Home arrow PHP arrow Page 7 - Building an E-Commerce Site Part 2: Managing Users with Sessions

Step 3: General Script Changes from Tutorial 1 - PHP

This is the second article in a three-part series dealing with using PHP 4 and MySQL to make a comprehensive e-commerce storefront solution. This article covers session management within the store, user privileges, and a few security concerns.

  1. Building an E-Commerce Site Part 2: Managing Users with Sessions
  2. Assumptions and Requirements
  3. Primer on Sessions
  4. User Management and Privileges
  5. Step 1: Creating the Users Table
  6. Step 2: Extracting the New Scripts
  7. Step 3: General Script Changes from Tutorial 1
  8. Step 5: User Scripts
  9. Step 6: A Note on Security
  10. Step 7: Putting It All Together
By: Ying Zhang
Rating: starstarstarstarstar / 33
May 16, 2000

print this article



Okay, now let's go over some of the changes we've made since part 1 of this tutorial. Some new files were added, and some scripts were changed to include new functions.

Added 2 new configuration variables:

  1. $CFG->wordlist, points to a text file containing a list of words that we will use when generating random passwords, more on this later.
  2. $CFG->support, stores the email address of the MyMarket support staff (the non-existent ones :).

The value of $ME is now set by a function called qualified_me(), instead of just using $SCRIPT_NAME.

A bunch of new functions have been added to stdlib.php to make it more useful:

  • strip_querystring() Changes things like "foo.php?abc=xyz" to " foo.php"
  • get_referer() Returns the URL of the referring page
  • me() Returns the name of the current script
  • qualified_me() Returns the name of the current script with the leading http:// or https:// qualification
  • match_referer() Returns true or false depending on if the referring page matches what you want
  • redirect() Uses META tags to redirect the client's browser to another URL
  • read_template() Used to read a template file into a string

The file mymarket.php contains some standard functions that are used by this application. For example, the build_category_list() function that used to be in admin/products.php has been moved here so that we can use it in other scripts as well (eg. the admin/categories.php page). The other functions in this script are:

  • is_logged_in() Returns true if the user has logged in
  • require_login() If the user hasn't logged in, show them the login screen and make then login first
  • require_priv() Make sure the user has a particular privilege, if they don't show an insufficient privileges screen
  • has_priv() A less severe version of require_priv(), this just returns true or false depending on if the user has a particular privilege
  • build_category_list() Our favourite function moved here from the admin/categories.php script
  • generate_password() A nifty function that generates random passwords based on a word file ($CFG->wordlist)
  • err() A function to print out an error market (<<) if an error variable is defined
  • username_exists() Returns true if the username exists
  • email_exists() Returns true if the email address exists
  • reset_user_password() A function that resets the user's password and sends them an email notification
{mospagebreak title=Step 4: New Administrative Screens}

Now that we've got login and privileges in place, we can put some protection on our administrative pages. If you look at the administrative pages:

  • admin/index.php
  • admin/categories.php
  • admin/products.php
  • admin/users.php

You will see two new commands at the top of the file: require_login() and require_priv(). The first function makes sure the user has logged in (if not, it will present the login screen) and the latter function makes sure the user has the required privileges.

The file admin/users.php is a new administrative screen that lets you (the administrator) create, edit, and remove users. It is built like the other maintenance screens, so look at the source code for details.

The file admin/categories.php has been modified so that it presents the list of parent categories in a bigger list box, like the one in products.php. This doesn't really have anything to do with user management, but I thought it would be a nice change to make :)

The file admin/products.php has been modified, the build_category_tree function was taken from here and placed into the shared lib/mymarket.php file. All our shared functions that are specific to MyMarket will be kept in lib/mymarket.php.

>>> More PHP Articles          >>> More By Ying Zhang

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates


Dev Shed Tutorial Topics: