All geek questions in one place

JQuery-file-upload mysql select displays all files, not just user files

Welcome,

I have a problem with jQuery-File-Upload. I turned on the plugin with MySQL -> https://github.com/blueimp/jQuery-File-Upload/wiki/PHP-MySQL-database-integration When I added the file to the database, the record added: name file, id_user, active... It’s nice to add.

When my site is uploaded, the list of uploaded files is uploaded: https://stackoverflow.com/a/212969/

I want to download only user files that currently download everything.

JQuery Code:

  $.ajax({ // Uncomment the following to send cross-domain cookies: //xhrFields: {withCredentials: true}, url: $('#fileupload').fileupload('option', 'url'), dataType: 'json', context: $('#fileupload')[0], formData:{ user: '<?php echo $objSession->e_ident ?>' } }).done(function (result) { $(this).fileupload('option', 'done') .call(this, null, {result: result}); });

PHP:

 protected function handle_form_data($file, $index) { $file->title = @$_REQUEST['title'][$index]; $file->description = @$_REQUEST['description'][$index]; $file-> user=@ $_REQUEST['user']; } protected function set_additional_file_properties($file) { parent::set_additional_file_properties($file); if ($_SERVER['REQUEST_METHOD'] === 'GET') { $sql = 'SELECT `id`,`user_id` FROM `' .$this->options['db_table'].'` WHERE `name`=? and user_id=?'; $query = $this->db->prepare($sql); $query->bind_param('ss', $file->name, $file->user); $query->execute(); $query->bind_result( $id, $user ); while ($query->fetch()) { $file->id = $id; $file->user=$user; } } }

There is no option in JSON: "id" and "user".

+5
source share
2 answers

I do not know if I understand correctly what you want to do.

I believe that the user you want to show downloaded files logs into your system through a session, right?

And this "$ objSession-> e_ident" has a user id.

If I'm right, you should remove this:

"user: '<?php echo $objSession->e_ident ?>'" from the ajax application, files such as user ID should only be in the server session file and never on the page.

You must put its user ID directly on the request binding, for example: $query->bind_param('ss', $file->name, $objSession->e_ident);

Now your problem, your request looks correct, is $ objSession-> e_ident giving a really correct identifier to users?

To a database whose value is the user_id column?

0
source

This will not work. It does not read the list of files from the database. The database is there to collect additional information about the file. It reads the contents of the file directory.

The solution is to enable user_dirs.

Change line 50ish

 'user_dirs' => false,

to

 'user_dirs' => true,

I assume that you have a logged in user creating a user ID session. Line 217 ...

 protected function get_user_id() { @session_start(); return session_id(); }

Change it to

 protected function get_user_id() { return $_SESSION['user_id']; }

Or regardless of your session user ID. make sure that on index.php your session is active on this page.

What this means is to create a directory with the same name as the user session user_id. Thus, they can only see files in this directory.

0
source

Source: https://habr.com/ru/post/1200209/

More articles:


All Articles