FahmidasClassroom

Learn by easy steps

The way to manage the website that was implemented in the previous tutorials has shown in this tutorial. Follow the steps to complete task of this tutorial.

Step-1:

Change the user type to admin from the users table of the database.

Step-2:

Create add_page.php file under html folder with the following.


<?php

require('./includes/config.php');
// If the user isn't logged in as an administrator, redirect them:
redirect_invalid_user('user_admin');
// Require the database connection:
require(MYSQL);
// Include the header file:
$page_title = 'Add a Site Content Page';
include('./includes/header.php');
// For storing errors:
$add_page_errors = array();
// Check for a form submission:
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Check for a title:
if (!empty($_POST['title'])) {
$t = escape_data(strip_tags($_POST['title']), $dbc);
} else {
$add_page_errors['title'] = 'Please enter the title!';
}

// Check for a category:
$category = $_POST['category'];
if (is_array($category))
{
for ($i=0;$i<sizeof($category);$i++)
{
$cat = $category[$i];
}
}

else { // No category selected.
$add_page_errors['category'] = 'Please select a category!';
}

// Check for a description:
if (!empty($_POST['description'])) {
$d = escape_data(strip_tags($_POST['description']), $dbc);
} else {
$add_page_errors['description'] = 'Please enter the description!';
}

// Check for the content:
if (!empty($_POST['content'])) {
$allowed = '<div><p><span><br><a><img><h1><h2><h3><h4><ul><ol><li><blockquote>';
$c = escape_data(strip_tags($_POST['content'], $allowed), $dbc);
} else {
$add_page_errors['content'] = 'Please enter the content!';
}

if (empty($add_page_errors)) { // If everything's OK.
// Add the page to the database:
$q = "INSERT INTO pages (categories_id, title, description, content) VALUES ($cat, '$t', '$d', '$c')";
$r = mysqli_query($dbc, $q);
if (mysqli_affected_rows($dbc) === 1) { // If it ran OK.
// Print a message:
echo '<div class="alert alert-success"><h3>The page has been added!</h3></div>';
// Clear $_POST:
$_POST = array();
// Send an email to the administrator to let them know new content was added?
} else { // If it did not run OK.
trigger_error('The page could not be added due to a system error. We apologize for any inconvenience.');
}
} // End of $add_page_errors IF.
} // End of the main form submission conditional.
// Need the form functions script, which defines create_form_input():
require('./includes/form_functions.php');

?>

<h1>Add a Site Content Page</h1>
<form action="add_page.php" method="post" accept-charset="utf-8">
<fieldset><legend>Fill out the form to add a page of content:</legend>
<div class="form-group">
<label for="status" class="control-label">Status</label>
<select name="status" class="form-control"><option value="draft">Draft</option>
<option value="live">Live</option>
</select></div>

<?php

create_form_input('title', 'text', 'Title', $add_page_errors);
// Add the category drop down menu:
echo '<div class="form-group';
if (array_key_exists('category', $add_page_errors)) echo ' has-error';

/*

echo '"><label for="category" class="control-label">Category</label>
<select name="category" class="form-control">
<option>Select One</option>';

*/



// Allow for multiple categories:
echo '"><label for="category" class="control-label">Category</label>
<select name="category[]" class="form-control" multiple size="5">';
// Retrieve all the categories and add to the pull-down menu:
$q = "SELECT id, category FROM categories ORDER BY category ASC";
$r = mysqli_query($dbc, $q);
while ($row = mysqli_fetch_array($r, MYSQLI_NUM)) {
echo "<option value=\"$row[0]\"";
// Check for stickyness:
if (isset($_POST['category']) && ($_POST['category'] == $row[0]) ) echo ' selected="selected"';
echo ">$row[1]</option>\n";
}

echo '</select>';
if (array_key_exists('category', $add_page_errors)) echo '<span class="help-block">' . $add_page_errors['category'] . '</span>';
echo '</div>';
create_form_input('description', 'textarea', 'Description', $add_page_errors);
create_form_input('content', 'textarea', 'Content', $add_page_errors);
?>
<input type="submit" name="submit_button" value="Add This Page" id="submit_button" class="btn btn-primary" />
</fieldset>
</form>
<script type="text/javascript" src="https://cdn.tiny.cloud/1/no-api-key/tinymce/5/tinymce.min.js"></script>
<script type="text/javascript">
tinyMCE.init({

// General options
selector : "#content",
width : 800,
height : 400,
browser_spellcheck : true,
plugins: "paste,searchreplace,fullscreen,hr,link,anchor,image,charmap,media,autoresize,autosave,contextmenu,wordcount",
toolbar1: "cut,copy,paste,|,undo,redo,removeformat,|hr,|,link,unlink,anchor,image,|,charmap,media,|,search,replace,|,fullscreen",
toolbar2: "bold,italic,underline,strikethrough,|,alignleft,aligncenter,alignright,alignjustify,|,formatselect,|,bullist,numlist,|,outdent,indent,blockquote,",

// Example content CSS (should be your site CSS)
content_css : "/test3/html/css/bootstrap.min.css",
});

</script>
<!-- /TinyMCE -->
<?php /* PAGE CONTENT ENDS HERE! */

// Include the footer file to complete the template:
include('./includes/footer.html');
?>

Step-3:

Add some recods in category table. Create category.php file under html folder and add the following content.


<?php

require('./includes/config.php');
// The config file also starts the session.
// Require the database connection:
require(MYSQL);
// Validate the category ID:
if (filter_var($_GET['id'], FILTER_VALIDATE_INT, array('min_range' => 1))) {
$cat_id = $_GET['id'];
// Get the category title:
$q = 'SELECT category FROM categories WHERE id=' . $cat_id;
$r = mysqli_query($dbc, $q);
if (mysqli_num_rows($r) !== 1) { // Problem!
$page_title = 'Error!';
include('./includes/header.php');
echo '<div class="alert alert-danger">This page has been accessed in error.</div>';
include('./includes/footer.html');
exit();
}

// Fetch the category title and use it as the page title:
list($page_title) = mysqli_fetch_array($r, MYSQLI_NUM);
include('./includes/header.php');
echo '<h1>' . htmlspecialchars($page_title) . '</h1>';
// Get the pages associated with this category:
$q = 'SELECT id, title, description FROM pages WHERE categories_id=' . $cat_id . ' ORDER BY date_created DESC';
$r = mysqli_query($dbc, $q);
if (mysqli_num_rows($r) > 0) { // Pages available!
// Fetch each record:

while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) {
// Display each record:
echo '<div><h4><a href="page.php?id=' . $row['id'] . '">' . htmlspecialchars($row['title']) . '</a></h4><p>' . htmlspecialchars($row['description']) . '</p></div>';
} // End of WHILE loop.
} else { // No pages available.
echo '<p>There are currently no pages of content associated with this category. Please check back again!</p>';
}
} else { // No valid ID.
$page_title = 'Error!';
include('./includes/header.php');
echo '<div class="alert alert-danger">This page has been accessed in error.</div>';
} // End of primary IF.
// Include the HTML footer:
include('./includes/footer.html');
?>

Step-4:

Create page.php file under html folder and add the following content.


<?php

require('./includes/config.php');
// The config file also starts the session.
// Require the database connection:
require(MYSQL);
$_SESSION['user_id'] =12;
$_SESSION['user_not_expired'] = true;
// Validate the category ID:
if (isset($_GET['id']) && filter_var($_GET['id'], FILTER_VALIDATE_INT, array('min_range' => 1))) {
$page_id = $_GET['id'];
// Get the page info:
$q = 'SELECT title, description, content FROM pages WHERE id=' . $page_id;
$r = mysqli_query($dbc, $q);
if (mysqli_num_rows($r) !== 1) { // Problem!
$page_title = 'Error!';
include('./includes/header.php');
echo '<div class="alert alert-danger">This page has been accessed in error.</div>';
include('./includes/footer.html');
exit();
}

// Fetch the page info:
$row = mysqli_fetch_array($r, MYSQLI_ASSOC);
$page_title = $row['title'];
include('includes/header.php');
echo '<h1>' . htmlspecialchars($page_title) . '</h1>';
// Display the content if the user's account is current:
if (isset($_SESSION['user_not_expired'])) {
$user_id = $_SESSION['user_id'];

// Show the page content:
echo "<div>{$row['content']}</div>";
// Check for a form submission:
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST['notes']) && !empty($_POST['notes'])) {
$notes = $_POST['notes'];
$q = "REPLACE INTO notes (user_id, page_id, note) VALUES ($user_id, $page_id, '" . escape_data($notes, $dbc) . "')";
$r = mysqli_query($dbc, $q);
if (mysqli_affected_rows($dbc) > 0) {
echo '<div class="alert alert-success">Your notes have been saved.</div>';
}
}
}
// Get the existing notes, if any:
echo '<form id="notes_form" action="page.php?id=' . $page_id . '" method="post" accept-charset="utf-8">
<fieldset><legend>Your Notes</legend>
<textarea name="notes" id="notes" class="form-control">';
if (isset($notes) && !empty($notes)) echo htmlspecialchars($notes);
echo '</textarea><br>
<input type="submit" name="submit_button" value="Save" id="submit_button" class="btn btn-default" />
</fieldset>
</form>';
} elseif (isset($_SESSION['user_id'])) { // Logged in but not current.

echo '<div class="alert"><h4>Expired Account</h4>Thank you for your interest in this content, but your account is no longer current. Please <a href="renew.php">renew your account</a> in order to view this page in its entirety.</div>';
echo '<div>' . htmlspecialchars($row['description']) . '</div>';
} else { // Not logged in.
echo '<div class="alert">Thank you for your interest in this content. You must be logged in as a registered user to view this page in its entirety.</div>';
echo '<div>' . htmlspecialchars($row['description']) . '</div>';
}
} else { // No valid ID.
$page_title = 'Error!';
include('includes/header.php');
echo '<div class="alert alert-danger">This page has been accessed in error.</div>';
} // End of primary IF.

echo '<script type="text/javascript">
var page_id = ' . $page_id . ';
</script>
<script src="js/favorite.js"></script>
<script src="js/notes.js"></script>';
// Include the HTML footer:
include('./includes/footer.html');
?>

Step-5:

Create add_pdf.php file under html folder and add the following content.


<?php


require('./includes/config.php');
// If the user isn't logged in as an administrator, redirect them:
redirect_invalid_user('user_admin');
// Require the database connection:
require(MYSQL);
// Include the header file:
$page_title = 'Add a PDF';
include('./includes/header.php');
// For storing errors:
$add_pdf_errors = array();
// Check for a form submission:
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Check for a title:
if (!empty($_POST['title'])) {
$t = escape_data(strip_tags($_POST['title']), $dbc);
} else {
$add_pdf_errors['title'] = 'Please enter the title!';
}

// Check for a description:
if (!empty($_POST['description'])) {
$d = escape_data(strip_tags($_POST['description']), $dbc);
} else {
$add_pdf_errors['description'] = 'Please enter the description!';
}

// Check for a PDF:
if (is_uploaded_file($_FILES['pdf']['tmp_name']) && ($_FILES['pdf']['error'] === UPLOAD_ERR_OK)) {
// Get a reference:
$file = $_FILES['pdf'];
// Find the size:
$size = ROUND($file['size']/1024);
// Validate the file size (5MB max):
if ($size > 5120) {
$add_pdf_errors['pdf'] = 'The uploaded file was too large.';
}

// Create the resource:
$fileinfo = finfo_open(FILEINFO_MIME_TYPE);
// Check the file:
if (finfo_file($fileinfo, $file['tmp_name']) !== 'application/pdf') {
$add_pdf_errors['pdf'] = 'The uploaded file was not a PDF.';
}

// Close the resource:
finfo_close($fileinfo);
// Move the file over, if no problems:
if (!array_key_exists('pdf', $add_pdf_errors)) {
// Create a tmp_name for the file:
$tmp_name = sha1($file['name']) . uniqid('',true);
// Move the file to its proper folder but add _tmp, just in case:
$dest = PDFS_DIR . $tmp_name . '_tmp';
if (move_uploaded_file($file['tmp_name'], $dest)) {
// Store the data in the session for later use:
$_SESSION['pdf']['tmp_name'] = $tmp_name;
$_SESSION['pdf']['size'] = $size;
$_SESSION['pdf']['file_name'] = $file['name'];

// Print a message:
echo '<div class="alert alert-success"><h3>The file has been uploaded!</h3></div>';
} else {
trigger_error('The file could not be moved.');
unlink ($file['tmp_name']);
}

} // End of array_key_exists() IF.
} elseif (!isset($_SESSION['pdf'])) { // No current or previous uploaded file.
switch ($_FILES['pdf']['error']) {
case 1:
case 2:
$add_pdf_errors['pdf'] = 'The uploaded file was too large.';
break;
case 3:
$add_pdf_errors['pdf'] = 'The file was only partially uploaded.';
break;
case 6:
case 7:
case 8:
$add_pdf_errors['pdf'] = 'The file could not be uploaded due to a system error.';
break;
case 4:
default:
$add_pdf_errors['pdf'] = 'No file was uploaded.';
break;
} // End of SWITCH.
} // End of $_FILES IF-ELSEIF-ELSE.
if (empty($add_pdf_errors)) { // If everything's OK.
// Add the PDF to the database:
$fn = escape_data($_SESSION['pdf']['file_name'], $dbc);
$tmp_name = escape_data($_SESSION['pdf']['tmp_name'], $dbc);
$size = (int) $_SESSION['pdf']['size'];
$q = "INSERT INTO pdfs (title, description, tmp_name, file_name, size) VALUES ('$t', '$d', '$tmp_name', '$fn', $size)";
$r = mysqli_query($dbc, $q);
if (mysqli_affected_rows($dbc) === 1) { // If it ran OK.
// Rename the temporary file:
$original = PDFS_DIR . $tmp_name . '_tmp';
$dest = PDFS_DIR . $tmp_name;
rename($original, $dest);
// Print a message:
echo '<div class="alert alert-success"><h3>The PDF has been added!</h3></div>';
// Clear $_POST:
$_POST = array();
// Clear $_FILES:
$_FILES = array();
// Clear $file and $_SESSION['pdf']:
unset($file, $_SESSION['pdf']);
} else { // If it did not run OK.
trigger_error('The PDF could not be added due to a system error. We apologize for any inconvenience.');
unlink ($dest);
}

} // End of $errors IF.
} else { // Clear out the session on a GET request:
unset($_SESSION['pdf']);
} // End of the submission IF.
// Need the form functions script, which defines create_form_input():
require('includes/form_functions.php');
?><h1>Add a PDF</h1>
<form enctype="multipart/form-data" action="add_pdf.php" method="post" accept-charset="utf-8">
<input type="hidden" name="MAX_FILE_SIZE" value="5242880">
<fieldset><legend>Fill out the form to add a PDF to the site:</legend>
<?php

create_form_input('title', 'text', 'Title', $add_pdf_errors);
create_form_input('description', 'textarea', 'Description', $add_pdf_errors);
// Add the file input:
echo '<div class="form-group';
// Add classes, if applicable:
if (array_key_exists('pdf', $add_pdf_errors)) {
echo ' has-error';
} else if (isset($_SESSION['pdf'])) {
echo ' has-success';
}

echo '"><br/><label for="pdf" class="control-label">PDF&nbsp;&nbsp;&nbsp;</label><input type="file" name="pdf" id="pdf">';
// Check for an error:
if (array_key_exists('pdf', $add_pdf_errors)) {
echo '<span class="help-block">' . $add_pdf_errors['pdf'] . '</span>';
} else { // No error.
// If the file exists (from a previous form submission but there were other errors),
// store the file info in a session and note its existence:
if (isset($_SESSION['pdf'])) {
echo '<p class="lead">Currently: "' . $_SESSION['pdf']['file_name'] . '"</p>';
}
 } // end of errors IF-ELSE.
echo '<span class="help-block">PDF only, 5MB Limit</span>
</div>';
?>
<input type="submit" name="submit_button" value="Add This PDF" id="submit_button" class="btn btn-primary" />
</fieldset>
</form>
<?php // Include the HTML footer:
include('./includes/footer.html');
?>

Step-6:

Create pdf.php file under html folder and add the following content.


<?php

require('./includes/config.php');
// The config file also starts the session.
// Require the database connection:
require(MYSQL);
// Include the header file:
$page_title = 'PDFs';
include('./includes/header.php');
// Print a page header:
echo '<h1>PDF Guides</h1>';


// Get the PDFs:
$q = 'SELECT tmp_name, title, description, size FROM pdfs ORDER BY date_created DESC';
$r = mysqli_query($dbc, $q);
if (mysqli_num_rows($r) > 0) { // If there are some...
// Fetch every one:
while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) {
// Display each record:
echo '<div><h4><a href="view_pdf.php?id=' . htmlspecialchars($row['tmp_name']) . '">' . htmlspecialchars($row['title']) . ' </a> (' . $row['size'] . 'kb)</h4><p>' . htmlspecialchars($row['description']) . '</p></div>';
} // End of WHILE loop.
} else { // No PDFs!
echo '<div class="alert alert-danger">There are currently no PDFs available to view. Please check back again!</div>';
}
// Include the HTML footer:
include('./includes/footer.html');

?>

Step-7:

Create view_pdf.php file under html folder and add the following content.


<?php

require('./includes/config.php');
// Require the database connection:
require(MYSQL);
// Assume invalid info:
$valid = false;
// Validate the PDF ID:
if (isset($_GET['id']) && (strlen($_GET['id']) === 63) && (substr($_GET['id'], 0, 1) !== '.') ) {
// Identify the file:
$file = PDFS_DIR . $_GET['id'];
// Check that the PDF exists and is a file:
if (file_exists ($file) && (is_file($file)) ) {
// Get the info:
$q = 'SELECT id, title, description, file_name FROM pdfs WHERE tmp_name="' . escape_data($_GET['id'], $dbc) . '"';
$r = mysqli_query($dbc, $q);
if (mysqli_num_rows($r) === 1) { // OK!
// Fetch the info:
$row = mysqli_fetch_array($r, MYSQLI_ASSOC);
// Indicate that the file reference is fine:
$valid = true;
// Only display the PDF to a user whose account is active:
if (isset($_SESSION['user_not_expired'])) {

// Send the content information:
header('Content-type:application/pdf');
header('Content-Disposition:inline;filename="' . $row['file_name'] . '"');
$fs = filesize($file);
header("Content-Length:$fs\n");
// Send the file:
readfile ($file);
exit();

} else { // Inactive account!

// Display an HTML page instead:
$page_title = $row['title'];
include('./includes/header.php');
echo "<h1>$page_title</h1>";

// Complete the page:
echo '<div>' . htmlspecialchars($row['description']) . '</div>';
include('./includes/footer.html');
} // End of user IF-ELSE.
} // End of mysqli_num_rows() IF.
} // End of file_exists() IF.
} // End of $_GET['id'] IF.

// If something didn't work...
if (!$valid) {
$page_title = 'Error!';
include('./includes/header.php');
echo '<div class="alert alert-danger">This page has been accessed in error.</div>';
include('./includes/footer.html');
}
?>

***Reference: Main code has taken from effortless e-commerce with PHP and MySQL book.