I'm looking for a php/mysql customer service module that will do two things:

  1. manage user login/session without self registration
  2. allow customer to download document packages in pdf

Our customers are overseas. We want to provide documents to them online to save document shipping costs. Ideally, I will provide the customer with a user name and password. Once they login, the page will populate with pdf links from a mysql table.

I've been searching sourceforge but I haven't found anything yet. Any tips from this supportive community would be greatly appreciated.

I wouldn't do any fuss to look in the net. It takes about two days to programme yourself.

1. Write a cookie/session-login. Write the functions in a smooth lib so that you can be sure that they are working correctly - and if not rewrite them eith ease.

2. Create a DB with all information you need for you (your company) and your customer. Write an output for these data (for the customer) and an input (for you company to edit and add new stuff).

3. Write a download. Store the files in in a folder that is restricted with .htaccess and output the data via a PHP-Script.

4. Show someone that stuff and let that person try to demolish your code (if he/she doesn't get it, than you won). During that time work on the layout and the design. Add some images and icons and make the website look cool.

5. Lay back and drink a strong coffee, 'cause you did it.

1. Write a cookie/session-login. Write the functions in a smooth lib so that you can be sure that they are working correctly - and if not rewrite them eith ease.

This part is not a problem. Thank you!:)

2. Create a DB with all information you need for you (your company) and your customer. Write an output for these data (for the customer) and an input (for you company to edit and add new stuff).

This db will consist of multiple tables for different types of documents. The db will be populated by a mainframe (a different programmer is taking care of that part). But lets just say we have only one table with a link to a document in a folder; in that case, I want the user to log in and see only his documents.

For some reason, my brain isn't grasping how to connect to the db and display the documents of a particular user while leaving the documents of another user unavailable...
I'm thinking each user's docs must be stored in separate folders on the server, but that's as far as I can get. I'm missing a php function in my concept.

Also, is an index.php redirect sufficient to keep a folder containing said documents reasonably secure?

5. Lay back and drink a strong coffee, 'cause you did it.

Join me!

When accessing a database in PHP you first don't have to bother of whom the data might belong to. You can access all of them and sort out which of them is available for the user and which of them not.

Example
The database for the user looks like this:

ID  Name
1   gpdrums
2   sDJh

Now you need a connection to your files. This looks something this that:

ID  Name         User
100 coffee.pdf  1     ;which is for you
101 tea.odt      2         ;which is for me (I prefer tea =))

Thirdly you need a folder to save your files in. Create one and set a .htacces to it, so that noone can access it via HTTP. Save the files with the fileid only, eg "100" for coffee.pdf.

Now write a PHP-code that does the following:
- user logs in and you find the ID (you=1)
- access the db and just fetch just the columns where the `user` is 1 (you)
- print all these files.

Now you hav a very simple but working fronted.

Secondly, write an output for the files, because you want to restrict it with PHP:
- again check the SESSION/COOKIE for the userid
- check if the file the user wants to download has the permission.
- if yes:

header("Content-Type: mime");   //<- modifies the header so that the browser believes it is a file
header("Content-Length: ".filesize($file));
@readfile($file);   //<- outputs the complete content of the file.

Where $file is the path to the file that is saved ("./yourdir/1").

The user now get's the usual promt ("Do you really want to save this file?").


Basically, that's all. The files cannot be accessed by simpy typing the complete address in the browser (Authorization required). But the PHP-runtime can read and output them. You'll have a bit fuss the download (I just finished a similar project). For example you have to set the content-disposition and you can force the browser to use the name of your original file (the user sees "coffee.pdf"). But there a dozens of information on the net.

I hope that helps. If you still have problems, I can have a look in my old codes (I hate reading old codes because they are always very untidy) and send you some pieces of them.

Regards
Simon

Comments
very helpful - thank you for the generosity and hospitality

Thank you for taking the time to explain this further. I need to absorb it over the next few days. I just might take you up on digging up some code, but I'll not pester you if at all possible.

I'll go ahead and close this one as solved, but you might get an im from me.;)

By the way, I was in Asia last week and I drank quite a bit of tea.

This question has already been answered. Start a new discussion instead.