Step 3: General Script Changes from Tutorial 1 - PHP

Okay, now let's go over some of the changes we've made since part 1 of this tutorial. Some new files were added, and some scripts were changed to include new functions.

Added 2 new configuration variables:

1. $CFG->wordlist, points to a text file containing a list of words that we will use when generating random passwords, more on this later.
2. $CFG->support, stores the email address of the MyMarket support staff (the non-existent ones :).

The value of $ME is now set by a function called qualified_me(), instead of just using $SCRIPT_NAME.

A bunch of new functions have been added to stdlib.php to make it more useful:

• strip_querystring() Changes things like "foo.php?abc=xyz" to " foo.php"
• get_referer() Returns the URL of the referring page
• me() Returns the name of the current script
• qualified_me() Returns the name of the current script with the leading http:// or https:// qualification
• match_referer() Returns true or false depending on if the referring page matches what you want
• redirect() Uses META tags to redirect the client's browser to another URL
• read_template() Used to read a template file into a string

The file mymarket.php contains some standard functions that are used by this application. For example, the build_category_list() function that used to be in admin/products.php has been moved here so that we can use it in other scripts as well (eg. the admin/categories.php page). The other functions in this script are:

• is_logged_in() Returns true if the user has logged in
• require_login() If the user hasn't logged in, show them the login screen and make then login first
• require_priv() Make sure the user has a particular privilege, if they don't show an insufficient privileges screen
• has_priv() A less severe version of require_priv(), this just returns true or false depending on if the user has a particular privilege
• build_category_list() Our favourite function moved here from the admin/categories.php script
• generate_password() A nifty function that generates random passwords based on a word file ($CFG->wordlist)
• err() A function to print out an error market (<<) if an error variable is defined
• username_exists() Returns true if the username exists
• email_exists() Returns true if the email address exists
• reset_user_password() A function that resets the user's password and sends them an email notification

Now that we've got login and privileges in place, we can put some protection on our administrative pages. If you look at the administrative pages:

• admin/index.php
• admin/categories.php
• admin/products.php
• admin/users.php

You will see two new commands at the top of the file: require_login() and require_priv(). The first function makes sure the user has logged in (if not, it will present the login screen) and the latter function makes sure the user has the required privileges.

The file admin/users.php is a new administrative screen that lets you (the administrator) create, edit, and remove users. It is built like the other maintenance screens, so look at the source code for details.

The file admin/categories.php has been modified so that it presents the list of parent categories in a bigger list box, like the one in products.php. This doesn't really have anything to do with user management, but I thought it would be a nice change to make :)

The file admin/products.php has been modified, the build_category_tree function was taken from here and placed into the shared lib/mymarket.php file. All our shared functions that are specific to MyMarket will be kept in lib/mymarket.php.