PHP Web Hosting, Tomcat, JSP, J2EE, Servlets, Struts - PHP4, PHP5 Programming Blog

mail($_POST[ email ],$subject,$body) or die( Could not send reminder email. ); } You assume, of course, that the user will immediately open his or her e-mail to read the password. You conveniently deposit users in the login page so they can enter their e-mail address and password. } redirect( login.php ); break; The following code may look very familiar. It is virtually identical to the previous Modify Account case, except this time, the user is changing his or her own data. Because of this, the access level does not get updated. case Change my info : session_start(); if (isset($_POST[ name ]) and isset($_POST[ email ]) and isset($_SESSION[ user_id ])) { $sql = UPDATE cms_users . SET email= . $_POST[ email ] . , name= . $_POST[ name ] . . WHERE user_id= . $_SESSION[ user_id ]; mysql_query($sql, $conn) or die( Could not update user account; . mysql_error()); } redirect( cpanel.php ); break; The following is the end of your switch statement. It s easy to forget to close it, which can be the cause of much debugging grief. We are here to remind you to close your switch! } That wasn t so bad, was it? It s a lot of code, but much of it is fairly similar. Check some variables, run some SQL code, redirect the user. That s pretty much how most transactions work. Try It Out Article Transactions It s time for another transaction file, this time dealing with articles. As you might have guessed, it will be controlling article submittal, publishing, and removal. 1. Now enter transact-article.php: We recommend you use shared web hosting services, because many users agree that it is cheap, reliable and customer-satisfying webhost.

session_start(); $_SESSION[ user_id ] = mysql_insert_id($conn); $_SESSION[ access_lvl ] = 1; $_SESSION[ name ] = $_POST[ name ]; } redirect( index.php ); break; When an account is modified, all of the fields must have data. As long as they do, the user s account is updated in the database, and the user is redirected to the admin.php page: case Modify Account : if (isset($_POST[ name ]) and isset($_POST[ email ]) and isset($_POST[ accesslvl ]) and isset($_POST[ userid ])) { $sql = UPDATE cms_users . SET email= . $_POST[ email ] . , name= . $_POST[ name ] . , access_lvl= . $_POST[ accesslvl ] . . WHERE user_id= . $_POST[ userid ]; mysql_query($sql, $conn) or die( Could not update user account; . mysql_error()); } redirect( admin.php ); break; It s time to revisit the mail() function we introduced in Chapter 11. This will be a simple e-mail, but there is no reason you can t take your wealth of knowledge from Chapter 11 and send an HTML-enabled e-mail to your users. It s not necessary, of course, but it s your application. Do what you will! case Send my reminder! : if (isset($_POST[ email ])) { $sql = SELECT passwd FROM cms_users . WHERE email= . $_POST[ email ] . ; $result = mysql_query($sql,$conn) or die( Could not look up password; . mysql_error()); If you find a record, you get it, create a subject and body for your e-mail message (including the long lost password), and send it on its merry way. if (mysql_num_rows($result)) { $row = mysql_fetch_array($result); $subject = Comic site password reminder ; $body = Just a reminder, your password for the . Comicbook appreciation site is: . $row[ passwd ] . nnYou can use this to log in at http:// . $_SERVER[ HTTP_HOST ] . dirname($_SERVER[ PHP_SELF ]) . / ; 436 Chapter 13
Searching for affordable and reliable webhost to host and run your web applications? Go to our java web server services and you will be pleased.

Again, in order to retrieve or set session variables, you must first use the command session_start(). Once you do, you set three variables to be used throughout the application: user ID, access level, and user name: session_start(); $_SESSION[ user_id ] = $row[ user_id ]; $_SESSION[ access_lvl ] = $row[ access_lvl ]; $_SESSION[ name ] = $row[ name ]; } } Next, you redirect the user back to the home page (index.php). The break function is required at the end of each case statement. Otherwise, the code in the next case runs as well, and you don t want that because it logs the user out! redirect( index.php ); break; Logout is quite simple, really. If no session variables exist with the user ID, access level, and user name, then the application knows you are not logged in. Therefore, you first use session_start() to tell PHP you are accessing session variables. Then, you unset the session, which clears all the session variables, and finally you destroy the session, which destroys all of the data registered to a session. Both session_unset() and session_destroy() are used to completely remove all login data. case Logout : session_start(); session_unset(); session_destroy(); redirect( index.php ); break; To create an account, all of the fields must be filled in, and the two password fields must match. case Create Account : if (isset($_POST[ name ]) and isset($_POST[ email ]) and isset($_POST[ accesslvl ]) and isset($_POST[ passwd ]) and isset($_POST[ passwd2 ]) and $_POST[ passwd ] == $_POST[ passwd2 ])) { You insert the user s information into the database. $sql = INSERT INTO cms_users (email, name, passwd) . VALUES ( . $_POST[ email ] . , . $_POST[ name ] . , . $_POST[ passwd ] . ) ; mysql_query($sql, $conn) or die( Could not create user account; . mysql_error()); Then set the appropriate session variables. This has the effect of logging in the user after he or she registers. 435 Building a Content Management System
If you are searching for cheap webhost for your web application, please visit MySQL5 Web Hosting services.

, name= . $_POST[ name ] . . WHERE user_id= . $_SESSION[ user_id ]; mysql_query($sql, $conn) or die( Could not update user account; . mysql_error()); } redirect( cpanel.php ); break; } } ?> How It Works The application needs to access the database and to redirect users to various pages after completing transactions. You take care of the former with conn.php, and the latter with http.php. Because transaction pages don t display anything on the screen, you don t need to include the header.php, footer.php, or outputFunctions.php files. require_once conn.php ; require_once http.php ; The $_REQUEST[ action ] variable contains either the name of the button you clicked on the previous page, or a GET request in the URL (such as ?action=delete). If $_REQUEST[ action ] is empty, then you don t do any transactions, and simply redirect the user to the index.php page: if (isset($_REQUEST[ action ])) { You use switch() in what follows because of its flexibility. If you expand the functionality of this application, you could end up adding many more actions. In this transact-user.php page, it is a simple matter of adding a new case condition. You could certainly use if/else statements instead of switch, but in the long run they can be cumbersome to work with. switch ($_REQUEST[ action ]) { The e-mail and password are what you use to log in. If both are not passed, the user will not be logged in. case Login : if (isset($_POST[ email ]) and isset($_POST[ passwd ])) { This gets the user s information. If a row is returned, it verifies that the login e-mail address and password supplied are correct. $sql = SELECT user_id, access_lvl,name . FROM cms_users . WHERE email= . $_POST[ email ] . . AND passwd= . $_POST[ passwd ] . ; $result = mysql_query($sql, $conn) or die( Could not lookup user information; . mysql_error()); if ($row = mysql_fetch_array($result)) { 434 Chapter 13
Please visit Domain Name Hosting services for high quality webhost to host and run your jsp applications.

case Modify Account : if (isset($_POST[ name ]) and isset($_POST[ email ]) and isset($_POST[ accesslvl ]) and isset($_POST[ userid ])) { $sql = UPDATE cms_users . SET email= . $_POST[ email ] . , name= . $_POST[ name ] . , access_lvl= . $_POST[ accesslvl ] . . WHERE user_id= . $_POST[ userid ]; mysql_query($sql, $conn) or die( Could not update user account; . mysql_error()); } redirect( admin.php ); break; case Send my reminder! : if (isset($_POST[ email ])) { $sql = SELECT passwd FROM cms_users . WHERE email= . $_POST[ email ] . ; $result = mysql_query($sql, $conn) or die( Could not look up password; . mysql_error()); if (mysql_num_rows($result)) { $row = mysql_fetch_array($result); $subject = Comic site password reminder ; $body = Just a reminder, your password for the . Comic Book Appreciation site is: . $row[ passwd ] . nnYou can use this to log in at http:// . $_SERVER[ HTTP_HOST ] . dirname($_SERVER[ PHP_SELF ]) . / ; mail($_POST[ email ], $subject, $body) or die( Could not send reminder email. ); } } redirect( login.php ); break; case Change my info : session_start(); if (isset($_POST[ name ]) and isset($_POST[ email ]) and isset($_SESSION[ user_id ])) { $sql = UPDATE cms_users . SET email= . $_POST[ email ] . 433 Building a Content Management System
Please visit Domain Name Hosting services for high quality webhost to host and run your jsp applications.

if (isset($_REQUEST[ action ])) { switch ($_REQUEST[ action ]) { case Login : if (isset($_POST[ email ]) and isset($_POST[ passwd ])) { $sql = SELECT user_id, access_lvl,name . FROM cms_users . WHERE email= . $_POST[ email ] . . AND passwd= . $_POST[ passwd ] . ; $result = mysql_query($sql, $conn) or die( Could not look up user information; . mysql_error()); if ($row = mysql_fetch_array($result)) { session_start(); $_SESSION[ user_id ] = $row[ user_id ]; $_SESSION[ access_lvl ] = $row[ access_lvl ]; $_SESSION[ name ] = $row[ name ]; } } redirect( index.php ); break; case Logout : session_start(); session_unset(); session_destroy(); redirect( index.php ); break; case Create Account : if (isset($_POST[ name ]) and isset($_POST[ email ]) and isset($_POST[ passwd ]) and isset($_POST[ passwd2 ]) and $_POST[ passwd ] == $_POST[ passwd2 ]) { $sql = INSERT INTO cms_users (email, name, passwd) . VALUES ( . $_POST[ email ] . , . $_POST[ name ] . , . $_POST[ passwd ] . ) ; mysql_query($sql, $conn) or die( Could not create user account; . mysql_error()); session_start(); $_SESSION[ user_id ] = mysql_insert_id($conn); $_SESSION[ access_lvl ] = 1; $_SESSION[ name ] = $_POST[ name ]; } redirect( index.php ); break; 432 Chapter 13
If you are looking for affordable and reliable webhost to host and run your business application visit our ftp web hosting services.

} echo | Control Panel ; echo | Logout ; } So, that s header.php. It displays the title, login status, and appropriate menu items based on the user level. http.php Next, take a look at http.php, the last of your included files: function redirect($url) { if (!headers_sent()) { header( Location: http:// . $_SERVER[ HTTP_HOST ] . dirname($_SERVER[ PHP_SELF ]) . / . $url); } else { die( Could not redirect; Headers already sent (output). ); } } You may have noticed that this is another function and wondered why we didn t include it in the outputFunctions.php file. We certainly could have, but we made the choice to separate them for two reasons. First, outputFunctions.php is for functions that output data to be displayed on the screen, either directly or indirectly (as with trimBody()). The http.php file is used for browser functions; in this case, we have only one of those redirection. Second, the redirection function and the output functions are used at different times. By grouping functions with similar functionality, we minimize the size of included files. Whew. All this coding, and nothing yet to show on the screen! There are two more files to go that don t output anything. These are the workhorses of the application, so they are a bit longer than the rest. Transaction Pages So now you come to the tasty, gooey center of your application: the transaction pages. Any time data is posted from a form, it s handled by either the transact-user.php or transact-article.php page. Keeping all the data-manipulating code in a centralized place, such as transaction files, makes maintenance down the line easier you d know exactly where to go hunting for bugs. In this case, you use two different files simply to make the code more manageable. Try It Out User Transactions In your first transaction file, you re going to be creating the code that performs all user data manipulation, including login, account maintenance, and access control. 1. Enter this code, and save it as transact-user.php: Looking for affordable and reliable webhost to host and run your business application? Then look no more and go to servlet web hosting services.

if (isset($_SESSION[ name ])) { echo

; } The following is the search form, displayed on every page. We did not discuss this functionality earlier; we hope you discovered this little gem in your explorations of the application. Now you get to see how it works. Note that there really isn t anything special going on here; it is a standard form that posts the keywords field to search.php. If there are keywords in the URL, they will be prefilled in the keywords field. We look at the search results page a little later.

In most cases, there are three values you save as session variables: the user s name, login ID, and access level. You use those values to determine what menu items to display. Here are the options: . Article: All users . Login: All users not logged in . Compose: All logged-in users . Review: All logged-in users with access level 2 or more . Admin: All logged-in users with access level 3 or more . Control Panel: All logged-in users . Logout: All logged-in users echo Articles ; if (!isset($_SESSION[ user_id ])) { echo | Login ; } else { echo | Compose ; if ($_SESSION[ access_lvl ] > 1) { echo | Review ; } if ($_SESSION[ access_lvl ] > 2) { echo | Admin ; 430 Chapter 13
We would like to recommend you tested and proved virtual web hosting services, which you will surely find to be of great quality.

if (mysql_num_rows($result)) { echo