It enables the user administrator to do the following tasks: ◆ Add new user accounts ◆ Modify user accounts ◆ Toggle user account active flags ◆ Change user passwords ◆ Upgrade or downgr
Trang 1Listing 6-1(Continued)
return implode(‘, ‘, $setValues);
}
function updateUser($data = null) {
$this->setUserID();
$fieldList = $this->user_tbl_fields;
$keyVal = $this->makeUpdateKeyValuePairs($this->user_tbl_fields,
$data);
$stmt = “UPDATE >user_tbl SET $keyVal WHERE USER_ID =
$this->USER_ID”;
$result = $this->dbi->query($stmt);
return $this->getReturnValue($result);
}
function addUser($data = null) {
$fieldList = $this->user_tbl_fields;
$valueList = array();
while(list($k, $v) = each($fieldList)) {
if (!strcmp($v, ‘text’)) {
$valueList[] = $this->dbi->quote(addslashes($data[$k])); } else {
$valueList[] = $data[$k];
} }
$fields = implode(‘,’, array_keys($fieldList));
$values = implode(‘,’, $valueList);
$stmt = “INSERT INTO $this->user_tbl ($fields) VALUES($values)”; //echo $stmt;
$result = $this->dbi->query($stmt);
Trang 2return $this->getReturnValue($result);
}
function deleteUser($uid = null) {
$this->setUserID($uid);
$stmt = “DELETE from $this->user_tbl “
“WHERE USER_ID = $this->USER_ID”;
$result = $this->dbi->query($stmt);
return $this->getReturnValue($result);
}
function getReturnValue($r = null) {
return ($r == DB_OK) ? TRUE : FALSE;
}
function logActivity($action = null) {
$now = time();
$stmt = “INSERT INTO $this->user_activity_log SET “
“USER_ID = $this->USER_ID, “.
“ACTION_TYPE = $action, “
“ACTION_TS = $now”;
// echo “$stmt <P>”;
$result = $this->dbi->query($stmt);
return $this->getReturnValue($result);
} }
?>
Trang 3User Interface Templates
Throughout the user management system, many user interface templates are needed to allow users and administrators to interact with the system These tem-plates are simple HTML forms with embedded tags, which are dynamically replaced
to create the desired look and feel of the applications These templates are supplied with the CD-ROM and are very simple in nature These templates are:
◆ usermngr_menu.html - this template displays the user manager menu
◆ usermngr_user_form.html - this template is the user add/modify form
◆ usermngr_status.html - this template shows status of add/modify/delete etc
◆ usermngr_pwd_change.html - this template is used for password changes
◆ usermngr_pwd_reset.html - this template is used to reset passwords
◆ usermngr_forgotten_pwd.html - this template is used as forgotten pass-word request form
◆ usermngr_forgotten_pwd_email.html - this template is used in e-mailing password reset request for those who have forgotten passwords
Creating a User Administration Application
The primary application in the central user management system is the user admin-istration application It enables the user administrator to do the following tasks:
◆ Add new user accounts
◆ Modify user accounts
◆ Toggle user account active flags
◆ Change user passwords
◆ Upgrade or downgrade users
◆ Delete user accounts
user_mngr.php is a user manager application that implements these features Let’s look at some of its main methods:
◆ run(): This method is used to run the application It acts as a driver and
performs the following tasks:
■ It checks to see if the user is authorized to run the application
Trang 4■ If the application is called with $cmdset to add, run()calls
addDriver()to handle user add operation
If the application is called with $cmdset to modify, run()calls
modifyDriver()to handle user modification operation
If the application is called with $cmdset to delete, run()calls
deleteUser()to handle user delete operation
If the $cmdvariable is not set, run()calls showScreen()to show the user management menu
◆ addUser(): This method adds a user as follows:
1 It calls checkInput()to check user input supplied in add user inter-face
2 It adds the default domain to the user’s e-mail address if the username
entered by the user does not include a domain name For example, if the user enters carolas the username, addUser()sets the username to
carol@evoknow.comassuming $DEFAULT_DOMAINis set to
evoknow.com
3 It generates a two-character random string to be used as a salt for the
crypt()function used to encrypt the user-supplied password
4 It lowercases the username and creates a User object An associative
array is defined to hold the user-supplied data in a key=valuemanner
The keys are database field names for respective user data
5 It uses the User object, $userObj, to call addUser(), which in turn adds the user in the database
6 It displays a success or failure status message accordingly.
◆ modifyUser(): This method modifies a user account as follows:
1 It uses checkInput()to check user-supplied input
2 If the user is trying to modify the root user account (identified by the
$ROOT_USERvariable loaded from the user_mngr.conffile), then the user is not allowed to deactivate the root user Also, the root user account cannot be lowered to a standard account This check is also performed and an appropriate alert message is displayed when such attempts are made by the administrator user
3 It enters the user-supplied user type (TYPE), active flag (ACTIVE), and user ID (USER_ID) into an associative array called $hash
4 If the user-supplied password does not match the dummy password
(identified by the $DUMMY_PASSWDvariable loaded from the
user_mngr.conffile), modifyUser()encrypts the password using a random two-character-based salt string
Trang 55 It uses $userObj to call getUserInfo()to load current user data into the object
6 It stores modified username (EMAIL) in the $hashvariable
7 It uses the $uesrObj object’s updateUser()method to update the user
in the database
8 It displays a success or failure status message as appropriate.
◆ deleteUser(): This method, used to delete the chosen user, works as follows:
1 It displays an error message if the user ID is not supplied from the user
interface
2 It creates a User object, $userObj, and uses getUserInfo()to load the current user data
3 It compares the chosen user’s username (EMAIL) with the $ROOT_USER
specified user’s name to avoid deleting the root user account
4 It uses $userObj’s deleteUser()to perform the actual delete opera-tion, removing the user from the database
5 It displays a success or failure status message accordingly.
The following are the other functions/methods used in the user manager application:
modifyDriver() This is the modify driver It uses the form variable $stepto control
how the modify operation is implemented When $stepis not set,
showScreen()is used to display the modify user interface The user modify interface sets $stepto 2, which is used to call
modifyUser() modifyUser()uses the User object’s
updateUser()method to modify the user account
addDriver() This is the add driver It uses the form variable $stepto control
how an add operation is implemented When $stepis not set,
showScreen()is used to display the add user interface The user add interface sets $stepto 2, which is used to call
modifyUser() modifyUser()uses the User object’s
addUser()method to add the user account
menu() Called by showScreen()to display the user management menu
It uses a User object called $userObjto get a list of existing users using the getUserList()function The user list is displayed in the user interface for modification and deletion operation