If you did not subscribe, please accept our . apologies. You will not be subscribed if you do . not visit the confirmation URL.nn . If you subscribed, please confirm this by visiting . the following URL:n . $url; $mailmsg = new SimpleMail(); $mailmsg->send($_POST[ email ],$subject,$body,$headers); Once the mail has been sent, all that is left to do is send the user to the Thank You page. We will look at the Thank You page shortly. $redirect = thanks.php?u= . $user_id . &ml= . $_POST[ ml_id ] . &t=s ; break; When the user receives the confirmation e-mail, he or she clicks the link at the bottom, which loads user_transact.php again, this time with action=confirm. When confirming, you simply need to do one thing change the pending flag for the appropriate subscription to 0. Once that is done, redirect the user to the Thank You page for confirmation, and send another e-mail informing the user of his or her new subscription. You will also provide an easy means of removal in the e-mail. The first thing to do is make sure the user ID and mailing list ID were passed to the function. If not, you simply redirect the user to user.php. case confirm : if (isset($_GET[ u ], $_GET[ ml ])) { … } else { $redirect = user.php ; } Next, find the subscription that matches the user ID and mailing list ID and update the pending column to 0. Remember that the user_id and ml_id columns combined make up a primary key, so there can be just one record for each set of possible values. $sql = UPDATE ml_subscriptions SET pending=0 . WHERE user_id= . $_GET[ u ] . AND ml_id= . $_GET[ ml ]; mysql_query($sql, $conn); Look familiar? It should you are grabbing the mailing list name based on the mailing list id, just as you did for the Subscribe case. Looks like this is a prime candidate for a function: $sql = SELECT listname FROM ml_lists . WHERE ml_id= . $_GET[ ml ]; $result = mysql_query($sql, $conn); $row = mysql_fetch_array($result); $listname = $row[ listname ]; 508 Chapter 14 In case you need quality webspace to host and run your web applications, try our personal web hosting services.
If the e-mail address was found in the database, you simply grab the user ID from the record that was returned. Either way, you now have a $user_id. You also have a mailing list id, retrieved from $_POST[ ml_id ]. That s all you need to create a subscription record. } else { $row = mysql_fetch_array($result); $user_id = $row[ user_id ]; } You may recall that the ml_subscriptions table contains three columns: user_id, ml_id, and pending. The first two values you have. The last one, pending, should be set to 1 until the user confirms the subscription. You initially set up the table to set pending to 1 as a default, so that column is automatically taken care of. So you now have all the data you need to create a subscription, and just like that, you insert the appropriate data into the subscriptions table. $sql = INSERT INTO ml_subscriptions (user_id,ml_id) . VALUES ( . $user_id . , . $_POST[ ml_id ] . ) ; mysql_query($sql, $conn); Now all that is left to do is to notify the user. You do this in two ways: with a Thank You Web page that confirms that the subscription was processed, and with an e-mail to request confirmation because you don t want people to be able to sign other people up for mail. It s not a foolproof security measure, but it will stop most abuse. You ll send the e-mail, and then redirect the user to the Thank You page. The first thing you do is get the name of the mailing list, using the mailing list id. That s because you want to tell the user in the e-mail which mailing list he or she subscribed to, and it wouldn t be too helpful to say it was mailing list #42. $sql = SELECT listname FROM ml_lists . WHERE ml_id= . $_POST[ ml_id ]; $result = mysql_query($sql, $conn); $row = mysql_fetch_array($result); $listname = $row[ listname ]; Next, you build up the URL that will be at the bottom of the e-mail message. This URL directs the user back to this same page (user_transact.php), this time with an action of confirm (the third action choice, which we ll look at shortly). $url = http:// . $_SERVER[ HTTP_HOST ] . dirname($_SERVER[ PHP_SELF ]) . /user_transact.php?u= . $user_id . &ml= . $_POST[ ml_id ] . &action=confirm ; Then you build the subject and body of the message, concatenating the URL to the bottom, and send it off with the mail() command: $subject = Mailing list confirmation ; $body = Hello . $_POST[ firstname ] . n . Our records indicate that you have subscribed to . the . $listname . mailing list.nn . 507 Mailing Lists Looking for affordable and reliable webhost to host and run your business application? Then look no more and go to servlet web hosting services.
If action = Remove , you look up the user ID in the ml_users database. If you find a user id, you pass that ID on to remove.php, along with the mailing list id. Your job is done, so you redirect the user to remove.php. case Remove : $sql = SELECT user_id FROM ml_users . WHERE email= . $_POST[ email ] . ; $result = mysql_query($sql, $conn); if (mysql_num_rows($result)) { $row = mysql_fetch_array($result); $user_id = $row[ user_id ]; $url = http:// . $_SERVER[ HTTP_HOST ] . dirname($_SERVER[ PHP_SELF ]) . /remove.php?u= . $user_id . &ml= . $_POST[ ml_id ]; header( Location: $url ); exit(); } $redirect = user.php ; break; Note the exit() function immediately following header(). This is important, so the rest of the page is not loaded. The end of each case statement contains a break so that the rest of the case statements are not executed. If the user clicks the Subscribe button, a number of things have to happen. First, you must look up the e-mail address that was provided to see if the user already exists: case Subscribe : $sql = SELECT user_id FROM ml_users . WHERE email= . $_POST[ email ] . ; $result = mysql_query($sql, $conn); If the user does not exist (no rows were returned from your query), you will insert a new record in the ml_users table. MySQL automatically assigns a user id. if (!mysql_num_rows($result)) { $sql = INSERT INTO ml_users . (firstname,lastname,email) . VALUES ( . $_POST[ firstname ] . , . . $_POST[ lastname ] . , . . $_POST[ email ] . ) ; $result = mysql_query($sql, $conn); To retrieve that user id, use the PHP function mysql_insert_id. The variable $conn is optional, but it s usually a good idea to include it. If you omit it, it will automatically use the last open connection. The mysql_insert_id function will return a valid value only if the last SQL statement run resulted in a column being automatically incremented. In this case that did happen the column is user_id, which is the value you need for the next part of your code. $user_id = mysql_insert_id($conn); 506 Chapter 14 In case you need affordable webhost to host your website, our recommendation is ecommerce web host services.
Then use that e-mail address as the default value for the e-mail field on the form. (How clever is that?) Email Address: /> The following code is very similar to the code used on the admin.php page. It loops through the existing mailing lists in the database and formats them on the page as options for the select field.
The rest of user.php is boring HTML. Let s take a look at the meat and potatoes of the user side of things next. user_transact.php This is where the action happens, for the most part. Let s take a look, shall we? First, make the connection to the server, and select the database: $conn = mysql_connect(SQL_HOST, SQL_USER, SQL_PASS) or die( Could not connect to MySQL database. . mysql_error()); mysql_select_db(SQL_DB, $conn); You will be building the e-mail message later. The parameter $headers will be the fourth parameter of the mail() function, and will insert a From address in the e-mail. $headers = From: . ADMIN_EMAIL . rn ; For more information about headers, see Chapter 11. When loading user_transact.php, you either clicked a button named action (POST), or action is in the URL as ?action=xyz (GET). Because it can come across as a POST or a GET, you use $_REQUEST to grab the value. The variable $_REQUEST is your catch-all predefined variable, which contains an associative array of all $_GET, $_POST, and $_COOKIE variables. if (isset($_REQUEST[ action ])) { switch ($_REQUEST[ action ]) { 505 Mailing Lists We would like to recommend you tested and proved virtual web hosting services, which you will surely find to be of great quality.
6. Open the confirmation e-mail. There will be a link at the bottom (or a nonlinked URL if you are using a text e-mail client). 7. Click the link, and it takes you back to the Thank You page, this time thanking you for confirming your subscription. You will get another e-mail informing you about your subscription, with a link that allows you to remove yourself from the mailing list. Don t click that link just yet. First you re going to send an e-mail to the mailing list you just subscribed to. 8. Open admin.php, and then click the link at the bottom, Send a quick message to users. 9. In the Quick Message page, choose the mailing list that you just subscribed to in the previous steps, and enter a subject. Then type a quick message. 10. Click Send Message. 11. Open your e-mail client again, and read the message you should have received. How It Works By now, you know how config.php works. You know why you use it. We won t insult your intelligence by explaining again how it s important to use this file to hold your MySQL connection info and password. We are also going to skip over parts of the code that we ve touched on before. We certainly don t want to bore you! Let s take a look at user.php instead, shall we? user.php Typically, user.php loads empty, without any extra data. Occasionally, you may return to this page from elsewhere and will have the user ID of the person loading the page. In this case, you tack on ?u=x to the end of the URL (where x is the user ID, such as 3). This bit of code detects the presence of that value: if (isset($_GET[ u ])) { and then puts it into a variable: $uid = $_GET[ u ]; and finally looks up the user s e-mail address: $sql = SELECT * FROM ml_users WHERE user_id = $uid ; ; $result = mysql_query($sql) or die( Invalid query: . mysql_error()); If you find a row, grab the e-mail address and stick it into a variable: if (mysql_num_rows($result)) { $row = mysql_fetch_array($result); $email = $row[ email ]; } else { $email = ; } 504 Chapter 14 If you are searching for cheap webhost for your web application, please visit MySQL5 Web Hosting services.
Figure 14-3 5. Enter your e-mail address and your first and last name, choose a mailing list to subscribe to, and click Subscribe. You should see a Thank You screen (shown in Figure 14-4) and receive a confirmation e-mail at the e-mail address you entered. Figure 14-4 503 Mailing Lists Note: In case you are looking for affordable and reliable webhost to host and run your j2ee application check Vision J2ee Web Hosting services.
$result = mysql_query($sql) or die( Invalid query: . mysql_error()); if (mysql_num_rows($result)) { $row = mysql_fetch_array($result); $msg =
Thank You, . $row[ firstname ] .
; $email = $row[ email ]; } else { die( No match for user id . $uid); } } if (isset($_GET[ ml ])) { $ml_id = $_GET[ ml ]; $sql = SELECT * FROM ml_lists WHERE ml_id = . $ml_id . ; $result = mysql_query($sql) or die( Invalid query: . mysql_error()); if (mysql_num_rows($result)) { $row = mysql_fetch_array($result); $msg .= Thank you for subscribing to the . $row[ listname ] . mailing list. ; } else { die ( Could not find Mailing List $ml_id ); } } else { die ( Mailing List id missing. ); } if (!isset($_GET[ t ])) { die( Missing Type ); } switch ($_GET[ t ]) { case c : $msg .= A confirmation request has been sent . to $email.
; break; case s : $msg .= A subscription notification has been . sent to you at $email.