Listing Articles for a PEAR Content Management System - Code Explained
(Page 2 of 4 )
As with every other script in this system, this page also starts by assessing the status of the user. Any user that wants to use the CMS needs to be authenticated. But keep in mind that a user can simply type the name of any script, for example this script, into the web browser and he or she will be able to view the page without having to go through our log-in system. This will of course render the log-in system useless.
It is for this reason that we put in this security check. If a user is not authenticated, he or she will be redirected to the login page. So typing the page name into the web browser will not work.
So how does the script check that only authenticated users view this page? It is really quite simple. When a user logs in, the system creates session variables that are available application wide. This means that every script in the application will have access to these variables. The security code simply uses one of those variables as determining factor. First it opens up a session, using PHP's session_start() function, and then it access a variable called author_name. If this variable exists or is set, it means that the user is authenticated and should be allowed to view the page; otherwise, the user is not authenticated and is trying to access the page illegitimately. Below is the code that is responsible for checking the user status:
<?php
session_start();
if(!isset($_SESSION['author_name'])){
//redirect to login page
header("location:login.php");
}
?>
The next part in this script creates the HTML portion of the page. The header part of the HTML includes a lot of elements such as the style sheet and template definitions:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/main.dwt.php" codeOutsideHTMLIsLocked="false" -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<!-- InstanceBeginEditable name="doctitle" -->
<title>Untitled Document</title>
<!-- InstanceEndEditable -->
<!-- InstanceBeginEditable name="head" -->
<!-- InstanceEndEditable -->
<link href="Templates/pear.css" rel="stylesheet" type="text/css" />
</head>
<body>
<table width="100%" border="0" class="bord">
<tr class="header1">
<td colspan="2"><div align="center">Content Management System </div></td>
</tr>
<tr>
<td width="5%" valign="top"><!-- InstanceBeginEditable name="EditRegion4" -->
The next part of the HTML code starts to set up an HTML table that will contain the navigation panel information, such as the logout and author's links that enable a user to view a list of all the authors in the system:
<table width="100%" border="0" cellspacing="0" class="navbord">
<tr>
<td colspan="2" bgcolor="#FFFFFF"> </td>
</tr>
<tr>
<td colspan="2" bgcolor="#0066FF" class="section"><strong>Section</strong></td>
</tr>
<tr class="navbord">
<td class="nav"><a href="logout.php">Logout</a> </td>
<td><img src="images/user.gif" width="16" height="16" alt="" /></td>
</tr>
<tr class="navbord">
<td colspan="2" class="nav"><a href="main.php">Home</a></td>
</tr>
<tr class="navbord">
<td colspan="2" class="nav"><a href="authors.php">Authors</a></td>
</tr>
<?php if($_SESSION['level']=="admin"){?>
<tr class="navbord">
<td colspan="2" class="nav"><a href="admin/index.php">Admin</a></td>
</tr>
<?php }?>
</table>
A link to the admin section of the site is also provided, but only users with administration level access are allowed to use it. To prevent any unauthorized access to that part of the site, the code makes a check, and it works like this. It checks to see if the session variable called "level" exists and that the value that is stored in that variable is "admin." If the value is indeed "admin," then the navigation option is displayed for the user; otherwise, it is not shown.
<?php if($_SESSION['level']=="admin"){?>
<tr class="navbord">
<td colspan="2" class="nav"><a href="admin/index.php">Admin</a></td>
</tr>
<?php }?>
Next: Table with Articles >>
More PEAR Articles Articles
More By David Web
