Page 466 - Beginning PHP 5.3

P. 466

Part III: Using PHP in Practice
When you ’ re finished browsing around the members ’ area, return to the members ’ area homepage, and
click the Logout link to return to the login page.

In the last few sections, you ’ ve expanded your knowledge of MySQL and PDO, and created a
password - protected members ’ area with access logging. Although this system is fairly simple, you can
adapt the principles you ’ ve learned to a wide variety of database - driven applications and membership
systems.

By the way, you ’ ve probably spotted an obvious security flaw in this application: anybody can run the
view_members.php and view_member.php script to view member information! In a real - world
situation, you could do the following:
1. Place the view_members.php and view_member.php scripts inside the members ’ area, so you
need to be logged in to use them.
2. Create an additional BIT field, admin , in the members table. A value of 1 for this field signifies
that the member is an administrator; 0 signifies the member is a regular user.
3. From within the view_members.php and view_member.php scripts, check the status of the
admin field for the currently logged - in member. If it ’ s set to 1 , let them use the scripts;
otherwise, redirect them to the members ’ area homepage.

Creating a Member Manager Application

Your book club system can now register new members, allow members to log in to and log out of the
members ’ area, and track page visits within the members ’ area. What ’ s more, by combining these scripts
with the member record viewer you created in the previous chapter, an administrator can view a list of
all members in the system, as well as the details and access log of each member.
There ’ s one more piece of the puzzle to build, and that ’ s a facility to let the administrator manage
members. In this section you enhance the view_member.php script to allow the administrator to edit
each member ’ s information, as well as remove members from the database.

Adding Update and Delete Methods to the Member Class

So that the administrator can edit and delete members, you need to add a couple of methods to your
Member class: update() , to allow a Member object ’ s details to be updated in the members table, and
delete() , for removing a Member object completely from the members table.

Open your Member.class.php file and add the following two methods after the insert() method:

public function update() {
$conn = parent::connect();
$passwordSql = $this- > data[“password”] ? “password = password(:password),
” : “”;

428

9/21/09 9:14:12 AM
c14.indd 428 9/21/09 9:14:12 AM
c14.indd 428

461 462 463 464 465 466 467 468 469 470 471