User Management in a PHP Invoicing System

In this fourth and final article covering the creation of a PHP invoicing system, we're going to put together the user management section. In this section we will be able to view all available users and do all the associated things like deleting or updating user details. We are also going to be able to add new users.

TABLE OF CONTENTS:

By: Leidago

Poor Best

Rating:

/ 6

September 27, 2006

print this article

SEARCH DEV SHED

TOOLS YOU CAN USE

Three downloadable files are available for this article; you can access them here, here, and here.

Let's start by showing how we are going to list all the users in the database. Create a new PHP document and save it as allusers.php. On this page we are going to display user names and full names.

But before we do anything else, let's create the query that will retrieve all the user details from the database. On the very top of the page add the following code:

<?
include "config.php";
$query_users = "SELECT uid, uname, fname,lname FROM users ORDER BY uid
DESC";
$result_users = mysql_query($query_users);
$num_users = mysql_num_rows($result_users);
?>

As a matter of good coding practice, not to mention security, I have not retrieved the password of the user at this stage. It will be retrieved only when the user wants to view his/her profile, later on.

So let's create a table with the above headers as well as a column with "action" as its header:

<tr class="tblheadings">
 <td>User Name </td>
 <td>Full Name </td>
<? if($_SESSION['level'] =="admin" ) { ?>
 <td>Action</td>
 <? }?> </tr>

For security reasons I've added a condition on when the action column can be displayed. The column should only be shown if the person who is logged in is an administrator. This will prevent non-admin users from changing any important information. If you just want to view or change your details, then you should go to the "User settings link."

Next we will built a dynamic table based on the results from the query:

<?
 if($num_users > 0){
 while($users= mysql_fetch_assoc
($result_users)){
 ?>
 <tr class="tblinfo">
 <td><?=$users['uname'];?> </td>
 <? if($_SESSION['level'] =="admin" ) { ?
>
 <td><a href="uprofile.php?uid=<?=$users
['uid']?>">View Full Details </a> |<a href="delusers.php?uid=<?
=$users['uid']?>">Delete</a> <a href="uprofile.php?uid=<?=$users
['uid']?>">Edit</a></td>
 <? }?>
 </tr>
 <? }
 }else{?>
 <tr>
 <td colspan="2">There are currently no
users details available.</td>
 </tr>

<? }?>

I've put in place the same security barrier as before, so please take note.

The above code retrieves and builds a dynamic table by checking whether the results of the query returned any rows, as in:

if($num_users > 0){
while($users= mysql_fetch_assoc
($result_users)){
?>

If there are rows returned, a 'while()' loop is called, and the rows and cells for the retrieved data are created. In the event that there are no users, the following is displayed:

}else{?>
 <tr>
 <td colspan="2">There are currently no
users details available.</td>
 </tr>

 <? }?>

Below is a screen shot of a users page: