Cracking The Vault (part 1) - Basic Maintenance
(Page 11 of 12 )
As I've just explained, the owner of a document has the ability to edit document properties, or delete the document from the system. The scripts that accomplish these tasks are "edit.php" and "delete.php" respectively, and I'll briefly explain them here.
"edit.php" is almost identical to "add.php" - it contains both a form and a form processing script, and includes all of the same form elements, with the exception of the file upload box. The document owner can use this script to alter the file description, and grant/revoke user permissions.
Since this is a pre-existing document, "edit.php" needs to query the database in order to pre-fill the form with the current values of the various fields. This piece of code is designed to obtain the list of allowed user IDs from the database, create an array, and then use the array to pre-select the usernames in the list boxes.
<?
if (!$submit)
// form not yet submitted, display initial form
{
// query to obtain current properties and rights
$query = "SELECT category, realname, description, comment FROM data WHERE
id = '$id' AND status = '0' AND owner = '$SESSION_UID'";
$result = mysql_db_query($database, $query, $connection) or die ("Error in
query: $query. " . mysql_error());
// error check
// obtain data from resultset
list($category, $realname, $description, $comment) =
mysql_fetch_row($result);
mysql_free_result($result);
// display the form
// much water under the bridge...
?>
<td><select name="view[]" multiple>
<?
// query for view list
$query = "SELECT uid FROM data, perms WHERE perms.fid = '$id' AND data.id
= perms.fid AND status = '0' AND perms.rights = '1'";
$result = mysql_db_query($database, $query, $connection) or die ("Error in
query: $query. " . mysql_error());
// place the result in an array
$viewList = array();
$y = 0;
while (list($uid) = mysql_fetch_row($result))
{
$viewList[$y] = $uid;
$y++;
}
// now query to get a complete list of users and user IDs
$query2 = "SELECT id, username FROM user ORDER BY username";
$result2 = mysql_db_query($database, $query2, $connection) or die ("Error
in query: $query2 . " . mysql_error());
while(list($ID, $USERNAME) = mysql_fetch_row($result2))
{
$str = "<option value=\"$ID\"";
// iterate through current list of users and select those that match
foreach($viewList as $temp)
{
if ($ID == $temp) { $str .= " selected"; }
}
$str .= ">$USERNAME</option>";
echo $str;
}
?>
</select></td>
}
else
{
// process form
}
?>
Here's what the form looks like.
Once the form is submitted, the database is UPDATEd with new information.
<?
if (!$submit)
{
// form not yet submitted, display initial form
}
else
{
// snip!
// update db with new information
$query = "UPDATE data SET category='$category',
description='$description', comment='$comment' WHERE id = '$id'";
$result = mysql_db_query($database, $query, $connection) or die ("Error in
query: $query. " . mysql_error());
// clean out the old permissions
$query = "DELETE FROM perms WHERE fid = '$id'";
$result = mysql_db_query($database, $query, $connection) or die ("Error in
query: $query. " . mysql_error());
// INSERT new user permissions - view
for($x=0; $x<sizeof($view); $x++)
{
$query = "INSERT INTO perms (fid, uid, rights) VALUES('$id', '$view[$x]',
'1')";
$result = mysql_db_query($database, $query, $connection) or die ("Error in
query: $query. " . mysql_error());
}
// INSERT new user permissions - modify
for($x=0; $x<sizeof($modify); $x++)
{
$query = "INSERT INTO perms (fid, uid, rights) VALUES('$id',
'$modify[$x]', '2')";
$result = mysql_db_query($database, $query, $connection) or die ("Error in
query: $query. " . mysql_error());
}
}
?>
This article copyright Melonfire 2001. All rights reserved.Next: The D Word >>
More PHP Articles
More By Vikram Vaswani, (c) Melonfire
