Alright, so I have been working on building a photographer a website. She requested that she would like a page that would allow users to log in and view their proofs and only allow THEM access to their own pictures. I have successfully created a log in page using sessions and it is working as planned. I have then created a registration form that is ONLY accessable by the photographer - she will enter users as soon as their proofs are available and it will email the user their username and password.
My problem is that I'm completely stuck on how to store the users pictures into the database and link it to their username and/or email and display them on the page automatically when they login. Here is what I have accomplished thus far:
user table:
create table users (id int NOT NULL auto_increment, firstname varchar(30) NOT NULL, lastname varchar(30) NOT NULL, email varchar(30) NOT NULL, username varchar(30) NOT NULL, password varchar(30) NOT NULL, picture varchar(50), date varchar(30) NOT NULL, PRIMARY KEY (id));
index.htm:
<html>
<head>
<title>Shots by Shell Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel='stylesheet' type='text/css' href='css/style.css' />
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="validate.js"></script>
<script type='text/javascript' src='js/example.js'></script>
<script type="text/javascript">
$(document).ready(function(){
jQuery.validator.addMethod("phoneUS", function(phone_number, element) {
phone_number = phone_number.replace(/\s+/g, "");
return this.optional(element) || phone_number.length > 9 &&
phone_number.match(/^(1-?)?(\([2-9]\d{2}\)|[2-9]\d{2})-?[2-9]\d{2}-?\d{4}$/);
}, "Please specify a valid phone number");
$("#form").validate();
});
</script>
</head>
<body>
<div id="page-wrap">
<div class="login-block">
<h3>Shots by Shell User Login</h3>
<form action="login.php" method="POST" id="form">
<table>
<tr><td style="font-size:15; color:grey;">Username:</label></td>
<td><input type="text" name="username" id="username" class="required"></td></tr>
<tr><td style="font-size:15; color:grey;">Password:</label></td>
<td><input type="password" name="password" id="password" class="required"></td></tr>
<tr><td> <input type="submit" name="submit" id="Submit" value="Login"></td></tr>
</table>
</form>
</div>
</div>
</body>
</html>
login.php
<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
if ($username&&$password)
{
$connect = mysql_connect("localhost","xxxx","xxxxxx") or die ("Unable to connect at this time. Please try again later.");
mysql_select_db("login2", $connect) or die ("Unable to connect to the photo database at this time. Please try again later.");
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrows = mysql_num_rows($query);
if ($numrows!=0)
{
while ($row = mysql_fetch_assoc($query))
{
$dbusername=$row['username'];
$dbpassword=$row['password'];
$dbfirstname=$row['firstname'];
}
if ($username==$dbusername&&$password==$dbpassword)
{
header('Location: http://mysite.example.com/member.php?id='.$_SESSION['firstname']=$dbfirstname);
}
else
echo "Incorrect password.";
}
else
die("Email address does not exist.");
}
else
die("Please enter your email address and password.");
?>
member.php
<?php
session_start();
if ($_SESSION['firstname'])
{
echo "Welcome, ".$_SESSION['firstname']."!";?><br>
<?php
echo "<a href='logout.php'>Log Out</a>";
}
else
die("You must log in to view this page. <a href='index.php'>Click here</a> to log in.");
?>
logout.php
<?php
session_start();
session_destroy();
echo "You have successfully been logged out. <a href='index.php'>Click here</a> if you wish to log back in.";
?>
And here is the register form which creates the user
index.php
<html>
<head>
<title>Shots by Shell Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel='stylesheet' type='text/css' href='css/style.css' />
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="validate.js"></script>
<script type='text/javascript' src='js/example.js'></script>
<script type="text/javascript">
$(document).ready(function(){
jQuery.validator.addMethod("phoneUS", function(phone_number, element) {
phone_number = phone_number.replace(/\s+/g, "");
return this.optional(element) || phone_number.length > 9 &&
phone_number.match(/^(1-?)?(\([2-9]\d{2}\)|[2-9]\d{2})-?[2-9]\d{2}-?\d{4}$/);
}, "Please specify a valid phone number");
$("#form").validate();
});
</script>
<script type="text/javascript">
var RecaptchaOptions = {
theme : 'clean'
};
</script>
</head>
<body>
<?php
require_once('recaptchalib.php');
// you got this from the signup page
$publickey = "6LfOiL0SAAAAAG5WiyZCOfp5tUUXzJ3s0yBl75QD";
$privatekey = "6LfOiL0SAAAAAIgbTbC_K7kr89vBO7in0BYpjxQ2 ";
$resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
require_once "formvalidator.php";
$error_hash='no';
$show_form=true;
if(isset($_POST['Submit']))
{
$validator = new FormValidator();
$validator->addValidation("Firstname","req","<B>Please enter a Firstname</B>");
$validator->addValidation("Lastname","req","<B>Please enter a Lastname </B>");
$validator->addValidation("Email","email","<B>The input for Email should be a valid Email address</B>");
$validator->addValidation("Email","req","<B>Please enter an Email</B>");
$validator->addValidation("Username","req","<B>Please enter a Username</B>");
$validator->addValidation("Password","req","<B>Please enter a Password</B>");
if($validator->ValidateForm())
{
$show_form=false;
}
else
{
echo "<font color='#CC0000'><B>Validation Errors:</B></font>";
$error_hash = $validator->GetErrors();
foreach($error_hash as $inpname => $inp_err)
{
echo "<p>$inpname : $inp_err</p>\n";
$show_form=true;
}
}
if($show_form===false)
{
if (!$resp->is_valid && $show_form === false) {
$message = ' CAPTCHA - word verification was incorrect.<br /><br />';
$show_form = true;
} else {
$con = mysql_connect("localhost","login","test123!")or die ("damnit");
mysql_select_db("login2", $con);
$email = mysql_real_escape_string($_POST['Email']);
$username = mysql_real_escape_string($_POST['Username']);
$dupcheck = mysql_query("SELECT * FROM users WHERE (email = '$email') OR (username = '$username')",$con);
if (! mysql_num_rows ($dupcheck))
{
//safe insert to prevent injection attacks
$firstname = mysql_real_escape_string($_POST['Firstname']);
$lastname = mysql_real_escape_string($_POST['Lastname']);
$password = mysql_real_escape_string($_POST['Password']);
//$email and $username are defined above
$sql="INSERT INTO users (id,firstname,lastname,email,username, password,date)
VALUES ('','$firstname','$lastname','$email','$username','$password',NOW())";
mysql_query($sql,$con);
echo "<font color='#003366'><b>User Was Successfully Created!</b></font><br /><br />
Username:<b> $username</b> <br />
Password: <b>$password</b>";
//need to set up mail to client here to notify them that their proofs are available.
}
else
{
$message = 'User already exists in the database.<br /><br />';
$show_form = true;
}
mysql_close($con);
}
echo "<font color='#CC0000'><B>$message</B></font>";
}
}
if (true == $show_form){
?>
<div id="page-wrap">
<div class="login-block">
<h3>Shots by Shell User Registration</h3>
<form action="" method="POST" name="RegisterForm" id="form">
<table cellspacing='0' cellpadding='5' border='0' bordercolor='#000000' bgcolor='#ffffff'>
<tr>
<td colspan="3" style="color:#003366; font-size:20px; font-weight:bold; padding-bottom: 10px;">User 30 Day Online Proof Registration</td>
</tr>
<tr>
<td style="font-size:15; color:grey;">Firstname:</td>
<td><input type='text' name='Firstname' size='20' class="required" value="<?php if(isset($_POST['Firstname'])){ print $_POST['Firstname']; } ?>"></td>
</tr>
<tr>
<td style="font-size:15; color:grey;">Lastname:</td>
<td><input type='text' name='Lastname' size='20' class="required" value="<?php if(isset($_POST['Lastname'])){ print $_POST['Lastname']; } ?>"></td>
</tr>
<tr>
<td style="font-size:15; color:grey;">Email:</td>
<td><input type='text' name='Email' size='20' class="required" value="<?php if(isset($_POST['Email'])){ print $_POST['Email']; } ?>"></td>
</tr>
<tr>
<td style="font-size:15; color:grey;">Username:</td>
<td><input type='text' name='Username' size='20' class="required" value="<?php if(isset($_POST['Username'])){ print $_POST['Username']; } ?>"></td>
</tr>
<tr>
<td style="font-size:15; color:grey;">Password:</td>
<td><input type='password' name='Password' size='20' class="required" value="<?php if(isset($_POST['Password'])){ print $_POST['Password']; } ?>"></td>
</tr>
<tr>
<td colspan="3"> </td>
</tr>
</table>
<table cellspacing='0' cellpadding='10' border='0' bordercolor='#000000' bgcolor='#ffffff'>
<tr>
<td><p><?php echo recaptcha_get_html($publickey);?></p></td>
</tr>
<tr>
<td colspan="2">
<input type="submit" name="Submit" id="Submit" value="Submit"> <input type="reset" value="Reset"></td>
</tr>
</table>
</form>
</table>
</div></div>
<?php
}//true == $show_form
?>
Now that I have got all that working, I am VERY confused on how to get the pictures to link to each user.... I thought maybe since one can actually see how I started this that someone may have a better understanding of how I need this to work. I guess I just don't know exactly how to get the path of the pictures into the table, and then how to name them something that will relate to the user? I think I understand that I would have to upload the images first, then in my registration form i would have to change my insert somehow. Or do i need to make a completely separate table for the pictures ( but i will admit that i have never used more than one table before, so i'm not sure how to connect or relate between the two.
Sorry for such a long post. I hope someone can help!