Usersystem Part 2
Posted by Pete | Posted in PHP Tutorials | Posted on 04-10-2009-05-2008
0
Well the next part is available for use 
. This part of the usersystem is the next part to the part 1 which can be found here. In this part we will focus on creating a ranking system so we can distinguish who is an administrator and who is a member. We will also create a function so that updating a user’s details is simple. Once we have this function we will create a members list, profile page for each user, and allow the user to edit their profile and password. So lets get stuck in.
So lets get started first we need to add more fields into the users table. So what we need to do is run the following MySQL query in the users table.
ALTER TABLE `users` ADD `msn` VARCHAR( 90 ) NOT NULL AFTER `email` ,
ADD `yahoo` VARCHAR( 90 ) NOT NULL AFTER `msn` ,
ADD `aim` VARCHAR( 90 ) NOT NULL AFTER `yahoo` ,
ADD `interests` VARCHAR( 1000 ) NOT NULL AFTER `aim` ,
ADD `hobbies` VARCHAR( 1000 ) NOT NULL AFTER `interests`
ADD `level` VARCHAR( 2 ) NOT NULL AFTER `hobbies`
Now we have the database sorted. We will create the function to update the user details. So open functions.php and before ?> add the following
function update_user($user_id, $values = array()){ $update_field = ""; // Start the $update_field so we can add to it. if(!is_array($values)){ // If $values isnt in an array show error. return "Update Values Not In An Array"; // Return the message. }else{ // Carry On :) $conn = mysql_connect(DATABASE_LOCATION,DATABASE_USERNAME,DATABASE_PASSWORD); // Connect to the mysql server mysql_select_db(DATABASE_NAME,$conn); // Select the database $values = protection($values); foreach ($values as $key => $value){ // Go through the array $get_columns = mysql_query("DESCRIBE `users`"); // Get the information about the users table. while($r=mysql_fetch_array($get_columns)) // Put the information into an array and go through it. { if($key == $r['Field']){ // Check if $key from the $values array is a valid database column. $update_field .= "`".$key."` = '".$value."', "; // If it is add it to $update_field variable. break; // Stop Loop. } } } $update_field = substr($update_field, "0", "-2"); // Now there all added remove the last , and space. $update = mysql_query("UPDATE `users` SET ".$update_field." WHERE `id` = '".$user_id."'"); // Update database if($update){ // Check if it successfully updated return "1"; // If it did return 1 }else{ // If not return Unknown Error. return "Unknown Error"; } } }
So now we can update the user with ease so lets now get started on editing your profile. For this we need to create a new page called editprofile.php
<?php // First we must start off the sessions session_start(); ob_start(); // Then include the configuration file which has the database connection and locations. include("configuration.php"); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /> <title>Edit Profile</title> <link rel="stylesheet" type="text/css" href="stylesheet.css" /> </head> <body> <?php if($loggedin = logged_in()){ // Check if they are logged in if($_POST['update_profile']){ // Check if submit button has been pushed if(empty($_POST['email_address'])){ // Check if email address is empty echo "<div id='error_msg'>You must fill in an email address.</div>"; // If it is show error }else{ // Otherwise go on $update_array = array("email" => $_POST['email_address'], "msn" => $_POST['msn'], "yahoo" => $_POST['yahoo'], "aim" => $_POST['aim'], "interests" => $_POST['interests'], "hobbies" => $_POST['hobbies']); // Put all fields into an array for the update function below $update = update_user($loggedin['user_id'], $update_array); // Get the id and the array and send it to the update function. if($update == "1"){ // If successfully update show successfully updated else show error. echo "<div id='success_msg'>Successfully Updated Profile.</div>"; }else{ echo "<div id='error_msg'>".$update."</div>"; } } } ?> <div id="selection_header">Edit Your Profile<br /><a href="changepassword.php" />Change Password</a></div> <div id="content"><form method="POST" id="register_form"> Email Address: <input id="register_form_field" name="email_address" type="text" style="width: 220px" value="<?php echo $loggedin['email'] ?>"><br> MSN:<input id="register_form_field" name="msn" type="text" style="width: 220px" value="<?php echo $loggedin['msn'] ?>"><br> Yahoo:<input id="register_form_field" name="yahoo" type="text" style="width: 220px" value="<?php echo $loggedin['yahoo'] ?>"><br> AIM:<input id="register_form_field" name="aim" type="text" style="width: 220px" value="<?php echo $loggedin['aim'] ?>"><br> <br> Interests:<br> <textarea id="register_form_field" name="interests" style="width: 240px; height: 68px"><?php echo $loggedin['interests'] ?></textarea><br> Hobbies: <br> <textarea id="register_form_field" name="hobbies" style="width: 240px; height: 68px"><?php echo $loggedin['hobbies'] ?></textarea><br> <br> <input id="register_form_field" name="update_profile" type="submit" value="Update Profile"></form></div> <?php }else{ // If not logged in ?> <div id="selection_header">You are not logged in.br /> Please login <a href="login.php">here</a></div> <?php } ?> </body> </html>
So you can now edit your profile but you still cant edit your password so lets create that next. Create another page with the following code and save it as changepassword.php
<?php // First we must start off the sessions session_start(); ob_start(); // Then include the configuration file which has the database connection and locations. include ("configuration.php"); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /> <title>Change Password</title> <link rel="stylesheet" type="text/css" href="stylesheet.css" /> </head> <body> <?php if ($loggedin = logged_in()) { // Check if they are logged in if ($_POST['update_password']) { // Check if submit button has been pushed if (empty($_POST['current_pw']) || empty($_POST['new_pw']) || empty($_POST['confirm_pw'])) { // Check if any form fields are left blank. echo "<div id='error_msg'>A Field Was Left Blank.</div>"; // If it is show error. } else { // Otherwise go on if (md5($_POST['current_pw']) != $loggedin['password']) // Encrypt current_pw from form and check if current password matches form. { echo "<div id='error_msg'>Current Password Is Incorrect</div>"; // If not show error. } else { if ($_POST['new_pw'] != $_POST['confirm_pw']) // Check if the new passwords match { echo "<div id='error_msg'>Passwords Do Not Match</div>"; // If not show error. } else { $update_array = array("password" => md5($_POST['new_pw'])); // Put new pw field into array $update = update_user($loggedin['user_id'], $update_array); // Get the user id and the array and send it to the update function. if ($update == "1") { // If successfully update show successfully updated else show error. echo "<div id='success_msg'>Successfully Updated Password.</div>"; } else { echo "<div id='error_msg'>" . $update . "</div>"; } } } } } ?> <div id="selection_header">Change Your Password</div> <div id="content"><form method="POST" id="register_form"> Current Password: <input id="register_form_field" name="current_pw" type="password" style="width: 220px" /><br /> New Password:<input id="register_form_field" name="new_pw" type="password" style="width: 220px" /><br /> Confirm Password:<input id="register_form_field" name="confirm_pw" type="password" style="width: 220px" /><br /> <br /> <input id="register_form_field" name="update_password" type="submit" value="Update Password" /></form></div> <?php } else { // If not logged in ?> <div id="selection_header">You are not logged in.br /> Please login <a href="login.php">here</a></div> <?php } ?> </body> </html>
Finally we need to create the page where we can view all the members and their profiles. So create members.php with the following.
<?php // First we must start off the sessions session_start(); ob_start(); // Then include the configuration file which has the database connection and locations. include("configuration.php"); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /> <title>Members List</title> <link rel="stylesheet" type="text/css" href="stylesheet.css" /> </head> <body> <?php if($loggedin = logged_in()){ // Check if they are logged in ?> <div id="selection_header">Members List</div> <div id="content"> <?php $members_q = mysql_query("SELECT * FROM users"); // Select all users while($mq=mysql_fetch_array($members_q)) // Get users data 1 by 1 { echo "<a href='profile.php?id=". $mq['id'] ."'>" . $mq['username'] . "</a> - " . $mq['level'] . "<br />"; // Echo data } ?></div> <?php }else{ // If not logged in ?> <div id="selection_header">You are not logged in.br /> Please login <a href="login.php">here</a></div> <?php } ?> </body> </html>
and finally profile.php
<?php // First we must start off the sessions session_start(); ob_start(); // Then include the configuration file which has the database connection and locations. include("configuration.php"); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /> <title>Members List</title> <link rel="stylesheet" type="text/css" href="stylesheet.css" /> </head> <body> <?php if($loggedin = logged_in()){ // Check if they are logged in $result = mysql_query("SELECT * FROM `users` WHERE `id` = '".protection($_GET['id'])."'"); // Get user from table $r = mysql_fetch_array($result); // Get users data into array. ?> <div id="selection_header"><?php echo $r['username']; ?> Profile</div> <div id="content"> <b>User ID:</b> <?php echo $r['id']; ?><br /> <b>Username:</b> <?php echo $r['username']; ?><br /> <b>Email Address:</b> <?php echo $r['email']; ?><br /> <b>MSN:</b> <?php echo $r['msn']; ?><br /> <b>Yahoo:</b> <?php echo $r['yahoo']; ?><br /> <b>AIM:</b> <?php echo $r['aim']; ?><br /> <b>Level:</b> <?php echo $r['level']; ?><br /> </div> <?php }else{ // If not logged in ?> <div id="selection_header">You are not logged in.br /> Please login <a href="login.php">here</a></div> <?php } ?> </body> Dont forget membersarea.php here we have multiple edits. In members area we will be adding a few links and also the ability to upgrade members to administrators. find <pre lang="PHP"><div id="selection_header">Welcome <?php echo $loggedin['username']; ?> To The Members Area<br /><a href="logout.php">Logout</a></div>
and replace with
<div id="selection_header">Welcome <?php echo $loggedin['username']; ?> To The Members Area<br /><a href="logout.php">Logout</a> | <a href="editprofile.php">Edit Profile</a><br /><a href="members.php">Members List</a></div>
This will add edit profile link and members list link.
find
Email Address: <?php echo $loggedin['email']; ?><br />
after add
MSN: <?php echo $loggedin['msn']; ?><br /> Yahoo: <?php echo $loggedin['yahoo']; ?><br /> AIM: <?php echo $loggedin['aim']; ?><br /> Level: <?php echo $loggedin['level']; ?><br />
find
<?php }else{ // If not logged in ?>
and replace with
<?php if($loggedin[level] >= "10"){ // Check if the user logged in is an administrator if($_POST['update_user_level']){ $update_user_details = update_user($_POST['update_user'], array("level" => $_POST['user_level'])); if($update_user_details){ echo "Successfully updated user<br />"; }else{ echo "Unknown Error.<br />"; } } ?> Your an administrator :)<br /> <form method="post"> <select size="1" name="update_user"> <?php $select_user_query = mysql_query("SELECT * FROM users"); // Select all users from table while($r=mysql_fetch_array($select_user_query)) // Grab the info and go through each user { echo '<option value="'.$r['id'].'">'.$r['username'].' - '.$r['level'].'</option>'; // Add a option on the drop down for each user. } ?> </select> <br /> <select size="1" name="user_level"> <option value="0">Member (0)</option> <option value="10">Administrator (10)</option> </select> <input name="update_user_level" type="submit" value="Update User Level" /> </form> <?php } }else{ // If not logged in ?>
So now we are finished for this part. I’m sorry about the CSS I’m not very good at CSS atm although im trying to learn it. If you have any questions about this part of the usersystem or like to leave some feedback please leave a comment.
