User Authentication With patUser (part 2) - A Well-Formed Plan (
Page 12 of 13 )
Now,
how about a couple of examples to put all this in context? This first example
demonstrates how the various user and group manipulation methods discussed in
this article can be used to rapidly build a user administration module for a Web
application or Web site. Consider the following script, which is designed to
allow administrators to add new users to the system.
<?php
// include classes
include("../include/patDbc.php");
include("../include/patUser.php");
// initialize database layer
$db = new patMySqlDbc("localhost", "db211", "us111", "secret");
// initialize patUser
$u = new patUser(true);
// connect patUser to database/template engines $u->setAuthDbc($db);
// set tables
$u->setAuthTable("users");
$u->setGroupTable("groups"); $u->setGroupRelTable("usergroups");
?>
<html>
<head>
<basefont face="Arial">
</head>
<body>
<?php
// display initial form
if (!$_POST['submit'])
{
?>
<h2>New User</h2>
<form action="<?=$ME?>" method="post">
First name
<br>
<input type="text" name="fname" size="10">
<p>
Last name
<br>
<input type="text" name="lname" size="10">
<p>
Username
<br>
<input type="text" name="username" size="10">
<p>
Password
<br>
<input type="password" name="passwd" size="10">
<p>
Email address
<br>
<input type="text" name="email" size="25">
<p>
Department
<br>
<select name="gid[]" multiple>
<?php
// get group list
// display as multi-select box
$groups = $u->getGroups( array("gid", "name") );
foreach ($groups as $g)
{
?>
<option value="<?=$g['gid']?>"><?=$g['name']?></option>
<?php
}
?>
</select>
<p>
<input type="submit" name="submit" value="submit">
</form>
<?
}
else
{
// if form submitted
// validate form data
// ideally you would want more stringent validation rules here!
if (!$_POST['fname']) { echo "First name not entered!"; die; }
if (!$_POST['lname']) { echo "Last name not entered!"; die; }
if (!$_POST['username']) { echo "Username not entered!"; die; }
if (!$_POST['passwd']) { echo "Password not entered!"; die; }
if (!$_POST['email']) { echo "Email address not entered!"; die; }
if (sizeof($_POST['gid']) == 0) { echo "Department not selected!";
die; }
// if data OK, add user
$uid = $u->addUser( array(
"username" => $_POST['username'],
"passwd" => $_POST['passwd']
) );
// get UID
if ($uid)
{
// add other user data
$u->modifyUser( array(
"username" => $_POST['username'],
"passwd" => $_POST['passwd'],
"fname" => $_POST['fname'],
"lname" => $_POST['lname'],
"email" => $_POST['email'],
) );
// add user to groups
foreach ($_POST['gid'] as $g)
{
$u->addUserToGroup( array("uid" => $uid, "gid" =>
$g) );
}
// display status
echo "User successfully added!";
}
else
{
// else display error
echo "User could not be added!";
}
}
?>
</body>
</html>
This script is split into two parts. The first part is a simple HTML form
containing fields for user information (including the critical username and
password fields) and group membership. The list of groups is obtained from the
system itself, via a call to the getGroups() method. An administrator may fill
up this form with the components of a user record, and also attach a user to one
or more of the named groups.
Once the form has been submitted and the
data within it validated, the addUser() method is invoked to add the user to the
system. The unique user ID returned by the addUser() method can then be used by
the modifyUser() and addUserToGroup() methods to set up the rest of the user
record and group memberships.
You'll notice that, unlike traditional
scripts of this nature, there are no SQL queries in the code above. This is
because patUser does most of the heavy lifting for you, encapsulating all needed
queries within its user management API; all you need to do is invoke the
appropriate method and pass it the data that needs to be entered into the
database. Integrating patUser, therefore, can substantially reduce the time you
spend on building such utility scripts.
/ 7 
