Hi all,

This may be asking a bit much, but this is my FIRST advanced PHP/MySQL project. Any help is appreciated.

I am currently building a website for one of my friends photography business, and she has requested to allow her clients to be able to sign with a username and password to view thier proofs - and then expiring the pictures/account after 30 days.

I know I could make separate pages for each user, but that cold turn out to be A LOT of work. I was just wondering if anyone knew of a good/fairly simple way to go about conquering this? Would I need to use mysql? I would like to use simple viewer to allow users to view their own pics like here for example: http://simpleviewer.net/simpleviewer/examples/modern/ Just not sure how I would make it show THEIR pictures after they logged in with a username and password?

Thanks for your time!

Member Avatar

OK simple. Your uploaded photos are saved to a folder with a unique filename, e.g.

This filename is saved to mysql db record along with other file info, like title, description, tags, user_id, date_uploaded, filesize, dimensions etc.

When a user logs in the user_id (an integer from the user_id PK field in your users table) is propagated via sessions ($_SESSION variables) from page to page.

When a user wants to see their own uploads, they go to your generic view_photos.php (or similar) page which filters records from the DB based on the user_id (from session variable):

$user_id = $_SESSION['user_id'];
$r = mysql_query("SELECT photofile, description, ..(etc).. FROM photos WHERE user_id = '$user_id'");

In your while loop - you get the filenames from the photofile field. You build up a list of photos with associated details. You can present this in a html table.

This is very straightforward, but if you're a beginner, take some time to research how to display a html table with records from a db. Clue:

$output .= "<tr><td><img src=\"/photos/{$row['photofile']}\" /></td><td>" . stripslashes($row['title']) . "<br />" . stripslashes($row['description']) . "</td></tr>";

BTW stripslashes if you used addslashes, otherwise if used mysql_real_escape_string no stripslashes required.

Thanks so much for your reply, Everything makes sense except for the session - i haven't ever worked with sessions before. How exactly does that work? Will this ONLY allow that logged in user to access those pictures? Sorry, I haven't had any time today to try to get any code together. I will hopefully have something tomorrow!

(Following explanation assumes cookie-based sessions)

When you start a session, a cookie with a unique session id gets stored in the user's browser. Then every page load, the browser gives the script( session_start(); to be specific) that id, and it's matched up with the data($_SESSION in this case).

The id is unique to that computer/browser/time(until the user closes the browser), so yes, only that user will be able to access their pictures. (assuming there are no flaws in your login and display scripts).