User Management in a PHP Invoicing System

---

Three downloadable files are available for this article; you can access them here, here, and here.

---

Let's start by showing how we are going to list all the users in the database. Create a new PHP document and save it as allusers.php. On this page we are going to display user names and full names.

But before we do anything else, let's create the query that will retrieve all the user details from the database. On the very top of the page add the following code:

<?
include "config.php";
$query_users = "SELECT uid, uname, fname,lname  FROM users ORDER BY uid
DESC";
$result_users = mysql_query($query_users);
$num_users = mysql_num_rows($result_users);
?>

As a matter of good coding practice, not to mention security, I have not retrieved the password of the user at this stage. It will be retrieved only when the user wants to view his/her profile, later on.

So let's create a table with the above headers as well as a column with "action" as its header:

<tr class="tblheadings">
          <td><strong>User  Name</strong> </td>
                           <td><strong>Full Name </strong></td>
<? if($_SESSION['level'] =="admin" ) {  ?>
                           <td><strong>Action</strong></td>
                           <? }?>        </tr>

For security reasons I've added a condition on when the action column can be displayed. The column should only be shown if the person who is logged in is an administrator. This will prevent non-admin users from changing any important information. If you just want to view or change your details, then you should go to the "User settings link."

Next we will built a dynamic table based on the results from the query:

<?
                        if($num_users > 0){
                        while($users= mysql_fetch_assoc
($result_users)){
                        ?>
        <tr class="tblinfo">
          <td><?=$users['uname'];?> </td>
                        <? if($_SESSION['level'] =="admin" ) {  ?
>
                          <td><a href="uprofile.php?uid=<?=$users
['uid']?>">View Full Details </a> |<a href="delusers.php?uid=<?
=$users['uid']?>">Delete</a> <a href="uprofile.php?uid=<?=$users
['uid']?>">Edit</a></td>
                            <? }?>
        </tr>
                        <? } 
                        }else{?>
                        <tr>
                        <td colspan="2"><p>There are currently no
users details available.</p></td>
                        </tr>                       

                        <? }?>

I've put in place the same security barrier as before, so please take note.

The above code retrieves and builds a dynamic table by checking whether the results of the query returned any rows, as in:

if($num_users > 0){
                        while($users= mysql_fetch_assoc
($result_users)){
                        ?>

If there are rows returned, a 'while()' loop is called, and the rows and cells for the retrieved data are created. In the event that there are no users, the following is displayed:

}else{?>
                        <tr>
                        <td colspan="2"><p>There are currently no
users details available.</p></td>
                        </tr>
                        
                        <? }?>

Below is a screen shot of a users page:

>>> More PHP Articles          >>> More By Leidago

blog comments powered by Disqus