Planning and Creating the Administration Menu

Not only will you be able to view data within your system, but you'll also be able to add, modify, and delete contacts. A menu would be good idea—one that provides links to all your action scripts, and that adds some authentication to the mix so that only you can see the data. Now create all that in one script!

1. Open a new file in your text editor and start a PHP block. Then, start a session, or continue a session if it currently exists:

   <?
   session_start();
   

2. Start an if…else block that checks for the value of the $_POST[op] variable, which will be a hidden variable in the login form you'll soon create:

   if ($_POST[op] == "ds") {
   

3. If the value of $_POST[op] is ds, the user has completed the form. Start another if…else block that checks the validity of the username and password entered by the user:

   if (($_POST[username] != "admin") || ($_POST[password] != "abc123")) {
   
   

   Note

   You can use any username and password you want. This script is hard-coded to check that the username is admin and that the password is abc123.

4. If either the username or password is incorrect, create a variable called $msg to hold an error message:

   $msg = "<P><font color=\"#FF0000\"><strong>Bad Login -
    Try Again</strong></font></P>";
   

5. Create a variable called $show_form, and give it a value of yes. This value will be checked later in the script to determine what to display:

   $show_form = "yes";
   
   

6. Continue the if…else statement:

   } else {
   

7. If the user makes it this far, the username and password are correct. So, store a value of yes in the session variable called $_SESSION[valid]:

   $_SESSION[valid] = "yes";
   

8. Create a variable called $show_menu and give it a value of yes. This value will be checked later in the script to determine what to display:

   $show_menu = "yes";
   

9. Close the inner if…else block:

   }
   

10. Continue the outer if…else block:

    } else {
    

11. If the user is within this section of the outer if…else block, he has reached this script without going through the form. Check for the value of $_SESSION[valid], and determine what to show—menu or form:

    if ($_SESSION[valid] == "yes") {
         $show_menu = "yes";
    } else {
         $show_form = "yes";
    }
    

12. Close the outer if…else block:

    }
    

13. Create the form block, which will be shown if the user has not logged in or if the login is incorrect. Start by creating the variable and printing a header:

    $form_block = "<h1>Login</h1>
    

14. Start the form. In this case, the method is POST and the action is a variable called $_SERVER[PHP_SELF]:

    <form method=POST action=\"$_SERVER[PHP_SELF]\">
    
    
    

    Note

    $_SERVER[PHP_SELF] is a global variable whose value is equal to the name of the current script. By using $_SERVER[PHP_SELF] as a form action, you're essentially saying, "When the submit button is clicked, reload me!"

15. Print the value of $msg:

    $msg
    
    

    Note

    If the login is incorrect, $msg will contain a value, and that value will be printed in this space. If $msg was not created or a value was not given, nothing will be printed, so it doesn't hurt anything by being present all the time.

16. Create input fields for the username and password with text labels:

    <P><strong>username:</strong><br>
    <input type=\"text\" name=\"username\" size=15 maxlength=25></P>
    <P><strong>password:</strong><br>
    <input type=\"password\" name=\"password\" size=15 maxlength=25></P>
    

17. Add the hidden field for op:

    <input type=\"hidden\" name=\"op\" value=\"ds\">
    

18. Add the submit button, and close the form and string:

    <P><input type=\"submit\" name=\"submit\" value=\"login\"></P>
    </FORM>";
    

19. Create the menu block, which will be shown if a user has logged in and is valid. Start by creating the variable and printing a header:

    $menu_block = "<h1>My Contact Administration System</h1>
    
    

20. Add several menu items, and then close the string:

    <P><strong>Administration</strong>
    <ul>
    <li><a href=\"show_addcontact.php\">Add a Contact</a>
    <li><a href=\"pick_modcontact.php\">Modify a Contact</a>
    <li><a href=\"pick_delcontact.php\">Delete a Contact</a>
    </ul>
    <P><strong>View Records</strong>
    <ul>
    <li><a href=\"show_contactsbyname.php\">Show Contacts, Ordered by Name</a>
    </ul>";
    

21. Use an if…else block to perform a final check to see which should be displayed—$form_block or $menu_block. Whichever should be displayed should be the value of a new variable called $display_block:

    if ($show_form == "yes") {
         $display_block = $form_block;
    } else if ($show_menu == "yes") {
         $display_block = $menu_block;
    }
    

22. Close your PHP block and add HTML:

    ?>
    <HTML>
    <HEAD>
    <TITLE>My Contact Management System</TITLE>
    </HEAD>
    <BODY>
    

23. Display the results:

    <? echo "$display_block"; ?>
    

24. Add some more HTML to make a valid document:

    </BODY>
    </HTML>
    

25. Save the file with the name contact_menu.php, and place this file in the document root of your web server.

You just created a heck of a lot of code. It should look something like this:

<?
//start a session
session_start();

//check if user is coming from a form
if ($_POST[op] == "ds") {
     //check username and password
     if (($_POST[username] != "admin") || ($_POST[password] != "abc123")) {
          //handle bad login
          $msg = "<P><font color=\"#FF0000\"><strong>Bad Login -
          Try Again</strong></font></P>";
          $show_form = "yes";
     } else {

          //handle good login
          $_SESSION[valid] = "yes";
          $show_menu = "yes";

     }
} else {
     //determine what to show
     if ($valid == "yes") {
          $show_menu = "yes";
     } else {
          $show_form = "yes";

     }
}
//build form block
$form_block = "<h1>Login</h1>
<form method=POST  action=\"$_SERVER[PHP_SELF]\">
$msg
<P><strong>username:</strong><br>
<input type=\"text\" name=\"username\" size=15 maxlength=25></P>
<P><strong>password:</strong><br>
<input type=\"password\" name=\"password\" size=15 maxlength=25></P>
<input type=\"hidden\" name=\"op\" value=\"ds\">
<P><input type=\"submit\" name=\"submit\" value=\"login\"></P>
</FORM>";
//build menu block
$menu_block = "<h1>My Contact Administration System</h1>
<P><strong>Administration</strong>
<ul>
<li><a href=\"show_addcontact.php\">Add a Contact</a>
<li><a href=\"pick_modcontact.php\">Modify a Contact</a>
<li><a href=\"pick_delcontact.php\">Delete a Contact</a>
</ul>

<P><strong>View Records</strong>
<ul>
<li><a href=\"show_contactsbyname.php\">Show Contacts, Ordered by Name</a>
</ul>";

//assign the block to show to the $display_block variable
if ($show_form == "yes") {
     $display_block = $form_block;
} else if ($show_menu == "yes") {
     $display_block = $menu_block;
}
?>
<HTML>
<HEAD>
<TITLE>My Contact Management System</TITLE>
</HEAD>
<BODY>
<? echo "$display_block"; ?>
</BODY>
</HTML>

Logging in to the Administration Menu

Now try to log in to the administration menu, using the hard-coded username and password from the script.

1. Open your web browser and type http://127.0.0.1/contact_menu.php.

   You will see the login form with text fields for the username and password, as well as a submit button.

   

2. Type a bad username and/or a bad password in the appropriate fields, and then click on the login button.

   You will see the login form again, with a red error message displayed.

3. Type the correct username (admin) and the correct password (abc123), and then click on the login button.

   

You will see the Administrative Menu for your contact management system.

In the next section, you'll take a step back and create the my_contacts table so that you can perform all the tasks listed in this fancy administration menu!