Beginning PHP6, Apache, MySQL Web Development- P17 ppsx

The Review page cms_pending.php loads see Figure 13 - 8 , with a list of all pending and published articles.. You will be taken back to cms_pending.php , and the article will now be list

echo ‘ < input type=”submit” name=”action” “value=”Save Changes”/ >

}

? < /td >

Try It Out Reviewing New Articles

In this exercise, you ’ ll create the reviewing system that lets you approve your articles

1 Create cms_pending.php :

< ?phprequire ‘db.inc.php’;

echo ‘ < h2 > Article Availability < /h2 >

echo ‘ < h3 > Pending Articles < /h3 >

$sql = ‘SELECT article_id, title, UNIX_TIMESTAMP(submit_date) AS submit_date FROM

cms_articles WHERE

is_published = FALSE ORDER BY

title ASC’;

$result = mysql_query($sql, $db) or die(mysql_error($db));

if (mysql_num_rows($result) == 0) { echo ‘ < > < strong > No pending articles available < /strong > < /p >

$db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or

die (‘Unable to connect Check your connection parameters.’);

$_GET[‘article_id’] : ‘’;

echo ‘ < h2 > Article Review < /h2 >

output_story($db, $article_id);

$sql = ‘SELECT is_published, UNIX_TIMESTAMP(publish_date) AS publish_date, access_level

FROM cms_articles a INNER JOIN cms_users u ON a.user_id = u.user_id WHERE

< form method=”post” action=”cms_transact_article.php” >

} else { echo ‘ < input type=”submit” name=”action” value=”Publish”/ > ‘;

echo ‘ < input type=”submit” name=”action” value=”Delete”/ > ‘;

}}

? < input type=”hidden” name=”article_id” value=” < ?php echo $article_id; ? > ”/ >

/div >

< /form >

< ?phpinclude ‘cms_footer.inc.php’;

?

3 Click the Review link The Review page cms_pending.php loads (see Figure 13 - 8 ), with a list

of all pending and published articles Right now, there is only one pending article, which is

the one you just wrote

Figure 13-8

4 Click the article You will be taken to cms_review_article.php It should look similar to

Figure 13 - 9 You have the option to edit, publish, or delete the article

Figure 13-9

5 Click the Publish button You will be taken back to cms_pending.php , and the article will

now be listed under Published Articles

6 Click the Articles link, and you will be taken back to the index page This time, the article

should appear on the page (see Figure 13 - 10 )

Figure 13-10

How It Works

You wrote two scripts in this section, cms_pending.php and cms_review_article.php Hopefully,

you are beginning to see just how easy it is to build up the interface and tie all the functionality

together, with the heavy - duty work delegated to the transaction files

The cms_pending.php script generates a page to list the articles that are pending approval and

articles that have been published You first generate this SQL query to fetch a list of pending articles:

You then check mysql_num_rows() to determine the number of records that the query returned If no records were returned, then you display a message stating there are no pending articles available

Otherwise, you loop through the list of articles that is returned from the database, and you display the title of each as a link to cms_review_article.php

if (mysql_num_rows($result) == 0) { echo ‘ < > < strong > No pending articles available < /strong > < /p >

} else { echo ‘ < ul >

while ($row = mysql_fetch_array($result)) { echo ‘ < li > < a href=” cms_review_article.php?article_id=’ $row[‘article_id’] ‘” > ’ htmlspecialchars($row[‘title’]) ‘ < /a > (‘ date(‘F j, Y’, $row[‘submit_date’]) ‘) < /li >

} echo ‘ < /ul >

}

The same process is followed to retrieve the list of published articles, though the query and the message that is displayed if no articles are returned have been modified accordingly

$sql = ‘SELECT article_id, title, UNIX_TIMESTAMP(publish_date) AS publish_date FROM

cms_articles WHERE

is_published = TRUE ORDER BY

title ASC’;

$result = mysql_query($sql, $db) or die(mysql_error($db));

if (mysql_num_rows($result) == 0) { echo ‘ < > < strong > No published articles available < /strong > < /p >

} else { echo ‘ < ul >

while ($row = mysql_fetch_array($result)) { echo ‘ < li > < a href=” cms_review_article.php?article_id=’ $row[‘article_id’] ‘” > ’ htmlspecialchars($row[‘title’]) ‘ < /a > (‘ date(‘F j, Y’, $row[‘publish_date’]) ‘) < /li >

} echo ‘ < /ul >

}

The whole purpose of the cms_review_article.php script is to present the article for review by the administrator First, you display the title of the page, and then you use the output_story() function

to display the article on the page

echo ‘ < h2 > Article Review < /h2 >

output_story($db, $article_id);

It is important to note that you passed only two variables to the function output_story() , even though output_story() takes three arguments PHP automatically used the default value because you did not specify the optional third parameter, which you should recall is FALSE (If there were no default value assigned when you first wrote output_story() , then attempting to call the function with only the two arguments would result in a PHP warning telling you that you are missing an

argument Providing default arguments when you are writing your functions makes them more

flexible and easier to use.)

You also want to display additional data about the document, such as when it was published You

used this SQL statement to retrieve the additional information:

$result = mysql_query($sql, $db) or die(mysql_error());

Yes, output_story() retrieves this data too, but if you modified output_story() so that articles

did not display their author or publish date, you would still want the information displayed on this

review page This is why you repeat this tiny bit of functionality here

If the document is published, then the administrator has an option to retract the article If it is still

pending, then the administrator can publish it Only moderators and admins are allowed to retract,

publish, and delete an article, and an article may only be deleted if it is pending

< form method=”post” action=”cms_transact_article.php” >

echo ‘ < input type=”submit” name=”action” value=”Publish”/ > ‘;

echo ‘ < input type=”submit” name=”action” value=”Delete”/ > ‘;

Try It Out Article Pages

So you ’ ve created an article, reviewed it, and published it Now it ’ s time to give the public a way to

view the article and provide feedback It ’ s time to write cms_view_article.php and cms_comment

.php , both of which are relatively short scripts

1 Create cms_view_article.php :

< ?phprequire ‘db.inc.php’;

include ‘cms_header.inc.php’;

$article_id = (isset($_GET[‘article_id’]) & & ctype_digit($_GET[‘article_

id’])) ? $_GET[‘article_id’] : ‘’;

output_story($db, $article_id);

?

< h3 > Add a comment < /h3 >

< form method=”post” action=”cms_transact_article.php” >

div >

< label for=”comment_text” > Comment: < /label > < br/ >

< textarea id=”comment_text” name=”comment_text” rows=”10”

cols=”60” > < /textarea > < br/ >

< input type=”submit” name=”action” value=”Submit Comment” / >

< input type=”hidden” name=”article_id” value=” < ?php echo $article_id; ? > ” / >

/div >

< /form >

< ?phpshow_comments($db, $article_id, FALSE);

include ‘cms_footer.inc.php’;

?

3 Go back to the index by clicking the Articles link Click the Read Full Story link below the

snippet of the article you want to view The full article should appear, complete with a link to add comments

How It Works

The first page, cms_view_article.php , is very short, yet it illustrates the nature of included files and

functions wonderfully

As you can see, there is no content displayed directly with cms_view_article.php It simply

includes the necessary files and calls the output_story() and show_comments() functions from

cms_output_functions.inc.php to display the article and all of its comments

< ?php

require ‘db.inc.php’;

require ‘cms_output_functions.inc.php’;

$db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or

die (‘Unable to connect Check your connection parameters.’);

You may notice that you don ’ t worry about the situation in which an article is not passed As it stands,

if you load cms_view_article.php without the “ article_id ” parameter in the URL, you will

simply get a page that consists of the site title, search, and a menu (all included in cms_header.inc

.php ) The rest will be blank If that ’ s the desired result, then that ’ s fine You may decide to redirect

the user back to the home page if $_GET[‘article_id’] is empty If you do, don ’ t forget to include

cms_http_functions.inc.php and use redirect() before including cms_header.inc.php

The most important feature of cms_comment.php is the HTML form it produces to let readers enter

their comments on an article It has a textarea element to accept the comment, a submit button, and

a hidden input field to pass the article ’ s ID

< form method=”post” action=”cms_transact_article.php” >

div >

< label for=”comment_text” > Comment: < /label > < br/ >

< textarea id=”comment_text” name=”comment_text” rows=”10”

cols=”60” > < /textarea > < br/ >

< input type=”submit” name=”action” value=”Submit Comment” / >

< input type=”hidden” name=”article_id” value=” < ?php echo $article_id; ? >

/

/div >

< /form >

And that ’ s it! That last one was a doozy, huh? Hardly! Because you planned well and wrote most of

the CMS ’ s functional code up front, these scripts are getting easier Stay with us — you only need to

write a couple more short scripts to finish off your application

Additional CMS Features

So far, you ’ ve created a system to create and manage users and publish articles, but there are a couple of additional features that can help make your CMS even better What you ’ re going to add now is the ability for users to update their information and the ability to search published articles by keyword

Try It Out User Control Panel

In this exercise, you ’ re going to create a page to allow users to maintain their own information

1 Enter the following code, and save it as cms_cpanel.php :

< ?phprequire ‘db.inc.php’;

$sql = ‘SELECT email, name FROM

cms_users WHERE

< td > < label for=”name” > Full Name: < /label > < /td >

< td > < input type=”text” id=”name” name=”name” maxlength=”100”

value=” < ?php echo htmlspecialchars($name); ? > ”/ > < /td >

< /tr > < tr >

< td > < label for=”email” > Email Address: < /label > < /td >

< td > < input type=”text” id=”email” name=”email” maxlength=”100”

value=” < ?php echo htmlspecialchars($email); ? > ”/ > < /td >

include ‘cms_footer.inc.php’;

?

2 Click the navigation link to go to the Control Panel page You should see a screen similar to the one shown in Figure 13 - 11 Here you can change your user information (username and

e - mail), and see what articles you have written for the site

Figure 13-11

How It Works

The Control Panel page, cms_cpanel.php , is used to allow users to change their usernames and

e - mail addresses They can also see all of the articles they have written, categorized by whether they are pending or have been published

You first go out to the database and retrieve the user ’ s e - mail address and name from the cms_users table

$sql = ‘SELECT email, name FROM

cms_users

The form to let the user edit his or her information uses the post method When the submit button is

clicked, it will post the name and e - mail address to cms_transact_user.php for processing The rest

of the form is standard HTML with some PHP statements mixed in to populate the fields with the

values from the database

< form method=”post” action=”cms_transact_user.php” >

table >

< tr >

< td > < label for=”name” > Full Name: < /label > < /td >

< td > < input type=”text” id=”name” name=”name” maxlength=”100”

value=” < ?php echo htmlspecialchars($name); ? > ”/ > < /td >

< /tr > < tr >

< td > < label for=”email” > Email Address: < /label > < /td >

< td > < input type=”text” id=”email” name=”email” maxlength=”100”

value=” < ?php echo htmlspecialchars($email); ? > ”/ > < /td >

Next, you display pending and published articles Time to drop back into using PHP, where you query

the database to retrieve the pending articles written by this user, ordered by the date they were

$result = mysql_query($sql, $db) or die(mysql_error($db));

You handle the contingency that there may not be any pending articles, in which case you output an

appropriate message Otherwise, you loop through the pending articles and display the titles as links

to cms_reviewarticle.php

if (mysql_num_rows($result) == 0) { echo ‘ < > < strong > There are currently no pending articles < /strong > < /p >

} else { echo ‘ < ul >

while ($row = mysql_fetch_array($result)) { echo ‘ < li > < a href=”cms_review_article.php?article_id=’ $row[‘article_id’] ‘” > ’ htmlspecialchars($row[‘title’]) ‘ < /a > (submitted ‘ date(‘F j, Y’, $row[‘submit_date’]) ‘) < /li >

} echo ‘ < /ul >

}mysql_free_result($result);

This next section of code, which displays the published articles, is almost identical to the code used to display pending articles, though this time the selection is where is_published is TRUE , and the results are ordered by the article ’ s publication date

$sql = ‘SELECT article_id, UNIX_TIMESTAMP(publish_date) AS publish_date, title FROM

cms_articles WHERE

is_published = TRUE AND user_id = ‘ $_SESSION[‘user_id’] ‘ ORDER BY

publish_date ASC’;

$result = mysql_query($sql, $db) or die(mysql_error($db));

if (mysql_num_rows($result) == 0) { echo ‘ < > < strong > There are currently no published articles < /strong > < /p > } else {

echo ‘ < ul >

while ($row = mysql_fetch_array($result)) { echo ‘ < li > < a href=”cms_review_article.php?article_id=’ $row[‘article_id’] ‘” > ’ htmlspecialchars($row[‘title’]) ‘ < /a > (published ‘ date(‘F j, Y’, $row[‘publish_date’]) ‘) < /li >

} echo ‘ < /ul >

}mysql_free_result($result);