For a normal user, only the questions within the subjects that he owns shouldbe returned: $modqsql = "SELECT questions.*, users.username FROM users INNER JOIN questions on questions.adde
Trang 1For a normal user, only the questions within the subject(s) that he owns should
be returned:
$modqsql = "SELECT questions.*, users.username FROM users
INNER JOIN questions on questions.addedby_id=users.id INNER JOIN
topics on questions.topic_id=topics.id INNER JOIN subjects on
topics.subject_id=subjects.id WHERE questions.active = 0;";
}
else {
$modqsql = "SELECT questions.*, users.username FROM users
inner join questions on questions.addedby_id=users.id inner join
topics on questions.topic_id=topics.id inner join subjects on
topics.subject_id=subjects.id WHERE questions.active = 0 AND
subjects.owner_id = " $_SESSION['SESS_USERID'] ";";
}
Run the relevant query:
$modqsql = "SELECT questions.*, users.username FROM users
inner join questions on questions.addedby_id=users.id inner join
topics on questions.topic_id=topics.id inner join subjects on
topics.subject_id=subjects.id WHERE questions.active = 0 AND
echo "<h1>Questions submitted for moderation</h1>";
echo "<table cellspacing='0' cellpadding='5'>";
Trang 2echo "<td colspan=7>No questions to moderate</td>";
The details Block
Thedetailsblock displays details about the current question This block is sented like the block shown in Figure 9-12
pre-Add the following code:
echo "</table>";
break;
case "details":
require("header.php");
Trang 3FIGURE 9-12 The details link provides a convenient way of viewing the answer to the question.
$validid = set_validid();
$sql = "SELECT questions.*, topics.name, subjects.subject FROM
questions INNER JOIN topics ON questions.topic_id = topics.id INNER
JOIN subjects ON topics.subject_id = subjects.id
WHERE questions.id = " $validid ";";
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
You first run this query to gather the details about the submitted question Thisquery performs an inner join to gather the question details, the topic name, and thesubject name
Display the gathered information:
$row = mysql_fetch_assoc($result);
echo "<h1>Submitted question details</h1>";
echo "<table border='0' cellspacing='0' cellpadding='5'>";
Trang 4FIGURE 9-13 Before denying a question, be sure this is what
the user wants.
echo "<a href='adminmodquestions.php?func=main'>⇐
The allow Block
To accept a question, add the allowblock:
ques-The deny Block
To deny a question, the process is split into two parts The first part asks the user ifshe is sure that she wants to reject the question See Figure 9-13
Add the code for this section:
Trang 5echo "<p>[<a href='" $SCRIPT_NAME "?func=denyconf&id="
$validid "'>Yes</a>] [<a href='" $SCRIPT_NAME
"?func=main'>No</a>]";
break;
This block provides two links The No link simply links back to the main tion of the current script, and the Yes link links to the denyconfsection
sec-The denyconf Block
To confirm the cold, hard reality of denying a question, add the denyconfblock:
echo "<p>[<a href='" $SCRIPT_NAME "?func=denyconf&id="
$validid "'>Yes</a>] [<a href='" $SCRIPT_NAME
This block deletes the question from the questions table and then redirects back
to the mainsection to display the other moderated questions
Finally, close the switchand add the footer file:
Trang 6M ANAGING S UBJECTS
Subjects are the core foundation of the content that this project manages, and arevery similar to Categories in the blog project in Chapter 4 Managing subjects issomething that you naturally only want the administrator to be able to do If youwere to give a regular user the run of the subjects, anything could happen
The capabilities to add and delete subjects are important pieces of ity to create, but deleting is a capability with which you should take special care
functional-By using InnoDB tables in MySQL, any accidental deletions of a subject cause all
of the child topics and questions to be deleted also As such, be very careful whenworking through this section
Adding Subjects
Adding a subject to the database is as simple as creating a form and adding the
con-tents of the form to the database Create a new file called addsubject.php and add
the following code:
<h1>Add a new subject</h1>
<form action="<?php echo $SCRIPT_NAME; ?>" method="post">
$row['username'] "</option>";
}
?>
</select>
Trang 7A select box is created, and the first entry (which returns the value 0) is added
to provide a No Owner option The other entries in the select box are added from thequery
Complete the form:
Trang 8FIGURE 9-14
If No Owner is selected, 0 is added to
the owner_id field in the questions
<h1>Add a new subject</h1>
<form action="<?php echo $SCRIPT_NAME; ?>" method="post">
Finally, after the form, close the elseand add the footer file:
Trang 9Cascading Fun and Games
Remember that when a subject is deleted, all topics and questions withinthat subject are deleted also The code for the cascading delete was addedwhen you set up your tables
When deletesubject.php is first loaded, the user is prompted to confirm that he
wants to delete the subject If he clicks the Yes link, the page reloads but includes
aconfGET variable If this variable is present, the subject is deleted
Create deletesubject.php and add the following code:
Trang 10header("Location: " $config_basedir);
}
else {
require("header.php");
echo "<h1>Are you sure you want to delete this subject?</h1>";
echo "<p>[<a href='" $SCRIPT_NAME "?conf=1&subject="
$validsubject "'>Yes</a>] [<a href='" $config_basedir
"'>No</a>]";
}
If the variable exists, the subject is deleted and the page redirects back to thebase page Otherwise, the question is displayed
Finally, add the footer file:
echo "<p>[<a href='" $SCRIPT_NAME "?conf=1&subject="
$validsubject "'>Yes</a>] [<a href='" $config_basedir "'>No</a>]"; }
Adding Topics
Create a new file called addtopic.php and start the form:
<h1>Add a new topic</h1>
<form action="<?php echo $SCRIPT_NAME; ?>" method="post">
Trang 11$sql = "SELECT * FROM subjects ORDER BY subject ASC;";
$result = mysql_query($sql);
}
else {
$sql = "SELECT * FROM subjects WHERE owner_id = "
$_SESSION['SESS_USERID'] " ORDER BY subject ASC;";
Complete the rest of the form:
Trang 12You now need to protect this file from unauthorized use This is more ing because both the administrator and users who own subjects can use the file.Unauthorized users include people not logged in and those users who don’t own asubject.
challeng-The solution is to perform checks to see if the current user is a valid user If theuser is a valid user, the $authvariable is set to 1 After these tests, the $authvari-able is checked If $authis not equal to 1, the page is redirected
Add the checks:
$authsql = "SELECT * FROM subjects WHERE owner_id = "
$_SESSION['SESS_USERID'] " ORDER BY subject ASC;";
The first check identifies whether the administrator is logged in If he is, $auth
is set to 1 The next check identifies whether a user is logged in and then performs
a query to see that user owns any subjects If the query returns one or more rows,
Trang 13Process the form:
<h1>Add a new topic</h1>
<form action="<?php echo $SCRIPT_NAME; ?>" method="post">
This block uses a simple INSERT statement to add the values to the database
The page then redirects to index.php and passes it the subjectGET variable to play the subject information
dis-After the form, close the elseblock and add the footer file:
Getting Rid of Topics
Deleting a topic is virtually identical to deleting a subject The X next to the topic
links to deletetopic.php and the code is very similar (see Example 9-9).
Trang 14EXAMPLE 9-9 The delete topic code is very similar to deleting a subject.
echo "<h1>Are you sure you want to delete this topic?</h1>";
echo "<p>[<a href='" $SCRIPT_NAME "?conf=1&topic="
$validtopic "'>Yes</a>] [<a href='" $config_basedir
Subject ownership is a key feature in this project Not only does it encourage users
to roll up their sleeves and get involved, it also decentralizes the source of the tent so that a range of different users can maintain the site
con-In this part of the project, you manage ownership requests, request moderation,and the removal of ownership Three scripts manage these different needs
Trang 15FIGURE 9-15 Any user is welcome to apply for ownership of a subject.
Applying for Ownership of a Subject
If a subject in the system has no owner, the subject information page contains a linkthat invites users to apply for ownership of the event When this link is clicked, theuser is presented with the page shown in Figure 9-15
This page is very simple The user types the reasons she feels that she should
be trusted to own the page and then clicks the Submit (Apply!) button The pagethen informs the applicant that a response will be emailed when the administratorhas made a decision
Create a new file called applysubowner.php and start adding the code:
<?php
session_start();
require("config.php");
require("functions.php");
Trang 16The file begins by validating the subjectGET variable.
Add the code to process the form, which consists of a single text box:
require("header.php");
if($_POST['submit']) {
$appsql = "SELECT * FROM mod_subowner WHERE sub_id = "
$validsubject " AND user_id = '" $_SESSION['SESS_USERID']
mysql_query($inssql);
echo "<h1>Application Submitted</h1>";
echo "Your application has been submitted You will be
emailed with the decision.";
}
else {
echo "<h1>Already Applied</h1>";
echo "<p>You have already made an application for this
Trang 17The name of the subject from this query is used in the text of the page
Add this text and the form:
<li>Fill in is Subject Ownership application form.</li>
<li>The contents of this form will be submitted to the site
When you fill out the Reasons box below, it is advised that you
indicate why you should be given
the ownership of the subject What can you bring to the subject
in terms of time and knowledge? Can
you ensure the subject questions are clear and well structured?
Trang 18FIGURE 9-16 The administrator can easily tend to requests.
With the form complete, add the closing code:
Moderating Ownership Requests
Moderation of the subject ownership requests is very similar to the moderation ofthe questions earlier in the project The administrator is presented with a list ofrequests, which he can accept or deny, as shown in Figure 9-16
In the question moderation script, the func GET variable was used to choosewhich mode the page was working in A switch statement checked this variable,and the relevant code was executed
Trang 19The same technique is used in this page, which includes the following foursections:
■ main This section displays the ownership requests
■ allow If the Allow link is clicked, this section is run and authorizes the ership request
own-■ deny If the Deny link is clicked, this section prompts the administrator to besure that he wants to deny the request
■ denyconf If the administrator clicks the Yes link in the deny section, the
denyconfsection deletes the request from the database
Create a new file called adminmodsubown.php and add the following code:
Trang 20The main Block
The first block to add ismain, which displays the list of ownership requests This list
of requests allows the user to see who wants to have ownership of a particular subject.switch($_GET['func']) {
echo "<h1>Subjects and Ownership</h1>";
This code runs a query to gather the names of all the subjects that have hadownership requests If the query returns no rows, display a message:
echo "<h1>Subjects and Ownership</h1>";
if($subsnumrows == 0) {
echo "No requests have been made.";
}
If rows are returned, execute the else:
echo "No requests have been made.";
Awhileloop is opened to loop through each subject A second query performs
a join to get the usernames for the ownership requests
Start a table to hold the content:
$reqresult = mysql_query($reqsql);
echo "<table class='visible' cellpadding=10 cellspacing=0>";
Trang 21echo "<tr><th class'visible' colspan='4'>
Ownership requests for <i>" $subsrow['subject']
"</i></th></tr>";
Create another whileloop to loop through the second query’s set of results:
echo "<tr><th class'visible' colspan='4'>
Ownership requests for <i>" $subsrow['subject']
The accept Block
Accepting an ownership request involves three steps:
■ The user is sent an email to indicate she has been chosen as the new subjectowner
■ The subjects table is updated with the id of the new owner.
■ All entries in the mod_subown table for that particular subject are deleted.
This ensures any competing applications for ownership are removed
Add the following code:
Trang 22break;
case "accept":
$validid = set_validid();
$sql = "SELECT mod_subowner.sub_id, subjects.subject,
users.id AS userid, users.username, users.email FROM
mod_subowner INNER JOIN subjects ON
mod_subowner.sub_id = subjects.id LEFT JOIN users ON
mod_subowner.user_id = users.id WHERE mod_subowner.id = "
$validid ";";
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
$numrows = mysql_num_rows($result);
This query selects the subject id, subject name, user id, username, and email
address that correlate to the subject id and owner id in the mod_subown table This query involves two joins The first join connects the mod_subowner and subjects tables, and the second join connects the mod_subowner and users tables.
To send the email, the same technique from the Auctions project covered inChapter 7 is used First, copy the array variables into some normal variables to addthe information to the body of the email:
I am pleased to inform you that you have been accepted as the new
owner of the '$mail_subject' subject.
When you next log into '$config_sitename' you will see the subject
in your Control Panel.
Kind regards,
$config_sitename Administrator
_MESSAGE_;
Trang 23Use the mail()command to send the email message:
Update the subjects table to change theowner_idfield to the id of the new owner:mail($mail_email, "Ownership request for " $mail_subject "
accepted!", $mail_body);
$addsql = "UPDATE subjects SET owner_id = " $row['userid']
" WHERE id = " $row['sub_id'] ";";
mysql_query($addsql);
Finally, delete all entries in the mod_subowner table with the same subject as
the winning request:
The deny Block
Thedenyblock is identical to the denyblock in the question moderation script:
Trang 24echo "<p>[<a href='adminmodsubown.php?func=denyconf&id="
The denyconf Block
To deny the ownership request, the code follows two steps:
1. Send an email to the user to let him know that his request was denied
2. Delete the request from the mod_subowner table.
This section borrows heavily from the allowsection The code simply changesthe text of the email body that is sent and the content to be deleted:
echo "<p>[<a href='adminmodsubown.php?func=denyconf&id="
$sql = "SELECT mod_subowner.sub_id, subjects.subject, users.id
AS userid, users.username, users.email FROM mod_subowner
INNER JOIN subjects ON mod_subowner.sub_id = subjects.id
LEFT JOIN users ON mod_subowner.user_id = users.id
WHERE mod_subowner.id = " $validid ";";
I am writing to inform you that your request for ownership of
the '$mail_subject' subject has been declined.
Better luck next time!
Trang 25To make this as simple as possible, in the control panel you add an option toremove ownership, as seen in Figure 9-17.
To orphan the subject, the subject id passed to the page is used to run aquery to change the owner_id field in the subjects table to 0 Before this queryhappens, however, another confirmation question is displayed to prevent anyaccidents
FIGURE 9-17
The remove ownership link
is passed the subject id.
Trang 26The code used in this script is virtually the same as in deletesubject.php Create
a new file called removesubown.php and add the code shown in Example 9-10.
EXAMPLE 9-10 To orphan the subject, set the owner_id field to 0.