Could PHP even solve this issue?

misteraven

Alright, I've been given a new challenge and am trying to work out the logistics of a solution to it. I'm decent at PHP, but far from an expert. Normally though I can bulldoze through a challenge with what I know, and with an arsenal of resources from books to messageboards. This time, however, I can't quickly visualize a solution. For all the PHP pro's out there, I was wondering if you could provide some general guidence on if PHP could even provide a solution to this particular challenge...

Alright, a freind of mine owns a printing company specializing in clubflyer and business card printing. It's a quick turnaround business (24hr) and would greatly benefit from an eCommerce solution. He'd be selling printing, but depends on files from a client to provide his service, therefore needs to incorporate a file upload tool as well. I can code a shopping cart without too much problem and have already modified a third party script for file uploading that's quite nice (independent of the shopping cart). Now here's the issue...

I'm wondering if there would even be a way to set up a method so that the opportunity to upload a file would only be presented to a successful transaction from the shopping cart, and further, only work one time. In other words, can anyone visualize a way so that the file upload would somehow be 'unlocked' dynamically after the transaction, and then be disabled after it's been used once?

Currently, the file upload exists at a specific URL. Anyone that gets it can upload a file and use it as many times as they want. This is creating an issue with clients uploading files that sometimes mistakenly get printed without being paid for. Unfortunately, there's too many people involved in the process for coherrent communication, so they were hoping for a dummy proof solution like if a file is uploaded, it's paid for a ready to print.

misteraven

(Oops, hit submit too quick)

Anyhow, any advice or a direction with this situation will be greatly appreciated.

Thanks.

Rohan_Hill

Hmmm, you could have it so when the user pays for the service they get a code to enter into the same form they upload the file with, and I'm sure you could work out how to make it so each code can only be used once. That should work 🙂

misteraven

How could you generate a code randomly for the client that would also be understood by the script.

I now how to create random passwords, but how does this then tie into unlocking a private area for the file upload?

dawson1323

Well, if you know how to use php with MySql, you could have a random code chosen then insert it into a table. Then when some goes to upload they enter the code, it is checked in the database, then after upload is complete, the code is removed from the table so it wont be used again.

-D

rinjani

One way to do this as pointed out is to create a random ID number and send it to them. At the same time store the number in a database (or flat file) - you could add a used/not used flag such as 0/1, true/false or delete it after one use - and some kind of id such as email address.

The upload area has a login screen, the so the user logs in with their email (for instance) and random number that was sent to them.

Look up and make sure that the pair matches and the flag says not used and then allow them entry to the upload area. On upload change the flag to used (or delete from the db). You could use sessions and login to keep the customer data together.

To generate a random number here's a method, there are others.

$current_time = time();
$random phrase = "my_phrase";
$random_string = $random_phrase . $current_time;
$security_id = md5($random_string);

//add to database with login id

//send to user

HTH

misteraven

Actually, that makes this a bit clearer in my head. I guess I'm still not quite used to thinking in these terms. Anyhow, thanks for the advice. I'll give it a shot.

Take care...

PyroX

just use the microtime as the code, unlikley that will occur twice ever, and roanom is not very random.

cfdarby

I had a similar solution to complete a few months back.

Here is what I did.

In the database table that contains the information for an order I placed a status field, i initially set that field to '0' once the order had been completed and a file had been uploaded i had the upload system set that field to '1', if there was an error with the upload the field status wouldnt change.

Next time a client needed to access a particular order/job they would enter in an order number that was generated automatically on the creation of the order and the results given back would contact a status variable set to '1' all you need after that is an if else statment similar to this:

if ($status == 0) {
   include("uploadfile.php");
}

Hope this has been of help, incidently you could also create an admin area allowing the status to be manually set in the instance that an incorrect file has been uploaded by the client and needs to be changed.

Regards
Chris

now if only someone would help with my PHP problem

misteraven

cool.

appreciate the extra help... many thanks.

stretchy

This is a thought, why not when the transaction is completed you create a session variable that if exists will allow the user to upload the file, once the user clicks the upload button, the session variable id destroyed and the upload is once again locked.

Just a thought.
Stretchy