Chapter 13: Building a Content Management System 451 echo ‘ < input type=”submit” name=”action” “value=”Save Changes”/ > ’; } ? > < /td > < /tr > < /table > < /form > If you ’ ve looked around your web site, you might have noticed that the article you just created doesn ’ t show up yet. That ’ s because you ’ ve set up a review system wherein an administrator or moderator must approve an article before it is published for the public to view. This sort of control is found on many CMS - based sites on the web, and it ’ s a good way to keep an eye on quality and duplicate stories. Try It Out Reviewing New Articles In this exercise, you ’ ll create the reviewing system that lets you approve your articles. 1. Create cms_pending.php : < ?php require ‘db.inc.php’; include ‘cms_header.inc.php’; $db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or die (‘Unable to connect. Check your connection parameters.’); mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db)); echo ‘ < h2 > Article Availability < /h2 > ’; echo ‘ < h3 > Pending Articles < /h3 > ’; $sql = ‘SELECT article_id, title, UNIX_TIMESTAMP(submit_date) AS submit_date FROM cms_articles WHERE is_published = FALSE ORDER BY title ASC’; $result = mysql_query($sql, $db) or die(mysql_error($db)); if (mysql_num_rows($result) == 0) { echo ‘ < p > < strong > No pending articles available. < /strong > < /p > ’; c13.indd 451c13.indd 451 12/10/08 6:04:41 PM12/10/08 6:04:41 PM 452 Part II: Comic Book Fan Site } else { echo ‘ < ul > ’; while ($row = mysql_fetch_array($result)) { echo ‘ < li > < a href=”cms_review_article.php?article_id=’ . $row[‘article_id’] . ‘” > ’ . htmlspecialchars($row[‘title’]) . ‘ < /a > (‘ . date(‘F j, Y’, $row[‘submit_date’]) . ‘) < /li > ’; } echo ‘ < /ul > ’; } mysql_free_result($result); echo ‘ < h3 > Published Articles < /h3 > ’; $sql = ‘SELECT article_id, title, UNIX_TIMESTAMP(publish_date) AS publish_date FROM cms_articles WHERE is_published = TRUE ORDER BY title ASC’; $result = mysql_query($sql, $db) or die(mysql_error($db)); if (mysql_num_rows($result) == 0) { echo ‘ < p > < strong > No published articles available. < /strong > < /p > ’; } else { echo ‘ < ul > ’; while ($row = mysql_fetch_array($result)) { echo ‘ < li > < a href=”cms_review_article.php?article_id=’ . $row[‘article_id’] . ‘” > ’ . htmlspecialchars($row[‘title’]) . ‘ < /a > (‘ . date(‘F j, Y’, $row[‘publish_date’]) . ‘) < /li > ’; } echo ‘ < /ul > ’; } mysql_free_result($result); include ‘cms_footer.inc.php’; ? > 2. Next, create cms_review_article.php : < ?php require ‘db.inc.php’; require ‘cms_output_functions.inc.php’; include ‘cms_header.inc.php’; $db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or die (‘Unable to connect. Check your connection parameters.’); mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db)); $article_id = (isset($_GET[‘article_id’]) & & ctype_digit($_GET[‘article_ id’])) ? c13.indd 452c13.indd 452 12/10/08 6:04:41 PM12/10/08 6:04:41 PM Chapter 13: Building a Content Management System 453 $_GET[‘article_id’] : ‘’; echo ‘ < h2 > Article Review < /h2 > ’; output_story($db, $article_id); $sql = ‘SELECT is_published, UNIX_TIMESTAMP(publish_date) AS publish_date, access_level FROM cms_articles a INNER JOIN cms_users u ON a.user_id = u.user_id WHERE article_id = ‘ . $article_id; $result = mysql_query($sql, $db) or die(mysql_error()); $row = mysql_fetch_array($result); extract($row); mysql_free_result($result); if (!empty($date_published) and $is_published) { echo ‘ < h4 > Published: ‘ . date(‘l F j, Y H:i’, $date_published) . ‘ < /h4 > ’; } ? > < form method=”post” action=”cms_transact_article.php” > < div > < input type=”submit” name=”action” value=”Edit”/ > < ?php if ($access_level > 1 || $_SESSION[‘access_level’] > 1) { if ($is_published) { echo ‘ < input type=”submit” name=”action” value=”Retract”/ > ‘; } else { echo ‘ < input type=”submit” name=”action” value=”Publish”/ > ‘; echo ‘ < input type=”submit” name=”action” value=”Delete”/ > ‘; } } ? > < input type=”hidden” name=”article_id” value=” < ?php echo $article_id; ? > ”/ > < /div > < /form > < ?php include ‘cms_footer.inc.php’; ? > c13.indd 453c13.indd 453 12/10/08 6:04:42 PM12/10/08 6:04:42 PM 454 Part II: Comic Book Fan Site 3. Click the Review link. The Review page cms_pending.php loads (see Figure 13 - 8 ), with a list of all pending and published articles. Right now, there is only one pending article, which is the one you just wrote. Figure 13-8 4. Click the article. You will be taken to cms_review_article.php . It should look similar to Figure 13 - 9 . You have the option to edit, publish, or delete the article. c13.indd 454c13.indd 454 12/10/08 6:04:42 PM12/10/08 6:04:42 PM Chapter 13: Building a Content Management System 455 Figure 13-9 c13.indd 455c13.indd 455 12/10/08 6:04:42 PM12/10/08 6:04:42 PM 456 Part II: Comic Book Fan Site 5. Click the Publish button. You will be taken back to cms_pending.php , and the article will now be listed under Published Articles. 6. Click the Articles link, and you will be taken back to the index page. This time, the article should appear on the page (see Figure 13 - 10 ). Figure 13-10 How It Works You wrote two scripts in this section, cms_pending.php and cms_review_article.php . Hopefully, you are beginning to see just how easy it is to build up the interface and tie all the functionality together, with the heavy - duty work delegated to the transaction files. The cms_pending.php script generates a page to list the articles that are pending approval and articles that have been published. You first generate this SQL query to fetch a list of pending articles: $sql = ‘SELECT article_id, title, UNIX_TIMESTAMP(submit_date) AS submit_date FROM cms_articles WHERE is_published = FALSE ORDER BY title ASC’; $result = mysql_query($sql, $db) or die(mysql_error($db)); c13.indd 456c13.indd 456 12/10/08 6:04:43 PM12/10/08 6:04:43 PM Chapter 13: Building a Content Management System 457 You then check mysql_num_rows() to determine the number of records that the query returned. If no records were returned, then you display a message stating there are no pending articles available. Otherwise, you loop through the list of articles that is returned from the database, and you display the title of each as a link to cms_review_article.php . if (mysql_num_rows($result) == 0) { echo ‘ < p > < strong > No pending articles available. < /strong > < /p > ’; } else { echo ‘ < ul > ’; while ($row = mysql_fetch_array($result)) { echo ‘ < li > < a href=” cms_review_article.php?article_id=’ . $row[‘article_id’] . ‘” > ’ . htmlspecialchars($row[‘title’]) . ‘ < /a > (‘ . date(‘F j, Y’, $row[‘submit_date’]) . ‘) < /li > ’; } echo ‘ < /ul > ’; } The same process is followed to retrieve the list of published articles, though the query and the message that is displayed if no articles are returned have been modified accordingly. $sql = ‘SELECT article_id, title, UNIX_TIMESTAMP(publish_date) AS publish_date FROM cms_articles WHERE is_published = TRUE ORDER BY title ASC’; $result = mysql_query($sql, $db) or die(mysql_error($db)); if (mysql_num_rows($result) == 0) { echo ‘ < p > < strong > No published articles available. < /strong > < /p > ’; } else { echo ‘ < ul > ’; while ($row = mysql_fetch_array($result)) { echo ‘ < li > < a href=” cms_review_article.php?article_id=’ . $row[‘article_id’] . ‘” > ’ . htmlspecialchars($row[‘title’]) . ‘ < /a > (‘ . date(‘F j, Y’, $row[‘publish_date’]) . ‘) < /li > ’; } echo ‘ < /ul > ’; } The whole purpose of the cms_review_article.php script is to present the article for review by the administrator. First, you display the title of the page, and then you use the output_story() function to display the article on the page. echo ‘ < h2 > Article Review < /h2 > ’; output_story($db, $article_id); It is important to note that you passed only two variables to the function output_story() , even though output_story() takes three arguments. PHP automatically used the default value because you did not specify the optional third parameter, which you should recall is FALSE. (If there were no default value assigned when you first wrote output_story() , then attempting to call the function with only the two arguments would result in a PHP warning telling you that you are missing an c13.indd 457c13.indd 457 12/10/08 6:04:43 PM12/10/08 6:04:43 PM 458 Part II: Comic Book Fan Site argument. Providing default arguments when you are writing your functions makes them more flexible and easier to use.) You also want to display additional data about the document, such as when it was published. You used this SQL statement to retrieve the additional information: $sql = ‘SELECT is_published, UNIX_TIMESTAMP(publish_date) AS publish_date, access_ level FROM cms_articles a INNER JOIN cms_users u ON a.user_id = u.user_id WHERE article_id = ‘ . $article_id; $result = mysql_query($sql, $db) or die(mysql_error()); Yes, output_story() retrieves this data too, but if you modified output_story() so that articles did not display their author or publish date, you would still want the information displayed on this review page. This is why you repeat this tiny bit of functionality here. If the document is published, then the administrator has an option to retract the article. If it is still pending, then the administrator can publish it. Only moderators and admins are allowed to retract, publish, and delete an article, and an article may only be deleted if it is pending. < form method=”post” action=”cms_transact_article.php” > < div > < input type=”submit” name=”action” value=”Edit”/ > < ?php if ($access_level > 1 || $_SESSION[‘access_level’] > 1) { if ($is_published) { echo ‘ < input type=”submit” name=”action” value=”Retract”/ > ‘; } else { echo ‘ < input type=”submit” name=”action” value=”Publish”/ > ‘; echo ‘ < input type=”submit” name=”action” value=”Delete”/ > ‘; } } ? > < input type=”hidden” name=”article_id” value=” < ?php echo $article_id; ? > ”/ > < /div > < /form > Try It Out Article Pages So you ’ ve created an article, reviewed it, and published it. Now it ’ s time to give the public a way to view the article and provide feedback. It ’ s time to write cms_view_article.php and cms_comment .php , both of which are relatively short scripts. c13.indd 458c13.indd 458 12/10/08 6:04:43 PM12/10/08 6:04:43 PM Chapter 13: Building a Content Management System 459 1. Create cms_view_article.php : < ?php require ‘db.inc.php’; require ‘cms_output_functions.inc.php’; $db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or die (‘Unable to connect. Check your connection parameters.’); mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db)); include ‘cms_header.inc.php’; output_story($db, $_GET[‘article_id’]); show_comments($db, $_GET[‘article_id’], TRUE); include ‘cms_footer.inc.php’; ? > 2. Now, create cms_comment.php : < ?php require ‘db.inc.php’; require ‘cms_output_functions.inc.php’; include ‘cms_header.inc.php’; $db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or die (‘Unable to connect. Check your connection parameters.’); mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db)); $article_id = (isset($_GET[‘article_id’]) & & ctype_digit($_GET[‘article_ id’])) ? $_GET[‘article_id’] : ‘’; output_story($db, $article_id); ? > < h3 > Add a comment < /h3 > < form method=”post” action=”cms_transact_article.php” > < div > < label for=”comment_text” > Comment: < /label > < br/ > < textarea id=”comment_text” name=”comment_text” rows=”10” cols=”60” > < /textarea > < br/ > < input type=”submit” name=”action” value=”Submit Comment” / > < input type=”hidden” name=”article_id” value=” < ?php echo $article_id; ? > ” / > < /div > < /form > < ?php show_comments($db, $article_id, FALSE); include ‘cms_footer.inc.php’; ? > 3. Go back to the index by clicking the Articles link. Click the Read Full Story link below the snippet of the article you want to view. The full article should appear, complete with a link to add comments. c13.indd 459c13.indd 459 12/10/08 6:04:44 PM12/10/08 6:04:44 PM 460 Part II: Comic Book Fan Site How It Works The first page, cms_view_article.php , is very short, yet it illustrates the nature of included files and functions wonderfully. As you can see, there is no content displayed directly with cms_view_article.php . It simply includes the necessary files and calls the output_story() and show_comments() functions from cms_output_functions.inc.php to display the article and all of its comments. < ?php require ‘db.inc.php’; require ‘cms_output_functions.inc.php’; $db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or die (‘Unable to connect. Check your connection parameters.’); mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db)); include ‘cms_header.inc.php’; output_story($db, $_GET[‘article_id’]); show_comments($db, $_GET[‘article_id’], TRUE); include ‘cms_footer.inc.php’; ? > You may notice that you don ’ t worry about the situation in which an article is not passed. As it stands, if you load cms_view_article.php without the “ article_id ” parameter in the URL, you will simply get a page that consists of the site title, search, and a menu (all included in cms_header.inc .php ). The rest will be blank. If that ’ s the desired result, then that ’ s fine. You may decide to redirect the user back to the home page if $_GET[‘article_id’] is empty. If you do, don ’ t forget to include cms_http_functions.inc.php and use redirect() before including cms_header.inc.php . The most important feature of cms_comment.php is the HTML form it produces to let readers enter their comments on an article. It has a textarea element to accept the comment, a submit button, and a hidden input field to pass the article ’ s ID. < form method=”post” action=”cms_transact_article.php” > < div > < label for=”comment_text” > Comment: < /label > < br/ > < textarea id=”comment_text” name=”comment_text” rows=”10” cols=”60” > < /textarea > < br/ > < input type=”submit” name=”action” value=”Submit Comment” / > < input type=”hidden” name=”article_id” value=” < ?php echo $article_id; ? > ” / > < /div > < /form > And that ’ s it! That last one was a doozy, huh? Hardly! Because you planned well and wrote most of the CMS ’ s functional code up front, these scripts are getting easier. Stay with us — you only need to write a couple more short scripts to finish off your application. c13.indd 460c13.indd 460 12/10/08 6:04:44 PM12/10/08 6:04:44 PM [...]... ‘cms_header.inc.php’; $db = mysql_ connect (MYSQL_ HOST, MYSQL_ USER, MYSQL_ PASSWORD) or die (‘Unable to connect Check your connection parameters.’); mysql_ select_db (MYSQL_ DB, $db) or die (mysql_ error($db)); $sql = ‘SELECT email, name FROM cms_users WHERE user_id=’ $_SESSION[‘user_id’]; $result = mysql_ query($sql, $db) or die (mysql_ error($db)); $row = mysql_ fetch_array($result); extract($row); mysql_ free_result($result);... ‘db.inc.php’; $db = mysql_ connect (MYSQL_ HOST, MYSQL_ USER, MYSQL_ PASSWORD) or die (‘Unable to connect Check your connection parameters.’); mysql_ select_db (MYSQL_ DB, $db) or die (mysql_ error($db)); $query = ‘CREATE TABLE IF NOT EXISTS ml_lists ( ml_id INTEGER UNSIGNED NOT NULL AUTO_INCREMENT, listname VARCHAR(100) NOT NULL, PRIMARY KEY (ml_id) ) ENGINE=MyISAM’; mysql_ query($query, $db) or die (mysql_ error($db));... ‘cms_output_functions.inc.php’; $db = mysql_ connect (MYSQL_ HOST, MYSQL_ USER, MYSQL_ PASSWORD) or die (‘Unable to connect Check your connection parameters.’); mysql_ select_db (MYSQL_ DB, $db) or die (mysql_ error($db)); include ‘cms_header.inc.php’; $search = (isset($_GET[‘search’])) ? $_GET[‘search’] : ‘’; $sql = ‘SELECT article_id FROM cms_articles WHERE MATCH (title, article_text) AGAINST (“’ mysql_ real_escape_string($search,... $db = mysql_ connect (MYSQL_ HOST, MYSQL_ USER, MYSQL_ PASSWORD) or die (‘Unable to connect Check your connection parameters.’); mysql_ select_db (MYSQL_ DB, $db) or die (mysql_ error($db)); $action = (isset($_REQUEST[‘action’])) ? $_REQUEST[‘action’] : ‘’; switch ($action) { case ‘Subscribe’: $email = (isset($_POST[‘email’])) ? $_POST[‘email’] : ‘’; $query = ‘SELECT user_id FROM ml_users WHERE email=”’ mysql_ real_escape_string($email,... delete, and rename mailing lists 1 Create the following code, and save it as ml_admin.php: Mailing List Administration td { vertical-align:... lists in the first place? Enter the following code, and save it as ml_quick_msg.php: Send Message td { vertical-align: top; } ... (title, article_text) AGAINST (“’ mysql_ real_escape_string($search, $db) ‘” IN BOOLEAN MODE) DESC’; $result = mysql_ query($sql, $db) or die (mysql_ error($db)); if (mysql_ num_rows($result) == 0) { echo ‘No articles found that match the search terms.’; } else { while ($row = mysql_ fetch_array($result)) { output_story($db, $row[‘article_id’], TRUE); } } mysql_ free_result($result); include... ‘”’; $result = mysql_ query($query, $db) or die (mysql_ error($db)); if (mysql_ num_rows($result) > 0) { $row = mysql_ fetch_assoc($result); $user_id = $row[‘user_id’]; } else { $first_name = (isset($_POST[‘first_name’])) ? $_POST[‘first_name’] : ‘’; $last_name = (isset($_POST[‘last_name’])) ? $_POST[‘last_name’] : ‘’; $query = ‘INSERT INTO ml_users (first_name, last_name, email) VALUES (“’ mysql_ real_escape_string($first_name,... ‘INSERT INTO ml_users (first_name, last_name, email) VALUES (“’ mysql_ real_escape_string($first_name, $db) ‘”, ‘ ‘”’ mysql_ real_escape_string($last_name, $db) ‘”, ‘ ‘”’ mysql_ real_escape_string($email, $db) ‘”)’; mysql_ query($query, $db); $user_id = mysql_ insert_id($db); } mysql_ free_result($result); foreach ($_POST[‘ml_id’] as $ml_id) { if (ctype_digit($ml_id)) { $query = ‘INSERT INTO ml_subscriptions... ml_id = ‘ $ml_id; mysql_ query($query, $db); $query = ‘SELECT listname FROM ml_lists WHERE ml_id = ‘ $ml_id; 478 c14.indd 478 12/10/08 6:02:30 PM Chapter 14: Mailing Lists $result = mysql_ query($query, $db); $row = mysql_ fetch_assoc($result); $listname = $row[‘listname’]; mysql_ free_result($result); $query = ‘SELECT first_name, email FROM ml_users WHERE user_id = ‘ $user_id; $result = mysql_ query($query, . ‘cms_header.inc.php’; $db = mysql_ connect (MYSQL_ HOST, MYSQL_ USER, MYSQL_ PASSWORD) or die (‘Unable to connect. Check your connection parameters.’); mysql_ select_db (MYSQL_ DB, $db) or die (mysql_ error($db)); . ‘cms_header.inc.php’; $db = mysql_ connect (MYSQL_ HOST, MYSQL_ USER, MYSQL_ PASSWORD) or die (‘Unable to connect. Check your connection parameters.’); mysql_ select_db (MYSQL_ DB, $db) or die (mysql_ error($db)); . ‘cms_output_functions.inc.php’; $db = mysql_ connect (MYSQL_ HOST, MYSQL_ USER, MYSQL_ PASSWORD) or die (‘Unable to connect. Check your connection parameters.’); mysql_ select_db (MYSQL_ DB, $db) or die (mysql_ error($db));