server, and run it themselves.
Yeah, I know that. Sorry, I didn't phrase my question well. You will need the username and password to the MySQL database somewhere. Something like "mysql_connect ('localhost' , 'username' , 'password');" will have to be used - if this script can be used on other servers, you shouldn't require the admins to hard-code their username and password. How are you planning on getting around that problem?
That's where the config.php comes in. That holds the user/passwd. That's why he wanted to make it impossible to download ;)
Well, right now I'm doing it the way a lot of scripts do it, but I might change that later on. Heres the code for my config.php script:
<?php
/*Needed MySQL information. Make sure to fill it out correctly!*/
$mysqlhost = "localhost";
$mysqluser = "username";
$mysqlpass = "password";
$mysqldb = "database";
$uploaddir = "/home/meltingi/public_html/uploaddirectory/"; //Absolute base upload directory
@mysql_pconnect($mysqlhost, $mysqluser, $mysqlpass)
or die("Could not connect to MySQL Server!");
@mysql_select_db($mysqldb)
or die("Could not select database!");
?>
Then I have a install.php script that you only run once and it automatically makes the database tables for you.
Nice, it makes the tabels that will be helpfulfor people like me know arn't so good at that type of thing.
regards,
Will
Quote from: Will on February 14, 2007, 05:35:11 PM
Nice, it makes the tabels that will be helpfulfor people like me know arn't so good at that type of thing.
regards,
Will
To be honest, I'm not entirely sure how to create tables in phpMyAdmin either but I know how to do it in PHP code :P
Hey more then I now.
I don't know PHP that well, been meaning to learn it though, that and python.
regards,
Will
Quote from: Will on February 14, 2007, 06:13:30 PM
Hey more then I now.
I don't know PHP that well, been meaning to learn it though, that and python.
regards,
Will
If you know any programming languages like java, C#, C++, ect. then PHP and python will be a breeze. I was able to learn everything I needed to know to make this upload system in one day's worth of reading and work. Just implemented a file viewer by the way. Right now all it does is return text saying whats in the folder, so my next goal is to turn them into links.
Good do know, I may try my hand and doing some over winder break next week. As for the file veiwer if you could turn into links then that would be great!
regards,
Will
Quote from: MeltingIce on February 14, 2007, 06:15:12 PM
Quote from: Will on February 14, 2007, 06:13:30 PM
Hey more then I now.
I don't know PHP that well, been meaning to learn it though, that and python.
regards,
Will
If you know any programming languages like java, C#, C++, ect. then PHP and python will be a breeze. I was able to learn everything I needed to know to make this upload system in one day's worth of reading and work. Just implemented a file viewer by the way. Right now all it does is return text saying whats in the folder, so my next goal is to turn them into links.
Why, oh why did I bother learning a dead-end language like NSIS? As a consequence of learning NSIS before anything else, I have a habit of creating logical conditional stuff (ifs and elses) to an immense depth, and then getting confused (there is nothing like 'if' in NSIS, so I never end up with that problem when programming in it). That's why I rarely put a lot of PHP code into a single file - I end up spreading it accross a number of files...
Anyway, good luck with the project MeltingIce...
Quote from: 3DGuy on February 14, 2007, 05:29:39 PM
That's where the config.php comes in. That holds the user/passwd. That's why he wanted to make it impossible to download ;)
Thanks. That will help clear it up for me, and also help out when/if I make my script available to the public.
Quote from: Will on February 14, 2007, 06:18:04 PM
Good do know, I may try my hand and doing some over winder break next week. As for the file veiwer if you could turn into links then that would be great!
regards,
Will
My plan in the end is to actually make it so you can move, delete, create folders, and open files in your user folder. I'll see how that goes though. I might need to study some other directory listing scripts to see how they work.
EDIT: Just updated the preview page for kicks and giggles. Basically thats how I want the final product to look.
Alright, the directory listing now has links to the files so I am making good progress. I reorganized the structure a little bit as well. All that's left is to add the file manipulation functions to the directory listing and it'll be done!
Nice, yes it really that easy, hehe. Will the entire project be done or just that portion of code?
regards,
Will
Quote from: Will on February 15, 2007, 06:23:03 AM
Nice, yes it really that easy, hehe. Will the entire project be done or just that portion of code?
regards,
Will
I won't release the project until it is completely finished :P It's been coming along nicely though so it shouldn't be too much longer.
Neat can't wait, this is off topic but woulnet be nice is Terragen 2 had some type of python or C++ scripting.
regards,
Will
Quote from: Will on February 15, 2007, 07:34:21 AM
Neat can't wait, this is off topic but woulnet be nice is Terragen 2 had some type of python or C++ scripting.
regards,
Will
A scripting system will be implemented before the final release. It will probably be based on Python due to its increasing popularity for 3D application scripting.
- Oshyan
I can't seem to get this to work. This is a function I wrote that checks to make sure the string passed in doesn't have any of the characters in the array $nix in it. Right now its always returning true. If anyone knows why, help would be much appreciated ;D
<?php
function isValid($var)
{
$nix = array("#","(",")","<",">","?","/","\\","[","]","|");
$vararray = str_split($var);
for($index=0;$index<count($vararray);$index++)
{
if(array_search($vararray[$index], $nix))
{
$valid = false;
}
}
if($vararray[0] == " ")
{
$valid = false;
}
return $valid;
}
?>
While I'm waiting on the reply for that, I was wondering if I could get some feedback on the index page. This is a working version of the page, but I disabled the register form so that no one can register a username :P Try logging in with a random username and password to see the error message that appears. All the animations were done with scriptaculous if anyone was wondering. You can check it out here (http://meltingice.net/phptest/upload/index.php).
EDIT: I just finished styling the database install page. I know a lot of people are intimidated by databases, so I made this as easy as possible. My ultimate goal is to make it so the user doesn't have to edit any php at all. Here's a screenshot of the install.php script after a successful MySQL table installation:
(http://imagehost.meltingice.net/viewer.php?id=arx1171617129g.jpg)
EDIT AGAIN: Guess I'm kinda talkin to myself here since its so early in the morning. I just achieved my ultimate goal. Users no longer have to edit any php files. When you install the database, a config.php file is written for you containing your database login information so you no longer have to edit that file yourself.
Nice man, but yea I'm ot even up at that hour. The error system seems to be working at least for the log in. Is et up an account and got in so it all seems to be working from my end.
Regards,
Will
Quote from: MeltingIce on February 15, 2007, 10:49:35 PM
I can't seem to get this to work. This is a function I wrote that checks to make sure the string passed in doesn't have any of the characters in the array $nix in it. Right now its always returning true. If anyone knows why, help would be much appreciated ;D
You never initialised your $valid. So you always return false. Initialise it by adding
$valid = true;
at the start of the function.
Good looking page, MeltingIce. I can't wait to see this when it's done.
Quote from: 3DGuy on February 16, 2007, 11:55:44 AM
Quote from: MeltingIce on February 15, 2007, 10:49:35 PM
I can't seem to get this to work. This is a function I wrote that checks to make sure the string passed in doesn't have any of the characters in the array $nix in it. Right now its always returning true. If anyone knows why, help would be much appreciated ;D
You never initialised your $valid. So you always return false. Initialise it by adding
$valid = true;
at the start of the function.
I added that and it didn't change anything unfortunately.
Hmm ok, I'm looking into that now.. seems to be a problem with the str_split.
Quote from: 3DGuy on February 16, 2007, 02:58:36 PM
Hmm ok, I'm looking into that now.. seems to be a problem with the str_split.
Thanks a lot man. If you can come up with a better way to do it than what I'm doing, then please let me know. I was hoping for a function that returns the character of a word at index x, instead of having to put all the letters into an array.
Here you go, this should work:
function isValid($varx)
{
$valid = true;
$nix = array("#","(",")","<",">","?","/","\\","[","]","|");
for($index=0;$index<strlen($varx);$index++)
{
if(in_array(substr($varx,$index,1), $nix))
{
$valid = false;
}
}
if(substr($varx, 0, 1) == " ")
{
$valid = false;
}
return $valid;
}
$var seems to be invalid for a variable name hence the use of $varx
Quote from: 3DGuy on February 16, 2007, 03:17:03 PM
$var seems to be invalid for a variable name hence the use of $varx
Excellent, it does work! Thanks again, much appreciated :D
Well I've been hard at work on this script so I thought I would post a little update and a screenshot. I haven't done a whole lot in the way of styling but heres what it looks like right now.
(http://imagehost.meltingice.net/viewer.php?id=jdv1171756708c.jpg)
The red box in the upper right is normally not visible unless theres an error, like the one I threw there. I have been working a lot on security lately, so you can no longer upload .php files (huge security risk) and you can't use "user.php?dir=../" in the url to go up a directory and view other peoples files. Also did a little tidying up by moving the directory listing code to a separate php file and put it into a function.
Next in line for me is to start outputting the directory list in a table so I can start formatting it better and add options like delete, move and rename for each file and directory.
It looks like your upload system is coming along very nicely there. I can't wait until it is finished!
Nice job!
glad you fixed the "user.php?dir=../" thing that was a big secrity thing.
Regards,
Will
oh and next you need to work on a rendertime calculator ;)
Regards,
Will
Heheh... well, since Planetside has decided that's too hard for them right now, maybe he should just make a random number generator and call it a rendertime calculator :P.
echo rand();
I win at life
Doesn't rand() need some kind of parameters? Like... between 1 minute and 1 month :P?
Quote from: old_blaggard on February 17, 2007, 11:47:46 PM
Doesn't rand() need some kind of parameters? Like... between 1 minute and 1 month :P?
The extra parameters are optional actually :P
ha nice.
Regards,
Will
Quote from: old_blaggard on February 17, 2007, 11:43:30 PM
Heheh... well, since Planetside has decided that's too hard for them right now, maybe he should just make a random number generator and call it a rendertime calculator :P.
I could do that. I've been working for ages on a random number generator. I use it to scare people because it's designed to look like it is hacking into something...
could you share it, that would be so much fun (evil smile)
Regards,
Will
It is shared. You have to register as a member of my website to download it. If you register and you are logged in, you will find the download links here (http://ccgi.emptosoft.plus.com/main_site/e107_plugins/forum/forum_viewtopic.php?12.0). There are two versions - one that is quite old (download link at the top), and one that is new (download link near the bottom) and much better but that has not been fully finished (It works fine, but there are no malicious-looking commands yet).
EDIT: Actually, sorry I just thought of another security hole that I need to work on first. I need to prevent the execution of files within the users directory, and its a lot harder than it sounds. CHMOD didn't work since it just ended up either not letting you view any file or letting stuff still execute. I'm working on a fix now.
OK FINALLY... I am ready for some beta testing if anyone is interested. You can download everything you need below. If don't have a server but wish to test it out on mine, just PM me and I'll open up registrations. Make sure to read everything in the readme.txt file provided in the download. Most importantly however, I need feedback! So please let me know what you think of it so far. Remember, this is beta so not everything is implemented yet. I have worked A LOT on security, so everything should be fine on that front. There shouldn't be any bugs, but of course nothing is perfect so please let me know if you find any.
just downloaded it
If I get some time I'll take a look at it on my server here at the house :P
Sweet, sounds good! :D
Nice, I would like to see it I don't have a sever but but examning others work will help me learn a bit faster.
Regards,
Will
Well, I actually just went ahead and opened it up to public testing for all on my website. You can regsiter and login here: http://mfs.meltingice.net
Oh, that is hilarious - you've included all of your fancy effects in this project as well...
Quote from: MeltingIce on February 19, 2007, 10:21:04 AM
Well, I actually just went ahead and opened it up to public testing for all on my website. You can regsiter and login here: http://mfs.meltingice.net
I noticed 2 things. I can't rename stuff. And when I click on the name of an image I get a download instead of viewing the content.
Using FireFox2
Alright some major updates. Sorry I forgot to unlink Rename in that download, its not implemented yet. This update includes tons of fixes from the download posted here. From now on, just check out this page (http://meltingice.net/wordpress/?page_id=291) for updates so I don't have to upload to these forums every time.
Oh and Firefox tried to download everything because I forgot to include mime.types in the .zip file :-\ It's in there now though so everything should work.
IE tried to download it too :P
Quote from: 3DGuy on February 20, 2007, 05:20:52 AM
IE tried to download it too :P
Yea because it needed mime.types, but I had forgotten to put it in there. Should be fine now ;)
Yeah, seems fine now :) Non existant MIME's can be a nuisance I know.
How do you have that much time on your hands!? You've released an update every day since you released the mfs! Not even I manage things like that...
Quote from: Dark Fire on February 20, 2007, 12:36:48 PM
How do you have that much time on your hands!? You've released an update every day since you released the mfs! Not even I manage things like that...
Haha well I enjoy the project so I like working on it a lot. I have a really bad habit of staying up late too, so I usually work on it at night.
the looks are real sharp.
nicely done.
and goodluck on your project.
;)
Just added a filesize feature that shows the filesize in KB or MB depending on the files size next to its name/link in the directory listing. I haven't updated the download on the project page yet though since I will probably work some more on the project later today. The version running on my server though has been updated. I applied for a Sourceforge page as well, anyone have an idea how long it will take for them to process the application?
Hope you guys aren't getting tired of my updates haha. My project is now on sourceforge, but their shell access server is down so I can't update the projects webpage. All the file releases and source code are posted though so if you're interested, check it out here (http://sourceforge.net/projects/meltingicefs/). The latest version has file and folder renaming too ;)
Interesting...I've considered releasing many projects on SourceForce, such as my program management system and blog, but I've never really wanted to...
I've been hard at work lately on a new visual design for the project, since the original one wasn't all that great in my personal opinion. This one is much cleaner looking and should load much faster. Here's a preview of where I'm going with it (please note that not everything is implemented yet).
(http://imagehost.meltingice.net/viewer.php?id=cqs1172643122u.jpg)
Well, it looks like it's got a fair bit of potential, but until I see some of the fancy Meltingice graphics and javascripts, I'm gonna hold onto my judgement ;).
Quote from: old_blaggard on February 28, 2007, 09:15:01 AM
Well, it looks like it's got a fair bit of potential, but until I see some of the fancy Meltingice graphics and javascripts, I'm gonna hold onto my judgement ;).
Well, I was actually going to go light on the graphics in order to improve loading time and make the interface as simple, clean and easy to use as possible. There will still be fun javascript animations though :P
Sounds good. While I agree that excessive graphics can be irritating for load times, I think a few for background and maybe a few for icons wouldn't be too much of a problem in today's age of high-speed internet.
New design has been implemented along with folder deletion. Heres a screenshot of the new design:
(http://imagehost.meltingice.net/viewer.php?id=bwy1172724055s.jpg)
I added a little bit of a background design like you suggested old_blaggard to spice it up a bit. As before, you can try it out for yourself at http://mfs.meltingice.net