251 Chapter 7: Building a Content Management System <?php echo $elements_2[‘top’]?> <! Beginning of Form 1 (right side) > <form action=<?php echo $_SERVER[‘PHP_SELF’]?> method=”POST”> <p> <table border=”0” width=”100%”> <?php if (isset($GLOBALS[‘message_2’])) #74 { echo “<tr> <td colspan=’2’ style=\”font-weight: bold; font-style: italic; font-size: 90%; color: red\”> {$GLOBALS[‘message_2’]}<p></td></tr>”; } foreach($fields_2 as $field => $value) #82 { $type = $types_2[$field]; if($type == “select”) #85 { echo “<tr><td style=\”text-align: right; font-weight: bold\”>$fields_2[$field]</td> <td><select name=’$field’>”; foreach ($options[$field] as $opt_id => $opt_name) { echo “<option value=’$opt_id’”; if (@$_GET[$field] == $opt_id) echo “ selected”; echo “>$opt_name\n”; } echo “</select>”; } else { echo “<tr><td style=\”text-align: right; #101 font-weight: bold\”>$value</td> <td><input type=’$type’ name=’$field’ value=’”.@$$field.”’ size=’{$length_2[$field]}’ maxsize=’{$length_2[$field]}’> </td></tr>”; } } #109 ?> <tr> <td colspan=”2” style=”text-align: center”> <p style=”margin-top: .05in”> <input type=”submit” name=”Button” value=”<?php echo $elements_2[‘submit’]?>”> </td></tr> </table> </form> </td> Continued 14_575872 ch07.qxd 5/27/05 6:27 PM Page 251 Following is a description of the numbered lines of code that appear in double_form.inc, in Listing 7-3: #27 Checks for the existence of an error message that is stored in the $_GLOBALS array. If it is set, the error message is displayed. #36 For each element in the $fields_1 array, which is used in the login form, a form input element is constructed. #48 At line 48, the submit button is displayed. This button, if clicked, will make the form submit to Login.php and the user’s user name and password will be evaluated. #63 The form created after line 63 is the registration form. #74 The isset function call checks for the existence of an error message that is stored in the $_GLOBALS array. If set, the error message is displayed. #82 The foreach statement starts a loop through the elements that should be displayed on the registration form, as defined by the $fields_2 array. Line 84 looks up the HTML element type for the field in the $types_2 array (that is defined in fields_login.inc). #85 This block of code creates the drop-down list of departments. In a real- life CMS, you will probably find tighter security. In the CMS example in this chapter, the user is trusted to choose her department. Remember, a user associated with a certain department has administrative rights for that department. A real-life CMS should include another layer of administration where a “super-user” can grant or revoke administra- tive privileges. #101 In the HTML around line 101, a form input element is constructed. The length of the element is defined in the $length_2 array (found in fields_login.inc). #111 At line 111, the submit button is displayed. This button, if clicked, will make the form submit to Login.php, and Login.php will process reg- istration information. If the validation succeeds the user will be for- warded on to the Intranet home page. If there is an error found while validating the registration information, the login page will be redis- played and the errors will be noted on the screen in red text. 252 Part IV: Building Other Useful Applications LISTING 7-3: (Continued) </tr> </table> <hr size=”10” noshade> <div style=”text-align: center; font-size: 75%”> <?php echo $page[‘bottom’]?> </body></html> 14_575872 ch07.qxd 5/27/05 6:27 PM Page 252 Writing CompanyHome.php, a data retrieval file CompanyHome.php is responsible for setting up the data elements used by company.inc, a file that will display the HTML interface. CompanyHome.php is structured as a switch statement, with case blocks for each browse level. The browse level reflects the level in the site hierarchy at which the user is browsing, starting at the home page and drilling down to the content detail level. The browse level is passed in the URL. The switch statement tests the browse level and executes the appropriate case block. The following is an overview of the structure of the script: switch (browse_level) case “home”: 1 Get the list of departments from the Department database table. 2 Use the list of departments to build left-hand links to the departments. 3 Use the list of departments to build the main body text of the Web page that will include the department description text. case “department”: 1 Get the list of content types supported in the CMS from the Content_Type database table. 2 Use the list of content types to build left-hand links to the content type pages for the selected department. 3 Use the list of content types to build main body text of links to the content type pages for the selected department. case “content”: 1 Get the list of content items based on the department and content type that the user has selected. 2 If no content items exist, display a message indicating this. 3 If content items exist, list the items in a table. 4 If the user has administrative permissions in this department, display links that allow the user to add or edit the content item. case “details”: 1 Get the list of content details based on the department, content type, and content item that the user has selected. 2 If the user is an administrator, show a form that includes elements that allow the user to upload files. 3 Show any downloadable files in the left-hand section of the Web page. 253 Chapter 7: Building a Content Management System 14_575872 ch07.qxd 5/27/05 6:27 PM Page 253 Listing 7-4 contains the PHP code that sets up data elements that are going to be used to display the Web pages. 254 Part IV: Building Other Useful Applications LISTING 7-4: GETTING THE DEPARTMENT AND CONTENT DATA FROM MYSQL <?php /* Program: CompanyHome.php * Desc: Displays a Web page that has four levels: * 1) the home page, 2) a department page, 3) a * content list page, and 4) a detail page. */ if (!isset($_SESSION)) #7 session_start(); include_once(“functions_main.inc”); $page = array( #12 “title” => “The Company Intranet”, “header” => “The Company Intranet”, “bottom” => “Copyright(R) 2005”, “left_nav_links” => array(), “body_links” => array(), “col_headers” => array(), “data_rows” => array(), ); $admin = FALSE; $base_url = “CompanyHome.php”; $trail = “<a href=’$base_url’>Home</a>”; #24 if (!isset($_SESSION[‘user_name’])) header(“Location: Login.php”); #27 else { if (isset($_SESSION[‘user_dept’]) && isset($_GET[‘dept_id’])) { #32 $admin = $_SESSION[‘user_dept’] == $_GET[‘dept_id’]; } $cxn = Connect_to_db(“Vars.inc”); $left_nav_links = array(); $page[“browse_level”] = #38 isset($_GET[‘browse_level’]) ? $_GET[‘browse_level’] : “home”; switch ($page[“browse_level”]) #42 { case “home”: $sql = “SELECT name, dept_id, description FROM Department ORDER BY name”; $results = mysqli_query($cxn, $sql); 14_575872 ch07.qxd 5/27/05 6:27 PM Page 254 255 Chapter 7: Building a Content Management System $body_links = “”; while($row = mysqli_fetch_assoc($results)) #50 { $link = “$base_url?dept_id=” . $row[‘dept_id’] . “&browse_level=department”; $page[“left_nav_links”][$link] = $row[‘name’]; $body_links .= “<li><a href=\”” . $link . “\”>” . $row[‘name’] . “</a> - “ . $row[‘description’]; } $page[“left_nav_header”] = “Departments”; #59 $page[“top”] = “Welcome to our Intranet”; $page[“body_text”] = “Welcome to our Intranet “ . “where each department shares content with “ . “the whole company. You can update your “ . “own departments content too with our simple “ . “interface.<p>Vist the departments’ “ . “home pages: $body_links”; break; case “department”: #70 $dept_id = $_GET[‘dept_id’]; $sql = “SELECT name, dept_id, description FROM Department WHERE dept_id = $dept_id ORDER BY name”; $results = mysqli_query($cxn, $sql); $row = mysqli_fetch_assoc($results); $dept_name = $row[‘name’]; $dept_desc= $row[‘description’]; $page[“left_nav”] = “$dept_name Content”; $page[“body_text”] = “$dept_name - $dept_desc”; $sql = “SELECT a.name, a.type_id, count(b.content_id) FROM Content_Type a LEFT OUTER JOIN Content b on a.type_id = b.content_type and b.dept_id = $dept_id GROUP BY a.name, a.type_id ORDER BY name”; $results = mysqli_query($cxn, $sql); $body_links = “”; while($row = mysqli_fetch_assoc($results)) #92 { $link = “$base_url?dept_id=$dept_id” . “&type_id=” . $row[‘type_id’] . “&browse_level=content”; $page[“left_nav_links”][$link] = $row[‘name’]; $body_links .= “<li><a href=\”” . $link . “\”>” . $row[‘name’] . “</a>”; } $page[“left_nav_header”] = “Content Index”; Continued 14_575872 ch07.qxd 5/27/05 6:27 PM Page 255 256 Part IV: Building Other Useful Applications LISTING 7-4: (Continued) $page[“top”] = $dept_name; $page[“body_text”] = “$dept_name - $dept_desc “ . “<p>Vist the departments’ “ . “areas: $body_links”; $trail .= “ - <a href=’$base_url?dept_id=$dept_id” . “&browse_level=department’>$dept_name</a>”; break; case “content”: #110 $dept_id = $_GET[‘dept_id’]; $type_id = $_GET[‘type_id’]; $sql = “SELECT a.name, a.type_id, b.title, b.description, b.content_date, b.create_date, b.created_by, b.last_upd_date, b.last_upd_by, c.name as dept_name, content_id FROM Content_Type a, Department c LEFT OUTER JOIN Content b on a.type_id = b.content_type and a.type_id = b.content_type and b.dept_id = $dept_id and b.content_type = $type_id WHERE c.dept_id = $dept_id ORDER BY content_date DESC”; $results = mysqli_query($cxn, $sql); $body_links = “”; $content_count = 0; $page[“body_text”] = “”; while($row = mysqli_fetch_assoc($results)) #132 { if (!isset($area_name) && $type_id == $row[“type_id”]) { $area_name = $row[“name”]; $dept_name = $row[“dept_name”]; } $link = “$base_url?dept_id=$dept_id” . “&type_id=” . $row[‘type_id’] . “&browse_level=content”; $page[“left_nav_links”][$link] = $row[‘name’]; if (!isset($row[“content_id”])) #144 continue; $content_id = $row[“content_id”]; $content_count++; $link = “$base_url?dept_id=$dept_id” . “&type_id=$type_id&browse_level=content”; $page[“left_nav_links”][$link] = $row[‘name’]; 14_575872 ch07.qxd 5/27/05 6:27 PM Page 256 257 Chapter 7: Building a Content Management System $page[“data_rows”][] = $row; } if ($content_count == 0) #156 { $page[“body_text”] = “There are no $area_name content items for $dept_name”; } if ($admin) #161 { $page[“body_text”] .= “<p>[<aÆ href=’$base_url?dept_id=$dept_id” . “&browse_level=details&type_id=$type_id” . “&content_id=’>add</a>]”; } $page[“col_headers”][“title”] = “$area_name Title”; $page[“col_headers”][“content_date”] = “$area_nameÆ Date”; $page[“col_headers”][“create_date”] = “Created On”; $page[“col_headers”][“created_by”] = “Created By”; $page[“col_headers”][“last_upd_date”] = “Last Updated On”; $page[“col_headers”][“last_upd_by”] = “Last Updated By”; $page[“left_nav_header”] = “Content”; #176 $page[“top”] = “$dept_name - $area_name”; $trail .= “ - <a href=’$base_url?dept_id=$dept_id” . “&browse_level=department’>$dept_name</a>”; $trail .= “ - <a href=’$base_url?dept_id=$dept_id” . “&browse_level=content” . “&type_id=$type_id’>$area_name</a>”; break; case “details”: #185 $dept_id = $_GET[‘dept_id’]; $type_id = $_GET[‘type_id’]; $sql = “SELECT a.name as dept_name, b.name FROM Department a, Content_Type b WHERE b.type_id = $type_id and a.dept_id = $dept_id ORDER BY name”; $results = mysqli_query($cxn, $sql); $body_links = “”; $content_count = 0; while($row = mysqli_fetch_assoc($results)) #198 { $area_name = $row[“name”]; $dept_name = $row[“dept_name”]; if (!isset($row[“content_id”])) #203 continue; Continued 14_575872 ch07.qxd 5/27/05 6:27 PM Page 257 258 Part IV: Building Other Useful Applications LISTING 7-4: (Continued) $content_count++; $link = “$base_url?dept_id=$dept_id” . “&type_id=”.$row[‘type_id’] . “&browse_level=content”; $page[“left_nav_links”][$link] = $row[‘name’]; $body_links .= “<li><a href=\”” . $link . “\”>” . $row[‘name’] . “</a>”; } $create_date = date(“m/d/y”, time()); $created_by = $_SESSION[“user_name”]; $last_upd_by = $_SESSION[“user_name”]; $content_id = $_GET[“content_id”]; $edit = $admin && (@$_GET[“edit”] == “true” || $content_id == “”); if ($content_id != “”) #222 { Connect_to_db(“Vars.inc”); $sql = “SELECT content_id, dept_id, content_date, content_type as type_id, title, description, create_date, created_by, last_upd_date, last_upd_by FROM Content WHERE content_id = $content_id”; $results = mysqli_query($cxn, $sql); if ($row = mysqli_fetch_assoc($results)) { foreach ($row as $key => $value) $$key = $value; } $sql = “SELECT download_id, file_name FROM Content_Download WHERE content_id = $content_id”; $results = mysqli_query($cxn, $sql); while($row = mysqli_fetch_assoc($results)) #242 { $download_id = $row[“download_id”]; $file_name = $row[“file_name”]; $link = “files/$download_id/$file_name”; $page[“left_nav_links”][$link] = $file_name; if ($edit) #249 $page[“left_nav_links”][$link] .= “</a> [<a href=\”Admin.php” . “?action=DeleteDownload&download_id=$downÆ load_id\” >del</a>]”; } } foreach ($_GET as $name => $value) #257 14_575872 ch07.qxd 5/27/05 6:27 PM Page 258 259 Chapter 7: Building a Content Management System $$name = $value; $edit = $admin && (@$_GET[“edit”] == “true” || $conÆ tent_id == “”); $page[“top”] = “$dept_name - $area_name”; if ($edit) #264 { $page[“body_text”] = “<center><u>Add Downloads</u>”; for ($i = 0; $i < 3; $i++) { $page[“body_text”] .= “<br><input type=’file’ name=’upload_file$i’>”; } $page[“body_text”] .= “ </center> <p /> <center> <input type=’reset’ name=’action’ value =’Reset Form’> <input type=’submit’ name=’action’ value =’Cancel’> <input type=’submit’ name=’action’ value =’Save Changes’> </center>”; $page[“top”] .= “ Edit/Create”; } else { $page[“body_text”] = “<a href=’javascript:history.go(-1)’>Back</a>”; } $page[“left_nav_header”] = “Downloads”; $trail .= “ - <a href=’$base_url?dept_id=$dept_id” . “&browse_level=department’>$dept_name</a>”; $trail .= “ - <a href=’$base_url?dept_id=$dept_id” . “&browse_level=content” . “&type_id=$type_id’>$area_name</a>”; break; } include(“company.inc”); } ?> 14_575872 ch07.qxd 5/27/05 6:27 PM Page 259 Following is a description of the numbered lines of code that appear in CompanyHome.php, shown in Listing 7-4: #7 Lines 7 and 8 ensure that a session has been started. The isset call at line 7 is used because Admin.php, which also has a session_ start call, uses this file in an include call. Without the isset check for the $_SESSION variable, a notice might be displayed, like this: “Notice: A session had already been started — ignoring session_start().” This notice would display on your PHP page if the error_reporting level (set in the php.ini file) includes the E_NOTICE level. #12 Lines 12 to 19 set up some strings and arrays that will be used in company.inc to display the Web page. You can change the title, header, and bottom variables to reflect the name of your company. The left_nav, body_links, col_headers, and data_rows elements are actually lists of data elements. #24 Here a variable named $trail is defined. This string will be used to build a trail of links that will represent the hierarchy of the site that the user has traversed. In Figure 7-3 earlier in this chapter, you see the trail includes Home, the department being browsed (Human Resources), and the content area being browsed (FAQ). #27 Line 27 and 28 check that the user is registered and has logged in. You can remove these lines if you want to open up the Web site to unregis- tered users. Some intranet Web sites don’t require a login unless the user is trying to enter an administrative part of the site. #32 Lines 30 to 34 set the $admin variable to either TRUE or FALSE. The $admin variable, defined at line 22, is used to determine whether a user has administrative privileges to the area of the Web site that the user is browsing. #38 Lines 38 to 40 set up the browse_level variable (really an element in the $page array). The browse level determines whether the user is looking at ߜ The company’s home page ( browse_level of “home”) ߜ A department’s home page ( browse_level of “department”) ߜ A content item list ( browse_level of “content”) ߜ The detailed view of a single content item ( browse_level of “details”) #42 Line 42 contains a switch statement that executes a block of code that depends on the level of hierarchy at which the user is browsing. #50 Line 50 gathers the departments that make up the company’s intranet. The design of the Department table (Table 7-2) enables flexible addi- tion of new departments (or removal of departments that have been axed). 260 Part IV: Building Other Useful Applications 14_575872 ch07.qxd 5/27/05 6:27 PM Page 260 [...]... ($admin) #76 { echo “delete\n”; } echo “” “view\n”; if ($admin) #86 { echo “... HTML form The $types associative array sets up the key to HTML type mapping The values of this associative array determine the type of HTML element to use in the HTML form The $length array maps an element key to the length of the HTML text box to be used in the display Writing content_form.inc, the content item detail display code This next file — content_form, shown in Listing 7- 7 — works as a form for. .. ?> 263 #16 # 27 < ?php ################### ## Main Content # ################### ?> < ?php if ($page[“browse_level”] == “details”) { include(“fields_content.inc”); include(“content_form.inc”); } else if (@$content_count... the methods that objects make available ߜ WebForm: The WebForm class provides forms for the application It collects and processes the information typed by a user Creating static finder methods How do you get data from the database into an object representation in your PHP code? There are several approaches to this You could build a single PHP file to search for data and instantiate the appropriate objects... ‘$last_upd_by’)”; } Connect_to_db(“Vars.inc”); #65 #75 # 87 mysqli_query($cxn, $sql); if (!$content_id) $content_id = mysqli_insert_id($cxn); foreach ($_FILES as $file) { $file_name = $file[“name”]; if ($file[“size”] . Æ “&browse_level=details&edit=true”>” . “edit</a> ”; } echo “]</th></tr> ”; } echo “</table> ”; } echo $page[“body_text”]; ?> </form> </td> </tr> </table> <hr. href=”$link”>$label<p><p></td></tr> ”; } if (sizeof($page[“left_nav_links”]) == 0) echo “<i>no items yet</i>”; ?> </table> </td> <! Column. name=”Button” value=”< ?php echo $elements_2[‘submit’]?>”> </td></tr> </table> </form> </td> Continued 14_ 575 872 ch 07. qxd 5/ 27/ 05 6: 27 PM Page 251 Following