User Authentication With patUser (part 2) - A Well-Formed Plan
(Page 12 of 13 )
Now, how about a couple of examples to put all this in context? This first example demonstrates how the various user and group manipulation methods discussed in this article can be used to rapidly build a user administration module for a Web application or Web site. Consider the following script, which is designed to allow administrators to add new users to the system.
<?php
// include classes
include("../include/patDbc.php");
include("../include/patUser.php");
// initialize database layer
$db = new patMySqlDbc("localhost", "db211", "us111", "secret");
// initialize patUser
$u = new patUser(true);
// connect patUser to database/template engines $u->setAuthDbc($db);
// set tables
$u->setAuthTable("users");
$u->setGroupTable("groups"); $u->setGroupRelTable("usergroups");
?>
<html>
<head>
<basefont face="Arial">
</head>
<body>
<?php
// display initial form
if (!$_POST['submit'])
{
?>
<h2>New User</h2>
<form action="<?=$ME?>" method="post">
First name
<br>
<input type="text" name="fname" size="10">
<p>
Last name
<br>
<input type="text" name="lname" size="10">
<p>
Username
<br>
<input type="text" name="username" size="10">
<p>
Password
<br>
<input type="password" name="passwd" size="10">
<p>
Email address
<br>
<input type="text" name="email" size="25">
<p>
Department
<br>
<select name="gid[]" multiple>
<?php
// get group list
// display as multi-select box
$groups = $u->getGroups( array("gid", "name") );
foreach ($groups as $g)
{
?>
<option value="<?=$g['gid']?>"><?=$g['name']?></option>
<?php
}
?>
</select>
<p>
<input type="submit" name="submit" value="submit">
</form>
<?
}
else
{
// if form submitted
// validate form data
// ideally you would want more stringent validation rules here!
if (!$_POST['fname']) { echo "First name not entered!"; die; }
if (!$_POST['lname']) { echo "Last name not entered!"; die; }
if (!$_POST['username']) { echo "Username not entered!"; die; }
if (!$_POST['passwd']) { echo "Password not entered!"; die; }
if (!$_POST['email']) { echo "Email address not entered!"; die; }
if (sizeof($_POST['gid']) == 0) { echo "Department not selected!";
die; }
// if data OK, add user
$uid = $u->addUser( array(
"username" => $_POST['username'],
"passwd" => $_POST['passwd']
) );
// get UID
if ($uid)
{
// add other user data
$u->modifyUser( array(
"username" => $_POST['username'],
"passwd" => $_POST['passwd'],
"fname" => $_POST['fname'],
"lname" => $_POST['lname'],
"email" => $_POST['email'],
) );
// add user to groups
foreach ($_POST['gid'] as $g)
{
$u->addUserToGroup( array("uid" => $uid, "gid" =>
$g) );
}
// display status
echo "User successfully added!";
}
else
{
// else display error
echo "User could not be added!";
}
}
?>
</body>
</html>
This script is split into two parts. The first part is a simple HTML form
containing fields for user information (including the critical username and password fields) and group membership. The list of groups is obtained from the system itself, via a call to the getGroups() method. An administrator may fill up this form with the components of a user record, and also attach a user to one or more of the named groups.
Once the form has been submitted and the data within it validated, the addUser() method is invoked to add the user to the system. The unique user ID returned by the addUser() method can then be used by the modifyUser() and addUserToGroup() methods to set up the rest of the user record and group memberships.
You'll notice that, unlike traditional scripts of this nature, there are no SQL queries in the code above. This is because patUser does most of the heavy lifting for you, encapsulating all needed queries within its user management API; all you need to do is invoke the appropriate method and pass it the data that needs to be entered into the database. Integrating patUser, therefore, can substantially reduce the time you spend on building such utility scripts.
Next: Slice And Dice >>
More PHP Articles
More By icarus, (c) Melonfire
/ 7 
