Creating the Admin Script for a PHP/MySQL Blogging System

In this part of the series we will be writing the administration of the blog. The idea is to give the owner of the blog the ability to manage the blog by being able to remove users and articles as required, or to alter the status of users by upgrading them to admin status or banning them. It is also a place where the administrator can start new topics that will then garner their own replies.


A downloadable file for this article can be found here.

The administration area can only be accessed by users with a administration level access. The admin area will consist of only one page, where all actions are going to be performed. The navigation panel will be on the right and the rest of the page will be used for showing the outcome of the various functions.

The navigation panel will contain among other things the name of the person that is logged in, with two sections with links. The first section will deal with messages. This includes creating a new topic, listing all the main messages in the blog and listing the different topic categories.

The next section will deal with user management. This includes creating a new user or adding a user and listing all users in the database. Both of the listing links(user listing and message listing) will allow you to do further operations on the listings.  

Each link will submit a link variable called action, which will activate a function which will be called by the switch structure that is written in the main.php page. All of the functions are defined in the functions.php page.

{mospagebreak title=The Admin script}

As stated before, all the work will be done from one page, which I’ve called main.php. This page can only be accessed from the login page, and then only if you are registered as an admin. You can of course change the point of access to the main blog script if you wish. It is only written in this way because it was more practical from the article’s point of view.

The page itself has the following code, in addition to the usual HTML formatting:

  <?
if(isset($_GET[‘action’])){
$action=$_GET[‘action’];
switch($action)
{
    Case “listusers”;
        listusers();
    break;
        Case “listmsgs”;
        listmsgs();
        break;
    Case “listcat”;
        listcat();
        break;    
    Default;      

        break;
           }
}else{
 echo ‘<center><table>
 <tr>
<td align=”center”> <font size=”5″ color=”#00000″>MyBlog Admin
Control Centre</font> <br>
         <font size=”4″ color=””>Click on any of the links on the
left to:</font> 
                         </td>
        </tr>
                        <tr>
    <td align=”center”><font size=”” color=””>Manage
Users</font></td>
            </tr>
  </tr>
  <tr>
    <td align=”center”><font size=”” color=””>Manage
Messages</font></td>
  </tr>’;
echo ‘</center></table>’;
}                     

Basically, an action variable is submitted from within the script by the links and will contain the values specified in the “case” conditions. The values in the links are descriptive of what functions need to be carried out. For example, listmsgs will trigger a call to the listmsgs() function. Here’s what the links section looks like in code:

<a href=”<? echo $_SERVER[‘PHP_SELF’] ?>?action=listmsgs”>List
All Messages </a>
<a href=”<? echo $_SERVER[‘PHP_SELF’] ?>?action=listcat”>List
Categories </a>
<a href=”<? echo $_SERVER[‘PHP_SELF’] ?>?action=listusers”>List
All Users </a>
<a href=”../LoginScript/register.php?theadmin=1″>Create New
User</a>
<a href=”<? echo $_SERVER[‘PHP_SELF’] ?>?action=listusers”>List
All Users </a>

Below is a screen shot of the main.php page:     

     

There are a couple of other background pages that help to run the admin for the admin script, some of which I will try to explain:

  • Functions.php – Contains all the functions used in admin.
  • Delete.php – Used to delete articles and their comments.
  • Delete_users.php – Used to delete users.
  • Delete_cat.php – Used to delete categories.
  • Ban.php – Used to ban users.
  • New_post.php — Used for creating new threads and posts.

{mospagebreak title=Functions.php}

function listmsgs(){
echo ‘<table width=”100%” border=”0″ cellspacing=”1″>
  <tr>
    <td width=”4%”>&nbsp;</td>
    <td width=”60%”>Title</td>
    <td width=”36%”>Action</td>
  </tr>’;
  echo ‘</table>’;
$query1=”Select artid,title,COUNT(*) FROM article WHERE
artchild=’0′ GROUP BY title “;
$blogarticles = mysql_query($query1) or die(mysql_error());
$num = mysql_num_rows($blogarticles);
if($num>0){
while($row=mysql_fetch_assoc($blogarticles)){
 echo’ <table width=”100%” border=”0″ cellspacing=”1″>
 <tr>
    <td width=”4%”><img src=”../images/fopen.gif” width=”15″
height=”15″ /></td>
    <td width=”60%”>’.$row[‘title’].'</td>
    <td width=”36%”><a href=”delete.php?aid=’.$row
[‘artid’].'”>Delete Thread</a> </td>
  </tr>’;
echo ‘</table>’;
}
}else{
echo ‘<p>There are no articles in the database.</p>’;
}
}

This function list all the messages in the database by title and also gives the option to remove the messages. The “<a href=”delete.php?aid=’.$row[‘artid’].'”>Delete Thread</a>”  link includes a message id variable (.$row[‘artid’].) which is sent to the delete script as “aid.”

Here’s the output of this function:

And here’s the code for the delete.php script that goes with the listmsgs function:

<?
include “../config.php”;
if(isset($_GET[‘aid’])){
$query=”DELETE FROM article WHERE artid='”.$_GET[‘aid’].”‘”;
if(!mysql_query($query)){
echo mysql_error();
}
$query1=”DELETE FROM article WHERE artchild='”.$_GET[‘aid’].”‘”;
mysql_query($query1);
header(“Location:main.php?action=listmsgs”);
}
?>

The delete script will only work if the “aid” variable is set, in other words, it will only work if the “aid” has a value in it. Then it does two things. First it deletes the main thread that has a message id of “aid,” then it deletes all the messages that are related to the main message.

Next is the listusers() function. This function, as the name indicates, lists all the users in the database. It also gives you the option to delete a user, and tells you the banned status of a user. Below is the function code:

function listusers(){
echo ‘<table width=”100%” border=”0″ cellspacing=”1″>
  <tr>
    <td width=”4%”>&nbsp;</td>
    <td width=”20%”><b>User</b></td>
    <td width=”15%”><b>Action</b></td>
             <td width=”60%”><b>Ban</b></td>
  </tr>’;
   echo ‘</table>’;
$query_users=”select id,uname,isbanned from user ORDER BY
date_joined DESC”;
$result_users=mysql_query($query_users);
$num_users = mysql_num_rows($result_users);
if($num_users > 0){
while($row_users=mysql_fetch_assoc($result_users)){
 echo ‘<table width=”100%” border=”0″ cellspacing=”1″> 
 <tr>
    <td width=”4%”><img src=”../images/icon_user.gif” width=”16″
height=”16″ /></td>
    <td width=”20%”>’.$row_users[‘uname’].’ </td>
    <td width=”15%”><a href=”delete_user.php?uid=’.$row_users
[‘id’].'”>Delete</a> </td>’;
if($row_users[‘isbanned’]==”yes”){      
echo ‘<td width=”60%”><a href=”ban.php?uid=’.$row_users[‘id’].’ &
status=banned “>User is Banned</a></td>’;
}else{
echo ‘<td width=”60%”><a href=”ban.php?uid=’.$row_users[‘id’].’ &
notbanned”>User not Banned</a></td>’;
}
echo’  </tr>’;
echo ‘</table>’;
}
}else{
echo “Could not find any users in the database.”;
}
}

When you click on the delete link, this link:

<a href=”delete_user.php?uid=’.$row_users[‘id’].'”>Delete</a>

sends a user id to the delete_user.php page. And if you click on the ban user link, a user id is sent to the ban.php page.

Here’s the output of this function:

And here’s the code for the delete_user page:

<?
include “../config.php”;
if(isset($_GET[‘uid’])){
$query=”DELETE FROM user WHERE id='”.$_GET[‘uid’].”‘”;
if(!mysql_query($query)){
echo mysql_error();
}
header(“Location:main.php?action=listusers”);
}
?>

As with any database-related delete operation, this delete is very simple. All that it does is search for a user with the given user id and then delete the record that matches that id. It then returns to exactly where it was.

And here’s the code for the ban.php page:

<?
include “../config.php”;
if(isset($_GET[‘uid’])){
if($_GET[‘status’] == “banned”){//is banned so unban the user
$query=”UPDATE user SET isbanned=’no’ WHERE id='”.$_GET[‘uid’].”‘”;
if(!mysql_query($query)){
echo mysql_error();
}//query if
}//ban query
if($_GET[‘status’] == “notbanned”){ // ban the user
$query=”UPDATE user SET isbanned=’yes’ WHERE id='”.$_GET[‘uid’].”‘”;
if(!mysql_query($query)){
echo mysql_error();
}//query if
}//
header(“Location:main.php?action=listusers”);
}//if
?>

This function checks the value of  the “status” variable that is sent by the listusers function, to see if that value included in that variable is “notbanned” or “banned.” Based on that value it will then take the appropriate action, either to ban a user or not. It the returns to the main page.  All new users are by default set to “not banned.” Unless the user was registered by the admin, in which case the admin can set the banned status him/herself.

function listcat(){
echo ‘<table width=”100%” border=”0″ cellspacing=”1″> 
 <tr>
    <td width=”50%”><b>Category name</b></td>
    <td width=”50%”><b></b>Action </td>’;
   echo’  </tr>’;
echo ‘</table>’;
$query2=”Select * FROM categories”;
$cat = mysql_query($query2) or die(mysql_error());
$num=mysql_num_rows($cat);
if($num>0){
while($row=mysql_fetch_assoc($cat)){
 echo ‘<table width=”100%” border=”0″ cellspacing=”1″> 
 <tr>
    <td width=”50%”>’.$row[‘category’].'</td>
    <td width=”50%”><a href=”delete_cat.php?catid=’.$row
[‘catid’].'”>Delete</a> </td>’;
   echo’  </tr>’;
echo ‘</table>’;
}
}
}

This function lists all the categories in the database by name and also gives the option to delete them. The link:

<a href=”delete_cat.php?catid=’.$row[‘catid’].'”>Delete</a>

sends a value called “catid” to the delete_cat.php page.

Here’s the output of this function:

And here’s the code that performs the deletion:

<?
include “../config.php”;
if(isset($_GET[‘catid’])){
$query=”DELETE FROM categories WHERE catid='”.$_GET[‘catid’].”‘”;
if(!mysql_query($query)){
echo mysql_error();
}
header(“Location:main.php?action=listcat”);
}
?>

This function uses the category id value sent by the listcat() function to delete the category from the database. Again I’ve taken the secure route by checking first to see whether the “catid” variable has a value before proceeding with deleting the record.

{mospagebreak title=The Links}

The “create new user” link takes you to the register script, but this time a variable is sent with the link. This variable enables a new row called “level” to be shown in the form, as you can see below:

 

This row enables the admin to register a user as admin. If you register normally, this option is not available.

The “create new thread” link goes to a page called new_post.php. This page is similar to the form on the comments page, but requires that the title and category of the article be specified as below:

I created this page so that the admin can start a new topic or thread. The normal page that the users use to post a new message does not have the title or category sections.

Conclusion

The admin area can of course be improved a lot. With this script I’ve not only touched on the basics, but have also laid the foundation that could lead to a much more robust administration script being developed.

[gp-comments width="770" linklove="off" ]

chat sex hikayeleri Ensest hikaye