These actions are divided into three subsets: actions that can be taken if not logged in, actions that can be taken by normal users, and actions that can be taken by administrative users
Trang 1$buttons[0] = ‘change-password’;
$buttons[1] = ‘account-settings’;
$buttons[2] = ‘show-my-lists’;
$buttons[3] = ‘show-other-lists’;
$buttons[4] = ‘log-out’;
}
else if(check_admin_user())
{
// if an administrator
$buttons[0] = ‘change-password’;
$buttons[1] = ‘create-list’;
$buttons[2] = ‘create-mail’;
$buttons[3] = ‘view-mail’;
$buttons[4] = ‘log-out’;
$buttons[5] = ‘show-all-lists’;
$buttons[6] = ‘show-my-lists’;
$buttons[7] = ‘show-other-lists’;
}
else
{
// if not logged in at all
$buttons[0] = ‘new-account’;
$buttons[1] = ‘show-all-lists’;
$buttons[4] = ‘log-in’;
}
if($action)
{
// display header with application name and description of page or action do_html_header(“Pyramid-MLM - “
format_action($action));
}
else
{
// display header with just application name do_html_header(“Pyramid-MLM”);
}
display_toolbar($buttons);
//display any text generated by functions called before header
echo $status;
/**********************************************************************
* Section 3: perform action
28
Trang 2// only these actions can be done if not logged in switch ( $action )
{ case ‘new-account’ : {
unset($normal_user);
unset($admin_user);
display_account_form($normal_user, $admin_user);
break;
} case ‘store-account’ : {
if (store_account($normal_user, $admin_user, $HTTP_POST_VARS))
$action = ‘’;
if(!check_logged_in()) display_login_form($action);
break;
} case ‘log-in’ : case ‘’:
{ if(!check_logged_in()) display_login_form($action);
break;
} case ‘show-all-lists’ : {
display_items(“All Lists”, get_all_lists(), ‘information’,
‘show-archive’,’’);
break;
} case ‘show-archive’ : {
display_items(“Archive For “.get_list_name($id),
get_archive($id), ‘view-html’, ‘view-text’, ‘’); break;
} case ‘information’ : {
display_information($id);
break;
}
Trang 3//all other actions require user to be logged in
if(check_logged_in())
{
switch ( $action ) {
case ‘account-settings’ : {
display_account_form($normal_user, $admin_user, get_email(), get_real_name(get_email()), get_mimetype(get_email()));
break;
} case ‘show-other-lists’ : {
display_items(“Unsubscribed Lists”,
get_unsubscribed_lists(get_email()), ‘information’,
‘show-archive’, ‘subscribe’);
break;
} case ‘subscribe’ : {
subscribe(get_email(), $id);
display_items(“Subscribed Lists”, get_subscribed_lists(get_email()),
‘information’, ‘show-archive’, ‘unsubscribe’);
break;
} case ‘unsubscribe’ : {
unsubscribe(get_email(), $id);
display_items(“Subscribed Lists”, get_subscribed_lists(get_email()),
‘information’, ‘show-archive’, ‘unsubscribe’);
break;
} case ‘’:
case ‘show-my-lists’ : {
display_items(“Subscribed Lists”, get_subscribed_lists(get_email()),
‘information’, ‘show-archive’, ‘unsubscribe’);
break;
} case ‘change-password’ : {
display_password_form();
break;
28
Trang 4case ‘store-change-password’ : {
if(change_password(get_email(), $old_passwd,
$new_passwd, $new_passwd2)) {
echo “<p>OK: Password changed.<br><br><br><br><br><br>”; }
else { echo “<p>Sorry, your password could not be changed.”; display_password_form();
} break;
} } } // The following actions may only be performed by an admin user if(check_admin_user())
{ switch ( $action ) {
case ‘create-mail’ : {
display_mail_form(get_email());
break;
} case ‘create-list’ : {
display_list_form(get_email());
break;
} case ‘store-list’ : {
if(store_list($admin_user, $HTTP_POST_VARS)) {
echo “<p>New list added<br>”;
display_items(“All Lists”, get_all_lists(), ‘information’,
‘show-archive’,’’);
} else echo “<p>List could not be stored, please try “ ”again.<br><br><br><br><br>”;
break;
}
Trang 5case ‘send’ : {
send($id, $admin_user);
break;
} case ‘view-mail’ : {
display_items(“Unsent Mail”, get_unsent_mail(get_email()),
‘preview-html’, ‘preview-text’, ‘send’);
break;
} } }
/**********************************************************************
* Section 4: display footer
*********************************************************************/
do_html_footer();
?>
You can see the four segments of the code clearly marked in this listing.
In the preprocessing stage, we set up the session and process any actions that need to be done
before headers can be sent In this case, this includes logging in and out.
In the header stage, we set up the menu buttons that the user will see, and display the
appropri-ate headers using the do_html_header()function from output_fns.php This function just
dis-plays the header bar and menus, so we won’t go into it here.
In the main section of the script, we respond to the action the user has chosen These actions
are divided into three subsets: actions that can be taken if not logged in, actions that can be
taken by normal users, and actions that can be taken by administrative users We check to see
whether access to the latter two sets of actions is allowed using the check_logged_in() and
check_admin_user()functions These functions are located in the user_auth_fns.php function
library The code for the functions, and for the check_normal_user() function are shown in
Listing 28.3.
LISTING 28.3 Functions from user_auth_fns.php—These Functions Check Whether or
Not a User Is Logged In, and at What Level
function check_normal_user()
// see if somebody is logged in and notify them if not
{
28
Trang 6if (session_is_registered(“normal_user”)) return true;
else return false;
} function check_admin_user() // see if somebody is logged in and notify them if not {
global $admin_user;
if (session_is_registered(“admin_user”)) return true;
else return false;
} function check_logged_in() {
return ( check_normal_user() || check_admin_user() );
}
check whether a user has logged in We’ll talk about setting these session variables up in a minute.
In the final section of the script, we send an HTML footer using the do_html_footer() function from output_fns.php.
Let’s look briefly at an overview of the possible actions in the system These actions are shown
in Table 28.2
TABLE28.2 Possible Actions in the Mailing List Manager Application
Action Usable By Description
form
for a user
Trang 7Action Usable By Description
mailing lists
news-letters for a particular list
about a particular list
settings
which the user is not subscribed
which the user is sub-scribed
particular list
from a particular list
password form
upload of newsletters
new mailing lists to be created
details in the database
have been uploaded but not yet sent
subscribers
28
Trang 8action that actually uploads the newsletters entered via create-mail by administrators This sin-gle piece of functionality is actually in a different file, upload.php We put this in a separate file because it makes it a little easier on us, the programmers, to keep track of security issues.
We will discuss the implementation of these actions in the three groups listed in the Table 28.2, that is, actions for people who are not logged in; actions for logged-in users; and actions for administrators.
Implementing Login
When a brand new user comes to our site, there are three things we would like them to do First, look at what we have to offer; second, sign up with us; and third, log in We will look at each of these in turn.
In Figure 28.4, you can see the screen we present to users when they first come to our site.
FIGURE28.4
On arrival, users can create a new account, view available lists, or just log in.
We’ll look at creating a new account and logging in now, and return to viewing list details in the “Implementing User Functions” and “Implementing Administrative Functions” sections later on.
Trang 9Creating a New Account
If a user selects the New Account menu option, this activates the new-account action This
activates the following code in index.php:
case ‘new-account’ :
{
unset($normal_user);
unset($admin_user);
display_account_form($normal_user, $admin_user);
break;
}
This code effectively logs out a user if they are currently logged in, and displays the account
details form as shown in Figure 28.5.
28
FIGURE28.5
The new account creation form enables users to enter their details.
library This function is used both here and in the account-settings action to display a form to
enable the user to set up an account If the function is invoked from the account-settings
action, the form will be filled with the user’s existing account data Here the form is blank,
ready for new account details Because this function only outputs HTML, we will not go
through it here.
Trang 10as follows:
case ‘store-account’ : {
if (store_account($normal_user, $admin_user, $HTTP_POST_VARS))
$action = ‘’;
if(!check_logged_in()) display_login_form($action);
break;
}
function is shown in Listing 28.4.
LISTING28.3 store_account() Function from mlm_fns.php—These Functions Check Whether or Not a User Is Logged In, and at What Level
// add a new subscriber to the database, or let a user modify their data function store_account($normal_user, $admin_user, $details)
{ if(!filled_out($details)) {
echo “All fields must be filled in Try again.<br><br>”;
return false;
} else { if(subscriber_exists($details[‘email’])) {
//check logged in as the user they are trying to change if(get_email()==$details[‘email’])
{
$query = “update subscribers set realname = ‘$details[realname]’,
mimetype = ‘$details[mimetype]’ where email = ‘“ $details[email] “‘“;
if(db_connect() && mysql_query($query)) {
return true;
} else { echo “could not store changes.<br><br><br><br><br><br>”;
return false;
} }