Hi guys,
Have been working on this for a few days. Just thought I'd share it with everyone in case someone was looking for the same solution.
I've found it very hard to get the right formula, nobody seems to be doing quite the same thing, which is odd, because it seems to me to be a fairly common function for a membership database.
What (I hope :p) I've created here is a PHP page that will securely login to my DB, require that you be admin before any function on the page will work, then display for editing members of the DB, then update the record. I also threw in a simple 'form action confirm' there to prompt the user before finally updating.
This has taken me a while, since I am fairly new to all this. It certainly does work, so I'm happy about that 😃 I just want to thank all of those who have helped me get this far. I hope this page is as good as it can be, but I am always open to suggestions.
So here is the code for anyone to use if they happen to be after a solution like this. And if anyone can offer some optimization tips - I'm all ears! 😃
Thanks again.
<?php
session_start();
?>
<html>
<head>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Edit Users</title>
<script type="text/javascript">
window.onload=function() {
document.forms[0][2].focus();
}
</script>
<STYLE TYPE="text/css">
<!--
TD{font-family: Tahoma; font-size: 12pt;}
TH{font-family: Tahoma; font-size: 12pt;}
a { text-decoration:none }
--->
</STYLE>
</head>
<body>
<p align="center"> </p>
<p align="center"> </p>
<p align="center"><a><a href="edit_users.php"><img border="0" src="star_logo.jpg" width="284" height="292"></a></p>
</a>
</body>
<?php
// Connects to your Database
mysql_connect("localhost", "login", "password") or die(mysql_error());
mysql_select_db("my_db") or die(mysql_error());
//Checks if the user has a stored session, and ensures the session = NULL if one is not stored
if(!isset($_SESSION['status'])) {
$_SESSION['status']=NULL;
//If no session is stored - warns them they are not logged in
echo "<p align='center'><font face='Tahoma' size='6'>You are not Logged in. Please <a href='index.php'>Login</a></font></p>";
die();
}
else
//Since this is an admin page; checks the stored session = admin, rejects them if they are not admin
if ($_SESSION['status'] !='admin')
{
//'Not Admin' rejection message
echo "<p align='center'><font face='Tahoma' size='6'>You are not Admin.</p> <p align='center'> Return to <a href='main.php'>Main</a>, or Please <a href='index.php'>Login</a></font></p>";
die();
}
else
{
//This code runs if the form has been submitted
if(isset($_POST['submit'])){
//This makes sure they did not leave any fields blank
if(!$_POST['username'] | !$_POST['name_f'] | !$_POST['name_l'] | !$_POST['address1'] | !$_POST['address2'] | !$_POST['h_phone'] | !$_POST['m_phone'] | !$_POST['status'] ){
header("Location: required_fields.php");
die('fields');
}
else
{
// If form is POSTed successfuly, we update the DB record
$name=$_POST['username'];
$update = "UPDATE users SET name_f='".$_POST['name_f']."', name_l='".$_POST['name_l']."', address1='".$_POST['address1']."', address2='".$_POST['address2']."', h_phone='".$_POST['h_phone']."', m_phone='".$_POST['m_phone']."', status='".$_POST['status']."'
WHERE username = '$name'"
or die(mysql_error());
$add_member = mysql_query($update);
echo "<p align='center'><font face='Tahoma' size='6'>User updated. <a href='edit_users.php'>Return to list</a>.</p>";
exit();
}
}
}
{
//Display list of users in a table, with link to post to edit form
$check = mysql_query("SELECT * FROM users")
or die(mysql_error());
echo "<p align='center'> </p>";
echo "<p align='center'> </p>";
echo "<table border='1' align='center'>";
echo "<tr><th width='90' align='center'>Username</th>";
echo "<th width='120' align='center'>Name</th>";
echo "<th width='70' align='center'>Status</th></tr>";
while($users = mysql_fetch_array( $check )){
$username = $users['username'];
echo "<tr><td align='center'>";
echo "$username";
echo "</td><td>";
echo $users['name_f'] . " " . $users['name_l'];
echo "</td><td>";
echo $users['status'];
echo "</td><td width='50' align='center'>";
echo "<a href='edit_users.php?name=$username';>Edit</a>";
echo "</td></tr>";
}
echo "</table>";
//Prompt user to make a selection
if(!isset($_GET['name'])) {
$_GET['name']=NULL;
echo "<p align='center'><font face='Tahoma' size='6'>Please make a selection.</p>";
die('make selection');
}
else
{
//If a selection is made, display the selected record in form for editing, form will ask for confirmation, then POST to PHP_SELF for Updating the DB
$name = $_GET["name"];
$select = mysql_query("SELECT * from users WHERE username = '$name'")
or die(mysql_error());
while($user = mysql_fetch_array( $select )){
?>
<form action ="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST" onsubmit="return confirm ('Confirm Changes?')">
<DIV ALIGN="center">
<table border="0" cellpadding="0" cellspacing="0" width="50%" id="AutoNumber1" height="185"><tr>
<tr><td width="64%" align="right" height="35"><font face="Tahoma"><b><font size="4">Userame: </b><input type="text" name="username" tabindex=2 maxlength="15" size="20" value="<?php echo $user["username"];?>" READONLY></td>
<td width="36%" align="left" height="35"><input TYPE="radio" NAME="status" tabindex=8 CHECKED value="active"><b><font face="Tahoma" size="4">Active</b></td></tr>
<tr><td width="64%" align="right" height="35"><font face="Tahoma"><b><font size="4">First Name: </b><input type="text" name="name_f" tabindex=2 maxlength="15" size="20" value="<?php echo $user["name_f"];?>"></td>
<td width="36%" align="left" height="35"><input TYPE="radio" NAME="status" value="admin"><font face="Tahoma" size="4"><b>Admin</b></td></tr>
<tr><td width="64%" align="right" height="35"><font face="Tahoma"><b><font size="4">Last Name: </b><input type="text" name="name_l" tabindex=3 maxlength="15" size="20" value="<?php echo $user["name_l"];?>"></td>
<td width="36%" align="left" height="35"><input TYPE="radio" NAME="status" value="inactive"><font face="Tahoma" size="4"><b>Inactive</b></td></tr>
<tr><td width="64%" align="right" height="35"><font face="Tahoma"><b><font size="4">Address 1: </b><input type="text" name="address1" tabindex=4 maxlength="20" size="20" value="<?php echo $user["address1"];?>"></td></tr>
<tr><td width="64%" align="right" height="35"><font face="Tahoma"><b><font size="4">Address 2: </b><input type="text" name="address2" tabindex=5 maxlength="20" size="20" value="<?php echo $user["address2"];?>"></td></tr>
<tr><td width="64%" align="right" height="35"><font face="Tahoma"><b><font size="4">Home Phone: </b><input type="text" name="h_phone" tabindex=6 maxlength="10" size="20" value="<?php echo $user["h_phone"];?>"></td></tr>
<tr><td width="64%" align="right" height="35"><font face="Tahoma"><b><font size="4">Mobile Phone: </b><input type="text" name="m_phone" tabindex=7 maxlength="10" size="20" value="<?php echo $user["m_phone"];?>"></td>
<tr><td width="64%" align="right" height="50"></td>
<td width="36%" height="50"><font face="Tahoma"><input type="submit" name="submit" tabindex=9 value="Update"></td></tr>
</table>
</DIV>
</form>
<?php
}
}
}
?>
</html>
