MYSql Quering

[Golden_Eagle]

I am using PHP and MYSQL for my download archive and would like password protect some of the files I'm uploading.

I have MYSQL database working and pretty much understand the basics of it'soperation.

This is what I'm trying to do.

The Files I'm uploading are inserted into the database with there download URL as well. What I have done so far is added a table column called password.

Each file I would like passworded I have added the password to this file in this coloumn.

When downloading the file, it calls it through a download.php file.

What I'd like to happen, is when the download.php is called with the ID, is make a MYSQL query to the database, to see if the file has
a password entered. If not it allows the download to continue. If it has, it directs to another PHP file - ie. password.php. Which has a form with a password field on asking for the password. If the password is correct, file downloads.
If not this script redirects back to homepage.

So, ultimately -
1.
How do I query a MYSQL Table's Column to return all the results that have information in them, some of the information has a blank in them,
I want to only return the results of cells that have something in it!

IE

SELECT * FROM (TABLE_NAME) WHERE (COLUMN_NAME) LIKE '%'

This returns all results whether info in them or not.

(This is of course using PHPMyAdmin!)

2.
Where can I get hold of a script for the password entry...?

I know I could make this script myself - if I had any clue - but sadly I can only make the form. I don't know how to process it using PHP. (

Any help would be HUGELY appreciated.
Thankz in advance.

Golden Eagle

[mat]

Quote:

I want to only return the results of cells that have something in it!

SELECT * FROM table_name WHERE column_name > '';

Quote:

When downloading the file, it calls it through a download.php file.
What I'd like to happen, is when the download.php is called with the ID, is make a MYSQL query to the database, to see if the file has
a password entered. If not it allows the download to continue. If it has, it directs to another PHP file - ie. password.php. Which has a form with a password field on asking for the password. If the password is correct, file downloads.
If not this script redirects back to homepage.

I think by the sounds of it general http user/pass auth would be better, it would allow you to just keep the files in a folder you want to be secure instead of using php and actually putting the files into a mySQL table,

you could just put everything in that folder and people who want to acces anything in there (files/pages) would need U:P to be able to. quick and simple. you know where a little pop up box comes up and asks for user/pass?

http://www.he.net/info/htaccess/demo.html
http://faq.clever.net/htaccess.htm
http://www.javascriptkit.com/howto/htaccess.shtml

lots more info around on this and I'm sure users here who have dealt with this could help.


If you think php/mySQL would be better then you'll need to give more info for instance:

Quote:

When downloading the file, it calls it through a download.php file.
What I'd ...

make no sense to me they are downloading the file but they need to provide user/pass to download the file

what I'm wondering is how exactly you get to the 'file downloading' bit? how is that file choosen? you say there is a form where the user puts in U:P right? is there like some sort of option list with the available files for download to choose from...?

[Golden_Eagle]

Here check this out

http://www.font-factory.com/archive/pafiledb.php

This is what I'm trying to impliment it into!

[mat]

I checked it out, picked a font but when trying to D/L the download button does nothing, i am referring to this page

http://www.font-factory.com/archive/...n=file&id=6609


I take it that is becuase you have not got any security up and don't want to allow people to d/l these for free. I assume you would want something like:

user arrives at this 'pafiledb.php' page and clicks the 'download' link, this link checks if the user has logged in already or not (by checking for a session variable / cookie) and if not directs them to a login page, if they have already logged in (session variable / cookie is found) the download commences.

For this you will be looking at using sessions? cookies? I have done this login system type thing with CF but not really with PHP. I'm sure others here will have though and can help out.

The basice concept is > I arrive at the page for the first time. I click 'download' the download checks for a session variable which contains my 'user,pass, id or something' if it is found then i get to download if not i get directed to a login page. On the login page i enter user/pass and if it's correct a 'session' variable is set for me so now when i click 'download' php will find a 'session' variable and let me download. yeah? am i making sense

anyway take a look at
http://www.phpbuilder.com/columns/tim20000505.php3
http://www.hotscripts.com/PHP/Tips_a...uthentication/
http://www.phpfreaks.com/tutorials/40/0.php
http://martin.f2o.org/php/login
http://www.free2code.net/tutorials/print_friendly/99
others you can find with google.


and do some research on 'login system' sessions \ cookies with php.

[Golden_Eagle]

Sorry. Site is using Iframes at the moment (changing to PHP includes at present!)

Try this and you need to navigate using menu system to archive.
http://www.font-factory.com

I'll try to explain what it is I'm trying to achieve again.

I don't wish to implement sessions, login or cookie membership.

When a download is clicked the script makes a query to MySQL database table column called files_password. If there is nothing in this field for the file 'id' number that is being downloaded, the script skips this and downloads the file.

If there IS a password in the database for the download. The script loads a form with one text box and one submit button asking for the word typed into the files_password column. If entered correctly download occurs. If not, your returned to the file info page.

Sounds simple to me. But perhaps this is not actually do-able.

If it is please help me. I'm even struggling to process a form using PHP!

[mat]

o.k so you want to have a sort of universal password right? (one password for all)

some fonts are free to d/l but some require a pass, and that is just one universal pass yeah?

[mbenson]

Quote:

Originally posted by mat
[B]

SELECT * FROM table_name WHERE column_name > '';

wouldn't it be better to say:

Code:

SELECT * FROM table WHERE column != '';

??

Saying that WHERE column is NOT NULL...

[Golden_Eagle]

Quote:

Originally posted by mat
o.k so you want to have a sort of universal password right? (one password for all)

some fonts are free to d/l but some require a pass, and that is just one universal pass yeah?

Almost!

The password for the font will be different in the field the query is looking for. (If possible)

This is what I came up with -

I have been looking at PHP for months now (about 5), but if seems that no matter how long I try. I cannot seem to get to grips with it!

This may seem like a bad way of showing an example.
But it's the best way I can do it, seeing as PHP is proving to be a little over my head!

HERE GOES!

//START WITH A MYSQL QUERY OF DATABASE
$password = $pafiledb_sql->query($db, "SELECT * FROM $db pafiledb_files WHERE file_password > ''", 1);


// IF PASSWORD FIELD HAS A WORD IN DATABASE
if $password == ("yes") {
// LOAD WORD FROM 'file_password' & LOAD SOMESORT OF FORM HERE ASKING FOR THE WORD IN FIELD
<FORM> BLAH BLAH (With just ONE textbox for password only (NO USER) & a submit button).</FORM>
}

// IF PASSWORD FIELD IN DATABASE IS EMPTY
if $password == ("none") {
// GO DIRECT TO NON-PROTECTED DOWNLOAD
}

//FORM PROCESSED
else {
$password == ("incorrect")
// JAVASCRIPT HISTORY(GO BACK -1) TO FILE DETAILS
}

//FORM PROCESSED (CORRECT PASSWORD)
else
}
if $password == ("correct")
// GO DIRECT TO PROTECTED DOWNLOAD
}

I hope this explains it a little more simpler.
And that is actually possible to do.

Thanks for helping.

Anyone know of any GOOD places to learn PHP & MySQL?

I can't stand reading books. I prefer to read online if possible. Although if book is the best option. So be it!

[Golden_Eagle]

Is anyone able to help me with this script?

[mat]

Each font is in the database so i take it, each will have a unique ID. Pass this ID to the download script.

<a href="download.php?download=yes&font=ID">Download</a>




<?php
if(!isset($download)){

include "../dbConnect.php";

$sql1 = "SELECT COUNT(password) FROM fontsTable WHERE ID = '$font'";

$numRows = mysql_num_rows($sql1);

if($numRows == 1){

echo"
<form method='post' action='download.php'>
<input type='text" name='passwordInput'>
<input type='hidden' name='font' value='$font'>
<input type='submit' name='submit' value='go'>
</form>
";

}else{

download font?
}

}
?>


<?php
if(!isset($submit){

include "../dbConnect.php";

$sql2 = "SELECT password FROM fontsTable WHERE ID = '$font'";

while ($row = mysql_fetch_array($sql2)){
$correctPass= $row['password'];

if($passwordInput == $correctPass){

yay! download font from DB... don't ask me

}else{

echo"incorrect pass";
( actually you should redirect with a query string '?invalidPass=yes' so that the form comes up again but with an incorrect message. )

}


}

?>




I'm no php brain.. but this may help a little bit I've also never actually downloaded a file from a database so ? i'm sure someone else can point out how

[Nightfire]

If your host/server doesn't have asp tags supports, you'd have to replace the <% %> to <? ?> or <?php ?>

[mat]

woops didn't realise i was doing that.
( been learning asp )

[Golden_Eagle]

Thanks guys. I'll give it ago over the weekend and I'll get back to you ASAP to let you know if I managed to get it working. If I don't, I'll reply with some more (hopefully useful) information.

Thanks again

Golden Eagle