DaniWeb Forum Index > Web Development > PHP

how to pass one script to another using php,mysqldatabase

Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases

•

Join Date: Apr 2008

Posts: 5

Reputation: thirusvga is an unknown quantity at this point

Solved Threads: 0

thirusvga

Offline

Newbie Poster

how to pass one script to another using php,mysqldatabase

Apr 23rd, 2008

Hi.. I am new in php +ajax.....Now i am doing project in php+ajax+linux environment...i create a login page using php,ajax,mysql,, i have mysql tables are. register,slideshow,,,,,In register table having following field...
1.uid (autoincrement)2.first (firstname)3.last(surname)4.user(username),5.pass(password)
In slide show table having following field,,,
1.uid 2.pid(presentation id,autoincrment) 3.slideno 4.description 5.location(this is what image file is store that particular location)..
my login programs are..
//login.html

 Help with Code Tags 
 html Syntax (Toggle Plain Text) 
<html>
<head>
<script language="javascript" type="text/javascript">
//Browser Support Code
function ajaxFunction()
{
var ajaxRequest; // The variable that makes Ajax possible!
 
try
{
// Opera 8.0+, Firefox, Safari
ajaxRequest = new XMLHttpRequest();
}
catch (e)
{
// Internet Explorer Browsers
try
{
ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e)
{
try
{
ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
}
catch (e)
{
// Something went wrong
alert("Your browser broke!");
return false;
}
}
}
 
// Create a function that will receive data sent from the server
ajaxRequest.onreadystatechange = function()
{
if(ajaxRequest.readyState == 4)
{
var ajaxDisplay = document.getElementById('ajaxDiv');
ajaxDisplay.innerHTML = ajaxRequest.responseText;
document.getElementById('message').style.visibility = 'hidden';
}
}
 
var user= document.getElementById('user').value;
var pass= document.getElementById('pass').value;
var queryString = "?user=" + user + "&pass=" + pass;
document.getElementById('message').style.visibility = 'visible';
ajaxRequest.open("GET","login.php" + queryString, true);
ajaxRequest.send(null);
 
}
</script>
</head>
<body>
<div id="message" style="position:absolute; top:1%; left:95%; margin-left:-100px; font-size:14;background-color: red ;color: white;width: 165px; height: 25px; overflow: auto;visibility: hidden">Executing...</div>
<form>
<center>
<img src="" style="visibility:hidden" width="0%" height="0%">
<table border="0" bgcolor="#CCCCFF" cellspacing="1" cellpadding="3" width="287">
<tr>
<td align="left" colspan="2" width="275"><b><font size="5" color="#000080">Login</font></b></td>
</tr>
<tr>
<td align="right" width="81"><b><font color="#000080">User
Name:</font></b></td>
<td width="184">
<input type="text" id="user">
</td>
</tr>
<tr>
<td align="right" width="81"><b><font color="#000080">Password:</font></b></td>
<td width="184">
<input type="password" id="pass">
</td>
</tr>
<tr>
<td colspan="2" align="center" width="275"><input type="button" onclick="ajaxFunction()" value="Login" ></td>
</tr>
</table>
<div id="ajaxDiv">&nbsp;
</center>
</form>
</body>
</html>
<html>
<head>
<script language="javascript" type="text/javascript">
//Browser Support Code
function ajaxFunction()
{
var ajaxRequest; // The variable that makes Ajax possible!

try
{
// Opera 8.0+, Firefox, Safari
ajaxRequest = new XMLHttpRequest();
}
catch (e)
{
// Internet Explorer Browsers
try
{
ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e)
{
try
{
ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
}
catch (e)
{
// Something went wrong
alert("Your browser broke!");
return false;
}
}
}

// Create a function that will receive data sent from the server
ajaxRequest.onreadystatechange = function()
{
if(ajaxRequest.readyState == 4)
{
var ajaxDisplay = document.getElementById('ajaxDiv');
ajaxDisplay.innerHTML = ajaxRequest.responseText;
document.getElementById('message').style.visibility = 'hidden';
}
}

var user= document.getElementById('user').value;
var pass= document.getElementById('pass').value;
var queryString = "?user=" + user + "&pass=" + pass;
document.getElementById('message').style.visibility = 'visible';
ajaxRequest.open("GET","login.php" + queryString, true);
ajaxRequest.send(null);

}
</script>
</head>
<body>
<div id="message" style="position:absolute; top:1%; left:95%; margin-left:-100px; font-size:14;background-color: red ;color: white;width: 165px; height: 25px; overflow: auto;visibility: hidden">Executing...</div>
<form>
<center>
<img src="" style="visibility:hidden" width="0%" height="0%">
<table border="0" bgcolor="#CCCCFF" cellspacing="1" cellpadding="3" width="287">
<tr>
<td align="left" colspan="2" width="275"><b><font size="5" color="#000080">Login</font></b></td>
</tr>
<tr>
<td align="right" width="81"><b><font color="#000080">User
Name:</font></b></td>
<td width="184">
<input type="text" id="user">
</td>
</tr>
<tr>
<td align="right" width="81"><b><font color="#000080">Password:</font></b></td>
<td width="184">
<input type="password" id="pass">
</td>
</tr>
<tr>
<td colspan="2" align="center" width="275"><input type="button" onclick="ajaxFunction()" value="Login" ></td>
</tr>
</table>
<div id="ajaxDiv">&nbsp;
</center>
</form>
</body>
</html>

//login.php

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
<?php
$user=$_GET['user'];
$pass=$_GET['pass'];
$conn = mysql_connect("localhost","root","") or die("could not connect server");
$db = mysql_select_db("thiru",$conn) or die("could not connect database");
$query= "select * from register";
$res = mysql_query($query) or die("query failed" . mysql_error());
$num_rows=mysql_num_rows($res);
while($rr=mysql_fetch_array($res))
{
if($user==$rr[3] && $pass==$rr[4])
{
//get uid
$insert=$rr[0];
//echo"welcome" .$user;
$flag=true;
}
}
if($flag==false)
{
echo"userid and password mismatch";
}
mysql_close($conn);
?>
<?php
$user=$_GET['user'];
$pass=$_GET['pass'];
$conn = mysql_connect("localhost","root","") or die("could not connect server");
$db = mysql_select_db("thiru",$conn) or die("could not connect database");
$query= "select * from register";
$res = mysql_query($query) or die("query failed" . mysql_error());
$num_rows=mysql_num_rows($res);
while($rr=mysql_fetch_array($res))
{
if($user==$rr[3] && $pass==$rr[4])
{
//get uid
$insert=$rr[0];
//echo"welcome" .$user;
$flag=true;
}
}
if($flag==false)
{
echo"userid and password mismatch";
}
mysql_close($conn);
?>

The above program is successfully logged .. and i fetch uid in $insert variable...This is my quetion...
uid,pid,slideno,description,location will be stored automaticallyin slideshow table..while i upload file....
my upload proram is given below...
//upload.html file

 Help with Code Tags 
 html Syntax (Toggle Plain Text) 
<html>
 
<head>
 
<script type="text/javascript" language="javascript">
function upload()
{
 
var oForm = document.uploadform;
oForm.submit();
}
</script>
 
</head>
 
<body>
 
<div id="message" class="drag" style="position:absolute; top:50%; left:50%; margin-left:-100px; font-size:12;background: transparent;
 
width: 75px; height: 75px; overflow: auto; visibility: hidden">
 
</div>
 
<center>
 
<form name="uploadform" action="upload.php" method="POST" ENCTYPE="multipart/form-data" target="hiddenFrame">
Open :
<input style="font:normal 10px Verdana" size="35" align="left" type="file" name="code" id="code">&nbsp;&nbsp;&nbsp;&nbsp;<br><button onClick="upload();return false">Upload</button>
 
</form>
 
<iframe src="about:blank" name="hiddenFrame" width="400" height="400"
 
frameborder="1" ></iframe>
 
</center>
 
</body>
 
</html>
<html>

<head>

<script type="text/javascript" language="javascript">
function upload()
{

var oForm = document.uploadform;
oForm.submit();
}
</script>

</head>

<body>

<div id="message" class="drag" style="position:absolute; top:50%; left:50%; margin-left:-100px; font-size:12;background: transparent;

width: 75px; height: 75px; overflow: auto; visibility: hidden">

</div>

<center>

<form name="uploadform" action="upload.php" method="POST" ENCTYPE="multipart/form-data" target="hiddenFrame">
Open :
<input style="font:normal 10px Verdana" size="35" align="left" type="file" name="code" id="code">&nbsp;&nbsp;&nbsp;&nbsp;<br><button onClick="upload();return false">Upload</button>

</form>

<iframe src="about<b></b>:blank" name="hiddenFrame" width="400" height="400"

frameborder="1" ></iframe>

</center>

</body>

</html>

//upload php file

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
<?php
$uploaddir='/var/www/html/upload/';
$uploadfile=$uploaddir.basename($_FILES['code']['name']);
echo '<pre>';
if (move_uploaded_file($_FILES['code']['tmp_name'], $uploadfile))
{
echo "File was successfully uploaded.\n";
print "</pre>";
$conn=mysql_connect("localhost","root","");
$db=mysql_select_db("thiru");
$query = "insert into slide(sloc)values('$uploadfile')";
$result=mysql_query($query);
echo"<br>";
mysql_close($conn);
$filename=$_FILES['code']['name'];
echo"filename:";
echo $filename;
echo"<br>";
}
else
{
echo "please choose a correct file!!";
}
 
?>
<?php
$uploaddir='/var/www/html/upload/';
$uploadfile=$uploaddir.basename($_FILES['code']['name']);
echo '<pre>';
if (move_uploaded_file($_FILES['code']['tmp_name'], $uploadfile))
{
echo "File was successfully uploaded.\n";
print "</pre>";
$conn=mysql_connect("localhost","root","");
$db=mysql_select_db("thiru");
$query = "insert into slide(sloc)values('$uploadfile')";
$result=mysql_query($query);
echo"<br>";
mysql_close($conn);
$filename=$_FILES['code']['name'];
echo"filename:";
echo $filename;
echo"<br>";
}
else
{
echo "please choose a correct file!!";
}

?>

please send me the correct coding ..
Edit/Delete Message

Last edited by digital-ether; Apr 24th, 2008 at 11:43 am. Reason: Please wrap your code in [code] ... [/code] tags

•

Join Date: Sep 2005

Posts: 1,075

Reputation: digital-ether is just really nice

Solved Threads: 66

digital-ether digital-ether is offline

Offline

Veteran Poster

Re: how to pass one script to another using php,mysqldatabase

Apr 24th, 2008

Your file upload looks ok. You just have to let your File Upload page know that the upload was successful or not.

To do this, in your PHP that handles the file upload, put in a javascript function that returns the status of the upload. ]

eg:

 Help with Code Tags 
 PHP Syntax (Toggle Plain Text) 
<script>
 
top.my_callback(true);
 
</script>
<script>

top.my_callback(true);

</script>

Notice that the function is a method of "top". This references the top window, or the window that contains the Iframe you have this code in.

In your File upload page, put in a handler for the javascript function. Eg:

 Help with Code Tags 
 javascript Syntax (Toggle Plain Text) 
function my_callback(status) {
 
if (status == true) alert('file uploaded');
else alert('upload failed');
 
}
function my_callback(status) {

if (status == true) alert('file uploaded');
else alert('upload failed');

}

Last edited by digital-ether; Apr 24th, 2008 at 11:53 am.

www.fijiwebdesign.com - web design and development and fun
Cpanel Email - Let users Register email accounts on your website upon registration
Ajax Chat - Fully browser based chat!

•

Join Date: Apr 2008

Posts: 5

Reputation: thirusvga is an unknown quantity at this point

Solved Threads: 0

thirusvga

Offline

Newbie Poster

Re: how to pass one script to another using php,mysqldatabase

Apr 25th, 2008

ya.. uploaded file is successful stored in database when i newly file upload..my problem is how to pass my uid from register table to slideshow table..using php, ajax..
please help me..

•

Join Date: Sep 2005

Posts: 1,075

Reputation: digital-ether is just really nice

Solved Threads: 66

digital-ether digital-ether is offline

Offline

Veteran Poster

Re: how to pass one script to another using php,mysqldatabase

Apr 25th, 2008

•

Originally Posted by thirusvga

ya.. uploaded file is successful stored in database when i newly file upload..my problem is how to pass my uid from register table to slideshow table..using php, ajax..
please help me..

The UID should be in the current users session. Don't pass it via AJAX.

Eg: When you logged the user in, create a session for the user. You can use the built in PHP session management $_SESSION. Or you can create your own session management by entering each login into a session table in the database.

When a user uploads something, check a cookie sent by the user for the session ID. You can verify this session exists by looking up your session db table, or $_SESSION variable if you use that...

www.fijiwebdesign.com - web design and development and fun
Cpanel Email - Let users Register email accounts on your website upon registration
Ajax Chat - Fully browser based chat!

•

Join Date: Apr 2008

Posts: 5

Reputation: thirusvga is an unknown quantity at this point

Solved Threads: 0

thirusvga

Offline

Newbie Poster

Re: how to pass one script to another using php,mysqldatabase

Apr 25th, 2008

i dont know about session..In my login program where i insert a session....help me...and reply me madam..

•

Join Date: Sep 2005

Posts: 1,075

Reputation: digital-ether is just really nice

Solved Threads: 66

digital-ether digital-ether is offline

Offline

Veteran Poster

Re: how to pass one script to another using php,mysqldatabase

Apr 25th, 2008

Simple example of a session:

When a user logs in successfully. you do:

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
$sessid = sha1(rand(1, 1000000000).time()); // create a random id for the users session
 
$_SESSION[$sessid] = $userid; // save the userid to the $_SESSION variable. PHP will automatically keep track of this value across php pages. 
 
setCookie('sess_id', $sessid, time()+3600); // set session cookie for 1 hour expiry. This will track the user and let you know that they already authenticated...
$sessid = sha1(rand(1, 1000000000).time()); // create a random id for the users session

$_SESSION[$sessid] = $userid; // save the userid to the $_SESSION variable. PHP will automatically keep track of this value across php pages. 

setCookie('sess_id', $sessid, time()+3600); // set session cookie for 1 hour expiry. This will track the user and let you know that they already authenticated...

Now when you want to know if the user is logged in, just check the cookie "sess_id" and if its set, get its value an make sure it is an existing session id by checking it against $_SESSION.

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
$sessid = $_COOKIE['sess_id'];
if (isset($_SESSION[$sessid])) {
// ok we have a session and it exists
$userid = $_SESSION[$sessid];
} else {
// we don't have a session for this user
 
}
$sessid = $_COOKIE['sess_id'];
if (isset($_SESSION[$sessid])) {
// ok we have a session and it exists
$userid = $_SESSION[$sessid];
} else {
// we don't have a session for this user

}

Off Topic:

In your authentication script you have:

Help with Code Tags

PHP Syntax (Toggle Plain Text)

$query= "select * from register";

then you iterate through each returned db row and check user and password. This is not very efficient. Imagine if you have 100 000 users. You'd have 100 * (bytes per row) Kb sent to your PHP script from the DB each time you authenticate someone. Then PHP has to parse that SQL response into PHP objects.

The "better" way of doing it is:

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
$query= "select * from register where username = '".mysql_escape_string($username)."' AND password = '".mysql_escape_string($password)."' LIMIT 1";
$query= "select * from register where username = '".mysql_escape_string($username)."' AND password = '".mysql_escape_string($password)."' LIMIT 1";

This way you only get the row you want from the db.

Also, you may want to save the passwords as one way encrypted hashes. PHP implements md5, sha hashes natively. You can use this to "encrypt" the passwords and increase user security.

eg:

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
$secret = '32d0we9*03ojsdfp98323;afp%^9;3f;hd'; // its good to keep a secret
 
$hash = sha1($password.$secret); // 1 way encrypt it 
 
// save this password hash in the db.
$secret = '32d0we9*03ojsdfp98323;afp%^9;3f;hd'; // its good to keep a secret

$hash = sha1($password.$secret); // 1 way encrypt it 

// save this password hash in the db.

When you need to verify a password hash the password given by the user, and compare it with the one in the db.

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
$user = $_GET['user'];
$pass = $_GET['pass'];
 
 
$secret = '32d0we9*03ojsdfp98323;afp%^9;3f;hd'; // its good to keep a secret
 
$hash = sha1($password.$secret);
 
$query = "select * from registerwhere username = '".mysql_escape_string($user)."' AND password = '".mysql_escape_string($hash)."' LIMIT 1";
$user = $_GET['user'];
$pass = $_GET['pass'];


$secret = '32d0we9*03ojsdfp98323;afp%^9;3f;hd'; // its good to keep a secret

$hash = sha1($password.$secret);

$query = "select * from registerwhere username = '".mysql_escape_string($user)."' AND password = '".mysql_escape_string($hash)."' LIMIT 1";

This way even if someone managed to hack into your database, they still will have a hard time decrypting the passwords in the db.

Last edited by digital-ether; Apr 25th, 2008 at 2:22 am.

www.fijiwebdesign.com - web design and development and fun
Cpanel Email - Let users Register email accounts on your website upon registration
Ajax Chat - Fully browser based chat!