351 CHAPTER 9 FAQ Content Management System For a normal user, only the questions within the subject(s) that he owns should be returned: $modqsql = "SELECT questions.*, users.username FROM users INNER JOIN questions on questions.addedby_id=users.id INNER JOIN topics on questions.topic_id=topics.id INNER JOIN subjects on topics.subject_id=subjects.id WHERE questions.active = 0;"; } else { $modqsql = "SELECT questions.*, users.username FROM users inner join questions on questions.addedby_id=users.id inner join topics on questions.topic_id=topics.id inner join subjects on topics.subject_id=subjects.id WHERE questions.active = 0 AND subjects.owner_id = " . $_SESSION['SESS_USERID'] . ";"; } Run the relevant query: $modqsql = "SELECT questions.*, users.username FROM users inner join questions on questions.addedby_id=users.id inner join topics on questions.topic_id=topics.id inner join subjects on topics.subject_id=subjects.id WHERE questions.active = 0 AND subjects.owner_id = " . $_SESSION['SESS_USERID'] . ";"; } $modresult = mysql_query($modqsql); Create a table and add the table headings: $modresult = mysql_query($modqsql); echo "<h1>Questions submitted for moderation</h1>"; echo "<table cellspacing='0' cellpadding='5'>"; echo "<tr>"; echo "<th>Subject</th>"; echo "<th>Topic</th>"; echo "<th>Question</th>"; echo "<th>Submitted By</th>"; echo "<td></td>"; echo "<td></td>"; echo "<td></td>"; echo "</tr>"; If the query returns no results, there are no questions to moderate: echo "<td></td>"; echo "</tr>"; if(mysql_num_rows($modresult) == 0) { echo "<tr>"; 352 Practical PHP and MySQL echo "<td colspan=7>No questions to moderate</td>"; echo "</tr>"; } If there are rows to moderate, display the questions: echo "</tr>"; } while($row = mysql_fetch_assoc($modresult)) { $subsql = "SELECT topics.name, subjects.subject FROM topics, subjects WHERE topics.subject_id = subjects.id AND topics.id = " . $row['topic_id'] . ";"; $subresult = mysql_query($subsql); $subrow = mysql_fetch_assoc($subresult); echo "<tr>"; echo "<td>" . $subrow['subject'] . "</td>"; echo "<td>" . $subrow['name'] . "</td>"; echo "<td>" . $row['question'] . "</td>"; echo "<td>" . $row['username'] . "</td>"; echo "<td><a href='adminmodquestions.php?func=details&id=" . $row['id'] . "'>Details</a></td>"; echo "<td><a href='adminmodquestions.php?func=allow&id=" . $row['id'] . "'>Allow</a></td>"; echo "<td><a href='adminmodquestions.php?func=deny&id=" . $row['id'] . "'>Deny</a></td>"; echo "</tr>"; } echo "</table>"; break; This block displays the results from the query and adds the Details, Allow, and Deny links. Each link adds the func GET variable and the relevant switch block to which the link points to (for example, func=details accesses the details block), as well as the id of the question (for example, id=2). The details Block The details block displays details about the current question. This block is pre- sented like the block shown in Figure 9-12. Add the following code: echo "</table>"; break; case "details": require("header.php"); 353 CHAPTER 9 FAQ Content Management System FIGURE 9-12 The details link provides a convenient way of viewing the answer to the question. $validid = set_validid(); $sql = "SELECT questions.*, topics.name, subjects.subject FROM questions INNER JOIN topics ON questions.topic_id = topics.id INNER JOIN subjects ON topics.subject_id = subjects.id WHERE questions.id = " . $validid . ";"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); You first run this query to gather the details about the submitted question. This query performs an inner join to gather the question details, the topic name, and the subject name. Display the gathered information: $row = mysql_fetch_assoc($result); echo "<h1>Submitted question details</h1>"; echo "<table border='0' cellspacing='0' cellpadding='5'>"; echo "<tr>"; echo "<td><b>Subject</b></td>"; echo "<td>" . $row['subject'] . "</td>"; echo "</tr>"; echo "<tr>"; echo "<td><b>Topic</b></td>"; echo "<td>" . $row['name'] . "</td>"; echo "</tr>"; echo "<tr>"; echo "<td><b>Question</b></td>"; echo "<td>" . $row['question'] . "</td>"; echo "</tr>"; echo "<tr>"; echo "<td><b>Answer</b></td>"; echo "<td>" . $row['answer'] . "</td>"; echo "</tr>"; echo "<tr>"; echo "<td colspan=2>"; 354 Practical PHP and MySQL FIGURE 9-13 Before denying a question, be sure this is what the user wants. echo "<a href='adminmodquestions.php?func=main'>&lArr; Back to questions</a>"; echo " &bull; "; echo "<a href='adminmodquestions.php?func=allow&id=" . $row['id'] . "'>Allow</a> "; echo " &bull; "; echo " <a href='adminmodquestions.php?func=deny&id=" . $row['id'] . "'>Deny</a>"; echo "</td>"; echo "</tr>"; echo "</table>"; break; The allow Block To accept a question, add the allow block: echo "</table>"; break; case "allow": $validid = set_validid(); $modqsql = "UPDATE questions SET active = 1 WHERE id = " . $validid . ";"; $modqq = mysql_query($modqsql); header("Location: " . $config_basedir . "adminmodquestions.php?func=main"); break; This block updates the question and sets the active field to 1 to make the ques- tion live. The page then redirects to the main block of adminmodquestions.php. The deny Block To deny a question, the process is split into two parts. The first part asks the user if she is sure that she wants to reject the question. See Figure 9-13. Add the code for this section: 355 CHAPTER 9 FAQ Content Management System header("Location: " . $config_basedir . "adminmodquestions.php?func=main"); break; case "deny": require("header.php"); $validid = set_validid(); echo "<h1>Are you sure that you want to reject this question?</h1>"; echo "<p>[<a href='" . $SCRIPT_NAME . "?func=denyconf&id=" . $validid . "'>Yes</a>] [<a href='" . $SCRIPT_NAME . "?func=main'>No</a>]"; break; This block provides two links. The No link simply links back to the main sec- tion of the current script, and the Yes link links to the denyconf section. The denyconf Block To confirm the cold, hard reality of denying a question, add the denyconf block: echo "<p>[<a href='" . $SCRIPT_NAME . "?func=denyconf&id=" . $validid . "'>Yes</a>] [<a href='" . $SCRIPT_NAME . "?func=main'>No</a>]"; break; case "denyconf": $validid = set_validid(); $delsql = "DELETE FROM questions WHERE id = " . $_GET['id'] . ";"; $delq = mysql_query($delsql); header("Location: " . $config_basedir . "adminmodquestions.php?func=main"); break; This block deletes the question from the questions table and then redirects back to the main section to display the other moderated questions. Finally, close the switch and add the footer file: header("Location: " . $config_basedir . "adminmodquestions.php?func=main"); break; } require("footer.php"); ?> 356 Practical PHP and MySQL MANAGING SUBJECTS Subjects are the core foundation of the content that this project manages, and are very similar to Categories in the blog project in Chapter 4. Managing subjects is something that you naturally only want the administrator to be able to do. If you were to give a regular user the run of the subjects, anything could happen. The capabilities to add and delete subjects are important pieces of functional- ity to create, but deleting is a capability with which you should take special care. By using InnoDB tables in MySQL, any accidental deletions of a subject cause all of the child topics and questions to be deleted also. As such, be very careful when working through this section. Adding Subjects Adding a subject to the database is as simple as creating a form and adding the con- tents of the form to the database. Create a new file called addsubject.php and add the following code: <h1>Add a new subject</h1> <form action="<?php echo $SCRIPT_NAME; ?>" method="post"> <table cellpadding="5"> <tr> <td>Subject</td> <td><input type="text" name="subject"></td> </tr> <tr> <td>Owner</td> <td> This code adds a form and a table to lay out the form elements. After adding the subject text box, display a combo box so that a subject owner can be chosen: <td>Owner</td> <td> <select name="owner"> <option value="0">—- No Owner —-</option> <?php $sql = "SELECT * FROM users ORDER BY username ASC;"; $result = mysql_query($sql); while($row = mysql_fetch_assoc($result)) { echo "<option value='" . $row['id'] . "'>" . $row['username'] . "</option>"; } ?> </select> 357 CHAPTER 9 FAQ Content Management System A select box is created, and the first entry (which returns the value 0) is added to provide a No Owner option. The other entries in the select box are added from the query. Complete the form: ?> </select> </td> </tr> <tr> <td>Description Blurb</td> <td><textarea name="blurb" cols=50 rows=10></textarea></td> </tr> <tr> <td></td> <td><input type="submit" name="submit" value="Add Subject!"></td> </tr> </table> </form> With the form finished, it’s time to process it. Jump to the start of the file and add the following code: <?php session_start(); require("db.php"); require("functions.php"); if(isset($_SESSION['SESS_ADMINUSER']) == FALSE) { header("Location: " . $config_basedir . "adminlogin.php"); } You first protect the page so that only the administrator can access it. Check if the Submit button was clicked and begin the processing: header("Location: " . $config_basedir . "adminlogin.php"); } if($_POST['submit']) { $subsql = "INSERT INTO subjects(subject, blurb, owner_id) VALUES(" . "'" . pf_fix_slashes($_POST['subject']) . "', '" . pf_fix_slashes($_POST['blurb']) . "'," . $_POST['owner'] . ");"; mysql_query($subsql); header("Location: " . $config_basedir); } 358 Practical PHP and MySQL FIGURE 9-14 If No Owner is selected, 0 is added to the owner_id field in the questions table. Inside this block an INSERT statement adds the form data to the database. Add the else that encases the main form: header("Location: " . $config_basedir); } else { require("header.php"); ?> <h1>Add a new subject</h1> <form action="<?php echo $SCRIPT_NAME; ?>" method="post"> Finally, after the form, close the else and add the footer file: </table> </form> <?php } require("footer.php"); ?> The completed page should look like the one shown in Figure 9-14. Deleting Subjects When logged in as an administrator, a user deletes content by clicking the little X links. These links hook up with a page to delete the type of content the X is next to. If you take a look at the list of subjects, you will see that the X next to each subject links to deletesubject.php and passes the script the id of the subject to be deleted. 359 CHAPTER 9 FAQ Content Management System NOTE Cascading Fun and Games Remember that when a subject is deleted, all topics and questions within that subject are deleted also. The code for the cascading delete was added when you set up your tables. When deletesubject.php is first loaded, the user is prompted to confirm that he wants to delete the subject. If he clicks the Yes link, the page reloads but includes a conf GET variable. If this variable is present, the subject is deleted. Create deletesubject.php and add the following code: <?php session_start(); require("db.php"); require("functions.php"); if($_SESSION['SESS_ADMIN']) { header("Location: " . $config_basedir); } if(pf_check_number($_GET['subject']) == TRUE) { $validsubject = $_GET['subject']; } else { header("Location: " . $config_basedir); } First, the code validates the subject GET variable that was passed to the page. Next a check is made to see if the conf GET variable exists (remember that this is added when the user confirms deletion of the subject): header("Location: " . $config_basedir); } if($_GET['conf']) { $delsql = "DELETE FROM subjects WHERE id = " . $validsubject . ";"; mysql_query($delsql); 360 Practical PHP and MySQL header("Location: " . $config_basedir); } else { require("header.php"); echo "<h1>Are you sure you want to delete this subject?</h1>"; echo "<p>[<a href='" . $SCRIPT_NAME . "?conf=1&subject=" . $validsubject . "'>Yes</a>] [<a href='" . $config_basedir . "'>No</a>]"; } If the variable exists, the subject is deleted and the page redirects back to the base page. Otherwise, the question is displayed. Finally, add the footer file: echo "<p>[<a href='" . $SCRIPT_NAME . "?conf=1&subject=" . $validsubject . "'>Yes</a>] [<a href='" . $config_basedir . "'>No</a>]"; } require("footer.php"); ?> MANAGING TOPICS When adding topics to the system, the script needs to work both for normal users who own subjects and for the administrator. The practical differences between a normal user and the admin are mainly in the subjects to which they have access. The administrator can choose any subject to add to a topic, whereas a normal user can choose only the subjects he owns. Adding Topics Create a new file called addtopic.php and start the form: <h1>Add a new topic</h1> <form action="<?php echo $SCRIPT_NAME; ?>" method="post"> <table cellpadding="5"> <tr> <td>Subject</td> To display the selection of subjects in the combo box, add the following code: <td>Subject</td> <td> <?php if($_SESSION['SESS_ADMINUSER']) { [...]... < ?php } require("footer .php" ); ?> Getting Rid of Topics Deleting a topic is virtually identical to deleting a subject The X next to the topic links to deletetopic .php and the code is very similar (see Example 9-9) 363 364 Practical PHP and MySQL EXAMPLE 9-9 The delete topic code is very similar to deleting a subject < ?php session_start(); require("db .php" ); require("functions .php" ); if(isset($_SESSION['SESS_ADMINUSER'])... 375 376 Practical PHP and MySQL The code used in this script is virtually the same as in deletesubject .php Create a new file called removesubown .php and add the code shown in Example 9-10 EXAMPLE 9-10 To orphan the subject, set the owner_id field to 0 < ?php session_start(); require("db .php" ); require("functions .php" ); if(!$_SESSION['SESS_USERNAME']) { header("Location: " $config_basedir "login .php" );... that she should be trusted to own the page and then clicks the Submit (Apply!) button The page then informs the applicant that a response will be emailed when the administrator has made a decision Create a new file called applysubowner .php and start adding the code: < ?php session_start(); require("config .php" ); require("functions .php" ); 365 366 Practical PHP and MySQL if(pf_check_number($_GET['subject'])... jump to the beginning of the file and add the following code: < ?php session_start(); require("db .php" ); require("functions .php" ); 361 362 Practical PHP and MySQL You now need to protect this file from unauthorized use This is more challenging because both the administrator and users who own subjects can use the file Unauthorized users include people not logged in and those users who don’t own a subject... buzzword, and in many situations it does actually make sense The following list describes a few ways to re-use existing code in your application: ■ ■ ■ PEAR The PHP Extension and Applications Repository (PEAR) provides a huge directory of extensions that can be easily installed and used Each PEAR module is written in PHP PECL The PHP Extension Community Library (PECL) includes a range of PHP extensions... functionality is displayed to the user in the index .php file This makes it easier to spread the features across different pages, and the URL looks clean and consistent Browser index .php index .php • Downloads • Screenshots project-main .php download .php project-main .php download .php FIGURE 10-1 re-usability Embedding pages inside pages promotes BUILDING THE DATABASE The database you will create is shown... releases and screenshots subdirectories Be sure that both releases and screenshots have write access to them 385 386 Practical PHP and MySQL You should now have the following directories: homeproject admin myproject releases screenshots Parent | | -Subdir1 | -Subdir2 | | -Subsubdir1 | -Subsubdir2 NOTE A Quick Reminder… When you added data to the tables, you also added some release and screenshot... process, the following list what happens from the moment the user accesses the Web site: ■ The user accesses the www.mysite.com/projects/myproject/ Web address, and the index .php file is loaded Between the header and footer files, a file called project-main .php is included CHAPTER 10 ■ ■ Building a Re-Usable Project The project-main .php files checks to see if a func GET variable exists If so, a switch statement... "adminmodsubown .php? func=main"); break; The deny Block The deny block is identical to the deny block in the question moderation script: header("Location: " $config_basedir "adminmodsubown .php? func=main"); break; case "deny": $validid = set_validid(); require("header .php" ); echo "Are you sure that you want to deny this request?"; 373 374 Practical PHP and MySQL echo "[ . file called applysubowner .php and start adding the code: < ?php session_start(); require("config .php& quot;); require("functions .php& quot;); 366 Practical PHP and MySQL if(pf_check_number($_GET['subject']). to the beginning of the file and add the following code: < ?php session_start(); require("db .php& quot;); require("functions .php& quot;); 362 Practical PHP and MySQL You now need to protect. 9-9). 364 Practical PHP and MySQL EXAMPLE 9-9 The delete topic code is very similar to deleting a subject. < ?php session_start(); require("db .php& quot;); require("functions .php& quot;); if(isset($_SESSION['SESS_ADMINUSER'])