only for RuBoard - do not distribute or recompile Previous Section Next Section

Script Architecture

As in the last project, we have used an event-driven approach to this project. The backbone of the application is in the file index.php. This script has four main segments, which are

  1. Preprocessing: Do any processing that must be done before headers can be sent.

  2. Set up and send headers: Create and send the start of the HTML page.

  3. Perform action: Respond to the event that has been passed in. As in our last example, the event is contained in the $action variable.

  4. Send footers.

Almost all of the application's processing is done in this file. The application also uses the function libraries listed in Table 28.1, as mentioned previously.

The full listing of the index.php script is shown in Listing 28.2.

Listing 28.2 index.php—Main Application File for Pyramid-MLM
<?

/**********************************************************************
* Section 1: pre-processing
*********************************************************************/

  include ('include_fns.php');
  session_start();

  $buttons = array();

  //append to this string if anything processed before header has output
  $status = '';

  // need to process log in or out requests before anything else
  if($email&&$password)
  {
    $login = login($email, $password);

    if($login == 'admin')
    {
      $status .= "<p><b>".get_real_name($email)."</b> logged in"
                  ." successfully as <b>Administrator</b><br><br><br><br><br>";
      $admin_user = $email;
      session_register("admin_user");
    }
    else if($login == 'normal')
    {
      $status .= "<p><b>".get_real_name($email)."</b> logged in"
                 ." successfully.<br><br>";
      $normal_user = $email;
      session_register("normal_user");
    }
    else
    {
      $status .= "<p>Sorry, we could not log you in with that
                  email address and password.<br>";
    }
  }
  if($action == 'log-out')
  {
    session_destroy();
    unset($action);
    unset($normal_user);
    unset($admin_user);
  }

/**********************************************************************
* Section 2: set up and display headers
*********************************************************************/

  // set the buttons that will be on the tool bar
  if(check_normal_user())
  {
    // if a normal user
    $buttons[0] = 'change-password';
    $buttons[1] = 'account-settings';
    $buttons[2] = 'show-my-lists';
    $buttons[3] = 'show-other-lists';
    $buttons[4] = 'log-out';
  }
  else if(check_admin_user())
  {
    // if an administrator
    $buttons[0] = 'change-password';
    $buttons[1] = 'create-list';
    $buttons[2] = 'create-mail';
    $buttons[3] = 'view-mail';
    $buttons[4] = 'log-out';
    $buttons[5] = 'show-all-lists';
    $buttons[6] = 'show-my-lists';
    $buttons[7] = 'show-other-lists';
  }
  else
  {
    // if not logged in at all
    $buttons[0] = 'new-account';
    $buttons[1] = 'show-all-lists';
    $buttons[4] = 'log-in';
  }


 if($action)
  {
    // display header with application name and description of page or action
    do_html_header("Pyramid-MLM - ".
                   format_action($action));
  }
  else
  {
    // display header with just application name
    do_html_header("Pyramid-MLM");
  }

 display_toolbar($buttons);

 //display any text generated by functions called before header
 echo $status;

/**********************************************************************
* Section 3: perform action
*********************************************************************/
  // only these actions can be done if not logged in
  switch ( $action )
  {
    case 'new-account':
    {
      unset($normal_user);
      unset($admin_user);
      display_account_form($normal_user, $admin_user);
      break;
    }
    case 'store-account':
    {
      if (store_account($normal_user, $admin_user, $HTTP_POST_VARS))
        $action = '';
      if(!check_logged_in())
        display_login_form($action);
      break;
    }
    case 'log-in':
    case '':
    {
      if(!check_logged_in())
        display_login_form($action);
      break;
    }
    case 'show-all-lists':
    {
      display_items("All Lists", get_all_lists(), 'information', 
                    'show-archive','');
      break;
    }
    case 'show-archive':
    {
      display_items("Archive For ".get_list_name($id),
                     get_archive($id), 'view-html', 'view-text', '');
      break;
    }
    case 'information':
    {
      display_information($id);
      break;
    }
 }

 //all other actions require user to be logged in
  if(check_logged_in())
  {
    switch ( $action )
    {
      case 'account-settings':
      {
        display_account_form($normal_user, $admin_user, get_email(),
              get_real_name(get_email()), get_mimetype(get_email()));
        break;
      }
      case 'show-other-lists':
      {
        display_items("Unsubscribed Lists",
                      get_unsubscribed_lists(get_email()), 'information',
                      'show-archive', 'subscribe'); 
        break;
      }
      case 'subscribe':
      {
        subscribe(get_email(), $id);
        display_items("Subscribed Lists", get_subscribed_lists(get_email()),
                        'information', 'show-archive', 'unsubscribe');
        break;
      }
      case 'unsubscribe':
      {
        unsubscribe(get_email(), $id);
        display_items("Subscribed Lists", get_subscribed_lists(get_email()),
                      'information', 'show-archive', 'unsubscribe');
        break;
      }
      case '':
      case 'show-my-lists':
      {
        display_items("Subscribed Lists", get_subscribed_lists(get_email()),
                     'information', 'show-archive', 'unsubscribe');
        break;
      }
      case 'change-password':
      {
        display_password_form();
        break;
      }
      case 'store-change-password':
      {
        if(change_password(get_email(), $old_passwd,
           $new_passwd, $new_passwd2))
        {
          echo "<p>OK: Password changed.<br><br><br><br><br><br>";
        }
        else
        {
          echo "<p>Sorry, your password could not be changed."; 
          display_password_form();
        }
        break;
      }
    }
  }
  // The following actions may only be performed by an admin user
  if(check_admin_user())
  {
    switch ( $action )
    {
      case 'create-mail':
      {
        display_mail_form(get_email());
        break;
      }
      case 'create-list':
      {
        display_list_form(get_email());
        break;
      }
      case 'store-list':
      {
        if(store_list($admin_user, $HTTP_POST_VARS))
        {
          echo "<p>New list added<br>";
          display_items("All Lists", get_all_lists(), 'information',
                        'show-archive','');
        }
        else
          echo "<p>List could not be stored, please try "
               ."again.<br><br><br><br><br>";
        break;
      }
      case 'send':
      {
        send($id, $admin_user);
        break;
      }
      case 'view-mail':
      {
        display_items("Unsent Mail", get_unsent_mail(get_email()),
                      'preview-html', 'preview-text', 'send');
        break; 
      }
    }
  }

/**********************************************************************
* Section 4: display footer
*********************************************************************/

 do_html_footer();
?>

You can see the four segments of the code clearly marked in this listing.

In the preprocessing stage, we set up the session and process any actions that need to be done before headers can be sent. In this case, this includes logging in and out.

In the header stage, we set up the menu buttons that the user will see, and display the appropriate headers using the do_html_header() function from output_fns.php. This function just displays the header bar and menus, so we won't go into it here.

In the main section of the script, we respond to the action the user has chosen. These actions are divided into three subsets: actions that can be taken if not logged in, actions that can be taken by normal users, and actions that can be taken by administrative users. We check to see whether access to the latter two sets of actions is allowed using the check_logged_in() and check_admin_user() functions. These functions are located in the user_auth_fns.php function library. The code for the functions, and for the check_normal_user() function are shown in Listing 28.3.

Listing 28.3 Functions from user_auth_fns.php—These Functions Check Whether or Not a User Is Logged In, and at What Level
function check_normal_user()
// see if somebody is logged in and notify them if not
{
  global $normal_user;
  if (session_is_registered("normal_user"))
    return true;
  else
    return false;
}
function check_admin_user()
// see if somebody is logged in and notify them if not
{
  global $admin_user;

  if (session_is_registered("admin_user"))
    return true;
  else
    return false;
}
function check_logged_in()
{
  return ( check_normal_user() || check_admin_user() );
}

As you can see, these functions use the session variables $normal_user and $admin_user to check whether a user has logged in. We'll talk about setting these session variables up in a minute.

In the final section of the script, we send an HTML footer using the do_html_footer() function from output_fns.php.

Let's look briefly at an overview of the possible actions in the system. These actions are shown in Table 28.2

Table 28.2. Possible Actions in the Mailing List Manager Application
Action Usable By Description
log-in Anyone Gives a user a login form
log-out Anyone Ends a session
new-account Anyone Creates a new account for a user
store-account Anyone Stores account details
show-all-lists Anyone Shows a list of available mailing lists
show-archive Anyone Displays archived news letters for a particular list
information Anyone Shows basic information about a particular list
account-settings Logged-in users Displays user account settings
show-other-lists Logged-in users Displays mailing lists to which the user is not subscribed
show-my-lists Logged-in users Displays mailing lists to which the user is subscribed
subscribe Logged-in users Subscribes a user to a particular list
unsubscribe Logged-in users Unsubscribes a user from a particular list
change-password Logged-in users Displays the change of password form
store-change password Logged-in users Updates user's password in password the database
create-mail Administrators Displays form to allow upload of newsletters
create-list Administrators Displays form to allow new mailing lists to be created
store-list Administrators Stores mailing list details in the database
view-mail Administrators Display newsletters that have been uploaded but not yet sent
send Administrators Sends newsletters to subscribers

One noticeable omission from this table is an option along the lines of store-mail, that is, an action that actually uploads the newsletters entered via create-mail by administrators. This single piece of functionality is actually in a different file, upload.php. We put this in a separate file because it makes it a little easier on us, the programmers, to keep track of security issues.

We will discuss the implementation of these actions in the three groups listed in the Table 28.2, that is, actions for people who are not logged in; actions for logged-in users; and actions for administrators.
only for RuBoard - do not distribute or recompile Previous Section Next Section