User settings page - PHP

On this page the details of the user that is currently logged on is shown. You can also update your details at the same time as viewing them. Below is a screen shot of what it looks like:

To create this page we need to make a form with four text fields and a drop-down box. Here's the HTML code for the form:

<form action="uprofile.php" method="post" name="profile">
            <table width="100%" border="0" cellspacing="1">
  <tr>
    <td colspan="2"></td>
    </tr>
  <tr>
    <td valign="top"><img src="images/icon_user.gif" width="36"
height="41" /></td>
    <td valign="top"><h1>User Information</h1></td>
  </tr>
  <tr>
    <td width="8%">&nbsp;</td>
    <td width="92%"><? if(isset($msg)){
            echo $msg;           

            }?></td>
  </tr>
  <? if($num > 0){?>
  <tr>
    <td class="td">Username</td>
    <td><input name="uname" type="text" id="uname" size="80"
  value="<?=$row_up['uname']; ?>"/></td>
  </tr>
  <tr>
    <td>Password</td>
    <td><input name="upass" type="password" id="upass" size="80"
  value="<?=$row_up['upass']; ?>"/></td>
  </tr>
  <tr>
    <td>First Name </td>
    <td><input name="fname" type="text" id="fname" size="80"
  value="<?=$row_up['fname']; ?>"/></td>
  </tr>
  <tr>
    <td>Last Name </td>
    <td><input name="lname" type="text" id="lname" size="80"
  value="<?=$row_up['lname']; ?>"/></td>
  </tr>
  <? $query = "SELECT * FROM users";
  $res = mysql_query($query);
  $numres = mysql_num_rows($res);
  if($numres > 0){
  while($rows = mysql_fetch_assoc($res)){ 
  ?>
  <tr>
    <td>Level</td>
    <td><select name="level" id="level">
    <option value="<?=$rows['level'];?>">
            <?=$rows['level']; ?>
            </option>
            <? 
            }
            }?>
            </select>    </td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td><input type="submit" name="submit" value="Update
Profile" /></td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
  </tr>
<? }?>
</table>
            </form>

It is basically a form with an embedded table. When the form is submitted, the code below handles its data:

Code 9:

<?
include "config.php";
if(isset($_POST['submit'])){
$query_updt= "UPDATE users SET uname = '".trim(addslashes($_POST
['uname']))."',upass='".trim(addslashes($_POST
['upass']))."',fname='".trim(addslashes($_POST
['fname']))."',lname='".trim(addslashes($_POST
['lname']))."',level='".trim(addslashes($_POST['level']))."'";
if(mysql_query($query_updt)){
$msg= "Your profile has been updated.";
}else{
$msg="Could not update your profile because ".mysql_error();
}
}
if(isset($_GET['uid'])){
$query_up= "SELECT * FROM users WHERE uid = '".$_GET['uid']."'";
$up_result = mysql_query($query_up);
$num = mysql_num_rows($up_result);
$row_up = mysql_fetch_assoc($up_result);
}else{
$query_up= "SELECT * FROM users WHERE uid = '".$_SESSION['u_id']."'";
$up_result = mysql_query($query_up);
$num = mysql_num_rows($up_result);
$row_up = mysql_fetch_assoc($up_result);
}
?> 

This code does two things. First it checks to see whether the form data is submitted and then runs an update query. Second, when this page is first opened, a query is run to retrieve the information relating to the user that is currently logged on. This is the second query in the code listing above.

Conclusion

If you are using an invoicing system that is used by many people, user management becomes very important. This is mainly because you have to be able to record and track invoice activity as a means of preventing fraud. With a more advanced user management system you will be able to tell what a particular user was doing and how many invoices he or she issued during any given period. With little changes to the code, you can achieve this.