XML 'Select Where' Statement

Question

I wonder whether someone may be able to help me please.

I'm using Aurigma's 'Image Uploader' software to allow users to add, and view images for the records they create with the image data collected and retrieved via an XML file.

One of the pages I've put together creates a gallery which allows the user to view the images, both individually and as part of a 'fancybox' slideshow. The script for this is shown below.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<?php 

  $galleryPath = 'UploadedFiles/'; 

  $thumbnailsPath = $galleryPath . 'Thumbnails/'; 

  $absGalleryPath = realpath($galleryPath) . DIRECTORY_SEPARATOR; 

  $descriptions = new DOMDocument('1.0'); 
  $descriptions->load($absGalleryPath . 'files.xml'); 
?>
<head> 
  <title>Gallery</title> 
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> 
  <link href="Libraries/fancybox/jquery.fancybox-1.3.1.css" rel="stylesheet" type="text/css" /> 
  <link href="Styles/style.css" rel="stylesheet" type="text/css" /> 
  <!--[if IE]>   
  <link href="Styles/ie.css" rel="stylesheet" type="text/css" /> 
  <![endif]-->
  <script src="Libraries/jquery/jquery-1.4.3.min.js" type="text/javascript"></script> 
  <script src="Libraries/fancybox/jquery.fancybox-1.3.1.pack.js" type="text/javascript"></script> 
  <script type="text/javascript"> 

  $(function() { $('a.fancybox').fancybox(); }); 

  </script> 
  <style type="text/css">
<!--
.style1 {
    font-size: 14px;
    margin-right: 110px;
}
.style4 {font-size: 12px}
-->
  </style>
</head>
<body style="font-family: Calibri; color:  #505050; font-size: 9px; border-bottom-width: thin; margin-top: 5px; margin-left: -475px; margin-right: 1px; margin-bottom: -10px;">
<div align="right" class="style1"> <a href = "imagefolders.php" /> View Uploaded Images In Folder Structure <a/> &larr; View All Uploaded Images </div>
  <form id="gallery" class="page"> 
  <div id="container"> 
    <div id="center"> 
      <div class="aB"> 
        <div class="aB-B"> 
          <?php if ('Uploaded files' != $current['title']) :?>
          <?php endif;?>
          <div class="demo"> 
            <div class="inner"> 
              <div class="container"> 
                <div class="gallery"> 
                  <ul class="gallery-image-list"> 
                  <?php for ($i = 0; $i < $descriptions->documentElement->childNodes->length; $i++) : 
                          $xmlFile = $descriptions->documentElement->childNodes->item($i); 
                          $name = htmlentities($xmlFile->getAttribute('originalname'), ENT_COMPAT, 'UTF-8'); 
                          $description = htmlentities($xmlFile->getAttribute('description'), ENT_COMPAT, 'UTF-8'); 
                          $folder = htmlentities($xmlFile->getAttribute('folder'), ENT_COMPAT, 'UTF-8'); 
                          $source = $galleryPath . rawurlencode($xmlFile->getAttribute('source')); 
                          $thumbnail = $thumbnailsPath . rawurlencode($xmlFile->getAttribute('thumbnail')); 
                  ?>
                    <li class="item"> 
                      <a class="fancybox" target="_blank" rel="original" href="<?php echo $source; ?>"><img class="preview" 
                        alt="<?php echo $name; ?>"  src="<?php echo $thumbnail; ?>" /></a>                      </li>
                        <li class="item"></li>
                        <p><span class="style4"><b>Image Description:</b> <?php echo htmlentities($xmlFile->getAttribute('description'));?> <br />
                            <b>Image contained in folder:</b> <?php echo htmlentities($xmlFile->getAttribute('folder'));?> </span><br />  
                          <?php endfor; ?>
                          </li>
                    </p>
                  </ul>
                </div> 
              </div> 
            </div> 
          </div> 
        </div> 
      </div> 
    </div> 
    </div> 
        <div class="aB-a">        </div> 
      </div> 
    </div> 
  </div> 
  </form> 
</body> 
</html>

What I'd like to be able to do is now make the images that are retrieved, user specific, i.e. User A can only view their images.

If this information was being retrieved straight from a mySQL database I know that within PHP I can use the 'SELECT WHERE' statement to filter the returned records, but could someone tell me please is there an XML equivalent that I could use?

Many thanks

Answer 1

Allowing users to view only their own uploaded images is not such a simple task. If the images are stored in a publically accessable folder then anybody can view the images using their browser.

To achieve this there are a few alternatives such as:

1. storing the images in the database rather than the filesystem,
2. creating a new foler for each user on the filesystem and changing the read write permissions for each folder, or

3. storing the images outside the web root and fetching the images using php i.e.

   Instead of providing a link to an image. Provide a link to a cgi script which will automatically provide the proper header and content of the image.

   For example: image.php?sample.jpg

   You can then make sure they are already authenticated (e.g. pass a session id) as part of the link.

   This would be part of the header, and then your image data can follow.

   <?php
   
   $file = basename(urldecode($_GET['file']));
   $fileDir = '/path/to/files/';
   
   if (file_exists($fileDir . $file))
   {
       //perform some authorisation check
       ...
       ...
   
       // Note: You should probably do some more checks 
       // on the filetype, size, etc.
       $contents = file_get_contents($fileDir . $file);
   
       // Note: You should probably implement some kind 
       // of check on filetype
       header('Content-type: image/jpeg');
   
       echo $contents;
   }
   
   ?>