Welcome to part 2. This part is a lot lighter than part 1; I’m sure you’ll fly through it. Basically we’re going to walk through the administrative functions of editing, cancelling and deleting gig listings. At the end I’ll list all the files needed to make the admin area actually work, such as login, logout etc. No explanation of these other files will be given as I explained in part 1. A thorough look at them can be seen in my guestbook tutorial.
If you glance back at the end of part one, I left you with the buttons to edit, delete and cancel gigs. The first function we’re going to look at is editing. Here’s the file, it’s called edit_gig.php. All the while, you’ll notice that these administrative functions always start with a check to see if the user is logged in:
if(!session_is_registered(username)){
header(“location:main_login.php”);
}
in other words, if there is no session registered to this user, load the page main_login.php instead.
edit_gig.php
//check if session is not registered then redirect back to main page
session_start();
if(!session_is_registered(username)){
header(“location:main_login.php”);
}//connect to mysql and database
require (‘connect.php’);//edit the entry
if(isset($_POST['name']))
{
$id=$_POST['name'];
$query=”SELECT * FROM gigs WHERE id=$id”;
$result=mysql_query($query);
$row=mysql_fetch_array($result);
echo ‘<form action=”make_gig_edit.php” method=”post”>’;
echo ‘<input type=hidden name=”id” value=”‘.$id.’”>’;
echo ‘<p>’.$row['date'].’</p>’;
echo ‘<label for=”description”>Description<textarea name=”Description” rows=”6″>’.$row['description'].’</textarea></label><br/>’;
echo ‘<label for=”email”>email<input type=”text” name=”email” value=”‘.$row['email'].’”></label><br/>’;
echo ‘<label for=”website”>website<input type=”text” name=”Web” value=”‘.$row['www'].’”></label><br/>’;
echo ‘<label for=”addgig”><input type=”submit” value=”Save Edit”></label>’;
}
?>
Ok, hopefully you’ll have noticed that this page is actually only a form? That’s because editing is a two stage process. First, you need to grab the information and squirt it into a form for the user to edit. That’s what edit_gig.php does. The next step is to actually make those changes in the database so that they show up in the gig listing itself. So I have created make_gig_edit.php, and here it is:
make_gig_edit.php
<?php
//check if session is not registered then redirect back to main page
session_start();
if(!session_is_registered(username)){
header(“location:main_login.php”);
}
//connect to database
require (‘connect.php’);
//update the entry]
if(isset($_POST['id']))
{
$description=$_POST['Description'];
$email=$_POST['email'];
$website=$_POST['Web'];
$id=$_POST['id'];
$sql=”UPDATE gigs SET description=’$description’, email=’$email’, www=’$website’, cancelled=’$cancelled’ WHERE id=$id”;
$result=mysql_query($sql)or die(mysql_error());
echo ‘<p>Edit complete. <a href=”add_gig3.php”>Click Here to continue</a>.</p>’;
}
?>
It’s beautifully simple. Just read the information sent by $_POST, and write it to the database using the UPDATE…WHERE syntax. I’ve added a confirmation message at the end there, in the form of a link to click to acknowledge the change. That way, if the message doesn’t appear, I know something’s gone wrong.
Have a look at delete_gig.php and cancel_gig.php – they work in very similar ways to the above, with the exception of the mysql query. The row id sent by $_POST is read, and the corresponding gig is either deleted or flagged as cancelled. Check it out:
delete_gig.php
//check if session is not registered then redirect back to main page
session_start();
if(!session_is_registered(username)){
header(“location:main_login.php”);
}//connect
require (‘connect.php’);//delete the entry
if(isset($_POST['name']))
{
$id=$_POST['name'];
$sql=”DELETE FROM gigs WHERE id=$id”;
$result=mysql_query($sql)or die(mysql_error());
echo ‘<div id=”notification”><p>Gig deleted</p>’;
}echo ‘<p><a href=”add_gig3.php”>Click here to go back</a></p></div>’;
?>
cancel_gig.php
//check if session is not registered then redirect back to main page
session_start();
if(!session_is_registered(username)){
header(“location:main_login.php”);
}
//connect to database
require (‘connect.php’);
//delete the entry
if(isset($_POST['name']))
{
$id=$_POST['name'];
$sql=”UPDATE gigs SET cancelled=’1′ WHERE id=$id”;
$result=mysql_query($sql)or die(mysql_error());
echo ‘<div id=”notification”><p>Gig Cancelled</p>’;
}echo ‘<p><a href=”add_gig3.php”>Click here to go back</a></p></div>’;
?>
Last of all, and very importantly, you’re going to need a page to actually show the gigs to the site visitor. It’s basically borrowed code from the add_gig.php page with the forms stripped out, and of course, requiring no login. This page is called gigslist.php:
require (‘connect.php’);
//get gigs from database
$query=”SELECT * FROM gigs ORDER BY date”;
$result=mysql_query($query)or die(mysql_error());
//list gigs
while($row=mysql_fetch_array($result))
{
//only display future gigs
$whatstoday=time();
if(strtotime($row['date'])>$whatstoday)
{
//format the date
$formatdate=date(‘d M’, strtotime($row['date']));
//display the gig details
echo “<div class=’gig’><p class=’date’>”.$formatdate.”</p>”;
echo “<p>”.$row['description'].” “;
if ($row['email']!=”"){
echo “<p>Email: <a href=’mailto:”.$row['email'].”‘>”.$row['email'].”</a></p>”;
}
if ($row['www']!=”"){
echo “<p>Website: <a href=’”.$row['www'].”‘>”.$row['www'].”</a></p>”;
}echo “</div>”;
echo “<hr/>”;
}
}
?>
You really ought to give this page the appropriate heading and body tags etc, but I’m assuming prior knowledge here. And that’s it. What follows is the code for each of the files required to create a secure login area. Have fun with it, and please post a comment if something does or doesn’t work! ttfn !b
main_login.php (yeah, I know there’s no actual php in this one!)
<div id=”login”>
<form method=”post” action=”checklogin.php”>
<fieldset>
<legend>Admin area Login</legend>
<ul>
<li><label for=”username”>Username</label><input type=”text” name=”username”></li>
<li><label for=”password”>Password</label><input type=”password” name=”password”></li>
<li><label for=”submit”></label><input type=”submit” value=”login”></li>
</ul>
</fieldset>
</form>
</div>
checklogin.php
//connect to db
require (‘connect.php’);
//username and password from form
$username=$_POST['username'];
$password=$_POST['password'];
//protect db from sql injection
$username=stripslashes($username);
$password=stripslashes($password);
$username=mysql_real_escape_string($username);
$password=mysql_real_escape_string($password);
$password=md5($password);$sql=”SELECT * FROM logins WHERE username=’$username’ and password=’$password’”;
$result=mysql_query($sql);
//mysql num row is counting table row
$count=mysql_num_rows($result);
//if results match, then $count=1
if($count==1){
//register username and password, redirect to login_success.php
session_register(“username”);
session_register(“password”);
header(“location:edit_gig.php”);
}
else{
echo ‘<div id=”notification”><p>Username or password incorrect</p><p><a href=”main_login.php”>Click here to go back</a></p></div></body></html>’;
}
?>
logout.php
<?
session_start();
session_destroy();
?>
<div id=”notification”>
<p>You have logged out successfully.</p>
<p><a href=”gigslist.php”>Click here to continue</a></p>
</div>
Filed under: linux , diary, gig listing, mysql
