User Management in a PHP Invoicing System

In this fourth and final article covering the creation of a PHP invoicing system, we’re going to put together the user management section. In this section we will be able to view all available users and do all the associated things like deleting or updating user details. We are also going to be able to add new users.


Three downloadable files are available for this article; you can access them here, here, and here.

Let’s start by showing how we are going to list all the users in the database. Create a new PHP document and save it as allusers.php. On this page we are going to display user names and full names.

But before we do anything else, let’s create the query that will retrieve all the user details from the database. On the very top of the page add the following code:

<?
include “config.php”;
$query_users = “SELECT uid, uname, fname,lname  FROM users ORDER BY uid
DESC”;
$result_users = mysql_query($query_users);
$num_users = mysql_num_rows($result_users);
?>

As a matter of good coding practice, not to mention security, I have not retrieved the password of the user at this stage. It will be retrieved only when the user wants to view his/her profile, later on.

So let’s create a table with the above headers as well as a column with “action” as its header:

<tr class=”tblheadings”>
          <td><strong>User  Name</strong> </td>
                           <td><strong>Full Name </strong></td>
<? if($_SESSION['level'] ==”admin” ) {  ?>
                           <td><strong>Action</strong></td>
                           <? }?>        </tr>

For security reasons I’ve added a condition on when the action column can be displayed. The column should only be shown if the person who is logged in is an administrator. This will prevent non-admin users from changing any important information. If you just want to view or change your details, then you should go to the “User settings link.”

Next we will built a dynamic table based on the results from the query:

<?
                        if($num_users > 0){
                        while($users= mysql_fetch_assoc
($result_users)){
                        ?>
        <tr class=”tblinfo”>
          <td><?=$users['uname'];?> </td>
                        <? if($_SESSION['level'] ==”admin” ) {  ?
>
                          <td><a href=”uprofile.php?uid=<?=$users
['uid']?>”>View Full Details </a> |<a href=”delusers.php?uid=<?
=$users['uid']?>”>Delete</a> <a href=”uprofile.php?uid=<?=$users
['uid']?>”>Edit</a></td>
                            <? }?>
        </tr>
                        <? } 
                        }else{?>
                        <tr>
                        <td colspan=”2″><p>There are currently no
users details available.</p></td>
                        </tr>                       

                        <? }?>

I’ve put in place the same security barrier as before, so please take note.

The above code retrieves and builds a dynamic table by checking whether the results of the query returned any rows, as in:

if($num_users > 0){
                        while($users= mysql_fetch_assoc
($result_users)){
                        ?>

If there are rows returned, a ‘while()’ loop is called, and the rows and cells for the retrieved data are created. In the event that there are no users, the following is displayed:

}else{?>
                        <tr>
                        <td colspan=”2″><p>There are currently no
users details available.</p></td>
                        </tr>
                        
                       
<? }?>

Below is a screen shot of a users page:

{mospagebreak title=The Action column}

The action column in the above table has links to two pages, Delusers.php and Uprofile.php. Delusers.php removes a user from the database. Uprofile.php shows the details about a user, and doubles as an update page.

Let’s look at the code that removes a user from the database:

<?
include “config.php”;
if(isset($_GET['uid'])){
$query = “DELETE FROM users WHERE uid = ‘”.$_GET['uid'].”‘”;
if(mysql_query($query))
{
header(“location:allusers.php”);
}else{
echo mysql_error();
}
}
?>

In this code, a user ID is received and is then used to remove the user from the users table with a “delete” query. If the query is successful the user is redirected to the allusers page.

Next we are going to deal with how to add a new user. Create a new PHP document and save it as “new_user.php.” To create a new user, we will need to create a form to take input from the creator.  Since this will potentially give full access to the system to the yet-to-be-created user, we will need to make sure that only the “admin” has access to this page. Here’s the HTML code for the form:

<?
//check if level is admin. ONLY Admin can create new users
if($_SESSION['level'] == “admin”){
?>        
            <form action=”uprofile.php” method=”post”
name=”profile”>
            <table width=”100%” border=”0″ cellspacing=”1″>
  <tr>
    <td colspan=”2″></td>
    </tr>
  <tr>
    <td valign=”top”><img src=”http://www.devshed.com/wp-content/themes/twentyten/images/icon_user.gif” width=”36″
height=”41″ /></td>
    <td valign=”top”><h1>User Information</h1></td>
  </tr>
  <tr>
    <td width=”8%”>&nbsp;</td>
    <td width=”92%”>&nbsp;</td>
  </tr>

  <tr>
    <td class=”td”>Username</td>
    <td><input name=”uname” type=”text” id=”uname”
size=”80″ /></td>
  </tr>
  <tr>
    <td>Password</td>
    <td><input name=”upass” type=”password” id=”upass” size=”80″/></td>
  </tr>
  <tr>
    <td>First Name </td>
    <td><input name=”fname” type=”text” id=”fname”
size=”80″  /></td>
  </tr>
  <tr>
    <td>Last Name </td>
    <td><input name=”lname” type=”text” id=”lname” size=”80″  />
            <input name=”level” type=”hidden” value=”normal” /></td>
  </tr>
   <tr>
    <td>&nbsp;</td>
    <td><input type=”submit” name=”submit” value=”Add User” /></td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
  </tr>
</table>
            </form>
            <? }else{?>
            
            <table>
            <tr><td>
            <p>You are not authorized to create new
users.</p>           

            </td></tr></table><? }?>

To make sure that an administrator has accessed the page, I have inserted the admin check code, so if a non-admin user tries to access the page they will get a “You are not authorized to create new users” message instead of the form.

To handle form information, add the following code at the top of the page:

<? include “FCKeditor/fckeditor.php”;
include “config.php”;
if(isset($_POST['submit'])){
$query_ins = “INSERT INTO users SET uname='”.trim(addslashes
($_POST['uname'])).”‘,upass='”.trim(addslashes($_POST
['upass'])).”‘,”;
$query_ins .= “fname = ‘”.trim(addslashes($_POST['fname'])).”‘,”;
$query_ins .= “lname = ‘”.trim(addslashes($_POST
['lname'])).”‘,level = ‘”.trim(addslashes($_POST['level'])).”‘”;
if(mysql_query($query_ins)){
header(“location:main.php”);
}else{
echo mysql_error();
}
}
?>

This code will process the form data by running an insert query as shown above. Once a record is inserted, the user will then be redirected to the allusers page where the newly created user details will be displayed.

Below is a screen shot of what the page looks like:

{mospagebreak title=Emailing reminders}

When a invoice remains unpaid for a set amount of time you can send an email as a reminder to the client. This option is available when you view the list of unpaid invoices. So, create a new PHP document and save it as emailInv.php. Then add the following code:

Code 8 emailInv.php

<?
ob_start();
include “config.php”;
$query=”SELECT email FROM client where id='”.$u_id.”‘”;
$result1 = mysql_query($query);
            if (!$result1) {
               $error = mysql_error();
}else{
while ($row = mysql_fetch_array($result1)) {
$em= $row["email"];
}
}
$query=”SELECT * FROM invoices where invno='”.$u_id.”‘”;
$results=mysql_query($query);
if(!$results){
exit(mysql_error());
}
 while ($row = mysql_fetch_array($results)) {
                $invNo=$row["invno"];
                $dte=$row["inv_date"];
              $dte=date(“d/m/Y”);
                                                     }
$query_invdetails = “SELECT * FROM clientinv WHERE finv='”.$invNo'”;
if(!$result_invdetails= mysql_query($query_invdetails)){
echo mysql_error();
}else{
$num_invdetails = mysql_num_rows($result_invdetails);
$invdetails=mysql_fetch_assoc($result_invdetails);}
$emailAd=your@emailaddress;
$subj=”RE: Overdue Invoice Reminder.”;
$mess=”Product Description: $invdetails['descr']crn”;
$mess .=”Invoice Number: $invNorn”;
$mess .= “Invoice Date: $dtern”;
$mess .=”Total (incl. VAT): $invdetails['totwVAT']rn”;
$mess .=”If you have any queries or problems please do not hesitate to contactrn”;
$mess .=” your@emailaddress “;
$from=” your@emailaddress
$to=$em ;//Client email address
if (mail($to,$subj,$mess,$from)){
header(“location:Main.php?act=success”);
}else{
echo “Could not send mail. Please check your mail settings”;
}
?>

A client ID is sent to this script from the unpaid.php page and is then used to retrieve the email address and other information of the client. The script runs three queries; each of them retrieves data related to a particular invoice. The first query interrogates the client table and retrieves the client email address. The second query retrieves the invoice number and the date of the invoice. And finally, the third query retrieves the invoice description and cost.  This information is then used to create an email message, and then sent off.  

{mospagebreak title=User settings page}

On this page the details of the user that is currently logged on is shown. You can also update your details at the same time as viewing them. Below is a screen shot of what it looks like:

To create this page we need to make a form with four text fields and a drop-down box. Here’s the HTML code for the form:

<form action=”uprofile.php” method=”post” name=”profile”>
            <table width=”100%” border=”0″ cellspacing=”1″>
  <tr>
    <td colspan=”2″></td>
    </tr>
  <tr>
    <td valign=”top”><img src=”http://www.devshed.com/wp-content/themes/twentyten/images/icon_user.gif” width=”36″
height=”41″ /></td>
    <td valign=”top”><h1>User Information</h1></td>
  </tr>
  <tr>
    <td width=”8%”>&nbsp;</td>
    <td width=”92%”><? if(isset($msg)){
            echo $msg;           

           

            }?></td>
  </tr>
  <? if($num > 0){?>
  <tr>
    <td class=”td”>Username</td>
    <td><input name=”uname” type=”text” id=”uname” size=”80″
  value=”<?=$row_up['uname']; ?>”/></td>
  </tr>
  <tr>
    <td>Password</td>
    <td><input name=”upass” type=”password” id=”upass” size=”80″
  value=”<?=$row_up['upass']; ?>”/></td>
  </tr>
  <tr>
    <td>First Name </td>
    <td><input name=”fname” type=”text” id=”fname” size=”80″
  value=”<?=$row_up['fname']; ?>”/></td>
  </tr>
  <tr>
    <td>Last Name </td>
    <td><input name=”lname” type=”text” id=”lname” size=”80″
  value=”<?=$row_up['lname']; ?>”/></td>
  </tr>
  <? $query = “SELECT * FROM users”;
  $res = mysql_query($query);
  $numres = mysql_num_rows($res);
  if($numres > 0){
  while($rows = mysql_fetch_assoc($res)){ 
  ?>
  <tr>
    <td>Level</td>
    <td><select name=”level” id=”level”>
    <option value=”<?=$rows['level'];?>”>
            <?=$rows['level']; ?>
            </option>
            <? 
            }
            }?>
            </select>    </td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td><input type=”submit” name=”submit” value=”Update
Profile” /></td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
  </tr>
<? }?>
</table>
            </form>

It is basically a form with an embedded table. When the form is submitted, the code below handles its data:

Code 9:

<?
include “config.php”;
if(isset($_POST['submit'])){
$query_updt= “UPDATE users SET uname = ‘”.trim(addslashes($_POST
['uname'])).”‘,upass='”.trim(addslashes($_POST
['upass'])).”‘,fname='”.trim(addslashes($_POST
['fname'])).”‘,lname='”.trim(addslashes($_POST
['lname'])).”‘,level='”.trim(addslashes($_POST['level'])).”‘”;
if(mysql_query($query_updt)){
$msg= “Your profile has been updated.”;
}else{
$msg=”Could not update your profile because “.mysql_error();
}
}
if(isset($_GET['uid'])){
$query_up= “SELECT * FROM users WHERE uid = ‘”.$_GET['uid'].”‘”;
$up_result = mysql_query($query_up);
$num = mysql_num_rows($up_result);
$row_up = mysql_fetch_assoc($up_result);
}else{
$query_up= “SELECT * FROM users WHERE uid = ‘”.$_SESSION['u_id'].”‘”;
$up_result = mysql_query($query_up);
$num = mysql_num_rows($up_result);
$row_up = mysql_fetch_assoc($up_result);
}
?> 

This code does two things. First it checks to see whether the form data is submitted and then runs an update query. Second, when this page is first opened, a query is run to retrieve the information relating to the user that is currently logged on. This is the second query in the code listing above.

Conclusion

If you are using an invoicing system that is used by many people, user management becomes very important. This is mainly because you have to be able to record and track invoice activity as a means of preventing fraud. With a more advanced user management system you will be able to tell what a particular user was doing and how many invoices he or she issued during any given period. With little changes to the code, you can achieve this.

[gp-comments width="770" linklove="off" ]

chat sex hikayeleri Ensest hikaye