Skip to page content or Skip to Accesskey List.

Work

Main Page Content

The Abcs Of Cms Part Ii

Rated 3.8 (Ratings: 8)

Want more?

 
Picture of Jay Blanchard

Jay Blanchard

Member info

User since: 21 Mar 2001

Articles written: 6

In this installment we will cover logging in a user, presenting them with appropriate navigation according to their user level, and setting up an article table.

User Registration

In the previous article, The ABCs of CMS, we succeeded in creating a users table (tblUser) that will hold the identification and login information. You should have set up a PHP form page to accept the information, insert the information into the database table, and notify an administrator that someone has registered. (Make sure that you have at least one administrator level person entered into tblUser.) If not here is a sample page that will do just that;

<html>

<head>

<title>CMS User Registration</title>

</head>

<body>

<h1>CMS User Registration</h1>

<form action="cmsregistration.php" method="POST">

<table cellpadding="3" cellspacing="0" border="1">

<tr>

<td>User Name</td>

<td><input type="text" name="username" size="64" maxlength="64"></td>

</tr>

<tr>

<td>E-Mail Address</td>

<td><input type="text" name="email" size="64" maxlength="128"></td>

</tr>

<tr>

<td>Password</td>

<td><input type="password" name="password" size="32" maxlength="64"></td>

</tr>

<tr>

<td></td>

<td><INPUT type="submit" value="Send"> <INPUT type="reset"></td>

</tr>

</table>

</form>

</body>

</html>

And here is the PHP (cmsregistration.php) script to process the registration. Make sure that the cms_user has INSERT privileges;

<?

//connect to and select database

if(!($dbconnect = mysql_pconnect("127.0.0.1", "cms_user", "cms_password"))){

print("Failed to connect to database!

");

exit();

}

if(!mysql_select_db("cms", $dbconnect)){

print("Failed to select database!

");

exit();

}

//insert user information into table

$query = "INSERT INTO tblUser (name, email, password) ";

$query .= "VALUES ('$username', '$email', '$password') ";

if(!($dbresult = mysql_query($query, $dbconnect))){

print("MySQL reports: " . mysql_error() . "

");

exit();

}

//query user table for admin email address

$qadmin = "SELECT email ";

$qadmin .= "FROM tblUser ";

$qadmin .= "WHERE accesslevel = 'admin' ";

if(!($dbresult = mysql_query($qadmin, $dbconnect))){

print("MySQL reports: " . mysql_error() . "

");

exit();

}

//email message to admin

$dbadmin = mysql_fetch_object($dbresult);

$messadm = "$username has registered as an Author in the

";

$messadm .= "Content Management System.

";

mail("$dbadmin->email", "CMS Author Registration", $messadm, "From: CMS System");

//send them to the login page

header("Location: login.php"); exit;

?>

This script could also be modified to send a mail to the user who registered, complete with a copy of their password for their records. Other interfaces you could create for user management would include a form where a user could update their information and a form for administrators that would allow then to perform modification or deletion of user files.

User Login

Next is creating a login page for the CMS. For simplicity we will use the email address as the login name, due to the fact that email addresses are unique and easy for users to remember, and combine that with their password. Once a user is logged in we will check their user level and send them to the appropriate page.

<html>

<head>

<title>CMS User Login</title>

</head>

<body>

<h1>CMS User Login</h1>

<form action="cmslogin.php" method="POST">

<table cellpadding="3" cellspacing="0" border="1">

<tr>

<td>E-Mail Address</td>

<td><input type="text" name="email" size="64" maxlength="128"></td>

</tr>

<tr>

<td>Password</td>

<td><input type="password" name="password" size="32" maxlength="64"></td>

</tr>

<tr>

<td></td>

<td><INPUT type="submit" value="Send"> <INPUT type="reset"></td>

</tr>

</table>

</form>

</body>

</html>

Which will use the following (cmslogin.php) script to process the login;

<?

//connect to and select database

if(!($dbconnect = mysql_pconnect("127.0.0.1", "cms_user", "cms_password"))){

print("Failed to connect to database!

");

exit();

}

if(!mysql_select_db("cms", $dbconnect)){

print("Failed to select database!

");

exit();

}

//query to compare user to database

$quser = "SELECT email, password, accesslevel ";

$quser .= "FROM tblUser ";

$quser .= "WHERE email = '$email' ";

$quser .= "AND password = '$password' ";

if(!($dbresult = mysql_query($quser, $dbconnect))){

print("MySQL reports: " . mysql_error() . "

");

exit();

}

//start session

session_start();

session_register("emailid");

session_register("level");

//set session variables for identification

$dbuser = mysql_fetch_object($dbresult);

$emailid = $dbuser->email;

$level = $dbuser->accesslevel;

//send the user to a page based on their user level

switch($level)

{

case "author":

header("Location: myart.php"); exit;

break;

case "editor":

header("Location: editor.php"); exit;

break;

case "approve":

header("Location: approve.php"); exit;

break;

case "schedule":

header("Location: sched.php"); exit;

break;

case "admin":

header("Location: admin.php"); exit;

break;

default:

header("Location: loginfail.php"); exit;

}

?>

Navigation Within The CMS

Once a user arrives at the appropriate page they will need access to various functions within the CMS based on their user level. One of the cleanest ways to do this is to set up a table in the CMS for navigation items and assign those items user levels as well. This also makes it easy to edit navigation items later as they are located in a single place. Some developers will want to use include files for these navigation items, there is nothing wrong with that.

The database approach gives you the opportunity to easily construct an interface (you can do that as an extracurricular activity, it will not be covered here) with which to manage navigation items, part of the beauty of a CMS. If a certain navigation item needs to change access levels, or if new navigation needs to be added for a particular level it is easy to accomplish.

CREATE TABLE `tblNavigation` (

`ID` int(11) NOT NULL auto_increment,

`URL` varchar(128) default NULL,

`accesslevel` varchar(64) default NULL,

PRIMARY KEY (`ID`)

)

Where do we keep the user level information during the user's session? It's a matter of preference as some developers will want to use cookies, others will pass hidden form fields, and still others will use session variables. The preference for this project will be session variables and we set the user and user level during login.

session_register("emailid");

session_register("level");

.

Make sure to put <? session_start(); ?> as the very first line of each page in the CMS. If you fail to do this your session variables will not get passed properly. If you place the code after a print statement it will throw header errors.

Th only activities that will be provided for an Author at this point are;

  • Submit An Article
  • Edit User Information (only e-mail and password information)
  • My Articles (a list of all of the articles for this author, perhaps with publishing dates)

The URLs for those items will have to be placed in the navigation table, along with their access level information.

INSERT INTO tblNavigation (URL, accesslevel) VALUES ('<a href="subart.php" title="Submit An Article">Submit An Article</a>', 'author');

INSERT INTO tblNavigation (URL, accesslevel) VALUES ('<a href="eduser.php" title="Edit User Information">Edit User Information</a>', 'author');

INSERT INTO tblNavigation (URL, accesslevel) VALUES ('<a href="myart.php" title="My Articles">My Articles</a>', 'author');

The Author's Experience

Once an author has logged in to the system they are sent to the myart.php ("My Articles") page where they are presented with a list of navigation items based on their user level and a list of the articles that they have placed in the CMS. This gives them the opportunity to review material that has been published, and we will later give them the opportunity to be able to edit their own article before sending it through the work flow.

Since myart.php relies on a number of tables (tblUser, tblNavigation, and tblArticle) let's create our article table.

CREATE TABLE `tblArticle` (

`ID` int(4) NOT NULL auto_increment,

`title` varchar(64) default NULL,

`teaser` tinytext,

`body` longtext,

`submitted` datetime default NULL,

'edited' date default NULL,

'approved' date default NULL,

`publish` date default NULL,

`expire` date default NULL,

`author` varchar(128) default NULL,

`editor` varchar(128) default NULL,

`type` varchar(32) default NULL,

PRIMARY KEY (`ID`)

);

This article table will allow control of many factors concerning each article, such as when it gets published, or if it should expire on a certain date. If you need to create an archive of articles that have been published but have now expired you can query for articles whose expiration dates have passed. Aside from dates, the article table also will contain a plethora of information that can be used in multiple ways.

Create myart.php, which will show an author their list of articles and allow them to navigate through the CMS.

<?

session_start();

//connect to and select database

if(!($dbconnect = mysql_pconnect("127.0.0.1", "cms_user", "cms_password"))){

print("Failed to connect to database!

");

exit();

}

if(!mysql_select_db("cms", $dbconnect)){

print("Failed to select database!

");

exit();

}

//query to get navigation from database

$qnav = "SELECT URL ";

$qnav .= "FROM tblNavigation ";

$qnav .= "WHERE accesslevel = '$level' ";

if(!($dbnav = mysql_query($qnav, $dbconnect))){

print("MySQL reports: " . mysql_error() . "

");

exit();

}

//query to get article information

$qart = "SELECT a.ID, a.title, a.publish, u.name ";

$qart .= "FROM tblArticle a, tblUser u ";

$qart .= "WHERE u.email = '$emailid' ";

$qart .= "AND a.author = u.email ";

if(!($dbart = mysql_query($qart, $dbconnect))){

print("MySQL reports: " . mysql_error() . "

");

exit();

}

?>

<html>

<head>

<title>CMS</title>

<LINK REL="StyleSheet" HREF="cms.css" type="text/css">

</head>

<body>

<div class="left">

<?

while($dbrow = mysql_fetch_object($dbnav)){

print($dbrow->URL . "<br>

");

}

?>

<div class="right">

<?

$dbartrow = mysql_fetch_object($dbart);

if($dbartrow->ID == ""){

//if there are no articles for this author

print("You have not placed any articles in the Content Management System");

}

else

{

//print article links for this author

mysql_data_seek($dbart, 0);

print("<h3>Welcome " . $dbartrow->name . "</h3>

");

while($dbartrow = mysql_fetch_object($dbart)){

print("<a href=\"artprvw.php?aid=" . $dbartrow->ID . "\">" . $dbartrow->title . "</a><br>

");

}

}

?>

</div>

</body>

</html>

And here is cms.css, the basic style sheet that can be modified for use with the CMS;

/*general tags*/

body {

margin: 0px 0px 0px 0px;

background-color: #FFFFFF;

font-family: Arial, Helvetica, sans-serif;

}

/*div tags*/

div.left {

position: absolute;

left: 0px;

top:10px;

width:185px;

padding-left: 10px;

}

div.right {

top: 10px;

margin-top: 10px;

margin-left: 201px;

margin-right: 30px;

}

On The Horizon

Play around with the system that has been created, add nav items, or perhaps create the pages for other access levels. Your exploration will prepare you for things that are to come.

Meanwhile we have chewed on quite a bit of information, but there is still plenty to consider and do. In the next article we will cover article submission, allowing an author to preview and edit his or her own articles, and more workflow theory.

A long time code-jockey Jay enjoys music (especially horn bands like Tower of Power, Chicago and Here Come The Mummies), furniture building, physics, motorcycle riding and philosophy. His latest projects include several business-specific web-based tools and widgets.

Jay lives in Central Texas, but has never forgotten his South Louisiana heritage. His daughters, Kaitlyn and Brittany, are his inspiration!

The access keys for this page are: ALT (Control on a Mac) plus:

evolt.org Evolt.org is an all-volunteer resource for web developers made up of a discussion list, a browser archive, and member-submitted articles. This article is the property of its author, please do not redistribute or use elsewhere without checking with the author.