Chapter 11 Code - User Logins, Profiles, and Personalization
Try It Out 1
AuthType Basic
AuthUserFile /usr/local/apache/htdocs/protected #or your windows path
AuthName "Restricted"
<LIMIT GET POST>
require valid-user
</LIMIT>
Try It Out 2
<?php
include 'auth.inc.php';
?>
<html>
<head>
<title>Beginning PHP, Apache, MySQL Web Development</title>
</head>
<body>
<h1>This is the Template Page</h1>
</body>
</html>
<?php
session_start();
if ($_SESSION['logged'] != 1)
{
$redirect = $_SERVER['PHP_SELF'];
header("Refresh: 5; URL=login.php?redirect=$redirect");
echo "You are being redirected to the login page!<br>";
echo "(If your browser doesn't support this, <a
href=\"login.php?redirect=$redirect\">click here</a>)";
die();
}
?>
<?php
session_start();
$_SESSION['logged'] = 0;
if (isset($_POST['submit']))
{
if ($_POST['username'] == "wroxbooks" && $_POST['password'] == "aregreat")
{
$_SESSION['logged'] = 1;
header ("Refresh: 5; URL=" . $_POST['redirect'] . "");
echo "You are being redirected to your original page request!<br>";
echo "(If your browser doesn't support this, <a href=\"" .
$_POST['redirect']. "\">click here</a>)";
}
else
{
?>
<html>
<head>
<title>Beginning PHP, Apache, MySQL Web Development</title>
</head>
<body>
Invalid Username and/or Password<br><br>
<form action="login.php" method="post">
<input type="hidden" name="redirect" value="<?php echo $_POST['redirect']; ?>">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br><br>
<input type="submit" name="submit" value="Login">
</form>
<?php
}
}
else
{
?>
<html>
<head>
<title>Beginning PHP, Apache, MySQL Web Development</title>
</head>
<body>
You must be logged in to view this page<br><br>
<form action="login.php" method="post">
<input type="hidden" name="redirect" value="<?php echo $_GET['redirect']; ?>">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br><br>
<input type="submit" name="submit" value="Login">
</form>
<?php
}
?>
</body>
</html>
Try It Out 3
<?php
session_start();
if ($_SESSION['user_logged'] == "" || $_SESSION['user_password'] == "")
{
include "unlogged_user.php";
}
else
{
include "logged_user.php";
}
?>
<html>
<head>
<title>Beginning PHP, Apache, MySQL Web Development</title>
</head>
<body>
<h1>Welcome to the home page!</h1>
You are currently not logged into our system.<br>
Once logged in, you will have access to your personal area, along with other user information.<br>
If you have already registered, <a href="user_login.php">click here</a> to login,
or if you would like to create an account, <a href="register.php">click here</a> to register.
</body>
</html>
<html>
<head>
<title>Beginning PHP, Apache, MySQL Web Development</title>
</head>
<body>
<h1>Welcome to the home page!</h1>
And thank you for logging into our system.<br>
You may now <a href="user_personal.php">click here</a>
to go into your own personal information area, and
update or remove your information should you wish to do so.
</body>
</html>
<?php
$conn = mysql_connect("localhost", "wrox_user ", "wrox_pass") or die(mysql_error());
$db = mysql_select_db("registration") or die(mysql_error());
?>
<?php
session_start();
include "conn.inc.php";
?>
<html>
<head>
<title>Beginning PHP, Apache, MySQL Web Development</title>
</head>
<body>
<?php
if ($_POST['submit'] == "Register")
{
if ($_POST['username'] != "" && $_POST['password'] != "" &&
$_POST['first_name'] != "" && $_POST['last_name'] != "" &&
$_POST['email'] != "")
{
$check_user = $_POST['username'];
$query = "SELECT username FROM user_info WHERE username =
'$check_user';";
$result = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($result) != 0)
{
?>
<font color="#ff0000"><b>The Username, <?php echo $_POST['username']
; ?>, is already in use, please choose another!</b></font>
<form action="register.php" method="post">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password" value="<?php echo
$_POST['password']; ?>"><br>
Email: <input type="text" name="email" value="<?php echo
$_POST['email']; ?>"><br>
First Name: <input type="text" name="first_name" value="<?php echo
$_POST['first_name']; ?>"><br>
Last Name: <input type="text" name="last_name" value="<?php echo
$_POST['last_name']; ?>"><br>
City: <input type="text" name="city" value="<?php echo
$_POST['city']; ?>"><br>
State: <input type="text" name="state" value="<?php echo
$_POST['state']; ?>"><br>
Hobbies/Interests: (choose at least one)<br>
<select name="hobbies[]" size="10" multiple>
<option value="Golfing"<?php if (in_array("Golfing",
$_POST['hobbies'])) echo " selected"; ?>>Golfing</option>
<option value="Hunting"<?php if (in_array("Hunting",
$_POST['hobbies'])) echo " selected"; ?>>Hunting</option>
<option value="Reading"<?php if (in_array("Reading",
$_POST['hobbies'])) echo " selected"; ?>>Reading</option>
<option value="Dancing"<?php if (in_array("Dancing",
$_POST['hobbies'])) echo " selected"; ?>>Dancing</option>
<option value="Internet"<?php if (in_array("Internet",
$_POST['hobbies'])) echo " selected"; ?>>Internet</option>
<option value="Flying"<?php if (in_array("Flying",
$_POST['hobbies'])) echo " selected"; ?>>Flying</option>
<option value="Traveling"<?php if (in_array("Traveling",
$_POST['hobbies'])) echo " selected"; ?>>Traveling</option>
<option value="Exercising"<?php if (in_array("Exercising",
$_POST['hobbies'])) echo " selected"; ?>>Exercising</option>
<option value="Computers"<?php if (in_array("Computers",
$_POST['hobbies'])) echo " selected"; ?>>Computers</option>
<option value="Other Than Listed"<?php if (in_array("Other Than
Listed", $_POST['hobbies'])) echo " selected"; ?>>Other Than
Listed</option>
</select><br><br>
<input type="submit" name="submit" value="Register"> <input
type="reset" value="Clear">
</form>
<?php
}
else
{
$query = "INSERT INTO user_info(username, password, email, first_name,
last_name, city, state, hobbies) VALUES ('" . $_POST['username'] .
"', (password('"
. $_POST['password'] . "')), '" . $_POST['email'] . "', '" .
$_POST['first_name'] .
"', '" . $_POST['last_name'] . "', '" . $_POST['city'] . "', '" .
$_POST['state'] .
"', '" . implode(", ", $_POST['hobbies']) . "');";
$result = mysql_query($query) or die(mysql_error());
$_SESSION['user_logged'] = $_POST['username'];
$_SESSION['user_password'] = $_POST['password'];
?>
Thank you, <?php echo $_POST['first_name'] . ", " . $_POST['last_name'];
?> for registering!<br>
<a href="index.php">Click here</a> to continue.
<?php
}
}
else
{
?> <font color="#ff0000"><b>The Username, Password, Email, First Name, and
Last Name fields are required!</b></font>
<form action="register.php" method="post">
Username: <input type="text" name="username" value="<?php echo
$_POST['username']; ?>"><br>
Password: <input type="password" name="password" value="<?php echo
$_POST['password']; ?>"><br>
Email: <input type="text" name="email" value="<?php echo $_POST['email'];
?>"><br>
First Name: <input type="text" name="first_name" value="<?php echo
$_POST['first_name']; ?>"><br>
Last Name: <input type="text" name="last_name" value="<?php echo
$_POST['last_name']; ?>"><br>
City: <input type="text" name="city" value="<?php echo $_POST['city'];
?>"><br>
State: <input type="text" name="state" value="<?php echo $_POST['state'];
?>"><br>
Hobbies/Interests: (choose at least one)<br>
<select name="hobbies[]" size="10" multiple>
<option value="Golfing"<?php if (in_array("Golfing", $_POST['hobbies']))
echo " selected"; ?>>Golfing</option>
<option value="Hunting"<?php if (in_array("Hunting", $_POST['hobbies']))
echo " selected"; ?>>Hunting</option>
<option value="Reading"<?php if (in_array("Reading", $_POST['hobbies']))
echo " selected"; ?>>Reading</option>
<option value="Dancing"<?php if (in_array("Dancing", $_POST['hobbies']))
echo " selected"; ?>>Dancing</option>
<option value="Internet"<?php if (in_array("Internet", $_POST['hobbies']))
echo " selected"; ?>>Internet</option>
<option value="Flying"<?php if (in_array("Flying", $_POST['hobbies'])) echo
" selected"; ?>>Flying</option>
<option value="Traveling"<?php if (in_array("Traveling",
$_POST['hobbies'])) echo " selected"; ?>>Traveling</option>
<option value="Exercising"<?php if (in_array("Exercising",
$_POST['hobbies'])) echo " selected"; ?>>Exercising</option>
<option value="Computers"<?php if (in_array("Computers",
$_POST['hobbies'])) echo " selected"; ?>>Computers</option>
<option value="Other Than Listed"<?php if (in_array("Other Than Listed",
$_POST['hobbies'])) echo " selected"; ?>>Other Than Listed</option>
</select><br><br>
<input type="submit" name="submit" value="Register"> <input
type="reset" value="Clear">
</form>
<?php
}
}
else
{
?>
Welcome to the registration page!<br>
The Username, Password, Email, First Name, and Last Name fields are required!
<form action="register.php" method="post">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>
Email: <input type="text" name="email"><br>
First Name: <input type="text" name="first_name"><br>
Last Name: <input type="text" name="last_name"><br>
City: <input type="text" name="city"><br>
State: <input type="text" name="state"><br>
Hobbies/Interests: (choose at least one)<br>
<select name="hobbies[]" size="10" multiple>
<option value="Golfing">Golfing</option>
<option value="Hunting">Hunting</option>
<option value="Reading">Reading</option>
<option value="Dancing">Dancing</option>
<option value="Internet">Internet</option>
<option value="Flying">Flying</option>
<option value="Traveling">Traveling</option>
<option value="Exercising">Exercising</option>
<option value="Computers">Computers</option>
<option value="Other Than Listed">Other Than Listed</option>
</select><br><br>
<input type="submit" name="submit" value="Register"> <input type="reset"
value="Clear">
</form>
<?php
}
?>
</body>
</html>
<?
session_start();
if ($_SESSION['user_logged'] == "" || $_SESSION['user_password'] == "")
{
$redirect = $_SERVER['PHP_SELF'];
header("Refresh: 5; URL=user_login.php?redirect=$redirect");
echo "You are currently not logged in, we are redirecting you, be
patient!<br>";
echo "(If your browser doesn't support this, <a
href=\"user_login.php?redirect=$redirect\">click here</a>)";
die();
}
else {}
?>
<?php
session_start();
include "conn.inc.php";
if (isset($_POST['submit']))
{
$query = "SELECT username, password FROM user_info WHERE username = '" .
$_POST['username'] . "' AND password = (password('" . $_POST['password']
. "'));";
$result = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($result) == 1)
{
$_SESSION['user_logged'] = $_POST['username'];
$_SESSION['user_password'] = $_POST['password'];
header ("Refresh: 5; URL=" . $_POST['redirect'] . "");
echo "You are being redirected to your original page request!<br>";
echo "(If your browser doesn't support this, <a href=\"" .
$_POST['redirect']. "\">click here</a>)";
}
else
{
?>
<html>
<head>
<title>Beginning PHP, Apache, MySQL Web Development</title>
</head>
<body>
Invalid Username and/or Password<br>
Not registered? <a href="register.php">Click here</a> to register.<br>
<form action="user_login.php" method="post">
<input type="hidden" name="redirect" value="<?php echo $_POST['redirect'];
?>">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br><br>
<input type="submit" name="submit" value="Login">
</form>
<?
}
}
else
{
if ($_SERVER['HTTP_REFERER'] == "" || $_SERVER['HTTP_REFERER'] ==
"http://localhost/index.php")
{
$redirect = "/index.php";
}
else
{
$redirect = $_GET['redirect'];
}
?>
<html>
<head>
<title>Beginning PHP, Apache, MySQL Web Development</title>
</head>
<body>
Login below by supplying your username/password...<br>
Or <a href="register.php">click here</a> to register.<br><br>
<form action="user_login.php" method="post">
<input type="hidden" name="redirect" value="<? echo $redirect; ?>">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br><br>
<input type="submit" name="submit" value="Login">
</form>
</body>
</html>
<?php
}
?>
<?php
session_start();
include "auth_user.inc.php";
include "conn.inc.php";
?>
<html>
<head>
<title>Beginning PHP, Apache, MySQL Web Development</title>
</head>
<body>
<h1>Welcome to your personal information area</h1>
Here you can update your personal information, or delete your account.<br>
Your information as we currently have it is shown below:<br>
<a href="index.php">Click here</a> to return to the home page<br><br>
<?php
$query = "SELECT * FROM user_info WHERE username = '" . $_SESSION['user_logged']. "'
AND password = (password('" . $_SESSION['user_password'] . "'));";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);
?>
First Name: <?php echo $row['first_name']; ?><br>
Last Name: <?php echo $row['last_name']; ?><br>
City: <?php echo $row['city']; ?><br>
State: <?php echo $row['state']; ?><br>
Email: <?php echo $row['email']; ?><br>
Hobbies/Interests: <?php echo $row['hobbies']; ?><br><br>
<a href="update_account.php">Update Account</a> |
<a href="delete_account.php">Delete Account</a>
</body>
</html>
<?php
session_start();
include "auth_user.inc.php";
include "conn.inc.php";
?>
<html>
<head>
<title>Beginning PHP, Apache, MySQL Web Development</title>
</head>
<body>
<h1>Update Account Information</h1>
Here you can update your account information for viewing in your profile.<br><br>
<?php
if ($_POST['submit'] == "Update")
{
$query_update = "UPDATE user_info SET email = '" . $_POST['email'] . "', city
= '" . $_POST['city'] . "', state = '" . $_POST['state'] . "', hobbies =
'" . implode(", ", $_POST['hobbies']) . "' WHERE username = '" .
$_SESSION['user_logged']. "' AND password = (password('" .
$_SESSION['user_password'] . "';";
$result_update = mysql_query($query_update) or die(mysql_error());
$query = "SELECT * FROM user_info WHERE username = '" .
$_SESSION['user_logged']. "' AND password = (password('" .
$_SESSION['user_password'] . "'));";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);
$hobbies = explode(", ", $row['hobbies'])
?>
<b>Your account information has been updated.</b><br>
<a href="user_personal.php">Click here</a> to return to your account.
<form action="update_account.php" method="post">
Email: <input type="text" name="email" value="<?php echo $row['email']; ?>"><br>
City: <input type="text" name="city" value="<?php echo $row['city']; ?>"><br>
State: <input type="text" name="state" value="<?php echo $row['state']; ?>"><br>
Hobbies/Interests: (choose at least one)<br>
<select name="hobbies[]" size="10" multiple>
<option value="Golfing"<?php if (in_array("Golfing", $hobbies)) echo " selected";
?>>Golfing</option>
<option value="Hunting"<?php if (in_array("Hunting", $hobbies)) echo " selected";
?>>Hunting</option>
<option value="Reading"<?php if (in_array("Reading", $hobbies)) echo " selected";
?>>Reading</option>
<option value="Dancing"<?php if (in_array("Dancing", $hobbies)) echo " selected";
?>>Dancing</option>
<option value="Internet"<?php if (in_array("Internet", $hobbies)) echo "
selected"; ?>>Internet</option>
<option value="Flying"<?php if (in_array("Flying", $hobbies)) echo " selected";
?>>Flying</option>
<option value="Traveling"<?php if (in_array("Traveling", $hobbies)) echo "
selected"; ?>>Traveling</option>
<option value="Exercising"<?php if (in_array("Exercising", $hobbies)) echo "
selected"; ?>>Exercising</option>
<option value="Computers"<?php if (in_array("Computers", $hobbies)) echo "
selected"; ?>>Computers</option>
<option value="Other Than Listed"<?php if (in_array("Other Than Listed",
$hobbies)) echo " selected"; ?>>Other Than Listed</option>
</select><br><br>
<input type="submit" name="submit" value="Update"> <input type="button"
value="Cancel" onclick="history.go(-1);">
</form>
<?php
}
else
{
$query = "SELECT * FROM user_info WHERE username = '" .
$_SESSION['user_logged']. "' AND password = (password('" . $_SESSION['user_password'] . "'));";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);
$hobbies = explode(", ", $row['hobbies'])
?>
<form action="update_account.php" method="post">
Email: <input type="text" name="email" value="<?php echo $row['email']; ?>"><br>
City: <input type="text" name="city" value="<?php echo $row['city']; ?>"><br>
State: <input type="text" name="state" value="<?php echo $row['state']; ?>"><br>
Hobbies/Interests: (choose at least one)<br>
<select name="hobbies[]" size="10" multiple>
<option value="Golfing"<?php if (in_array("Golfing", $hobbies)) echo " selected";
?>>Golfing</option>
<option value="Hunting"<?php if (in_array("Hunting", $hobbies)) echo " selected";
?>>Hunting</option>
<option value="Reading"<?php if (in_array("Reading", $hobbies)) echo " selected";
?>>Reading</option>
<option value="Dancing"<?php if (in_array("Dancing", $hobbies)) echo " selected";
?>>Dancing</option>
<option value="Internet"<?php if (in_array("Internet", $hobbies)) echo "
selected"; ?>>Internet</option>
<option value="Flying"<?php if (in_array("Flying", $hobbies)) echo " selected";
?>>Flying</option>
<option value="Traveling"<?php if (in_array("Traveling", $hobbies)) echo "
selected"; ?>>Traveling</option>
<option value="Exercising"<?php if (in_array("Exercising", $hobbies)) echo "
selected"; ?>>Exercising</option>
<option value="Computers"<?php if (in_array("Computers", $hobbies)) echo "
selected"; ?>>Computers</option>
<option value="Other Than Listed"<?php if (in_array("Other Than Listed"
, $hobbies)) echo " selected"; ?>>Other Than Listed</option>
</select><br><br>
<input type="submit" name="submit" value="Update"> <input type="button"
value="Cancel" onclick="history.go(-1);">
</form>
<?php
}
?>
</body>
</html>
<?php
session_start();
include "auth_user.inc.php";
include "conn.inc.php";
if ($_POST['submit'] == "Yes")
{
$query_delete = "DELETE FROM user_info WHERE username = '" .
$_SESSION['user_logged']. "' AND password = (password('" .
$_SESSION['user_password'] . "'));";
$result_delete = mysql_query($query_delete) or die(mysql_error());
$_SESSION['user_logged'] = "";
$_SESSION['user_password'] = "";
header("Refresh: 5; URL=index.php");
echo "Your account has been deleted! You are being sent to the home
page!<br>";
echo "(If your browser doesn't support this, <a href=\"index.php\">click
here</a>)";
die();
}
else
{
?>
<html>
<head>
<title>Beginning PHP, Apache, MySQL Web Development</title>
<body>
Are you sure you want to delete your account?<br>
There is no way to retrieve your account once you confirm!<br>
<form action="delete_account.php" method="post">
<input type="submit" name="submit" value="Yes"> <input type="button" value="
No " onclick="history.go(-1);">
</form>
</body>
</html>
<?php
}
?>
Try It Out 4
<html>
<head>
<title>Beginning PHP, Apache, MySQL Web Development</title>
</head>
<body>
<h1>This is the Set Cookie Page</h1>
<a href="setcookie_un.php">Click here</a> to set your cookies.
</body>
</html>
<?php
$username = "jeremys";
setcookie('username', $username, time() + 60 * 60 * 24 * 30); // sets cookie for 30 days
header("Location: setcookie_pw.php");
?>
<?php
$password = "apache";
setcookie('password', $password, time() + 60 * 60 * 24 * 30); // sets cookie for 30 days
header("Location: cookies_set.php");
?>
<html>
<head>
<title>Beginning PHP, Apache, MySQL Web Development</title>
</head>
<body>
<h1>This is the Set Cookie Page</h1>
Your cookies have been set.<br>
<a href="testcookie.php">Click here</a> to test your cookies.
</body>
</html>
<html>
<head>
<title>Beginning PHP, Apache, MySQL Web Development</title>
</head>
<body>
<h1>This is the Test Cookie Page</h1>
<?php
if ($_COOKIE['username'] == "" || $_COOKIE['password'] == "")
{
?>
No cookies were set.<br>
<a href="setcookie.php">Click here</a> to set your cookies.
<?php
}
else
{
?>
Your cookies were set:<br>
Username cookie value: <b><?php echo $_COOKIE['username']; ?></b><br>
Password cookie value: <b><?php echo $_COOKIE['password']; ?></b><br>
<?php
}
?>
</body>
</html>
Try It Out 5
<?php
$conn = mysql_connect("localhost", "jcstolz", "r3minyL") or die(mysql_error());
$db = mysql_select_db("registration") or die(mysql_error());
?>
<?php
session_start();
if ($_SESSION['admin_logged'] == "" || $_SESSION['admin_password'] == "")
{
$redirect = $_SERVER['PHP_SELF'];
header("Refresh: 5; URL=admin_login.php?redirect=$redirect");
echo "You are currently not logged in, we are redirecting you, be
patient!<br>";
echo "(If your browser doesn't support this, <a
href=\"login.php?redirect=$redirect\">click here</a>)";
die();
}
else {}
?>
<?php
session_start();
if ($_SESSION['admin_logged'] == "" || $_SESSION['admin_password'] == "")
{
include "unlogged_admin.php";
}
else
{
include "logged_admin.php";
}
?>
<html>
<head>
<title>Beginning PHP, Apache, MySQL Web Development</title>
</head>
<body>
<h1>Welcome to the Admin Area!</h1>
You are currently logged in.<br>
<a href="admin_area.php">Click here</a> to access your administrator tools.
</body>
</html>
<html>
<head>
<title>Beginning PHP, Apache, MySQL Web Development</title>
</head>
<body>
<h1>Welcome to the Admin Area!</h1>
You are currently not logged in.<br>
Once logged in, you will have access to your administrator tools.<br>
<a href="admin_login.php">Click here</a> to login.
</body>
</html>
<?php
session_start();
include "conn.inc.php";
if (isset($_POST['submit']))
{
$query = "SELECT username, password, admin_level FROM admin WHERE username =
'" . $_POST['username'] . "' AND password = (password('" . $_POST['password'] . "'));";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);
$admin_level = $row['admin_level'];
if (mysql_num_rows($result) == 1)
{
$_SESSION['admin_logged'] = $_POST['username'];
$_SESSION['admin_password'] = $_POST['password'];
$_SESSION['admin_level'] = $row['admin_level'];
header ("Refresh: 5; URL=" . $_POST['redirect'] . "");
echo "You are being redirected to your original page request!<br>";
echo "(If your browser doesn't support this, <a href=\"" .
$_POST['redirect']. "\">click here</a>)";
}
else
{
?>
<html>
<head>
<title>Beginning PHP, Apache, MySQL Web Development</title>
</head>
<body>
Invalid Username and/or Password<br>
<form action="admin_login.php" method="post">
<input type="hidden" name="redirect" value="<?php echo $_POST['redirect'];
?>">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br><br>
<input type="submit" name="submit" value="Login">
</form>
<?php
}
}
else
{
if ($_SERVER['HTTP_REFERER'] == "" || $_SERVER['HTTP_REFERER'] ==
"http://localhost/admin/index.php" || $_SERVER['HTTP_REFERER'] ==
"http://localhost/admin/")
{
$redirect = "/admin/index.php";
}
else
{
$redirect = $_GET['redirect'];
}
?>
<html>
<head>
<title>Beginning PHP, Apache, MySQL Web Development</title>
</head>
<body>
Login below by supplying your username/password...<br>
<form action="admin_login.php" method="post">
<input type="hidden" name="redirect" value="<?php echo $redirect; ?>">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br><br>
<input type="submit" name="submit" value="Login">
</form>
</body>
</html>
<?php
}
?>
<?php
session_start();
include "auth_admin.inc.php";
include "conn.inc.php";
?>
<html>
<head>
<title>Beginning PHP, Apache, MySQL Web Development</title>
</head>
<body>
<h1>Admin Area</h1>
Below is a list of users and your available administrator privileges.<br><br>
<?php
if ($_SESSION['admin_level'] == "1")
{
$query = "SELECT first_name, last_name, id FROM user_info ORDER BY last_name;";
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_array($result))
{
echo $row['first_name']; ?> <?php echo $row['last_name'];
?>
<a href="update_user.php?id=<?php echo $row['id']; ?>">Update User</a> |
<a href="delete_user.php?id=<?php echo $row['id']; ?>">Delete User</a><br>
<?php
}
}
else
{
$query = "SELECT first_name, last_name, id FROM user_info ORDER BY last_name;";
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_array($result))
{
echo $row['first_name']; ?> <?php echo $row['last_name'];
?>
<a href="update_user.php?id=<?php echo $row['id']; ?>">Update User</a><br>
<?php
}
}
?>
</body>
</html>
<?php
session_start();
include "auth_admin.inc.php";
include "conn.inc.php";
?>
<html>
<head>
<title>Beginning PHP, Apache, MySQL Web Development</title>
</head>
<body>
<h1>Update User Information</h1>
<?php
if ($_POST['submit'] == "Update")
{
$query_update = "UPDATE user_info SET username = '" . $_POST['username'] . "',
password = (password('" . $_POST['password'] . "')), first_name = '" .
$_POST['first_name'] . "', last_name = '" . $_POST['last_name'] . "',
email = '" . $_POST['email'] . "', city = '" . $_POST['city'] . "',
state = '" . $_POST['state'] . "', hobbies = '" . implode(", ",
$_POST['hobbies']) .
"' WHERE id = '" . $_POST['id'] . "';";
$result_update = mysql_query($query_update) or die(mysql_error());
$query = "SELECT * FROM user_info WHERE id = '" . $_POST['id'] . "';";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);
$hobbies = explode(", ", $row['hobbies'])
?>
<b>User information has been updated.</b><br>
<a href="admin_area.php">Click here</a> to return to the admin area.
<form action="update_user.php" method="post">
<input type="hidden" name="id" value="<?php echo $_POST['id']; ?>">
Username: <input type="text" name="username" value="<?php echo $row['username'];
?>"><br>
Password: <input type="password" name="password" value=""> Not displayed<br>
First Name: <input type="text" name="first_name" value="<?php echo
$row['first_name']; ?>"><br>
Last Name: <input type="text" name="last_name" value="<?php echo
$row['last_name']; ?>"><br>
Email: <input type="text" name="email" value="<?php echo $row['email']; ?>"><br>
City: <input type="text" name="city" value="<?php echo $row['city']; ?>"><br>
State: <input type="text" name="state" value="<?php echo $row['state']; ?>"><br>
Hobbies/Interests: (choose at least one)<br>
<select name="hobbies[]" size="10" multiple>
<option value="Golfing"<?php if (in_array("Golfing", $hobbies)) echo " selected";
?>>Golfing</option>
<option value="Hunting"<?php if (in_array("Hunting", $hobbies)) echo " selected";
?>>Hunting</option>
<option value="Reading"<?php if (in_array("Reading", $hobbies)) echo " selected";
?>>Reading</option>
<option value="Dancing"<?php if (in_array("Dancing", $hobbies)) echo " selected";
?>>Dancing</option>
<option value="Internet"<?php if (in_array("Internet", $hobbies)) echo "
selected"; ?>>Internet</option>
<option value="Flying"<?php if (in_array("Flying", $hobbies)) echo " selected";
?>>Flying</option>
<option value="Traveling"<?php if (in_array("Traveling", $hobbies)) echo "
selected"; ?>>Traveling</option>
<option value="Exercising"<?php if (in_array("Exercising", $hobbies)) echo "
selected"; ?>>Exercising</option>
<option value="Computers"<?php if (in_array("Computers", $hobbies)) echo "
selected"; ?>>Computers</option>
<option value="Other Than Listed"<?php if (in_array("Other Than Listed",
$hobbies)) echo " selected"; ?>>Other Than Listed</option>
</select><br><br>
<input type="submit" name="submit" value="Update">
</form>
<?php
}
else
{
$query = "SELECT * FROM user_info WHERE id = '" . $_GET['id'] . "';";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);
$hobbies = explode(", ", $row['hobbies'])
?>
<form action="update_user.php" method="post">
<input type="hidden" name="id" value="<?php echo $_GET['id']; ?>">
Username: <input type="text" name="username" value="<?php echo $row['username'];
?>"><br>
Password: <input type="password" name="password" value=""> Not displayed<br>
First Name: <input type="text" name="first_name" value="<?php Echo
$row['first_name']; ?>"><br>
Last Name: <input type="text" name="last_name" value="<?php Echo
$row['last_name']; ?>"><br>
Email: <input type="text" name="email" value="<?php echo $row['email']; ?>"><br>
City: <input type="text" name="city" value="<?php echo $row['city']; ?>"><br>
State: <input type="text" name="state" value="<?php echo $row['state']; ?>"><br>
Hobbies/Interests: (choose at least one)<br>
<select name="hobbies[]" size="10" multiple>
<option value="Golfing"<?php if (in_array("Golfing", $hobbies)) echo " selected";
?>>Golfing</option>
<option value="Hunting"<?php if (in_array("Hunting", $hobbies)) echo " selected";
?>>Hunting</option>
<option value="Reading"<?php if (in_array("Reading", $hobbies)) echo " selected";
?>>Reading</option>
<option value="Dancing"<?php if (in_array("Dancing", $hobbies)) echo " selected";
?>>Dancing</option>
<option value="Internet"<?php if (in_array("Internet", $hobbies)) echo "
selected"; ?>>Internet</option>
<option value="Flying"<?php if (in_array("Flying", $hobbies)) echo " selected";
?>>Flying</option>
<option value="Traveling"<?php if (in_array("Traveling", $hobbies)) echo "
selected"; ?>>Traveling</option>
<option value="Exercising"<?php if (in_array("Exercising", $hobbies)) echo "
selected"; ?>>Exercising</option>
<option value="Computers"<?php if (in_array("Computers", $hobbies)) echo "
selected"; ?>>Computers</option>
<option value="Other Than Listed"<?php if (in_array("Other Than Listed",
$hobbies)) echo " selected"; ?>>Other Than Listed</option>
</select><br><br>
<input type="submit" name="submit" value="Update"> <input type="button"
value="Cancel" onclick="history.go(-1);">
</form>
<?php
}
?>
</body>
</html>
<?php
session_start();
include "auth_admin.inc.php";
include "conn.inc.php";
if ($_SESSION['admin_level'] == "1")
{
if ($_POST['submit'] == "Yes")
{
$query_delete = "DELETE FROM user_info WHERE id = '" . $_POST['id'] .
"';";
$result_delete = mysql_query($query_delete) or die(mysql_error());
$_SESSION['user_logged'] = "";
$_SESSION['user_password'] = "";
header("Refresh: 5; URL=admin_area.php");
echo "Account has been deleted! You are being sent to the admin
area!<br>";
echo "(If your browser doesn't support this, <a
href=\"admin_area.php\">click here</a>)";
die();
}
else
{
?>
<html>
<head>
<title>Beginning PHP, Apache, MySQL Web Development</title>
<body>
<h1>Admin Area</h1>
Are you sure you want to delete this user's account?<br>
There is no way to retrieve your account once you confirm!<br>
<form action="delete_user.php" method="post">
<input type="hidden" name="id" value="<?php echo $_GET['id']; ?>">
<input type="submit" name="submit" value="Yes"> <input
type="button" value=" No " onclick="history.go(-1);">
</form>
</body>
</html>
<?php
}
}
else
{
?>
You don't have a high enough privilege to delete a user.<br>
<a href="admin_area.php">Click here</a> to go back.
<?php
}
?>
</body>
</html>