Member Avatar for thirusvga

Hi.. I am new in php +ajax.....Now i am doing project in php+ajax+linux environment...i create a login page using php,ajax,mysql,, i have mysql tables are. register,slideshow,,,,,In register table having following field...
1.uid (autoincrement)2.first (firstname)3.last(surname)4.user(username),5.pass(password)
In slide show table having following field,,,
1.uid 2.pid(presentation id,autoincrment) 3.slideno 4.description 5.location(this is what image file is store that particular location)..
my login programs are..
//login.html

<html>
<head>
<script language="javascript" type="text/javascript">
//Browser Support Code
function ajaxFunction()
{
var ajaxRequest; // The variable that makes Ajax possible!

try
{
// Opera 8.0+, Firefox, Safari
ajaxRequest = new XMLHttpRequest();
}
catch (e)
{
// Internet Explorer Browsers
try
{
ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e)
{
try
{
ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
}
catch (e)
{
// Something went wrong
alert("Your browser broke!");
return false;
}
}
}

// Create a function that will receive data sent from the server
ajaxRequest.onreadystatechange = function()
{
if(ajaxRequest.readyState == 4)
{
var ajaxDisplay = document.getElementById('ajaxDiv');
ajaxDisplay.innerHTML = ajaxRequest.responseText;
document.getElementById('message').style.visibility = 'hidden';
}
}

var user= document.getElementById('user').value;
var pass= document.getElementById('pass').value;
var queryString = "?user=" + user + "&pass=" + pass;
document.getElementById('message').style.visibility = 'visible';
ajaxRequest.open("GET","login.php" + queryString, true);
ajaxRequest.send(null);

}
</script>
</head>
<body>
<div id="message" style="position:absolute; top:1%; left:95%; margin-left:-100px; font-size:14;background-color: red ;color: white;width: 165px; height: 25px; overflow: auto;visibility: hidden">Executing...</div>
<form>
<center>
<img src="" style="visibility:hidden" width="0%" height="0%">
<table border="0" bgcolor="#CCCCFF" cellspacing="1" cellpadding="3" width="287">
<tr>
<td align="left" colspan="2" width="275"><b><font size="5" color="#000080">Login</font></b></td>
</tr>
<tr>
<td align="right" width="81"><b><font color="#000080">User
Name:</font></b></td>
<td width="184">
<input type="text" id="user">
</td>
</tr>
<tr>
<td align="right" width="81"><b><font color="#000080">Password:</font></b></td>
<td width="184">
<input type="password" id="pass">
</td>
</tr>
<tr>
<td colspan="2" align="center" width="275"><input type="button" onclick="ajaxFunction()" value="Login" ></td>
</tr>
</table>
<div id="ajaxDiv">&nbsp;
</center>
</form>
</body>
</html>

//login.php

<?php
$user=$_GET['user'];
$pass=$_GET['pass'];
$conn = mysql_connect("localhost","root","") or die("could not connect server");
$db = mysql_select_db("thiru",$conn) or die("could not connect database");
$query= "select * from register";
$res = mysql_query($query) or die("query failed" . mysql_error());
$num_rows=mysql_num_rows($res);
while($rr=mysql_fetch_array($res))
{
if($user==$rr[3] && $pass==$rr[4])
{
//get uid
$insert=$rr[0];
//echo"welcome" .$user;
$flag=true;
}
}
if($flag==false)
{
echo"userid and password mismatch";
}
mysql_close($conn);
?>

The above program is successfully logged .. and i fetch uid in $insert variable...This is my quetion...
uid,pid,slideno,description,location will be stored automaticallyin slideshow table..while i upload file....
my upload proram is given below...
//upload.html file

<html>

<head>

<script type="text/javascript" language="javascript">
function upload()
{

var oForm = document.uploadform;
oForm.submit();
}
</script>

</head>

<body>

<div id="message" class="drag" style="position:absolute; top:50%; left:50%; margin-left:-100px; font-size:12;background: transparent;

width: 75px; height: 75px; overflow: auto; visibility: hidden">

</div>

<center>

<form name="uploadform" action="upload.php" method="POST" ENCTYPE="multipart/form-data" target="hiddenFrame">
Open :
<input style="font:normal 10px Verdana" size="35" align="left" type="file" name="code" id="code">&nbsp;&nbsp;&nbsp;&nbsp;<br><button onClick="upload();return false">Upload</button>

</form>

<iframe src="about:blank" name="hiddenFrame" width="400" height="400"

frameborder="1" ></iframe>

</center>

</body>

</html>

//upload php file

<?php
$uploaddir='/var/www/html/upload/';
$uploadfile=$uploaddir.basename($_FILES['code']['name']);
echo '<pre>';
if (move_uploaded_file($_FILES['code']['tmp_name'], $uploadfile))
{
echo "File was successfully uploaded.\n";
print "</pre>";
$conn=mysql_connect("localhost","root","");
$db=mysql_select_db("thiru");
$query = "insert into slide(sloc)values('$uploadfile')";
$result=mysql_query($query);
echo"<br>";
mysql_close($conn);
$filename=$_FILES['code']['name'];
echo"filename:";
echo $filename;
echo"<br>";
}
else
{
echo "please choose a correct file!!";
}

?>

please send me the correct coding ..
Edit/Delete Message

  • 2 Contributors
  • 6 Replies
  • 159 Views
  • 2 Days Discussion Span
  • Latest Post Latest Post by thirusvga
Member Avatar for digital-ether

Your file upload looks ok. You just have to let your File Upload page know that the upload was successful or not.

To do this, in your PHP that handles the file upload, put in a javascript function that returns the status of the upload. ]

eg:

<script>

top.my_callback(true);

</script>

Notice that the function is a method of "top". This references the top window, or the window that contains the Iframe you have this code in.


In your File upload page, put in a handler for the javascript function. Eg:

function my_callback(status) {

if (status == true) alert('file uploaded');
else alert('upload failed');

}
Member Avatar for thirusvga

ya.. uploaded file is successful stored in database when i newly file upload..my problem is how to pass my uid from register table to slideshow table..using php, ajax..
please help me..

Member Avatar for digital-ether

ya.. uploaded file is successful stored in database when i newly file upload..my problem is how to pass my uid from register table to slideshow table..using php, ajax..
please help me..

The UID should be in the current users session. Don't pass it via AJAX.

Eg: When you logged the user in, create a session for the user. You can use the built in PHP session management $_SESSION. Or you can create your own session management by entering each login into a session table in the database.

When a user uploads something, check a cookie sent by the user for the session ID. You can verify this session exists by looking up your session db table, or $_SESSION variable if you use that...

Member Avatar for thirusvga

i dont know about session..In my login program where i insert a session....help me...and reply me madam..

Member Avatar for digital-ether

Simple example of a session:

When a user logs in successfully. you do:

$sessid = sha1(rand(1, 1000000000).time()); // create a random id for the users session

$_SESSION[$sessid] = $userid; // save the userid to the $_SESSION variable. PHP will automatically keep track of this value across php pages. 

setCookie('sess_id', $sessid, time()+3600); // set session cookie for 1 hour expiry. This will track the user and let you know that they already authenticated...

Now when you want to know if the user is logged in, just check the cookie "sess_id" and if its set, get its value an make sure it is an existing session id by checking it against $_SESSION.

$sessid = $_COOKIE['sess_id'];
if (isset($_SESSION[$sessid])) {
// ok we have a session and it exists
$userid = $_SESSION[$sessid];
} else {
// we don't have a session for this user

}

Off Topic:

In your authentication script you have:

$query= "select * from register";

then you iterate through each returned db row and check user and password. This is not very efficient. Imagine if you have 100 000 users. You'd have 100 * (bytes per row) Kb sent to your PHP script from the DB each time you authenticate someone. Then PHP has to parse that SQL response into PHP objects.

The "better" way of doing it is:

$query= "select * from register where username = '".mysql_escape_string($username)."' AND password = '".mysql_escape_string($password)."' LIMIT 1";

This way you only get the row you want from the db.

Also, you may want to save the passwords as one way encrypted hashes. PHP implements md5, sha hashes natively. You can use this to "encrypt" the passwords and increase user security.

eg:

$secret = '32d0we9*03ojsdfp98323;afp%^9;3f;hd'; // its good to keep a secret

$hash = sha1($password.$secret); // 1 way encrypt it 

// save this password hash in the db.

When you need to verify a password hash the password given by the user, and compare it with the one in the db.

$user = $_GET['user'];
$pass = $_GET['pass'];


$secret = '32d0we9*03ojsdfp98323;afp%^9;3f;hd'; // its good to keep a secret

$hash = sha1($password.$secret);

$query = "select * from registerwhere username = '".mysql_escape_string($user)."' AND password = '".mysql_escape_string($hash)."' LIMIT 1";

This way even if someone managed to hack into your database, they still will have a hard time decrypting the passwords in the db.

Member Avatar for thirusvga

ok..let i try ..if any problem i will reply soon..

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.