php login/upload problem

yujikaido

I am working on my code trying to upload an image inside one of my functions. Although the upload is successful to my selected image directory I get sent back to the login page. I am thinking it has something do with the function that is not carrying my login authorization and is logging me out. The function is " picupload()" I have been working on it for days and made only a little progress. Also any suggestions on the best way to implement my other functions would be great too. I am newbie in php and any help would be appreciated. Thanks.


<?php

function debug($msg)
{
   echo("<p>*** ". $msg);
}


# Load incoming parameter value or return a null string

function getparam($param)
{
   if(isset($_REQUEST[$param]))
   {
   	     return($_REQUEST[$param]);
   }
   else
   {
   		return('');
   }
}


function loginform($u)
{
   debug("Login Form");
	echo <<<messageend
<form action='loginphoto.php' method='post'>
<font size="+2">
<table width=25% align=center bgcolor=#FFFFCC border=3>
<form name="form" method="post" 
<td  align=center  bgcolor=#FABCCC</td
   <table align=center>
   <tr>
   	<th>Name:</th>
   	<td><input type='text' name='user' value='$u'></td>
   </tr>
   <tr>
    <th>Password:</th>
   	<td><input type='password' name='passwd'></td>
   </tr>
   <tr>
   	   <td colspan=2 align='right'>
   	   		<input type='submit' value='login'>
   	   </td>
   </tr>
   </table>
</form>
messageend;

}

function logout(&$user,&$passwd)
{
   debug("Logout");
   echo "<p align=center>[$user], you have been logged out";
   echo "<p align=center><input type=submit value='Good-bye'>";
   $user = '';
   $passwd = '';
}

function picslide()
{
   debug("picture slide show");
   echo "<p align=center>Not supported at this time";
   echo "<p align=center><input type='submit' value='Menu'>";
}

function picoption()
{
   debug("picture options");
   echo "<p align=center>Not supported at this time";
   echo "<p align=center><input type='submit' value='Menu'>";
}

function picupload()

 {
  debug("file upload"); 
  echo("<p>Upload picture form");

echo "<form enctype='multipart/form-data' method='post' action='loginphoto.php'>";
echo "<p>Image: ";
echo "<input name='file' type='file'>";
echo "<input type='submit' name='state' value='Upload'>";
echo "</form>";

}  

if ($_REQUEST['state'] == 'Upload')
{
	echo("<p>Incoming file processing");
	$target_path = "images/";

$target_path = $target_path . 
	basename( $_FILES['file']['name']); 

    echo "<p>Number of files: " . count($_FILES);

echo "<p>Incoming File name: ";
echo ($_FILES['file']['name']);
echo "<p>Attempting...";
echo "<p>Copy from: " . $_FILES['file']['tmp_name'];
echo "<p>Copy to: " . $target_path;

if (move_uploaded_file($_FILES['file']['tmp_name'], $target_path))
{
	echo "<p>File [".  $_FILES['file']['name'] . 
		"] has been uploaded";
} 
else
{
	echo "<p>There was an error uploading the file to" .
		$target_path . " Please try again";
}
echo "<form method='post' action='loginphoto.php'>";
echo "<input type='submit' name='state' value='Try again'>";
echo "</form>";


}

function menu()
{
	debug("Send menu");
	echo <<<menuend
	<font size="+2">
<table width=25% align=center bgcolor=#FFFFCC border=3>
<form name="form" method="post" 
<td  align=center  bgcolor=#FABCCC</td
<table align='center'>
  <tr>
  	<td colspan=2>Choose one:</td>
  </tr>
  <tr>
  	<td><input type='radio' name='state' value='3'></td>
  	<td>Slide Show</td>
  </tr>
  <tr>
  	<td><input type='radio' name='state' value='2'></td>
  	<td>Picture listing and options</td>
  </tr>
  <tr>
  	<td><input type='radio' name='state' value='4'></td>
  	<td>Picture Upload</td>
  </tr>
  <tr>
  	<td><input type='radio' name='state' value='1'></td>
  	<td>Logout
  </tr>
  <tr>
    <td colspan=2 align=center><input type=submit value="Go">
 </table>
menuend;
}


echo <<<headerend
<html>
  <head>
    <title>Login Photo </title>
   </head>
   <body bgcolor="#F57A00">
   <h1 style='font-family:sans-serif; color:brown;' align='center'>Login Photo Project</h1>
headerend;



$user = getparam('user');
$passwd = getparam('passwd');


$logins = array(
'luke'  => 'cook',
'yuji' => 'kaido',
'guest'   => 'pass',
'nathan' => 'lunsford'
);

$state = getparam('state');

if (($logins[$user] == $passwd) && # IF AUTHENTICATED USER
    ($user != '') && ($passwd != ''))
{


# CHECK FOR DESIRED OPERATION
switch($state)
{
case 1: # LOGOUT
		logout($user,$passwd);
		break;
case 2: #Picture Options
		picoption();
		break;	
case 3: # Picture slide Show
		picslide();
		break;	
case 4: # Picture Upload
		picupload();
		break;		

default: # SEND MENU
		menu();
}

# SEND OUT THE AUTHENTICATION DATA
echo  "<input type='hidden' name='user' value='$user'>\n";
echo  "<input type='hidden' name='passwd' value='$passwd'>\n";


}
else
{	# SEND A LOG IN FORM
    if (($user != '') || ($passwd != ''))
    {   echo "<p align=center style='color:red;'>Invalid login</p>"; }

loginform($user);
echo $logins[$user];
}
?>

</body>
</html>

Bjom

to maintain a login you need to use sessions (or a cookie). Add that and you'll be fine.

On another note: Using $POST instead of $REQUEST inside the getparam function would be a plus.

yujikaido

thank you for your reply. I will look into sessions. What do mean by the php code you posted?

Bjom

that's my signature and a general statement. the use of "or die" is unfortunately very popular and it is a) unnecessary because you can use trigger_error and b)it can cause problems because unlike trigger_error it will not respond to the error reporting level you set for php, thus taking away control from you, potentially messing up your site with ugly error messages etc.

yujikaido

ok I adding some code to my php and I can see the cookie in firefox PHPSESSID but it doesn't make any difference I keep getting set back to login when I hit try again to upload another picture and also after successfull upload msg below it on the same page I get the loginpage in safari or in firefox i get the menu. Anyone know what I am doing wrong in my code.


<?php
session_start();
function debug($msg)
{
   echo("<p>*** ". $msg);
}


# Load incoming parameter value or return a null string

function getparam($param)
{
   if(isset($_POST[$param]))
   {
   	     return($_POST[$param]);
   }
   else
   {
   		return('');
   }
}


function loginform($u)
{
   debug("Login Form");
	echo <<<messageend

<font size="+2">
<table width=25% align=center bgcolor=#FFFFCC border=3>
<form name="form" method="post" 
<td  align=center  bgcolor=#FABCCC</td
   <table align=center>
   <tr>
   	<th>Name:</th>
   	<td><input type='text' name='user' value='$u'></td>
   </tr>
   <tr>
    <th>Password:</th>
   	<td><input type='password' name='passwd'></td>
   </tr>
   <tr>
   	   <td colspan=2 align='right'>
   	   		<input type='submit' value='login'>
   	   </td>
   </tr>
   </table>
</form>
messageend;

}

function logout(&$user,&$passwd)
{
   debug("Logout");
   echo "<p align=center>[$user], you have been logged out";
   echo "<p align=center><input type=submit value='Good-bye'>";
   $user = '';
   $passwd = '';
}

function picslide()
{
   debug("picture slide show");
   echo "<p align=center>Not supported at this time";
   echo "<p align=center><input type='submit' value='Menu'>";
}

function picoption()
{
   debug("picture options");
   echo "<p align=center>Not supported at this time";
   echo "<p align=center><input type='submit' value='Menu'>";
}

function picupload()


 {

  echo  "<input type='hidden' name='user' value='$user'>\n";
	echo  "<input type='hidden' name='passwd' value='$passwd'>\n"; 

   debug("file upload");
  echo("<p align='center'>Upload picture form");
	echo "<form enctype='multipart/form-data' method='post' action='loginphoto.php'>";
	echo "<p align='center'>Image: ";
	echo "<input name='file' type='file'>";
	echo "<input type='submit' name='state' value='Upload'>";
	echo "</form>";

}  

echo $_SESSION['username'];
if ($_REQUEST['state'] == 'Upload')
{
	echo("<p>Incoming file processing");
	$target_path = "images/";

$target_path = $target_path . 
	basename( $_FILES['file']['name']); 

    echo "<p>Number of files: " . count($_FILES);

echo "<p>Incoming File name: ";
echo ($_FILES['file']['name']);
echo "<p>Attempting...";
echo "<p>Copy from: " . $_FILES['file']['tmp_name'];
echo "<p>Copy to: " . $target_path;

if (move_uploaded_file($_FILES['file']['tmp_name'], $target_path))
{
	echo "<p>File [".  $_FILES['file']['name'] . 
		"] has been uploaded";
} 
else
{
	echo "<p>There was an error uploading the file to" .
		$target_path . " Please try again";
}
echo "<form method='post' action='loginphoto.php'>";
echo "<input type='submit' name='state' value='Try again'>";
echo "</form>";

}

function menu()
{

debug("Send menu");
echo <<<menuend
<font size="+2">
<table width=25% align=center bgcolor=#FFFFCC border=3>
<form name="form" method="post" 
<td  align=center  bgcolor=#FABCCC</td
<table align='center'>
  <tr>
  	<td colspan=2>Choose one:</td>
  </tr>
  <tr>
  	<td><input type='radio' name='state' value='3'></td>
  	<td>Slide Show</td>
  </tr>
  <tr>
  	<td><input type='radio' name='state' value='2'></td>
  	<td>Picture listing and options</td>
  </tr>
  <tr>
  	<td><input type='radio' name='state' value='4'></td>
  	<td>Picture Upload</td>
  </tr>
  <tr>
  	<td><input type='radio' name='state' value='1'></td>
  	<td>Logout
  </tr>
  <tr>
    <td colspan=2 align=center><input type=submit value="Go">
 </table>
menuend;
}


echo <<<headerend
<html>
  <head>
    <title>Login Photo </title>
   </head>
   <body bgcolor="#F57A00">
   <h1 style='font-family:sans-serif; color:brown;' align='center'>Login Photo Project</h1>
headerend;



$user = getparam('user');
$passwd = getparam('passwd');


$logins = array(
'luke'  => 'cook',
'yuji' => 'kaido',
'guest'   => 'pass',
'nathan' => 'lunsford'
);

$state = getparam('state');

if (($logins[$user] == $passwd) && # IF AUTHENTICATED USER
    ($user != '') && ($passwd != ''))
{


# CHECK FOR DESIRED OPERATION
switch($state)
{
case '1': # LOGOUT
		logout($user,$passwd);
		break;
case '2': #Picture Options
		picoption();
		break;	
case '3': # Picture slide Show
		picslide();
		break;	
case '4': # Picture Upload
		picupload();
		break;		

default: # SEND MENU
		menu();
}

# SEND OUT THE AUTHENTICATION DATA
echo  "<input type='hidden' name='user' value='$user'>\n";
echo  "<input type='hidden' name='passwd' value='$passwd'>\n";


}
else
{	# SEND A LOG IN FORM
    if (($user != '') || ($passwd != ''))
    {   echo "<p align=center style='color:red;'>Invalid login</p>"; }

loginform($user);
echo $logins[$user];
}
?>

</body>
</html>

Bjom

# SEND OUT THE AUTHENTICATION DATA
    echo  "<input type='hidden' name='user' value='$user'>\n";
    echo  "<input type='hidden' name='passwd' value='$passwd'>\n";

store some value into your session instead, so that you know the guy logged on successfully like so:

$_SESSION['loggedon'] = $user

What you need to add now is a) a check to the SESSION array if the user logged on correctly previously. If so: run the code. If not: present the loginform, set the session variable.

Check the login credentials only after a login, i.e. after your user was presented the login form. You can check this by adding if (isset($_POST['login']){...}.

Hope that's enough info to point you in the right direction.

yujikaido

I tired the code below the now my functions don't work I get logged out when I go to my picture upload function. where would I put (isset($_POST['login']){...}? Sorry I am alot of trouble with this Ive only got this far from tutorials and videos I have watched. Sometimes I have no clue what things do until i try and then I have been doing alot of trial and error. Anymore hints.....


$user = getparam('user');
$passwd = getparam('passwd');


$logins = array(
'luke'  => 'cook',
'yuji' => 'kaido',
'guest'   => 'pass',
'nathan' => 'lunsford'
);

$state = getparam('state');

if (($logins[$user] == $passwd) && # IF AUTHENTICATED USER
    ($user != '') && ($passwd != ''))
{


# CHECK FOR DESIRED OPERATION
switch($state)
{
case '1': # LOGOUT
		logout($user,$passwd);
		break;
case '2': #Picture Options
		picoption();
		break;	
case '3': # Picture slide Show
		picslide();
		break;	
case '4': # Picture Upload
		picupload();
		break;		

default: # SEND MENU
		menu();
}
## is this correct below authenticate below with session data
 $_SESSION['user'] = $user;
 $_SESSION['passwd'] = $passwd;  

}
else
{	# SEND A LOG IN FORM
    if (($user != '') || ($passwd != ''))
    {   echo "<p align=center style='color:red;'>Invalid login</p>"; }

loginform($user);
echo $logins[$user];
}
?>

</body>
</html>