The Other Scripts - PHPIf you've followed along as we've built the core and authentication sections of a project management application, you can guess what this article is all about. It will walk you through the scripts you need to employ to add an administration section to the application. It will enable administrators to complete tasks that you may not want to allow all of your application's users to do.
print this article SEARCH DEV SHED |
Of the remaining scripts, we will look at the list users/projects ones. These basically open the doors to deleting and updating users and projects. Let's start by looking at the code for the list projects script: <?php ob_start(); include "../dbcon.php"; include "../functions.php"; //make sure that the user that is logged on has the right access if(isset($_SESSION['level'])){ $level = $_SESSION['level']; //if the access level is admin, then grant access to user if(!$level == "admin"){ header("location:../login.php"); } }else{ //session var is not set, user should not be on this page, redirect header("location:../login.php"); }//end session check The first part of the script simply checks to see if the logged-in user is or is not an admin, by comparing the session variable to a string as explained before. The second part of the code then retrieves a list of all the projects from the database: //otherwise extract only the projects belonging to the currently logged in user $getprojects = "SELECT pid,title FROM projects ORDER BY pid"; $results=mysql_query($getprojects); if(!$results){ echo mysql_error(); }else{ $num_projects = mysql_num_rows($results); } If you look closely you will note that the results are not actually displayed here. They will be shown in the main HTML section of the page. The number of rows returned are stored in a variable called $num, which will later be used to build a dynamic HTML table with the MySQL results: <?php if($num_projects > 0){ while($rowprojects = mysql_fetch_assoc($results)){ ?> <tr> <td><?php echo $rowprojects['title'];?></td> <td><a href="edit_project.php?pid=<?php echo $rowprojects['pid']?>">Change</a> | <a href="del_project.php?pid=<?php echo $rowprojects['pid']?>">Delete</a> </td>
</tr> <?php } }else{ ?> <tr> <td colspan="3"><p>There are no projects in the table, click on ""Add project" to add new ones.</p></td> </tr> <?php }?> To built a dynamic table the $num/$result variables are used. First the $num variable is used to see if any rows are returned from the database table; if so, the $results variable is used to retrieve those records and build the table rows.
The list users script follows the same pattern. First it checks to see if the logged- in user has admin rights: <?php ob_start(); include "../dbcon.php"; include "../functions.php"; //make sure that the user that is logged on has the right access if(isset($_SESSION['level'])){ $level = $_SESSION['level']; //if the access level is admin, then grant access to user if(!$level == "admin"){ header("location:../login.php"); } }else{ //session var is not set, user should not be on this page, redirect header("location:../login.php"); }//end session check Then it retrieves the users from the database: //otherwise extract all users from users table $getusers = "SELECT uid,uname FROM users ORDER BY uid"; $result=mysql_query($getusers); if(!$result){ echo mysql_error(); }else{ $num_users = mysql_num_rows($result); } ?> The exact same pattern is followed; the query results are stored in the $results variable and the number of rows retrieved is stored in the $num variable. Both of these will be used to build a dynamic table as the script is parsed: <?php if($num_users > 0){ while($rowusers = mysql_fetch_assoc($result)){ ?> <tr> <td><?php echo $rowusers['uname'];?></td> <td><a href="edit_user.php?uid=<?php echo $rowusers['uid']?>">Change</a> | <a href="del_user.php?uid=<?php echo $rowusers['uid']?>">Delete</a> </td>
</tr> <?php } }else{ ?> <tr> <td colspan="3"><p>There are no users in the table, click on ""Add user" to add new ones.</p></td> </tr> <?php }?>
blog comments powered by Disqus |
|
|
|
|
|
|
|
