Exercise: Implementing the Skeleton of the Admin Page

Một phần của tài liệu Beginning PHP and Postgre SQL E-Commerce From Novice to Professional phần 4 ppsx (Trang 41 - 48)

1. Modify the presentation/templates/first_page_contents.tplfile to add a link to the admin page:

Beginning PHP and PostgreSQL E-Commerce: From Novice to Professional!

<br /><br />

Access the <a href="{"admin.php"|prepare_link:"https"}">admin page</a>.

</p>

2. Add the following styles to hatshop.css:

.first_page_text a {

color: #0000ff;

font-size: 12px;

text-decoration: underline;

}

#admin_login_box {

border: dashed 1px #c9c9c9;

display: block;

margin: auto;

padding: 10px;

width: 368px;

}

.admin_title {

color: #228aaa;

font-family: verdana, arial, tahoma;

font-size: 20px;

font-weight: bold;

text-align: left;

}

.admin_page_text {

color: #000080;

font-family: verdana, arial, tahoma;

font-size: 11px;

font-weight: bold;

line-height: 12px;

}

.admin_page_text a {

color: #0000ff;

text-decoration: underline;

}

.admin_error_text {

color: #ff0000;

font-family: verdana, arial, tahoma;

font-size: 12px;

font-weight: bold;

}

.menu_text {

color: #000000;

font-family: verdana, arial, tahoma;

font-size: 11px;

font-weight: bold;

}

.menu_text a {

color: #0000ff;

text-decoration: underline;

} table {

border-collapse: collapse;

table-layout: auto;

width: 100%;

} th {

background: #00008b;

color: #ffffff;

font-family: verdana, arial, tahoma;

font-size: 12px;

font-weight: bold;

margin: 1px;

padding: 3px;

text-align: left;

} td {

background: #e6e6e6;

border-bottom: solid 1px #000000;

font-family: verdana, arial, tahoma;

font-size: 11px;

margin: 1px;

padding: 3px;

} select {

font-family: tahoma, verdana, arial;

font-size: 11px;

}

3. Modify include/app_top.phpby adding the following two lines at its beginning. Calling ob_start()—

see http://www.php.net/ob_start—turns on output buffering, which improves performance and ensures that page redirections with the header function (see admin.phpat the next step) don’t generate errors.

<?php

// Turn on output buffering ob_start();

// Activate session session_start();

4. In your site’s document root, create a new file named admin.php, and write the following code in it:

<?php

// Load Smarty library and config files require_once 'include/app_top.php';

// Enforce page to be accessed through HTTPS if (USE_SSL != 'no' and getenv('HTTPS') != 'on') {

header ('Location: https://' . getenv('SERVER_NAME') . getenv('REQUEST_URI'));

exit();

}

// Load Smarty template file

$page = new Page();

// Define the template file for the page menu

$pageMenuCell = 'blank.tpl';

// Define the template file for the page contents

$pageContentsCell = 'blank.tpl';

// If admin is not logged, assign admin_login template to $pageContentsCell if (!(isset ($_SESSION['admin_logged'])) || $_SESSION['admin_logged'] != true)

$pageContentsCell = 'admin_login.tpl';

else {

// If admin is logged, load the admin page menu

$pageMenuCell = 'admin_menu.tpl';

// If loggin out ...

if (isset ($_GET['Page']) && ($_GET['Page'] == 'Logout')) {

unset($_SESSION['admin_logged']);

header('Location: admin.php');

exit;

} }

// Assign templates file to be loaded

$page->assign('pageMenuCell', $pageMenuCell);

$page->assign('pageContentsCell', $pageContentsCell);

// Display the page

$page->display('admin.tpl');

// Load app_bottom which closes the database connection require_once 'include/app_bottom.php';

?>

5. Create the presentation/templates/admin.tpltemplate file, which is loaded from the admin.php file we just created, and add the following code in it:

{* smarty *}

{config_load file="site.conf"}

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"

"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html>

<head>

<title>{#site_title#}</title>

<link href="hatshop.css" type="text/css" rel="stylesheet" />

</head>

<body>

<div>

<br />

{include file="$pageMenuCell"}

</div>

<div>

{include file="$pageContentsCell"}

</div>

</body>

</html>

6. Add the administrator login information at the end of include/config.php:

// Administrator login information define('ADMIN_USERNAME', 'hatshopadmin');

define('ADMIN_PASSWORD', 'hatshopadmin');

Note As stated earlier, in Chapter 11, you’ll learn about hashing and how to work with hashed passwords stored in the database. If you want to use hashing now, you need to store the hash value of the password in the configfile instead of storing the password in clear text (hatshopadmin, in this case). At login time, you compare the hash value of the string entered by the user to the hash value you saved in the configfile. You can calculate the hash value of a string by applying the sha1function to it (the sha1function calculates the hash value using the SHA-1 algorithm). Don’t worry if this sounds too advanced at this moment, Chapter 11 will show you the process in more detail.

7. Now we’ll create the admin_logincomponentized template to supervise the login moment. Let’s start by creating the presentation/templates/admin_login.tplfile and then add the following code to it:

{* admin_login.tpl *}

{load_admin_login assign="admin_login"}

<br /><br />

<div id="admin_login_box">

<span class="admin_title">HatShop Login</span>

<br /><br />

<span class="admin_page_text">

Enter login information or go back to

<a href="{"index.php"|prepare_link:"http"}">storefront</a>

</span>

<br />

{if $admin_login->mLoginMessage neq ''}

<br />

<span class="admin_error_text">{$admin_login->mLoginMessage}</span>

<br />

{/if}

<br />

<form method="post" action="{"admin.php"|prepare_link:"https"}">

Username:

<input type="text" name="username" value="{$admin_login->mUsername}" />

&nbsp;&nbsp;

Password:

<input type="password" name="password" value="" />

<br /><br />

<input type="submit" name="submit" value="Login" />

</form>

</div>

8. Create a new Smarty function plugin file named function.load_admin_login.phpin the presentation/smarty_pluginsfolder with the following code in it:

<?php

/* Smarty plugin function that gets called when the

load_admin_login function plugin is loaded from a template */

function smarty_function_load_admin_login($params, $smarty)

{

// Create AdminLogin object

$admin_login = new AdminLogin();

// Assign template variable

$smarty->assign($params['assign'], $admin_login);

}

// Class that deals with authenticating administrators class AdminLogin

{

// Public variables available in smarty templates public $mUsername;

public $mLoginMessage = '';

// Class constructor

public function __construct() {

// Verify if the correct username and password have been supplied if (isset ($_POST['submit']))

{

if ($_POST['username'] == ADMIN_USERNAME

&& $_POST['password'] == ADMIN_PASSWORD) {

$_SESSION['admin_logged'] = true;

header('Location: admin.php');

exit;

} else

$this->mLoginMessage = 'Login failed. Please try again:';

} } }

?>

9. Create the presentation/templates/admin_menu.tplfile, and add the following code:

{* admin_menu.tpl *}

<span class="admin_title">HatShop Admin</span>

<span class="menu_text"> |

<a href="{"admin.php"|prepare_link:"https"}">CATALOG ADMIN</a> |

<a href="{"index.php"|prepare_link:"http"}">STOREFRONT</a> |

<a href="{"admin.php?Page=Logout"|prepare_link:"https"}">LOGOUT</a> |

</span>

<br />

10. Load index.phpin your favorite browser page, and you’ll see the admin pagelink in the welcome mes- sage. Click it, and an HTML login form will be displayed; Figure 7-8 shows the message you’ll get if you type in the wrong password.

Figure 7-8.The login page

After you supply the correct login info (hatshopadmin/hatshopadmin), you’ll be redirected to the catalog admin page. Currently the catalog admin page contains only the main menu but we’ll change this immediately.

How It Works: The admin Page

So far, you’ve created the admin.phpthat you’ll continue to develop in the rest of the chapter to allow the user to administer catalog data and the admin_logincomponentized template that contains the admin authentication and authorization functionality.

All the fun begins in admin.php, which checks to see whether the visitor has been authenticated as administrator (by checking whether the admin_loggedsession variable is true). If the visitor is not logged in as administrator, the admin_logincomponentized template is loaded:

// If admin is not logged, assign admin_login template to $pageContentsCell if (!(isset ($_SESSION['admin_logged'])) || $_SESSION['admin_logged'] != true)

$pageContentsCell = 'admin_login.tpl';

The login mechanism in the AdminLoginhelper class stores the current authentication state in the visitor’s ses- sion under a variable named admin_logged. In the __constructfunction, we test whether the supplied username and password match the values stored in config.phpas ADMIN_USERNAMEand ADMIN_PASSWORD;

if they match, we set the value of admin_loggedto trueand redirect to admin.php:

// Verify if the correct username and password have been supplied if (isset ($_POST['submit']))

{

if ($_POST['username'] == ADMIN_USERNAME

&& $_POST['password'] == ADMIN_PASSWORD) {

$_SESSION['admin_logged'] = true;

header('Location: admin.php');

exit;

} else

$this->mLoginMessage = 'Login failed. Please try again:';

}

The logout link in admin_menu.tplsimply unsets the admin_loggedsession variable in admin.phpand redi- rects the administrator to index.php. This way, on the next attempt to access the admin page, the administrator will be redirected to the login page.

// If loggin out ...

if (isset ($_GET['Page']) && ($_GET['Page'] == 'Logout')) {

unset($_SESSION['admin_logged']);

header('Location: admin.php');

exit;

}

Một phần của tài liệu Beginning PHP and Postgre SQL E-Commerce From Novice to Professional phần 4 ppsx (Trang 41 - 48)

Tải bản đầy đủ (PDF)

(63 trang)