Hello,
I've been programming a .PHP file that basically extracts data from the database and displays it in a fashion that is
rather difficult to implement using the functions I find in the installed files. If I can take a few seconds of your time,
this is what I'm doing:
My picture gallery is set up as a host for a forum about terrestrial orchids, hence it contains photographs of plants. I added
a couple of user-fields (user1 & user2) to help search and cataloguize the taxonomical structure that is used in biology (A plant
belongs to a genus and is a species in that genus, that's where the user-fields come in).
With those fields, together with the 'title', I can then build a structure that looks something like this :
http://www.bv229.k12.ks.us/biophilia/lysozy8.jpg (http://www.bv229.k12.ks.us/biophilia/lysozy8.jpg)
Hopefully you get my drift, it's better to build something like that from scrap rather than using the built-in coppermine functions.
I know how to code it, and I was thinking of putting all the code in 1 PHP-file in the root of the server.
My question:
- is this safe or does this violate a few rules of seperating graphics and functional code ? I noticed most php-packages like
coppermine embrace that filosofy.
- are there things - regarding safety against hackers - I should and definately should not do ?
Thanks in advance,
Fred
as long as your custom php file is only meant to render additional data, but not to manipulate any files or the database, it's pretty safe to do what you're up to, as a malvolent visitor couldn't use it to attack your site (except by trying to bring it down in a DDoS attack). Hard to say more without seeing the actual code.
Hi Gaugau,
thanks for the pointers, I will post the code when finished.
Fred
Hi,
It's kinda finished, all I need to figure out is placing lines that connect everything in a tree-like manner.
The code is put in a file called boom.php (dutch for tree) and can be viewed here:
http://cpcomp.mybesthost.com/boom.php (http://cpcomp.mybesthost.com/boom.php)
As you can see, the genus and species aren't sorted alphabetically, I would like to implement this,
but the multisort() function refuses to work ...
Everything was rather fairly easy, an experienced PHP'er would probably do it in less than 30 minutes (my
area of expertise is embedded software).
I would like to receive comment whether the code doesn't contain security-flaws.
Regards,
Fred
<?php
define('IN_COPPERMINE', true);
define('BOOM_PHP', true);
require('include/init.inc.php');
pageheader($lang_login_php['login']);
starttable('-1', $lang_login_php['enter_login_pswd'], 2);
global $CONFIG;
$limit = '';
$result = db_query("SELECT COUNT(*) from {$CONFIG['TABLE_PICTURES']} WHERE approved = 'YES' $ALBUM_SET");
$nbEnr = mysql_fetch_array($result);
$count = $nbEnr[0];
mysql_free_result($result);
$select_columns = 'title, user1, user2, user3, pid, owner_name';
$result = db_query("SELECT $select_columns FROM {$CONFIG['TABLE_PICTURES']} WHERE approved = 'YES' $ALBUM_SET ORDER BY pid DESC $limit");
$rowset = db_fetch_rowset($result);
mysql_free_result($result);
$sorted = array(array(array(),array(),array()));
echo <<< EOT
<table align="center" width="850" cellspacing="1" cellpadding="0" class="maintable">
<tr>
<td colspan="3" class="tableh1"><span class="statlink"><b><a href="index.php">Home</a> > classification tree</a></b></span></td>
</tr>
</table>
EOT;
foreach($rowset as $key => $row){
$genus = $row['user1'];
$species = $row['user2'];
$title = $row['title'];
$pict_id = $row['pid'];
$owner = $row['owner_name'];
$temp = count($sorted[$genus][$species]);
$sorted[$genus][$species][$temp][0] =$title;
$sorted[$genus][$species][$temp][1] =$pict_id;
$sorted[$genus][$species][$temp][2] =$owner;
}
//remove that unused 0-index in $sorted
unset($sorted[0]);
echo <<< EOT
<br><br><br>
<table align="center" width="850" cellspacing="1" cellpadding="0" class="maintable">
EOT;
foreach($sorted as $key1 => $row){
$temp = $key1 ? $key1 : 'Not specified';
echo <<<EOT
<tr>
<td valign="top" class="thumbnails" width ="250" align="left">
Genus<br>$temp<br><br>
</td>
<td valign="top" class="thumbnails" width ="600" align="center"><table>
EOT;
asort($row);
foreach($row as $key2 => $spece){
$temp = $key2 ? $key2 : 'Not specified';
echo <<<EOT
<tr>
<td valign="top" class="thumbnails" width ="250" align="left">
species<br>$temp<br><br>
</td>
<td valign="top" class="thumbnails" width ="350" align="center">
<table align="center" cellspacing="1" cellpadding="0" class="maintable">
EOT;
asort($spece);
foreach($spece as $key3 => $tittel){
echo <<<EOT
<tr>
<td valign="top" class="thumbnails" align="left" width="350">
EOT;
echo <<< EOT
<a href="http://cpcomp.mybesthost.com/displayimage.php?pid=$tittel[1]&fullsize=1">$tittel[0]</a><br>posted by $tittel[2]<br>
</td></tr>
EOT;
}
echo "</table>";
}
echo "</td></tr></table></tr>";
}
echo "</table>";
endtable();
pagefooter();
ob_end_flush();
?>