In this section, we'll look at having the following output displayed on our screen:
Follow these steps to build CRUD for user management:
- First, we need a few more queries. Open
app/Models/User.php. - Create the following methods:
get_users() – returns all users ordered by username $data = $this->db->select('username from users where username = :username', [':username' => $username]); return (isset($data[0]->username) ? $data[0]->username : null); } - Now, create a
UsersController inapp/Controllers.CreateUsers.php. - Set the namespace and import the helpers and
UserModel:use SystemBaseController; use AppHelpersSession; use AppHelpersUrl; use AppModelsUser; class Users extends BaseController { - Next, create a class property called
$userand a__constructmethod. Then, check if the user is logged in, and if not, redirect them to the login page. - Create a new user instance:
$this->user = new User()
protected $user; public function __construct() { parent::__construct(); if (! Session::get('logged_in')) { Url::redirect('/admin/login'); } $this->user = new User(); } - Next, create an
indexmethod. This will callget_users()and load a view and pass in the users object:public function index() { $users = $this->user->get_users(); $title = 'Users'; $this->view->render('admin/users/index', compact('users', 'title')); } - For the view, create
app/views/admin/users/index.php. - Include the layout files and create a table to display a list of users:
foreach($users as $user)
- Loop through all the user records. As a security measure, when printing data from a database, we'll make use of
htmlentities().This converts all tags into their HTML counterparts, meaning if any code had been injected into the database, it would simply be printed as text, making it useless:<?php include(APPDIR.'views/layouts/header.php'); include(APPDIR.'views/layouts/nav.php'); …… </table> </div> <?php include(APPDIR.'views/layouts/footer.php');?> - Inside the loop, we have two action links for editing and deleting. Note that the user's ID is being passed to the end of the
hrefvalue. This is to pass the ID to the URL. - Also, we have an
Add Userbutton that points to/users/add.Let's create this. In yourUsersController, create a new method calledadd():public function add() { $errors = []; $title = 'Add User'; $this->view->render('admin/users/add', compact('errors', 'title')); } - Now, create a view in
app/views/admin/userscalledadd.php. - Include the layout files and set the page title. Next, create a form with a method set to
post. - You need four inputs for
username,email,password,andconfirm password. Make sure each input has a name. - To implement sticky forms on the username and email, use a ternary:
(isset($_POST['username']) ? $_POST['username'] : '')
This says if the
$_POST['username']is set, then print it, otherwise print an empty string:<?php include(APPDIR.'views/layouts/header.php'); include(APPDIR.'views/layouts/nav.php'); include(APPDIR.'views/layouts/errors.php'); …….. </form> <?php include(APPDIR.'views/layouts/footer.php');?>
- When submitted, the form data will be posted to
/users/add. This needs handling in theaddmethod of theUsersController. - Check for the form submission:
if (isset($_POST['submit'])) { - Next, collect the form data:
$username = (isset($_POST['username']) ? $_POST['username'] : null); $email = (isset($_POST['email']) ? $_POST['email'] : null); $password = (isset($_POST['password']) ? $_POST['password'] : null); $password_confirm = (isset($_POST['password_confirm']) ? $_POST['password_confirm'] : null);
- Then, start the validation process.
- Check that the
usernameis more than 3 characters in length:if (strlen($username) < 3) { $errors[] = 'Username is too short'; } - Next, check if the
$usernameexists already in the database by passing$usernameto aget_user_username($username)method on the Model. If the results are the same as$username,then it already exists, so create an error:else { if ($username == $this->user->get_user_username($username)){ $errors[] = 'Username address is already in use'; } } - For email validation, check that the email is in a valid format by using
filter_varandFILTER_VALIDATE_EMAIL.If this does not return true, create an error. - Like with the
username,check if the$emailexists in the database already:if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $errors[] = 'Please enter a valid email address'; } else { if ($email == $this->user->get_user_email($email)){ $errors[] = 'Email address is already in use'; } } - For the passwords, check that
$passwordmatches$password_confirmor creates an error. Otherwise, check that the password is more than 3 characters in length:if ($password != $password_confirm) { $errors[] = 'Passwords do not match'; } elseif (strlen($password) < 3) { $errors[] = 'Password is too short'; } - If there are no errors, carry on and set a
$data arraycontaining the data to be inserted into the database. - Create the user by calling
$this->insert($data)and set a message before redirecting back to /users:if (count($errors) == 0) { $data = [ 'username' => $username, 'email' => $email, 'password' => password_hash($password, PASSWORD_BCRYPT) ]; $this->user->insert($data); Session::set('success', 'User created'); Url::redirect('/users'); }The full method looks like this:
public function add() { $errors = []; ……. $title = 'Add User'; $this->view->render('admin/users/add', compact('errors', 'title')); } - To edit users, the URL structure is
/users/edit/1.The number at the end is the ID of the user. - Create a method called
edit($id)that accepts a parameter called$id. - First, check that
$idis a number, otherwise redirect back to/users. - Get the user's data by calling
$this>user->get_user($id)and pass in the ID to theusersModel method. This will return auserobject ornullif the record is not found. - If the
$useris equal tonull,redirect to a404page. Otherwise, set up an$errorsarray,$title,and load the view, passing in user, errors, and title tocompact():public function edit($id) { if (! is_numeric($id)) { Url::redirect('/users'); } $user = $this->user->get_user($id); if ($user == null) { Url::redirect('/404'); } $errors = []; $title = 'Edit User'; $this->view->render('admin/users/edit', compact('user', 'errors', 'title')); } - Now, create a view in
app/views/admin/userscallededit.php:Note
This is almost identical to the
add.phpview. The main difference is in the username and email inputs. They are pre-populated with the user object:<input class="form-control" id="username" type="text" name="username" value="<?=$user->username;?>" required />
The
<?=$user->username;?>is the user object in action using->after$user.You specify what column you want out of it.It's important that you do not pre-populate the password fields; they should only be filled in when the user wants to change the password. As such, put a message to inform the user that they should enter the password only if they want to change their existing password:
For full code snippet, refer to
Lesson 7.phpfile in the code files folder.<?php include(APPDIR.'views/layouts/header.php'); include(APPDIR.'views/layouts/nav.php'); include(APPDIR.'views/layouts/errors.php'); …… </form> <?php include(APPDIR.'views/layouts/footer.php');?>
- Just like the
add()method, check for the form submission, collect the form data, and perfect the form validation. - This time, we won't check if the username or email exists in the database, only that they are provided and are valid:
if (isset($_POST['submit'])) { $username = (isset($_POST['username']) ? $_POST['username'] : null); …… $errors[] = 'Password is too short'; } } - Next, check that there are no errors:
if (count($errors) == 0) { - Set the
$dataarray to update the user's record. This time, only the username and email are provided:$data = [ 'username' => $username, 'email' => $email ]; - If the password has been updated, then add the password to the
$dataarray:if ($password != null) { $data['password'] = password_hash($password, PASSWORD_BCRYPT); } - The where statement says where the ID matches
$id. Run theupdate()and set a message and redirect to the users page:$where = ['id' => $id]; $this->user->update($data, $where); Session::set('success', 'User updated'); Url::redirect('/users');The full
updatemethod looks like this:public function edit($id) { if (! is_numeric($id)) { …… } $title = 'Edit User'; $this->view->render('admin/users/edit', compact('user', 'errors', 'title')); } - The last step to complete the users Controller is adding the ability to delete users.
- Like the edit, the URL structure will pass in an
$idas part of the URL in the format of/users/delete/2. - Create a method called
delete($id). - Check if the
$idis numeric and check if the$idmatches the session$_SESSION['user_id'],otherwise kill the page. You don't want to allow a user to delete their own record. - Next, get the user by calling
$this->user->get_user($id)and check if the$userobject is not equal tonull.Otherwise, redirect to a404page. - Next, create a
$wherearray that says where the$idmatches the ID in the database. Note we do not use a$dataarray. In this case, we only pass a$where. This is because you cannot select columns, only a row, so the$datawould be pointless. - Lastly, set a message and redirect back to
/users:public function delete($id) { if (! is_numeric($id)) { Url::redirect('/users'); } if (Session::get('user_id') == $id) { die('You cannot delete yourself.'); } $user = $this->user->get_user($id); if ($user == null) { Url::redirect('/404'); } $where = ['id' => $user->id]; $this->user->delete($where); Session::set('success', 'User deleted'); Url::redirect('/users'); } - Now, run the application:
php –S localhost:8000 –t webroot
- Go to
http://localhost:8000/users,click onAdd User,andfill in the form. - First, if you try to submit the form without any data, you will see the HTML client validation that comes from putting a required attribute on the inputs.
- Try filling in a user with the same username as one you've already created, and you'll see the server validation rules up and running.
- Finally, fill in the form completely with new user details and you will be redirected to
/usersand see the new user, along with a confirmation message. - Click on
Editnext to the user you want to edit. You will then be presented with the edit form with the username and email filled in. Pressing submit will take you back to the users page. - Pressing
deletewill delete the user right away (providing the user is not you) with no confirmation. Let's fix that! - Our requirement states that when the user presses
delete, a confirmation window should be displayed. If OK is clicked, then the delete URL will be called, and if cancel is clicked, nothing will happen. - Open
app/views/admin/users/index.phpand place this JavaScript before thefooter.phpcode block:<script language="JavaScript" type="text/javascript"> function del(id, title) { if (confirm("Are you sure you want to delete '" + title + "'?")) { window.location.href = '/users/delete/' + id; } } </script> - This defines a JavaScript function which accepts an ID and a
username.When theconfirm()passes awindow.location.href,it will run, redirecting the page to the delete URL before passing in the IDvarto the end of the URL. - In the loop where you see the delete link:
<a href="/users/delete/<?=$row->id;?>" class="btn btn-xs btn-danger">Delete</a>
Replace it with:
<a href="javascript:del('<?=$row->id;?>','<?=$row->username;?>')" class="btn btn-xs btn-danger">Delete</a>This calls
javascript:del(),which triggers the confirmation popup and passes in the user'sIDandusername. - Save the file and run the page. When you click on delete, you will now see a confirmation prompt. Clicking OK will allow the delete to go ahead, while pressing cancel will stop the redirect from running.
- Add additional fields about a user, perhaps their address, age, hobbies, eye color, or anything of your, choosing.
- Ensure these are processed in the
MethodandControllerand ensure that the database table is ready to accept them. - Ensure that these are included in the view.
- In the
indexview, the student can select information of their choosing to help identify the user in the table.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.