Creating basic admin section (part 2 of building full php script)

In the first article, we created the entire install script while creating a database and writing the config and .htaccess files for the site. (Files will be written when install script is run.)

We now need to have a way to add posts, pages, and items to our database, as well as edit our site’s details and to add our homepage and paypal address information.

Before we get started, you will need to download the TinyMCE open source editor to make adding pages a snap without having to know a bit of html. The first file that we are going write is our index.php file. Go ahead and save the file to Script->admin->index.php.

<?php
session_start();
ob_start();
define( 'ADMIN_ACCESS', 1 );
$inscript = true;
include_once('../inc/config.php');
include_once('../inc/functions.php');
include_once('./admin-titles.php');
//login checker
include_once('./admin-login.php');
$sql = mysql_query("SELECT `reported` FROM `".$SQL_Ext."_media` WHERE `reported` = '1'");
$reported = @mysql_num_rows($sql);
$sql = mysql_query("SELECT `published` FROM `".$SQL_Ext."_media` WHERE `published` = '0'");
$pending = @mysql_num_rows($sql);
$idblah = $_GET['id'];
$pos = strpos($idblah, "UNION SELECT");
if ($pos === false) {}
else { echo 'error'; }
$idblah = $_GET['action'];
$pos = strpos($idblah, "UNION SELECT");
if ($pos === false) {}
else { echo 'error'; }
$action = makesafe($_GET['action']);
$id = intval($_GET['id']);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title><?php admin_title($action)?></title>
<? include('./images/style.css'); ?>
<script>
function selectText(){
document.sitemap.sitemap.focus();
document.sitemap.sitemap.select();
}
</script>
<script language="javascript" type="text/javascript" src="<?php echo $site_url; ?>/admin/tinymce/jscripts/tiny_mce/tiny_mce.js"></script>
<script language="javascript" type="text/javascript">
tinyMCE.init({
mode : "textareas",
theme : "advanced",
plugins : "table,save,autosave,autosave,cleanup,advhr,advimage,advlink,emotions,iespell,insertdatetime,preview,zoom,flash,searchreplace,print,contextmenu,directionality,inlinepopups,media,nonbreaking,visualchars,devkit,paste,noneditable,layer,halfpage,fullscreen,",
theme_advanced_buttons1_add_before : "save,separator,",
theme_advanced_buttons1_add : "fontselect,fontsizeselect",
theme_advanced_buttons2_add : "separator,insertdate,inserttime,preview,zoom,separator,forecolor,backcolor",
theme_advanced_buttons2_add_before: "cut,copy,paste,separator,search,replace,separator",
theme_advanced_buttons3_add_before : "tablecontrols,separator",
theme_advanced_buttons3_add : "emotions,iespell,flash,advhr,separator,print,ltr,rtl",
theme_advanced_buttons4_add_before : "visualchars,nonbreaking,devkit,separator,layer,fullpage,fullscreen",
table_styles : "Header 1=header1;Header 2=header2;Header 3=header3",
table_cell_styles : "Header 1=header1;Header 2=header2;Header 3=header3;Table Cell=tableCel1",
table_row_styles : "Header 1=header1;Header 2=header2;Header 3=header3;Table Row=tableRow1",
table_cell_limit : 100,
table_row_limit : 5,
table_col_limit : 5,
theme_advanced_toolbar_location : "top",
theme_advanced_toolbar_align : "left",
theme_advanced_path_location : "bottom",
plugin_insertdate_dateFormat : "%Y-%m-%d",
plugin_insertdate_timeFormat : "%H:%M:%S",
extended_valid_elements : "a[name|href|target|title|onclick],img[class|src|border=0|alt|title|hspace|vspace|width|height|align|onmouseover|onmouseout|name],hr[class|width|size|noshade],font[face|size|color|style],span[class|align|style]",
external_link_list_url : "example_data/example_link_list.js",
external_image_list_url : "example_data/example_image_list.js",
flash_external_list_url : "example_data/example_flash_list.js"
});
</script>
</head>
<body>
<br>
<center>
<table width="850" border="1" cellspacing="0" cellpadding="0" style="border-collapse: collapse">
<?php
if($_SESSION['adminloggedin'] == '1') {
?>
<tr>
<td bgcolor="#0033CC" class="tabletop2" align="center" height="75px">
<a class="adminlink" href="index.php">Home</a> <font color="#7f7f7f">·</font>
<a class="adminlink" href="?action=manage_media">Affiliate Pages</a> <font color="#7f7f7f">·</font>
<a class="adminlink" href="?action=manage_advertiser">CJ Advertisers</a> <font color="#7f7f7f">·</font>
<a class="adminlink" href="?action=manage_cats">Categories</a> <font color="#7f7f7f">·</font>
<a class="adminlink" href="?action=manage_pages">Pages</a> <font color="#7f7f7f">·</font>
<a class="adminlink" href="?action=manage_users">Users </a> <font color="#7f7f7f">·</font>
<a class="adminlink" href="?action=manage_links">Links</a> <font color="#7f7f7f">·</font>
<!--<a class="adminlink" href="?action=manage_advertisment"><s>Ads</s></a> <font color="#7f7f7f">·</font>-->
<a class="adminlink" href="?action=aff">Affiliate Info</a> <font color="#7f7f7f">·</font>
<a class="adminlink" href="?action=settings">Settings</a> <font color="#7f7f7f">·</font>
<a class="adminlink" href="?action=checkin">Submissions</a> (<?=$pending?>) <font color="#7f7f7f">·</font>
<a class="adminlink" href="?action=reported">Reported</a> (<?=$reported?>)
<hr width="80%">
<a class="adminlink" href="?action=add_media">Add Article</a> <font color="#7f7f7f">·</font>
<a class="adminlink" href="?action=add_advertiser">Add Advertiser</a> <font color="#7f7f7f">·</font>
<a class="adminlink" href="?action=add_cat">Add Category</a> <font color="#7f7f7f">·</font>
<a class="adminlink" href="?action=add_page">Add Page</a> <font color="#7f7f7f">·</font>
<a class="adminlink" href="?action=add_link">Add Link</a> <font color="#7f7f7f">·</font>
<a class="adminlink" href="index.php?action=logout">Log Out</a> <font color="#7f7f7f">·</font>
<a class="adminlink" href="<? echo $site_url; ?>/index.php" target="_blank">View Site</a>
</td>
</tr>
<?php
}
?>
<tr>
<td class="maintable" align="center">
<br>
<table width="90%" border="0" cellspacing="0" cellpadding="0" class="table">
<tr>
<td background="./images/menu2.png" bgcolor="#0066FF" class="tabletop">
<b>  <?php admin_title($action)?></b>
</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" align="center">
<div style="width:95%; text-align:left;">
<?php
if($_SESSION['adminloggedin'] == '1')
{
if ($action == 'add_media') { include('admin-add-media.php'); }
elseif ($action == 'add_link') { include('admin-add-link.php'); }
elseif ($action == 'add_cat') { include('admin-add-cat.php'); }
elseif ($action == 'add_page') { include('admin-add-page.php'); }
elseif ($action == 'add_advertisments') { include('admin-add-advertisment.php'); }
elseif ($action == 'aff') { include('admin-affiliate.php'); }
elseif ($action == 'add_advertiser') { include('admin-add-advertiser.php'); }
elseif ($action == 'edit_media') { include('admin-edit-media.php'); }
elseif ($action == 'edit_advertiser') { include('admin-edit-advertiser.php'); }
elseif ($action == 'edit_link') { include('admin-edit-link.php'); }
elseif ($action == 'edit_cat') { include('admin-edit-cat.php'); }
elseif ($action == 'edit_page') { include('admin-edit-page.php'); }
elseif ($action == 'edit_user') { include('admin-edit-user.php'); }
elseif ($action == 'edit_advertisment') { include('admin-edit-advertisment.php'); }
elseif ($action == 'manage_media') { include('admin-manage-media.php'); }
elseif ($action == 'manage_advertiser') { include('admin-manage-advertiser.php'); }
elseif ($action == 'manage_links') { include('admin-manage-links.php'); }
elseif ($action == 'manage_cats') { include('admin-manage-cats.php'); }
elseif ($action == 'manage_pages') { include('admin-manage-pages.php'); }
elseif ($action == 'manage_users') { include('admin-manage-users.php'); }
elseif ($action == 'manage_advertisment') { include('admin-manage-advertisment.php'); }
elseif ($action == 'reported') { include ('admin-reported.php'); }
elseif ($action == 'delete_done')
{
mysql_query("DELETE FROM `".$SQL_Ext."_media` WHERE `id` = '$id'");
if ($_GET['check'] == 1)
{ header("Location: index.php?action=checkin&message=Link%20Deleted"); exit; }
else
{ header("Location: index.php?action=manage_media&message=Article%20Deleted"); exit; }
}
elseif ($action == 'delete_user_done')
{
mysql_query("DELETE FROM ".$SQL_Ext."_users WHERE id='$id'");
header("Location: index.php?action=manage_users&message=User%20deleted");
exit;
}
elseif ($action == 'delete_cat_done')
{
mysql_query("DELETE FROM ".$SQL_Ext."_cats WHERE id='$id'");
header("Location: index.php?action=manage_cats&message=Category%20deleted");
exit;
}
elseif ($action == 'delete_comment')
{
mysql_query("DELETE FROM ".$SQL_Ext."_comments WHERE id='$id'");
header("Location: $site_url/index.php?task=view&id=".makesafe($_GET['link_id']));
exit;
}
elseif ($action == 'delete_page_done')
{
mysql_query("DELETE FROM ".$SQL_Ext."_pages WHERE id='$id'");
header("Location: index.php?action=manage_pages&message=Page%20deleted");
exit;
}
elseif ($action == 'link_delete_done')
{
mysql_query("DELETE FROM `".$SQL_Ext."_links` WHERE `id` = '$id'");
if ($_GET[check] == 1) { header("Location: index.php?action=checkin&message=Unpublished link%20deleted"); exit; }
else { header("Location: index.php?action=manage_links&message=Link%20deleted"); exit; }
}
elseif ($action == 'config_view')
{
include('config_view.php');
}
elseif ($action == 'new_pass')
{
include('admin-new-pass.php');
}
elseif ($action == 'settings')
{
include('settings.php');
}
elseif ($action == 'checkin')
{
include('admin-checkin.php');
}
elseif ($action == 'checkin_done')
{
include('admin-check.php');
}
elseif ($action == 'logout')
{
session_destroy();
header("Location: index.php");
exit;
}
else
{
include('./admin-main.php');
}
}
else
{
include_once('./admin-login-form.php');
}
?>
<br>
</div>
</td>
</tr>
</table>
<br>
<br>
</td>
</tr>
</table>
</center>
<br>
<br>
</body></html>
<?php
mysql_close();
?>

A brief glimpse of what we have done here: At the beginning, we start the session. If admin is not logged in during the session, the script will take you to a login page, otherwise, it will load the page requested based on the action. Starting on line 117 you will see the code that makes this happen.

Basically what we have done is created a universal page for our site now. All that we will need to do is create a page that writes the page titles and each page for the admin script.

At this point, we are going to write our titles page, which will consist of a function that tells the script how to write each page title. In a new php editor window, let’s create our admin-titles.php file. (Script->admin->admin-titles.php)

Here is the code that we will use for admin-titles.php:

<?php
function admin_title($action) {
if($action == 'add_advertiser') {
echo 'Add Advertiser';}
if($action == 'edit_advertiser') {
echo 'Edit Advertiser';}
if($action == 'manage_advertiser') {
echo 'Manage Advertiser';}
if($action == 'aff') {
echo 'Edit Affiliate Information';}
else if($action == 'edit_media') {
echo 'Edit Affiliate Page';}
else if($action == 'add_link') {
echo 'Add Link';}
else if($action == 'edit_link') {
echo 'Edit Link';}
else if($action == 'manage_links') {
echo 'Manage Links';}
else if($action == 'edit_cat') {
echo 'Edit Category';}
else if($action == 'edit_user') {
echo 'Edit User';}
else if($action == 'add_page') {
echo 'Add Page';}
else if($action == 'edit_page') {
echo 'Edit Page';}
else if($action == 'manage_pages') {
echo 'Manage Pages';}
else if($action == 'add_cat') {
echo 'Add Category';}
else if($action == 'new_pass') {
echo 'Set new password for user';}
else if($action == 'manage') {
echo 'Manage Affiliate pages';}
else if($action == 'manage_cats') {
echo 'Manage Catergories';}
else if($action == 'manage_users') {
echo 'Manage Users';}
else if($action == 'settings') {
echo 'Settings';}
else if(!isset($_GET['cat_id'])){
echo 'Admin Home';}}
?>

On line 2 we start the function by defining it. The rest of the page tells the function to look at the action. If action = this then we need to write this.

To finish this article up, we are going to write our admin-main.php file. The admin-main page will allow us to edit our homepage text and our paypal address.

In a new php editor, create a file named admin-main.php. (Script->admin->admin-main.php)

Here is the code that we will use for this page:
<? defined( 'ADMIN_ACCESS' ) or die( '' );
if ($_GET[done] == 1)
{
$homepage = makesafe($_POST['homepage']);
$paypal = makesafe($_POST['paypal']);
mysql_query("UPDATE ".$SQL_Ext."_sitespecs SET homepage='".$homepage."', paypal_id='".$paypal."'");
header("Location: index.php?&message=Settings%20Changed");
}
else
{
$sql = mysql_query("SELECT * FROM ".$SQL_Ext."_sitespecs");
$row = mysql_fetch_assoc($sql);
if ($_GET['message']) {
echo '<div align="center" class="style2"><br>'.makesafe($_GET['message']).'<br /></div>'; }
?>
<br>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<br>
<form method="post" action="index.php&done=1">
<strong>Homepage Text</strong><br/>
<textarea cols="70" rows="6" name="homepage">
<?php echo $row['homepage']; ?>
</textarea>
<br/>
Paypal Address<br/>
<input type="text" name="paypal" size="70" value="<?php echo $row['paypal_id']; ?>"/>
<input type="submit" name="submit" value="Update"/>
</form>
</td>
</tr>
</table>
<?}?>

In the first few lines of code we are telling the page that to check and see if we are done editing. If we are done editing, we need to post the values that we entered in and insert them into the database using the UPDATE sql query.

If we are NOT done editing, then we need to query the database and get the current settings so that they can be edited. We will insert the values of the the homepage in a textarea for easy editing and the paypal address we will place into an input box.

We DO need to display the current information so that we can edit it so we echo the values for those two rows out of the db.

Comments

comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.