Home arrow MySQL arrow Page 3 - Creating the Admin Script for a PHP/MySQL Blogging System

Functions.php - MySQL

In this part of the series we will be writing the administration of the blog. The idea is to give the owner of the blog the ability to manage the blog by being able to remove users and articles as required, or to alter the status of users by upgrading them to admin status or banning them. It is also a place where the administrator can start new topics that will then garner their own replies.

TABLE OF CONTENTS:
  1. Creating the Admin Script for a PHP/MySQL Blogging System
  2. The Admin script
  3. Functions.php
  4. The Links
By: Jacques Noah
Rating: starstarstarstarstar / 33
October 17, 2006

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

function listmsgs(){
echo '<table width="100%" border="0" cellspacing="1">
  <tr>
    <td width="4%">&nbsp;</td>
    <td width="60%">Title</td>
    <td width="36%">Action</td>
  </tr>';
  echo '</table>';
$query1="Select artid,title,COUNT(*) FROM article WHERE
artchild='0' GROUP BY title ";
$blogarticles = mysql_query($query1) or die(mysql_error());
$num = mysql_num_rows($blogarticles);
if($num>0){
while($row=mysql_fetch_assoc($blogarticles)){
 echo' <table width="100%" border="0" cellspacing="1">
 <tr>
    <td width="4%"><img src="../images/fopen.gif" width="15"
height="15" /></td>
    <td width="60%">'.$row['title'].'</td>
    <td width="36%"><a href="delete.php?aid='.$row
['artid'].'">Delete Thread</a> </td>
  </tr>';
echo '</table>';
}
}else{
echo '<p>There are no articles in the database.</p>';
}
}

This function list all the messages in the database by title and also gives the option to remove the messages. The "<a href="delete.php?aid='.$row['artid'].'">Delete Thread</a>"  link includes a message id variable (.$row['artid'].) which is sent to the delete script as "aid."

Here’s the output of this function:

And here’s the code for the delete.php script that goes with the listmsgs function:

<?
include "../config.php";
if(isset($_GET['aid'])){
$query="DELETE FROM article WHERE artid='".$_GET['aid']."'";
if(!mysql_query($query)){
echo mysql_error();
}
$query1="DELETE FROM article WHERE artchild='".$_GET['aid']."'";
mysql_query($query1);
header("Location:main.php?action=listmsgs");
}
?>

The delete script will only work if the "aid" variable is set, in other words, it will only work if the "aid" has a value in it. Then it does two things. First it deletes the main thread that has a message id of "aid," then it deletes all the messages that are related to the main message.

Next is the listusers() function. This function, as the name indicates, lists all the users in the database. It also gives you the option to delete a user, and tells you the banned status of a user. Below is the function code:

function listusers(){
echo '<table width="100%" border="0" cellspacing="1">
  <tr>
    <td width="4%">&nbsp;</td>
    <td width="20%"><b>User</b></td>
    <td width="15%"><b>Action</b></td>
             <td width="60%"><b>Ban</b></td>
  </tr>';
   echo '</table>';
$query_users="select id,uname,isbanned from user ORDER BY
date_joined DESC";
$result_users=mysql_query($query_users);
$num_users = mysql_num_rows($result_users);
if($num_users > 0){
while($row_users=mysql_fetch_assoc($result_users)){
 echo '<table width="100%" border="0" cellspacing="1"> 
 <tr>
    <td width="4%"><img src="../images/icon_user.gif" width="16"
height="16" /></td>
    <td width="20%">'.$row_users['uname'].' </td>
    <td width="15%"><a href="delete_user.php?uid='.$row_users
['id'].'">Delete</a> </td>';
if($row_users['isbanned']=="yes"){      
echo '<td width="60%"><a href="ban.php?uid='.$row_users['id'].' &
status=banned ">User is Banned</a></td>';
}else{
echo '<td width="60%"><a href="ban.php?uid='.$row_users['id'].' &
notbanned">User not Banned</a></td>';
}
echo'  </tr>';
echo '</table>';
}
}else{
echo "Could not find any users in the database.";
}
}

When you click on the delete link, this link:

<a href="delete_user.php?uid='.$row_users['id'].'">Delete</a>

sends a user id to the delete_user.php page. And if you click on the ban user link, a user id is sent to the ban.php page.

Here’s the output of this function:

And here’s the code for the delete_user page:

<?
include "../config.php";
if(isset($_GET['uid'])){
$query="DELETE FROM user WHERE id='".$_GET['uid']."'";
if(!mysql_query($query)){
echo mysql_error();
}
header("Location:main.php?action=listusers");
}
?>

As with any database-related delete operation, this delete is very simple. All that it does is search for a user with the given user id and then delete the record that matches that id. It then returns to exactly where it was.

And here’s the code for the ban.php page:

<?
include "../config.php";
if(isset($_GET['uid'])){
if($_GET['status'] == "banned"){//is banned so unban the user
$query="UPDATE user SET isbanned='no' WHERE id='".$_GET['uid']."'";
if(!mysql_query($query)){
echo mysql_error();
}//query if
}//ban query
if($_GET['status'] == "notbanned"){ // ban the user
$query="UPDATE user SET isbanned='yes' WHERE id='".$_GET['uid']."'";
if(!mysql_query($query)){
echo mysql_error();
}//query if
}//
header("Location:main.php?action=listusers");
}//if
?>

This function checks the value of  the "status" variable that is sent by the listusers function, to see if that value included in that variable is "notbanned" or "banned." Based on that value it will then take the appropriate action, either to ban a user or not. It the returns to the main page.  All new users are by default set to "not banned." Unless the user was registered by the admin, in which case the admin can set the banned status him/herself.

function listcat(){
echo '<table width="100%" border="0" cellspacing="1"> 
 <tr>
    <td width="50%"><b>Category name</b></td>
    <td width="50%"><b></b>Action </td>';
   echo'  </tr>';
echo '</table>';
$query2="Select * FROM categories";
$cat = mysql_query($query2) or die(mysql_error());
$num=mysql_num_rows($cat);
if($num>0){
while($row=mysql_fetch_assoc($cat)){
 echo '<table width="100%" border="0" cellspacing="1"> 
 <tr>
    <td width="50%">'.$row['category'].'</td>
    <td width="50%"><a href="delete_cat.php?catid='.$row
['catid'].'">Delete</a> </td>';
   echo'  </tr>';
echo '</table>';
}
}
}

This function lists all the categories in the database by name and also gives the option to delete them. The link:

<a href="delete_cat.php?catid='.$row['catid'].'">Delete</a>

sends a value called "catid" to the delete_cat.php page.

Here’s the output of this function:

And here’s the code that performs the deletion:

<?
include "../config.php";
if(isset($_GET['catid'])){
$query="DELETE FROM categories WHERE catid='".$_GET['catid']."'";
if(!mysql_query($query)){
echo mysql_error();
}
header("Location:main.php?action=listcat");
}
?>

This function uses the category id value sent by the listcat() function to delete the category from the database. Again I’ve taken the secure route by checking first to see whether the “catid” variable has a value before proceeding with deleting the record.



 
 
>>> More MySQL Articles          >>> More By Jacques Noah
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

MYSQL ARTICLES

- Oracle Unveils MySQL 5.6
- MySQL Vulnerabilities Threaten Databases
- MySQL Cloud Options Expand with Google Cloud...
- MySQL 5.6 Prepped to Handle Demanding Web Use
- ScaleBase Service Virtualizes MySQL Databases
- Oracle Unveils MySQL Conversion Tools
- Akiban Opens Database Software for MySQL Use...
- Oracle Fixes MySQL Bug
- MySQL Databases Vulnerable to Password Hack
- MySQL: Overview of the ALTER TABLE Statement
- MySQL: How to Use the GRANT Statement
- MySQL: Creating, Listing, and Removing Datab...
- MySQL: Create, Show, and Describe Database T...
- MySQL Data and Table Types
- McAfee Releases Audit Plugin for MySQL Users

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: