Clean PHP – Management in one piece

Here’s the entire code for the user management section of the admin. Mind you, there are NO security checks and there are no redundancy checks to check for existing users or emails. We don’t even validate on the client side, yet. This is to show the basics, of course.

admin/usermanagement.php

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
<?php
require_once($_SERVER['DOCUMENT_ROOT'].'/functions.php');
$link = connect();

if ( isset($_GET['action']) ) {
    switch ($_GET['action']) {
        case "view":
            viewAction();
            break;
        case "edit":
            editAction();
            break;
        case "update":
            updateAction();
            break;
        case "delete":
            deleteAction();
            break;
        case "add":
            addAction();
            break;
        default:
            listAction();
    }
} else {
    listAction();
}

close($link);

function listAction () {
    require_once($_SERVER['DOCUMENT_ROOT'].'/admin/header.php');
    ?>
        <p>Users</p>
        <table>
            <thead>
            <tr>
                <th>ID</th>
                <th>username</th>
                <th>First Name</th>
                <th>Last Name</th>
                <th>E-Mail Address</th>
            </tr>
            </thead>
            <tbody>
            <?php
            $users = getProfiles();
            foreach ($users as $user) {
                ?>
                <tr>
                    <td><?php echo $user['id']; ?></td>
                    <td><a href="?action=view&username=<?php echo $user['username']; ?>"><?php echo $user['username']; ?></a></td>
                    <td><?php echo $user['fname']; ?></td>
                    <td><?php echo $user['lname']; ?></td>
                    <td><?php echo $user['email']; ?></td>
                    <td><a href="javascript:if (confirm('Are you sure you want to remove this user?')) {window.location='?action=delete&username=<?php echo $user['username']; ?>';} void(0);">[X] Delete</a></td>
                </tr>
                <?php
            }
            ?>
            </tbody>
        </table>

        <!-- The NEW user form -->
        <form action="?action=add" method="post">

            <label for="fname">First Name</label>
            <input type="text" name="fname" value="<?php if (isset($_POST['fname'])) { echo $_POST['fname']; } ?>">

            <label for="lname">Last Name</label>
            <input type="text" name="lname" value="<?php if (isset($_POST['lname'])) { echo $_POST['lname']; } ?>">

            <label for="email">Username</label>
            <input type="text" name="username" value="<?php if (isset($_POST['username'])) { echo $_POST['username']; } ?>">

            <label for="email">Password</label>
            <input type="password" name="password" value="">

            <label for="email">E-Mail Address</label>
            <input type="text" name="email" value="<?php if (isset($_POST['email'])) { echo $_POST['email']; } ?>">

            <input type="submit" value="Add">
        </form>
    <?php
    require_once($_SERVER['DOCUMENT_ROOT'].'/admin/footer.php');
}

function viewAction () {
    $user = getProfile($_GET['username']);

    require_once($_SERVER['DOCUMENT_ROOT'].'/admin/header.php');
    if ($user) {
        ?>
        <a href="usermanagement.php">« Back to users</a>
        <table>
            <tr>
                <td><?php echo $user['id']; ?></td>
                <td><?php echo $user['username']; ?></td>
                <td><?php echo $user['fname']; ?></td>
                <td><?php echo $user['lname']; ?></td>
                <td><?php echo $user['email']; ?></td>
            </tr>
        </table>
        <a href="?action=edit&username=<?php echo $user['username']; ?>">Edit User</a>
        <?php
    }
    require_once($_SERVER['DOCUMENT_ROOT'].'/admin/footer.php');
}

function editAction () {
    $user = getProfile($_GET['username']);

    require_once($_SERVER['DOCUMENT_ROOT'].'/admin/header.php');
    if ($user) {
        ?>
        <form action="?action=update&username=<?php echo $user['username']; ?>" method="post">

            <label for="fname">First Name</label>
            <input type="text" name="fname" value="<?php echo $user['fname']; ?>">

            <label for="lname">Last Name</label>
            <input type="text" name="lname" value="<?php echo $user['lname']; ?>">

            <label for="email">E-Mail Address</label>
            <input type="text" name="email" value="<?php echo $user['email']; ?>">

            <input type="submit" value="Update">
        </form>
        <a href="?action=view&username=<?php echo $user['username']; ?>">Cancel</a>
        <?php
    require_once($_SERVER['DOCUMENT_ROOT'].'/admin/footer.php');
    }
}

function addAction () {
    $username = $_POST['username'];
    $password = $_POST['password'];
    $email = $_POST['email'];
    $fname = $_POST['fname'];
    $lname = $_POST['lname'];

    $sql = "INSERT INTO profiles (
                `username`,`fname`,`lname`,`password`,`email`
            ) VALUES (
                '".$username."','".$fname."','".$lname."',MD5('".$password."'),'".$email."'
            )";

    mysql_query($sql);
    header('Location: usermanagement.php');
}

function updateAction () {
    $username = $_GET['username'];

    $sql = "UPDATE profiles SET
            `fname` = '".$_POST['fname']."',
            `lname` = '".$_POST['lname']."',
            `email` = '".$_POST['email']."'
            WHERE username = '".$username."'";
    mysql_query($sql);
    header('Location: usermanagement.php?action=view&username='.$username);
}

function deleteAction () {
    $username = $_GET['username'];

    $sql = "DELETE FROM profiles WHERE username = '".$username."'";
    header('Location: usermanagement.php');
    mysql_query($sql);
}
?>

Notice, at the very top, we get our functions. After that, we connect to the database, run through our controller router, and close the connection. The rest is just functions. There are functions that render, and functions that just perform actions in the database, after which, redirect to another rendered page.

The listAction, viewAction, editAction functions are render functions, which means that there is HTML code to be returned to the end user. The updateAction, deleteAction and addAction do not need any visual input to take place. They simply manipulate data in the back end. At the end of each of these non render functions, there is a header("Location:") call, to redirect the end user upon successful execution of the function.

This is it! That is all there is to it as far as basics are concerned. This is the most complex a page should be in any website. You can read and manipulate your data with any of these 6 functions. Adding security is an added feature that can be accomplished with other functions.

For example, to check and clean up email addresses, just write a emailCheck($email) function and place it in our usermanagement.php file to keep it all together. However, we might need this function later when we allow end users to change their own email addresses, so you could always place it in the functions.php file for better re-usability.

Let’s look at that next. A clean up of all of our code to help us with the user management process.