» (PHP User Authentication) PHP MYSQL Database Driven Websites – Tutorial 5 PHPJavascript Web Development Guide – My Personal Library of Tutorials and Scripts

(PHP User Authentication) PHP MYSQL Database Driven Websites – Tutorial 5

September9

Create different user accounts with different access rights at the CMS and the website.

You don’t have to go through the previous tutorials to attend this one.

Recap:

Previously we had build an online egames website with a CMS to add delete modify games with a secure login system
Download file 91.rar “start” folder consist of the work done previously and “final” folder consist of the complete work done in this tutorial

Download the 91.rar from this webpage; rename the folder “start” to “egames” and copy it to c:/wwwroot/inetpub.

Upload the DB structure from file egames.sql. Add columns access1, access2, fname, lname, email, website to the table “adminuser” in the egames DB. OR for simplification purpose drop the existing ‘adminuser’ table and create again following the below code:

CREATE TABLE IF NOT EXISTS `adminuser` ( `sno` varchar(50) NOT NULL, `username` varchar(50) NOT NULL, `password` varchar(50) NOT NULL, `access1` char(1) NOT NULL default '0', `access2` char(1) NOT NULL default '0', `fname` varchar(10) default NULL, `lname` varchar(10) default NULL, `email` varchar(50) default NULL, `website` varchar(50) default NULL, PRIMARY KEY (`username`) );

INSERT INTO `adminuser` (`sno`, `username`, `password`, `access1`, `access2`, `fname`, `lname`, `email`, `website`) VALUES
(’1′, ‘admin’, ‘5f4dcc3b5aa765d61d8327deb882cf99′, ‘1′, ‘1′, NULL, NULL, ”, NULL),
(’2′, ’sammy’, ‘0b4e7a0e5fe84ad35fb5f95b9ceeac79′, ‘0′, ‘1′, ’sumaiay’, ‘javed’, ’sum2@yah.om’, ”);

Using the CMS you can add, delete and modify ‘products’ and ‘category’. These are the access rights of an admin user, we will develop a script to create different user accounts with different access rights. Eg user account ’sammy’ can make changes to products but not to category and hence forth. If ‘access1‘ field in the table ‘adminuser’ is set to 1 then the user has access rights to ‘category’ and if ‘access2‘ is set to 1 then to ‘product’.

Open IE type http://localhost/egames/admin. Username: admin Password:password. Click on “user account” this is the page we will be working on.

account.php
Firstly we will develop a script to create different user accounts and save their details in the database. Open account.php and find <!— listing —> and type the following:

<? $res1=mysql_query(”select * from adminuser order by sno”) or die(”cannot select adminuser”); $totalrecords=mysql_num_rows($res1); $k=0; ?> <table width=”100%” cellpadding=”0″ cellspacing=”0″ border=”0″> <tr><td width=”100%” colspan=”6″> <table><tr><td> <form name=”myform1″ method=”post” action=”accountdelete.php” onsubmit=”return ValidateForm(this,’enquiry’)”> <input type=”image” src=”delete.gif” value=”Delete” alt=”Delete” align=”left”> </td> <td align=”right”><a href=”javascript:SetChecked(1,’enquiry’)”><font class=”tablack”>Select all</a> <a href=”javascript:SetChecked(0,’enquiry’)”><font class=”tablack”>Clear all</a> </td> <td class=”t1blackb” align=”right”><b>Total No of User Accounts: <? echo $totalrecords ?> </b> </td></tr></table> </td></tr> <tr> <td width=”20%” height=”28″><font class=tawhiteb>Username</font></td> <td width=”20%” height=”28″><font class=tawhiteb>Name</font></td> <td width=”20%” height=”28″><font class=tawhiteb>Email</font></td> <td width=”20%” height=”28″><font class=tawhiteb>Website</font></td> <td width=”10%” height=”28″><font class=tawhiteb>Access</font></td> <td width=”10%” height=”28″><font class=tawhiteb>Delete</font></td> </tr> <? while ($row=mysql_fetch_array($res1)) { $k++; $sno=$row["sno"]; $access=”"; ?> <tr> <td height=”28″><a href=”accountmodify.php?sno=<?echo $sno?>”><font class=”link”><? echo $row["username"]?></font></a></td> <td height=”28″><font><? echo $row["fname"].” “.$row["lname"];?></font></td> <td height=”28″><font><? echo $row["email"];?></font></td> <td height=”28″ class=”algray”><font><? echo $row["website"];?></font></td> <td height=”28″ class=”algray”><font><a onClick=”window.open(’access.php?sno=<?echo $sno?>’,'welcome’, ‘width=700,height=50,menubar=no,status=no, directories=no, location=yes,toolbar=no,scrollbars=no,copyhistory=no,resizable=no’);” style=”cursor:hand”>View</a></font></td> <td height=”28″><p align=”center”><input type=”checkbox” name=”<? echo “enquiry”.$k ?>” value=”<? echo $row["sno"] ?>”></td> </tr> <? } ?> <tr><td colspan=”6″></form></td></tr> </table> <table border=”0″ cellpadding=”3″ cellspacing=”1″ width=”100%” height=”11″> <tr><td height=”50″><form name=myform method=”post” action=”accountsave.php” onSubmit=”return validate()”></td></tr> <tr> <td colspan=”3″ height=”24″><font>Add New User Account</font> </td> </tr> <tr> <td valign=”middle” align=”left”><font class=tblack>Username</font> <font class=”tredb”>*</font></td> <td valign=”middle” align=”center”><font class=tblack>:</font></td> <td valign=”middle” align=”left”><font><input type=”text” name=”username” size=”35″ class=”ainput”></font></td> </tr> <tr> <td valign=”middle” align=”left”><font class=tblack>Password </font><font class=”tredb”>*</font></td> <td valign=”middle” align=”center”><font class=tblack>:</font></td> <td valign=”middle” align=”left”><font><input class=ainput type=”password” name=”newpassword” size=”35″></font></td> </tr> <tr> <td valign=”middle” align=”left”><font class=tblack>Confirm Password</font> <font class=”tredb”>*</font></td> <td valign=”middle” align=”center”><font class=tblack>:</font></td> <td valign=”middle” align=”left”><font><input class=ainput type=”password” name=”confirmpassword” size=”35″></font></td> </tr> <tr> <td valign=”middle” align=”left”><font class=tblack>First Name </font><font class=”tredb”>*</font></td> <td valign=”middle” align=”center”><font class=tblack>:</font></td> <td valign=”middle” align=”left”><font><input type=”text” name=”fname” size=”35″ class=”ainput”></font></td> </tr> <tr> <td valign=”middle” align=”left”><font class=tblack>Last Name</font></td> <td valign=”middle” align=”center”><font class=tblack>:</font></td> <td valign=”middle” align=”left”><font><input type=”text” name=”lname” size=”35″ class=”ainput”></font></td> </tr> <tr> <td valign=”middle” align=”left”><font class=tblack>Email</font> <font class=”tredb”>*</font></td> <td valign=”middle” align=”center”><font class=tblack>:</font></td> <td valign=”middle” align=”left”><font><input type=”text” name=”email” size=”35″ class=”ainput”></font></td> </tr> <tr> <td valign=”middle” align=”left”><font class=tblack>Website</font></td> <td valign=”middle” align=”center”><font class=tblack>:</font></td> <td valign=”middle” align=”left”><font><input type=”text” name=”website” size=”35″ class=”ainput”></font></td> </tr> <tr> <td valign=”middle” align=”left”><font class=tblack>Access Rights</font></td> <td valign=”middle” align=”center”><font class=tblack>:</font></td> <td valign=”middle” align=”left”><font> <select name=”access[]” style=”width:195px” multiple id=”accessid”> <option value=”">Select Access Rights</option> <option value=”access1″>Category</option> <option value=”access2″>Product</option> </select> <br>Press Ctrl for multiple selections </font></td> </tr> <tr> <td height=”21″ colspan=”3″></td> </tr> <tr> <td height=”21″ class=white valign=”middle” align=”center” colspan=”3″><font class=tblack> <input type=”submit” value=”Submit” name=”Submit”> <input type=”reset” value=”Reset” name=”Reset”></font></form></td> </tr> </table>

I have introduced a change in programming style. Read the above code and you will notice that account.php page contains a form to add new user accounts. Previously I would have created a new page addaccount.php to add new users but here I have used a single page ‘account.php’ for both purposes. Now when the user clicks submit, the new user account details entered will be saved with an alert box confirming the status while the user stays on the same webpage. If I am confusing you then lets do the coding and get a better picture.

accountsave.php
Saves the new user account details in the table “adminuser”. Open and type the following:

<? session_start(); include(”../config.php”); include(”adminchecksession.php”); ?> <? $username=$_POST["username"]; $newpassword=md5($_POST["newpassword"]); $fname=$_POST["fname"]; $lname=$_POST["lname"]; $email=$_POST["email"]; $website=$_POST["website"]; $access=$_POST["access"]; $string=”"; for($i=0;$i<sizeof($access);$i++){ $string .= $access[$i].” “;} if(strcmp(strstr($string,”access1″),”)==0) $access1=0; else $access1=1; if(strcmp(strstr($string,”access2″),”)==0) $access2=0; else $access2=1; //echo “company:”.$company.” employee:”.$employee.” form:”.$form.” knowledge:”.$knowledge.” fun:”.$fun.” attendance:”.$attendance; $res=mysql_query(”select sno from adminuser order by sno desc”) or die(”cannot select from adminuser”); $row=mysql_fetch_array($res); $sno=$row["sno"]+1; $flag=mysql_query(”insert into adminuser values(’$sno’,'$username’, ‘$newpassword’, ‘$access1′, ‘$access2′, ‘$fname’, ‘$lname’, ‘$email’, ‘$website’)”); $flag2=mysql_error(); ?> <? include(”account1.php”); ?> <? if($flag==1){ ?> <script>alert(”New User Account Has Been Created!”);</script> <? } else {?><script>alert(”New user account could not be created.\n\n Error: <?echo $flag2;?>”);</script><? } ?>

account1.php

Open account.php saveas account1.php
Delete the first three lines of code and save again (<?session_start();include("../config.php"); include("adminchecksession.php");?>

Now test the script. Add a new user details and click submit. Done? …… Got the picture!!!….
This sort of programming style reduces the no of clicks required by a visitor hence makes it easier for him/her to use a particular application. This is the aim behind the very hyped AJAX. Anyways not diverting from our topic lets develop the remaining scripts.

accountdelete.php
Deletes the user account from the mysql table “adminuser”. Open and type the following:

<? session_start(); include(”../config.php”); include(”adminchecksession.php”); ?> <? for($i=1;$i<=50;$i++) { if(ISSET($_REQUEST["enquiry".$i])) { $sno=$_REQUEST["enquiry".$i]; $res=mysql_query(”select * from adminuser where sno=’$sno’”); $row=mysql_fetch_array($res); $stri=”Delete from adminuser where sno=’$sno’ “; $flag=mysql_query($stri); } } ?> <? include(”account1.php”); ?> <? if($flag==1){ ?> <script>alert(”User accounts have been deleted”);</script> <? } else {?><script>alert(”User accounts could not be deleted”);</script><? } ?>

access.php
Displays the access rights of a user account. Open and type the following:

<? session_start(); include(”../config.php”); include(”adminchecksession.php”); ?> <html> <head> <title>Access Rights </title> <link rel=”stylesheet” type=”text/css” href=”style.css”> <body> <? $sno=$_REQUEST["sno"]; $res1=mysql_query(”select * from adminuser where sno=’$sno’”) or die(”cannot select adminuser”); $row=mysql_fetch_array($res1); ?> <table width=”100%” cellpadding=”6″ cellspacing=”1″ class=”white”> <tr><td><font class=twhiteb>Category</td><td><font class=twhiteb>Product</td></tr> <tr> <td><font><? if($row["access1"]) echo “Yes”; else echo “No”;?></font></td> <td><font><? if($row["access2"]) echo “Yes”; else echo “No”;?></font></td> </tr> </table> </body> </html>

So done, should we start the explanation??? Not so fast dude … you say “excuse me that was lengthy enough”. I agree I agree just few more crucial steps left and you are all set to the finish line. (Hey… this reminds me of my school days, remember those last 10mins of a class… how we use to wait for the bell to ringgggg, speciaaaally if the next class was break time!! Whoe those were some days….

Anyways back to the topic, lets complete our last few steps. Now so far we had created scritps to create, delete and view user accounts with different access rights. But how do we implement it, like how to we make sure that lets say “sammy” who has access rights only on “product” do not alter “category”. Well to do that we have to do the following:

checklogin.php
Open checklogin.php type the following below line $_SESSION['user']=$susername;

if($rows["access1"]==1) $_SESSION["access1"]=1;
if($rows["access2"]==1) $_SESSION["access2"]=1;

adminchecksession1.php
Open adminchecksession1.php and type the following:

<? if(!(isset($_SESSION['access1']))) { ?> <script language="JavaScript"> window.open("index.php", "_self") </script> <? } ?>

adminchecksession2.php
Open adminchecksession2.php and type the following:

<? if(!(isset($_SESSION['access2']))) { ?> <script language="JavaScript"> window.open("index.php", "_self") </script> <? } ?>

Open category.php, addcategory.php, savecategory.php, modifycategory.php, updatecategory.php, viewcategory.php, deletecategory.php
replace adminchecksession.php with adminchecksession1.php

Open product.php, addproduct.php, saveproduct.php, modifyproduct.php, updateproduct.php, viewproduct.php, deleteproduct.php
replace adminchecksession.php with adminchecksession2.php

Explanation

Code	Explanation
account.php
`session_start(); include("../config.php"); include("adminchecksession.php");`	starts a new session checks the authenticity of the user. Refer to the login script for explanation.
`$res1=mysql_query("select * from adminuser order by sno"); $totalrecords=mysql_num_rows($res1);`	Open mysql table “adminuser” to display the list of existing users
`while ($row=mysql_fetch_array($res1)) {`	Fetch all the rows from table “adminuser”
`echo $row["username"]; echo $row["fname"]." ".$row["lname"]; ++`	display user details
`<form name=myform method="post" action="accountsave.php" onSubmit="return validate()"> <input type="text" name="username" size="35"> <input type="password" name="newpassword" size="35"> <select name="access[]" style="width:195px" multiple id="accessid"> <option value="">Select Access Rights</option> <option value="access1">Category</option> <option value="access2">Product</option> </select> ...... </form>`	form to add new user details submitting to “accountsave.php” select access[] is used to select access rights of a user. Note access[] forms an array in accountsave.php and is used in a new fashion to retrieve access rights of a user account.
accountsave.php
`$username=$_POST["username"]; $newpassword=md5($_POST["newpassword"]); ....... $access=$_POST["access"];`	md5() encrypts the password to be securely saved in the mysql table
`$string=""; for($i=0;$i<sizeof($access);$i++){ $string .= $access[$i]." ";}`	converts the value stored in the array ‘$access’ into a string
`if(strcmp(strstr($string,"access1"),'')==0) $access1=0; else $access1=1;`	if $access1 was selected then set a variable $access1=1 else $access1=0
`if(strcmp(strstr($string,"access2"),'')==0) $access2=0; else $access2=1;`	if $access2 was selected then set a variable $access2=1 else $access2=0
`$flag=mysql_query("insert into adminuser values('$sno','$username', '$newpassword', '$access1', '$access2', '$fname', '$lname', '$email', '$website')");`	insert the values in the table
`<? include("account1.php"); ?>` <? if($flag==1){ ?> <script>alert(”New User Account Has Been Created!”);</script> <? } else {?><script>alert(”New user account could not be created.\n\n Error: <?echo $flag2;?>”);</script><? } ?>	Displays the list of user accounts and html form to add new users followed by confirmation message if the values were inserted successfully then “display that the account has been created” else “display account has not been created”
account1.php
Same as account.php without the starting three lines of code `session_start(); include("../config.php"); include("adminchecksession.php");`	account1.php is included in accountsave.php, accountdelete.php which already contains the the three lines
accountdelete.php
`$sno=$_REQUEST["enquiry".$i];`	the checkbox field in account.php is equal to sno of a record “adminuser” from account.php `<input type="checkbox" name="<? echo "enquiry".$k ?>" value="<? echo $row["sno"] ?>">`
`Delete from adminuser where sno='$sno'`	delete records from adminuser where sno=$sno
`<? include("account1.php"); ?> <? if($flag==1){ ?> <script>alert("User accounts have been deleted");</script> <? } else {?><script>alert("User accounts could not be deleted");</script><? } ?>`	Displays the list of user accounts and html form to add new users followed by confirmation message if the values were deleted successfully then “display that the account has been deleted” else “display account has not been deleted”
checklogin.php
`if($rows["access1"]==1) $_SESSION["access1"]=1; if($rows["access2"]==1) $_SESSION["access2"]=1;`	If ‘access1′ field value is set to 1 then declare a new session access1=1 If ‘access2′ field value is set to 1 then declare a new session access2=1
adminchecksession1.php
`<? if(!(isset($_SESSION['access1']))) { ?> <script language="JavaScript"> window.open("index.php", "_self") </script> <? } ?>`	if session ‘access1′ is NOT set then go to index.php.Note: Field ‘access1′ is for ‘category’.
adminchecksession2.php
`<? if(!(isset($_SESSION['access2']))) { ?> <script language="JavaScript"> window.open("index.php", "_self") </script> <? } ?>`	if session ‘access2′ is NOT set then go to index.php.Note: Field ‘access2′ is for ‘product’

posted under Development Guide

Drupal Views Taxonomy Parent Term and Child Term
1:10 pm, August 4, 2010

Drupal url current page
10:57 am, July 27, 2010

Drupal upload server database
5:06 am, July 21, 2010

Opacity css ie internet explorer issue
4:46 pm, July 4, 2010

Drupal 404 403 errors theme regions missing
11:36 am, July 4, 2010

Ubercart cart slide down jquery effect elegant look
5:26 pm, July 3, 2010

Ubercart option image my theme not working
1:11 pm, July 3, 2010

Ubercart catalog default image
2:13 pm, June 30, 2010

Apache XAMPP add new website
5:38 pm, June 23, 2010

Ubercart migs page not found
2:04 pm, June 20, 2010