Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Categories

My implementation
  • genugenu
    Here is what I used uploadify for: http://quickhw.com/

    Originally, I just wanted to make a site where I can upload school stuff, like lab reports, and other documents that I usually email to myself. It turned out to be just a generic file storage...
  • no64no64
    This is really nice!!

    Is it using a database for the passwords or just a textfile?
    I could download some files without entering a password, but I like the idea very much, it is a nice "application"
  • genugenu
    ya... passwords are stored in the db, and linked with files...

    when ppl download, it it sends a request to the server"&files=kjsadhfkjasdf6as4df65as4fd.docx&password=alksdfjlksafjd654sf645sa", and a query tries to match the file with the password....

    the files that you accessed without the password (d41d8cd98f00b204e9800998ecf8427e = Md5 of nothing appearenly), were ones that didn't have a password set to begin with (...when I was testing it). I have since required users to enter passwords. But that is only enforced through JS, need to enforce it on the server side too..
  • no64no64
    This is good - password protecting a single file. Do you mind sharing that script?
    I have a little download section on my server (just for people I know) I upload with FTP and they are then able to download.
    But it would be great to have the single files protected with passwords.
  • RonnieSanRonnieSan
    That's a sweet implementation Genu. It makes me very proud.
  • genugenu
    The code right now is a little poor, but until I improve it, it would do. Here is the main idea however.

    first we store the files in the db (this is modified version of the script that comes in the uploadify zip):
    [code=php]
    if     (!empty($_FILES)) {
        $tempFile = $_FILES['Filedata']['tmp_name'];
            // Get the file extension
        $ext = strtolower(substr($_FILES['Filedata']['name'], strrpos($_FILES['Filedata']['name'], '.') + 1));
        $filename = md5(basename($_FILES['Filedata']['tmp_name'])).'.'.$ext;
        //I would suggest moving the files somewhere outside of the root, or protect the directory where the files are with a .htaccess file
            $targetFile =  '/files'.$filename;
        move_uploaded_file($tempFile,$targetFile);
           //After the uploaded file was moved, we setup the data that need to be inserted in the db. (in my case, I'm setting up an array)
        $data = array(
            'id' => null,
            'password' => md5($_GET['password']),
            'fileTitle' => $_FILES['Filedata']['name'],
            'filename' => $filename,
            'created' => array('NOW()')
        );
            //I insert the data in the database through $db class method. I have a mysql class that I included, so I don't have to write any sql here
        $db->insert($data, 'files', 'There was a problem saving your files');
    }
     [/code]

    The function below is for when people request files to download:
    [code=php]
        if    (!isset($_GET['download'])){
                   //Pause the script for 5 second to avoid people trying to guess passwords --> It displays the Loading animation in the meantime.
            sleep(5);
            $password = md5($_GET['password']);
            $db->select('*', 'files', '`password`=\''.$password.'\'', 'Files for download could not be fetched');
            //If there are no files to be found, display an error
                   if($db->affectedRows() <</span> 1) {
                die('
                    
                         
                             
                            OUPS!-Your files were not found.
                        
                    
                '    );
            }
                    //Creates a list of the files that match the password
            echo('Click on the files you wish to download:
    '    );
            while($row = $db->fetchObject()){
                echo ('.$row->filename.'&password='.$row->password.'">'.$row->fileTitle.' ('.$row->downloads.' downloads)');
            }
            echo('');
        }else{
                   //If they clicked a file to download, send a request for it, again pause the script for 2 seconds this time
            sleep(2);
            $filename = mysql_real_escape_string($_GET['download']);
            $password = mysql_real_escape_string($_GET['password']);
            
                        //Again query the DB to confirm that the password matches that file
            $db->select('*', 'files', '`filename`= \''.$filename.'\' AND `password`=\''.$password.'\'', 'Failed to initiate download');
            if($db->affectedRows() > 0) {
                $row = $db->fetchObject();
                            //Register a hit for that file
                $db->hit($row->id, 'files', 'downloads');
                            //Another download class is used here that sends headers to the server in order to display the download dialog box
                download($row->filename, $row->fileTitle);
            }else{
                //some error here
            }
        }
     [/code]

    Thats basically it...but like I said, The quality of this code is pretty poor. I'm planning on moving a lot of the stuff in the classes.

    Here is another snipped that you mind find useful:
    [code=php]
    if(!isset($_GET['ajax']) && !isset($_GET['download'])){
            //Get the number of files hosted --> shown on the bottom right corner
            $db->select('*''files'null'FileCount failed');
        if(    $db->affectedRows() > 150){
            $tmpl->fileCount($db->affectedRows());
    }
                //A template class that renders the template
            $tmpl->render();
        
            //Purge outdated files
            $db->select('*''files''`created` < now() - interval 48 hour'</span>'Purge Failed');
                //change to the directory where the files are
            chdir('./files');
                //For each file that is outdated, remove it from the server, and delete it from the database
            while($row $db->fetchObject()){
                unlink($row->filename);
                $db2->delete($row->id'files''Purge DELETE sql failed');
        }
         [/code]

    Another thing, all the code above is located in the index.php. That is a bad practice, so you should probably use a different files to parse all that information...
  • HovardKrHovardKr
    Wow, that looked really sweet! Great job!

    I have a suggestion: double password or you can call it username and password. I tested your site with a really simple password, and when I tested to log in for the files I got access to someone elses files also... with username to the pw I believe it would be harder to hit the same userinfo... hmmm...

    :)
  • genugenu
    hey..thx for the feedback..

    I wanted to make it extremlly simple (thats why the big browse buton is in the center -- really obvious)

    I have set it to just a passward field, cause files are only kept for a few days (i think its set to 10)...so nobody really has permanent storage....

    but I guess I will adjust the system to accomodate user suggestions.
  • sisargesisarge
    Hey, just had a look at the first example I could find to see some basically implementation of the plugin... very surprised to see that this guy's storage example has a 'Download this Script' link which takes you straight to Paypal. How many of us would be here if Uploadify, jQuery, etc, etc (etc!) charged for much better put-together and much more functional scripts?

    Anyway, don't want to start another topic here. There's been some really good work done with Uploadify and I'm currently looking in to creating an all-in-one framework for file uploading, thumbnail creation, cropping and database storage so hopefully I'll have an example of my own to share (for free) on here soon.

    Kudos Uploadify!
Add a Comment