PHP, SQL, User flagging with uploaded files (Please Help)

black-ops

black-ops

black-ops

Associate
Joined
4 Mar 2007
Posts
315
Location
United Kingdom
Ok so i have a basic login screen with 3 types of users and required privilages.
Admin, Teacher and Student.
I've been working on the upload script and finally got it working but im now trying to work out a way so that once a user uploads a file that rather than allowing everyone to view the uploaded file, it only shows a user with the correct privilage to view it. For instance

Admin 01 Uploads file to only show Student 01 and 02.
That means Teacher 01 wont be able to view it nor will any other user who isnt Admin 01 or Student 01 and 02. Is this possible? i know i would have to make another Database entry but how would i firstly show the uploaded file on the webpage? Im really wracking my head about this and have no idea what to do here... well thats a lie i have an idea but i don't know where i should start for this part of my project.
 
The way I'd do it would be to randomly generate an md5 hash for each file that's uploaded. Then have a database, namely "files", which creates an entry for each file with id, md5name, dateuploaded, originalname, whatever else you want.

You could then use the user db or a separate database to link the user id to the file id. I think you could add a 'file' column to your user db, and separate the files they have access to with commas, ie. "2,6,24,73,102,103,107" etc.
 
rghjones said:
The way I'd do it would be to randomly generate an md5 hash for each file that's uploaded. Then have a database, namely "files", which creates an entry for each file with id, md5name, dateuploaded, originalname, whatever else you want.

You could then use the user db or a separate database to link the user id to the file id. I think you could add a 'file' column to your user db, and separate the files they have access to with commas, ie. "2,6,24,73,102,103,107" etc.
Click to expand...

cheers, i think i will try it that way. I will keep you posted :D
 
would i be able to approach this method using something like this.
PHP: 
session_start();

function uploadFile() {
			mysql_connect('localhost', 'xxx', 'xxx', 'xxx');
			$md5name = md5($_POST['FILE_MD5']);
			
			$sql = "INSERT INTO files (md5name) VALUE ($md5name);";
			mysql_query($sql);
	}
Then later on i can check using isset if the md5 is related to the users status id which i have set up for the login page? Ie admin = 1 so then i can do something like

PHP: 
session_start();

if (isset($_SESSION['USR_STATUS']) == "1")
{
// Then allow them to view the file assosiated with their account
}
else
{
// Dont allow them to view the file.
}
 
I assume each user will/may have access to multiple files? I don't know much about exploding database records into an array, but that's how you'll want to do it, and then use a while and for each file id display that file to link/download.

I wouldn't relate the md5 to to the filename at all either, just randomise it.
 
You must log in or register to reply here.
Back
Top Bottom