Bazaar – php example code – part 5 – admin page

Article focus on way how to create site admin page. In our first approach we focus only on content of the page, limiting access only for admin will be described in further articles.

Expectation for site admin page

Admin page is accessible only for specific user category. This category is defined by user_role as admin. Restricting access and iferent display of this page for diferent category of users will be explained in further articles.

With admin page we can publish/ unpublish or remove items for sell. Second functionality created up to ime of vriting of this article is category management.

Management operation is maintained by links leading to operational scripts as is removecategory.php or removeitem.php.

Removeitem php script is much moore interesting because display three options with conformation of operation. After succesfull submiting one of three posible sql is executed along content inserted in $oprtion variable.

Visual look of admin page

Visual look of admin page is as follows:

After implementing login functionality, there will be two other output of this page, one for anonymous user and one for common user role.

admin page for common user will request relogin with elevated priviledge

Implementation of desired functionality

Generating table for item and for category is most common, we will discuss these parts in previews articles. But we wil take a closer look at code of removeitem.php, with new option datalist functionality for selection among three functionalities: publishing, unpublishing and removing item by site admin.

All selection lead to different sql script, first two manipulate with contnt of field published on bazaar_item page. If this value is zero item si not displayed in listenings for users in index page. After seting on 1, items are dsiplayed.

Removing item is LIMITed on only one matching items for further security. Also one yes selection during submitting these operations are required.

Full code of removeitem.php script will follow:

<!– ***************************************************************** –>

<!– PHP „self“ code GET request for remove andable or disable product item –>

<!-***************************************************************** –>

<!– Vrsion: 1.0 Date: 18.10.2020 by CDesigner.eu –>

<!– **************************************************************** –>

<?php // leading part of page for simple header securing and basic variable setup

require_once(‚appvars.php‘); // including variables for database

session_start(); // start the session – must be added on all pages for session variable accessing

// solution using SESSIONS with COOKIES for longer (30days) login persistency

if(!isset($_SESSION[‚users_id‘])) { // if session is no more active

if(isset($_COOKIE[‚users_id‘]) && isset($_COOKIE[‚username‘])) { // but cookie is set then renew session variables along them

$_SESSION[‚users_id‘] = $_COOKIE[‚users_id‘];

$_SESSION[‚username‘] = $_COOKIE[‚username‘];

}

// two variables for message and styling of the mesage with bootstrap

$msg = “;

$msgClass = “;

// default values of auxiliary variables

<!– ******************************************* –>

<!– script for appropriate scode removal –>

<!– ******************************************* –>

<!– obtain GET data from admin.php and trough –>

<!– POST submit remove data from database –>

<!– ******************************************* –>

<!DOCTYPE html>

<html>

<head>

<title> Bazaar score – publish/unpublish/remove item script </title>

</head>

<body>

<a class=“navbar-brand“ href=“admin.php“> –> Bazaar admin page</a>

<a class=“navbar-brand“ href=“index.php“> –> return to main shop page</a>

</div>

</nav>

<?php if($msg != “): ?> <!– alert showing part –>

<?php endif; ?>

<h4>Please select what you will do.</h4>

<br>

<br>

<?php // code for GET info about what to remove and submit removing approval

/* structure of generated link on admin.php page for further reference

echo ‚<td colspan=“1″><a id=“DEL“ href=“removeitem.php?item_id=‘.$row[‚item_id‘] . ‚&name_od_item=‘

. $row[‚name_of_item‘] . ‚&price_eur=‘. $row[‚price_eur‘] .

‚&published=‘. $row[‚published‘] . ‚&screenshot1=‘. $row[‚screenshot1‘] .

‚&screenshot2=‘. $row[‚screenshot2‘] . ‚&screenshot3=‘. $row[‚screenshot3‘] . ‚“> >>Publish/UnPub./Remove </a></td></tr>‘;

if(isset($_GET[‚item_id‘]) && isset($_GET[‚name_of_item‘]) && isset($_GET[‚price_eur‘]) && isset($_GET[‚published‘]) && isset($_GET[‚screenshot1‘])){

// take a data from GET link generated by adminscript

$item_id = htmlspecialchars($_GET[‚item_id‘]);

$name_of_item = htmlspecialchars($_GET[‚name_of_item‘]);

$price_eur = htmlspecialchars($_GET[‚price_eur‘]);

$published = htmlspecialchars($_GET[‚published‘]);

$screenshot1 = htmlspecialchars($_GET[‚screenshot1‘]);

$screenshot2 = htmlspecialchars($_GET[‚screenshot2‘]);

$screenshot3 = htmlspecialchars($_GET[‚screenshot3‘]);

} else if (isset($_POST[‚item_id‘]) && isset($_POST[‚name_of_item‘]) && isset($_POST[‚price_eur‘]) && isset($_POST[‚published‘]) && isset($_POST[‚screenshot1‘])) { //grab score from POST – different behavior for removal

$item_id = htmlspecialchars($_POST[‚item_id‘]);

$name_of_item = htmlspecialchars($_POST[‚name_of_item‘]);

$price_eur = htmlspecialchars($_POST[‚price_eur‘]);

$published = htmlspecialchars($_POST[‚published‘]);

$screenshot1 = htmlspecialchars($_POST[‚screenshot1‘]);

$screenshot2 = htmlspecialchars($_POST[‚screenshot2‘]);

$screenshot3 = htmlspecialchars($_POST[‚screenshot3‘]);

} else { //error info message

echo ‚<p class=“alert alert-danger“> Please specify any category for removal. </p>‘;

};

if(isset($_POST[‚submit‘])){

if($_POST[‚confirm‘] == ‚Yes‘ ){ // delete appropriate score post with imagescreenshot

//read all data from $_POST array

$item_id = htmlspecialchars($_POST[‚item_id‘]);

$name_of_item = htmlspecialchars($_POST[‚name_of_item‘]);

$price_eur = htmlspecialchars($_POST[‚price_eur‘]);

$published = htmlspecialchars($_POST[‚published‘]);

$screenshot1 = htmlspecialchars($_POST[‚screenshot1‘]);

$screenshot2 = htmlspecialchars($_POST[‚screenshot2‘]);

$screenshot3 = htmlspecialchars($_POST[‚screenshot3‘]);

$operation = htmlspecialchars($_POST[‚operation‘]);

// conect to the database

$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PW, DB_NAME);

//create sql query along selected operation

switch ($operation) {

case „publish„:

$sql = „UPDATE bazaar_item SET published = ‚1‘ WHERE item_id = $item_id LIMIT 1„;

// execute SQL

mysqli_query($dbc, $sql);

// confirm executed command

echo ‚<p> The item <strong>‘ . $name_of_item . ‚</strong> with id <strong>‘ . $item_id . ‚</strong> was succesfully published. </p>‘;

break;

case „unpublish„:

$sql = „UPDATE bazaar_item SET published = ‚0‘ WHERE item_id = $item_id LIMIT 1„;

// execute SQL

mysqli_query($dbc, $sql);

// confirm executed command

echo ‚<p> The item <strong>‘ . $name_of_item . ‚</strong> with id <strong>‘ . $item_id . ‚</strong> was succesfully unpublished. </p>‘;

break;

case „delete„:

$sql = „DELETE FROM bazaar_item WHERE item_id = $item_id LIMIT 1″;

// execute SQL

mysqli_query($dbc, $sql);

// confirm executed command

echo ‚<p> The item <strong>‘ . $name_of_item . ‚</strong> with id <strong>‘ . $item_id . ‚</strong> was succesfully deleted from listening on bazaar. </p>‘;

break;

}

// close database connection

mysqli_close($dbc);

} else {

echo ‚<p class=“alert alert-danger“ > The selected operation cannot be performed. </p>‘;

}

} else if (isset($item_id) && isset($price_eur) && isset($name_of_item) && isset($published) && isset($screenshot1) ) {

echo ‚<h5>Are you sure perform selected operation with bazaar item? </h5>‘;

// show short describtion of score for deletion

$image_location = IMAGE_PATH.$screenshot1;

echo ‚<p> <strong> Item_id: </strong> ‚ . $item_id . ‚<br> <strong> Name: </strong>‘ . $name_of_item .

‚</p>‘;

echo “ <img src=\“$image_location\“ alt=\“ score image \“ height=\“150\“> „;

//generating removing/ publishing/ unpublishing confirmation form

echo ‚<form method=“POST“ action=“removeitem.php“>‚; //not self but direct this script removecategory.php – we dont want include any GET data tahat previously send

echo ‚<h4> Please select your operation </h4>‘;

echo ‚<input list=“operation“ name=“operation“ placeholder=“select“ >‘;

echo ‚<datalist id=“operation“>‘;

echo ‚<option value=“publish“>‘;

echo ‚<option value=“unpublish“>‘;

echo ‚<option value=“delete“>‘;

echo ‚</datalist>‘;

echo ‚<br><br>‘;

echo ‚<input type=“radio“ name=“confirm“ value=“Yes“ /> Yes ‚;

echo ‚<input type=“radio“ name=“confirm“ value=“No“ checked=“checked“ /> No <br><br>‘;

echo ‚<input type=“hidden“ name=“item_id“ value=“‚.$item_id.'“ />‘;

echo ‚<input type=“hidden“ name=“price_eur“ value=“‚.$price_eur.'“ />‘;

echo ‚<input type=“hidden“ name=“name_of_item“ value=“‚.$name_of_item.'“ />‘;

echo ‚<input type=“hidden“ name=“published“ value=“‚.$published.'“ />‘;

echo ‚<input type=“hidden“ name=“screenshot1″ value=“‚.$screenshot1.'“ />‘;

echo ‚<input type=“hidden“ name=“screenshot2″ value=“‚.$screenshot2.'“ />‘;

echo ‚<input type=“hidden“ name=“screenshot3″ value=“‚.$screenshot3.'“ />‘;

echo ‚<input type=“submit“ class=“btn btn-danger“ value=“submit“ name=“submit“ />‘;

echo ‚</form>‚;

};

echo ‚<br><br>‘;

echo ‚<p> <a href = „admin.php“> <&lt Back to admin page. </a></p>‘;

</div>

<a class=“navbar-brand“ href=“https://cdesigner.eu“> Visit us on CDesigner.eu </a>

</div>

</body>

</html>

Visual look of confirmation part with operation selection is displayed here:

rmoveitem.php script confirmation dialog with option

Conclusion and further thoughts

Our admin page contains baseline for page administration, in next times we can add some parts for admin or moderation if needed.

Full code of bazaar app can be obtained from github here.