[thelist] PHP help needed

Phil Turmel philip at turmel.org
Mon Nov 28 21:10:29 CST 2005

Flavia Tarzwell (FayeC) wrote:
> I have a simple login (no need for secure login - as instructed by the 
> site's owner - she *requested* that the login uses only a username, no 
> password), the login is not validated against a db or anything....it's 
> basically only a way to sort through image files and display only the 
> associated files.
[snip /]
> *And yes, I did explain to the client about the security issues of not 
> having a password and not validating the password/username but she 
> explained it was not a matter of safety as the images were for public 
> display anyways. The images are screenshots taken during ultrasound 
> exams and they are posted online for the extended family to view so the 
> only concern is really selecting the right images for the right 
> costumer/user.


Two separate problems:

1) Login and session handling (so the login is remembered), and
2) Image filename generation.

Barebones logic (and untested):

session_start();  // Presumes use of a session cookie

if (isset($_POST['username']))
   $_SESSION['username'] = $_POST['username'];

$user = $_SESSION['username'];

if (!strlen($user))
   // send "not logged in" page to browser
?>{..........DOCTYPE, HEAD, NAV, DIVs...........}

<ul id="images">

$galleryfolder = ".....";
$realfolder = $_SERVER['DOCUMENT_ROOT'] . '/' . $galleryfolder;
for ($i=1; $i<=4; $i++)
   $realfile = sprintf("%s/%s_%u.jpg", $realfolder, $user, $i);
   if (file_exists($realfile))
     printf(" <li><img src=\"/%s/%s_%u.jpg\"></li>\n",
{.............../DIVs, /BODY...................}

The session functions need to send headers, so it is vital that the 
<?php tag be the first characters on the first line.

Hope this gets you started.


More information about the thelist mailing list