returned with a value of 3 from the user interface shown by confirmMessage(). This indicates that the user has confirmed the new message, which is then written to the database addMessage(). ■ Similarly, when the user decides to modify an existing message and run() is called with cmd set to modify, the step parameter value can be 1, 2, or 3 — calling displayMsgAddModMenu(), confirmMessage(), and modifyMessage(), respectively — or null. ■ If the user decides to delete an existing message and the run method is called with cmd set to delete, deleteMessage() is called. ■ If the user does not specify any message operations (add, modify, delete), the user is shown the main message interface using displayMsgMngrMenu(). ■ In summary, run() decides which functionality is requested by the user and calls the appropriate message method to perform the desired operations. ◆ deleteMessage(): This method finds the message ID of the message to be deleted and deletes that message from the database. If this method is called without a proper message ID, it shows an error message. It works as follows: ■ If it is called without a message ID ($mid) as a query parameter, it shows an alert message and returns null. ■ Else, a message object called $msgObj is created and the deleteMessage() of the object is called with the $mid value to delete the message. The status of this operation is stored in $status variable. ■ A theme template object called $themeTemplate is created and set up in the usual way to load the user-selected theme template file. ■ A status message template ($STATUS_TEMPLATE) is loaded in a template object called $template as usual. If the $status is true, a status mes- sage indicating that the message is deleted is inserted into the $tem- plate content block. Also, deleteViewers() is called to remove all the users from the message’s viewer table. This is done to ensure that, when a message is deleted, the system does not attempt to show the viewers a nonexistent message. ■ If the message could not be deleted, $status is false, and a message indicating the failure is inserted in the $template object’s content block. ■ Finally, the contents of the $template object are inserted into the $themeTemplate object’s content block, and the results are printed on the user’s browser screen. 226 Part II: Developing Intranet Solutions 10 549669 ch07.qxd 4/4/03 9:25 AM Page 226 ◆ confirmMessage(): This method shows a preview of the message after the user has added or modified one and gets his confirmation. It also con- firms that the message is a valid one or shows appropriate error messages. If the user chooses to cancel from this screen, she is taken back to the add/modify menu, where she can edit her message and continue. This method works as follows: ■ When the method is called, the user has either created a new message or modified an existing message. So the method receives the message title ($title), publication date ($msgDate), body ($msg), current time- stamp ($currentTS), operation mode ($mode), message ID ($mid) (only if editing an existing message), and viewer list ($viewers). ■ A local variable $date is created using the month ($m), day ($d), and year ($y) of the given publication date. ■ If the given date is invalid or less than the current date, the method shows an alert message indicating a bad publication date and returns null. ■ The method checks to see whether the title, body, or viewer list is empty. If any of them are not defined by the user in the previous step, an alert message is shown and the method returns null. ■ Using a current timestamp from the mktime() function, a new time- stamp containing the current hour, minute, and second, along with the user-given month, day, and year, is created in the $realDate variable. ■ A theme template object called $themeTemplate is created and set up in the usual way to load the user-selected theme template file. ■ Similarly, a message preview template ($MSG_PREVIEW_TEMPLATE) is loaded in a template object called $template as usual. All user-sup- plied data are embedded into the preview template. ■ Finally, the contents of the $template object are inserted into the $themeTemplate object’s content block, and the results are printed on the user’s browser screen. ◆ modifyMessage(): This method gets the modified message information, such as message ID, message title, publish date, message contents, and viewer IDs, and updates the database. It shows the appropriate confirma- tion message if no error is found. Otherwise, it shows the appropriate error message. Here’s how it works: ■ If the method is called without a viewer list, it shows an alert message and returns. ■ A message object called $msgObj is created with the current message ID ($mid), which is supplied to the method as a query parameter. Chapter 7: Intranet System 227 10 549669 ch07.qxd 4/4/03 9:25 AM Page 227 ■ The isRead() method of the $msgObj is called to determine whether the chosen message has already been read. The message cannot be modified if other users have already acknowledged reading it. Changing this message now would be unethical. The best approach is to add a new message using the modified content so that the users can see it again. Therefore, if the message is already read, addMessage() is called to add the modification as a new message. ◆ addMessage(): This method gets new message information, such as mes- sage title, publish date, message contents, and viewer IDs, and inserts the message data into the database. It shows the appropriate confirmation message if no error is found. Otherwise, it shows the appropriate error message. Here’s how it works: ■ If the method is called without a viewer list, it shows an alert message and returns. ■ A message object called $msgObj is created. ■ We add the new message using the addMessage() method of the $msgObj. The status of this operation is stored in the $status variable. ■ If $status is true, a status message indicating that the message is added is inserted in the $template content block, and addViewers() is called to add the viewers of this message. If the message could not be added, $status is false, and a message indicating the failure is inserted in the $template object’s content block. ■ The contents of the $template object are inserted into the $themeTemplate object’s content block, and the results are printed on the user’s browser screen. ◆ displayMsgMngrMenu(): This method displays the initial message man- ager options menu available only to administrators, because only admin- istrators can modify or delete messages. This is how it works: ■ A message manager template ($MSG_MNGR_TEMPLATE) is loaded in a template object called $template. ■ A new message object called $msgObj is created. ■ The template includes buttons to add, modify, and delete messages and a list of messages from which the user can choose messages to modify or delete. 228 Part II: Developing Intranet Solutions 10 549669 ch07.qxd 4/4/03 9:25 AM Page 228 ■ The list is loaded using the getAllMessages() method of the $msgObj object. ■ The contents of the $template object are inserted into the $themeTemplate object’s content block, and the results are printed on the user’s browser screen. ◆ displayMsgAddModMenu(): This method displays the add/modify message interfaces. This is how it works: ■ Checks whether the message ID has been supplied when this method is called with the ‘modify’ parameter. If the message ID has not been supplied, the method shows the appropriate error message and returns the user to the previous page. Otherwise, it creates the new message object, $msgObj, and stores the message contents, publish date, and title attributes of the message into variables for later use. ■ A message add/modify template ($MSG_ADD_TEMPLATE) is loaded in a template object called $template. ■ The template includes a Web form for taking input of the message title, message contents, publish date, and view rights. If this method is called with the ‘modify’ parameter, it loads the specified message informa- tion into the Web form. ■ The contents of the $template object are inserted into the $themeTemplate object’s content block, and the results are printed on the user’s browser screen. ◆ unhtmlentities(): This method is the exact reverse of the htmlenti- ties() method in the PHP API. ◆ authorize(): This method authorizes access to this application. It works as follows: ■ It uses getUID() to check whether the current user ID is positive. Because all valid user IDs are positive numbers, it creates a DBI object called $user_dbi that points to the central user-authentication data- base (USER_DB_URL). ■ A user object called $userObj is created using the $user_dbi and cur- rent user ID. ■ The current user type is tested using getType() to determine whether it is administrator (ADMIN_TYPE) or not. If the current user is of type administrator, the $isAdmin variable is set to TRUE and it returns TRUE. For nonadministrative users, this method will return TRUE if cmd = add ; otherwise, it returns FALSE. Chapter 7: Intranet System 229 10 549669 ch07.qxd 4/4/03 9:25 AM Page 229 Access reporter application The access reporter application, access_reporter.php, shows the access report of the current user. It is included on the CD-ROM in the ch07/apps directory. It has the following methods: ◆ run(): When the application is run, this method is called. It basically decides which functionality is requested by the user and calls the appro- priate method to perform the desired operations. It does the following: ■ Creates a theme object, $this->themeObj. ■ Stores the current user’s theme choice in $this->theme by calling the getUserTheme() method of the theme object created. ■ If the application is called with cmd = “Force Login”, logUserIn() is called. Similarly, cmd = “Force Logout” calls logUserOut(). These two operations are done when an administrator wants to manually log in or log out a user. ■ Calls the reportDriver() method to show the access report. ◆ logUserOut(): This method logs out the specified user. It works as follows: ■ Checks whether the administrator provided the given date and time is valid. Otherwise, it shows the appropriate error message to the user and returns to the previous page. ■ Checks whether the given date and time correspond to the future. If they do, it shows the appropriate error message to the user and returns to the previous page. ■ Creates a new ActivityAnalyzer object called $analyzer. ■ Uses the logUserOut() method of the $analyzer object to log out the user. ■ Calls the reportDriver() method to render the updated access report. ◆ logUserIn(): This method logs in the specified user. It works as follows: ■ Checks whether the given date and time is valid. If they aren’t, it shows the appropriate error message to the user and returns to the previous page. ■ Checks whether the given date and time correspond to the future. If they do, it shows the appropriate error message to the user and returns to the previous page. ■ Creates a new ActivityAnalyzer object called $analyzer. 230 Part II: Developing Intranet Solutions 10 549669 ch07.qxd 4/4/03 9:25 AM Page 230 . screen. ◆ unhtmlentities(): This method is the exact reverse of the htmlenti- ties() method in the PHP API. ◆ authorize(): This method authorizes access to this application. It works as follows: ■ It. 4/4/03 9:25 AM Page 229 Access reporter application The access reporter application, access_reporter .php, shows the access report of the current user. It is included on the CD-ROM in the ch07/apps