The Action column - PHP

The action column in the above table has links to two pages, Delusers.php and Uprofile.php. Delusers.php removes a user from the database. Uprofile.php shows the details about a user, and doubles as an update page.

Let's look at the code that removes a user from the database:

<?
include "config.php";
if(isset($_GET['uid'])){
$query = "DELETE FROM users WHERE uid = '".$_GET['uid']."'";
if(mysql_query($query))
{
header("location:allusers.php");
}else{
echo mysql_error();
}
}
?>

In this code, a user ID is received and is then used to remove the user from the users table with a "delete" query. If the query is successful the user is redirected to the allusers page.

Next we are going to deal with how to add a new user. Create a new PHP document and save it as "new_user.php." To create a new user, we will need to create a form to take input from the creator.  Since this will potentially give full access to the system to the yet-to-be-created user, we will need to make sure that only the "admin" has access to this page. Here's the HTML code for the form:

<?
//check if level is admin. ONLY Admin can create new users
if($_SESSION['level'] == "admin"){
?>        
            <form action="uprofile.php" method="post"
name="profile">
            <table width="100%" border="0" cellspacing="1">
  <tr>
    <td colspan="2"></td>
    </tr>
  <tr>
    <td valign="top"><img src="images/icon_user.gif" width="36"
height="41" /></td>
    <td valign="top"><h1>User Information</h1></td>
  </tr>
  <tr>
    <td width="8%">&nbsp;</td>
    <td width="92%">&nbsp;</td>
  </tr>

  <tr>
    <td class="td">Username</td>
    <td><input name="uname" type="text" id="uname"
size="80" /></td>
  </tr>
  <tr>
    <td>Password</td>
    <td><input name="upass" type="password" id="upass" size="80"/></td>
  </tr>
  <tr>
    <td>First Name </td>
    <td><input name="fname" type="text" id="fname"
size="80"  /></td>
  </tr>
  <tr>
    <td>Last Name </td>
    <td><input name="lname" type="text" id="lname" size="80"  />
            <input name="level" type="hidden" value="normal" /></td>
  </tr>
   <tr>
    <td>&nbsp;</td>
    <td><input type="submit" name="submit" value="Add User" /></td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
  </tr>
</table>
            </form>
            <? }else{?>
            
            <table>
            <tr><td>
            <p>You are not authorized to create new
users.</p>           

            </td></tr></table><? }?>

To make sure that an administrator has accessed the page, I have inserted the admin check code, so if a non-admin user tries to access the page they will get a "You are not authorized to create new users" message instead of the form.

To handle form information, add the following code at the top of the page:

<? include "FCKeditor/fckeditor.php";
include "config.php";
if(isset($_POST['submit'])){
$query_ins = "INSERT INTO users SET uname='".trim(addslashes
($_POST['uname']))."',upass='".trim(addslashes($_POST
['upass']))."',";
$query_ins .= "fname = '".trim(addslashes($_POST['fname']))."',";
$query_ins .= "lname = '".trim(addslashes($_POST
['lname']))."',level = '".trim(addslashes($_POST['level']))."'";
if(mysql_query($query_ins)){
header("location:main.php");
}else{
echo mysql_error();
}
}
?>

This code will process the form data by running an insert query as shown above. Once a record is inserted, the user will then be redirected to the allusers page where the newly created user details will be displayed.

Below is a screen shot of what the page looks like: