Jump to content

How to structure the code - Help!

dbk

By dbk
in PHP Coding Help

 Share

Recommended Posts

dbk Member

dbk

Posted
Posted

Hi guys

 

I've been working on learning php for a month now and I'm very surprised with the progress  :D.

 

How I'm find my self standing at a crossroad - should I try understand how a framework works to separate php from html or .. should I just try to organise my code as much as possible??

 

To see how I structure my code here is an example of a application to my own little architectural company:

 

<?php
require_once '..\functions\func_access_db.php';
require_once '..\functions\func_doctype.php';
require_once '..\functions\functions.php';

//Get required data from url
$action = $_GET['action'];
$form_action = $_GET['form_action'];
$user_id = $_GET['user_id'];

//Get data from database if exists
switch ($action)
{
    case "user_edit":
    case "user_call":
        //Find user_id if no user is selected
        if ($user_id == "") {
            $user_db = "SELECT * FROM user ORDER BY user_title";
            $user_result = mysql_query($user_db)
                or die("Invalid query: " . mysql_error());
            $row = mysql_fetch_array($user_result);
            $user_id = $row['user_id'];
        }

        $usersql = "SELECT * FROM user WHERE user_id = $user_id";
        $user_result = mysql_query($usersql)
            or die("Invalid query: " . mysql_error());
        $row = mysql_fetch_array($user_result);
        $user_name = $row['user_name'];
        $existing_user_password = $row['user_password'];
        $user_title = $row['user_title'];
        $user_first_names = $row['user_first_names'];
        $user_surname = $row['user_surname'];
        $user_initials = $row['user_initials'];
        $user_direct_phone = $row['user_direct_phone'];
        $user_cellphone = $row['user_cellphone'];
        $user_mail = $row['user_mail'];
        $user_permissions = $row['user_permissions'];
        break;
    case "user_add":
        $user_name = "";
        $user_password = "";
        $user_title = "";
        $user_first_names = "";
        $user_surname = "";
        $user_initials = "";
        $user_direct_phone = "";
        $user_cellphone = "";
        $user_mail = "";
        $user_permissions = "";
        break;
}

//Evaluate form and handle data
if($form_action == "commit"){      
        //Get form data
        $user_name = $_POST['user_name'];
        $user_password = $_POST['user_password'];
        $user_title = $_POST['user_title'];
        $user_first_names = ucwords(strtolower($_POST['user_first_names']));
        $user_surname = ucwords(strtolower($_POST['user_surname']));
        $user_initials = strtoupper($_POST['user_initials']);//convert alle letters to uppercast
        $user_direct_phone = $_POST['user_direct_phone'];
        $user_cellphone = $_POST['user_cellphone'];
        $user_mail = $_POST['user_mail'];
        $user_permissions = $_POST['user_permissions'];
        
        $new_user_password = $_POST['new_user_password'];
        $confirm_new_user_password = $_POST['confirm_new_user_password'];

        //eveluate user_name
        if (($user_name == "") OR ((strlen($user_name)) < 3)){
            $user_name_error = "Brugernavnet skal være på mindst 3 tegn!";
            }
            elseif((strlen($user_name)) >= 3){
                //
                //Check if user_name is stored in the database
                //
                //Use this query if action == user_add
                if($action == "user_add"){
                $check_user_name = "SELECT user_name FROM user";
                }
                //Use this query if action == user_edit
                if($action == "user_edit"){
                $check_user_name = "SELECT user_name FROM user WHERE user_id!=$user_id";
                }
                
                $search_result = mysql_query($check_user_name);
                
                    //Evaluate user_name
                    $temp_array = array();
                    while ($user_row = mysql_fetch_array($search_result))
                        {
                        $temp_array[] = $user_row['user_name'];
                        }
                    $search = in_array($user_name, $temp_array);
                    if ($search == 1){
                        $user_name_error = "Brugernavnet findes allerede i databasen!";
                        }                
            }//end evaluate user_name
        //
        //eveluate user_password
        //
        //use this evaluation user_password if action == user_add
        if ($action == "user_add"){
            if (($user_password == "") OR ((strlen($user_password)) < 4)){
                $user_password_error = "Password skal være på mindst 4 tegn!";
            }
        }
        //use this evaluation user_password if action == user_edit
        if ($action == "user_edit"){
            if (!empty($new_user_password)){
                if (((strlen($new_user_password)) < 4)){
                $new_user_password_error = "Password skal være på mindst 4 tegn!";
                }
                if ($confirm_new_user_password != $new_user_password){
                    $user_password_error = "De indtastede password skal være ens!";
                }
            }
        }        
        //eveluate user_title
        if ($user_title == ""){
            $user_title_error = "Brugeren skal have en titel!";
        }
        //eveluate user_names
        if (($user_first_names == "") OR ((strlen($user_first_names)) < 2)){
            $user_first_names_error = "Fornavn(e) skal være på mindst 2 tegn!";
        }
        //eveluate user_surname
        if (($user_surname == "") OR ((strlen($user_surname)) < 2)){
            $user_surname_error = "Efternavn skal være på mindst 2 tegn!";
        }
        //eveluate user_initials
        if (($user_initials == "") OR ((strlen($user_initials)) < 2)){
            $user_initials_error = "Initialer skal være på mindst 2 tegn!";
        }
        //eveluate user_direct_phone if exitst
        if(!empty($user_direct_phone)){
            if ((!is_numeric($user_direct_phone)) OR ((strlen($user_direct_phone)) != ) {
                $user_direct_phone_error = "Direkte nummer skal være på 8 tal!";
            }
        }
        //eveluate user_cellphone
        if ((!is_numeric($user_cellphone)) OR ((strlen($user_cellphone)) != ){
            $user_cellphone_error = "Mobil nummer skal være på 8 tal!";
        }
        //eveluate user_mail
        if (eval_mail($user_mail)){
            $user_mail_error = "Ikke en gyldig mailadresse!";
        }
        //
        //start database handeling if no error is set
        //
        if(!isset($user_name_error) && !isset($user_password_error) &&
           !isset($user_title_error) && !isset($user_first_names_error) &&
           !isset($user_surname_error) && !isset($user_initials_error) &&
           !isset($user_direct_phone_error) && !isset($user_cellphone_error) &&
           !isset($user_mail_error) && !isset($new_user_password_error))
            {
            //
            //use this query if a new user is added
            if($action == "user_add"){
            $order_user_id = "ALTER TABLE user AUTO_INCREMENT = 1";
            mysql_query($order_user_id);
            $sql =  "INSERT INTO user
                    (user_name,
                    user_password,
                    user_title,
                    user_first_names,
                    user_surname,
                    user_initials,
                    user_direct_phone,
                    user_cellphone,
                    user_mail,
                    user_permissions)
                    VALUES
                    ('" . $user_name . "',
                    '" . $encrypt_user_password = md5($user_password) . "',
                    '" . $user_title . "',
                    '" . $user_first_names . "',
                    '" . $user_surname . "',
                    '" . $user_initials . "',
                    '" . $user_direct_phone . "',
                    '" . $user_cellphone . "',
                    '" . $user_mail . "',
                    '" . $user_permissions . "')";
            }
            //
            //use this query if a user is edited
            if($action == "user_edit"){
                
                //if a new password is submitted
                //the new password gets encrypted and passed to new variable
                if(!empty($new_user_password)){
                    $user_password = md5($new_user_password);
                } else {
                    $user_password = $existing_user_password;
                }

            $sql =  "UPDATE user SET
                    user_name = '$user_name',
                    user_password = '$user_password',
                    user_title = '$user_title',
                    user_first_names = '$user_first_names',
                    user_surname = '$user_surname',
                    user_initials = '$user_initials',
                    user_direct_phone = '$user_direct_phone',
                    user_cellphone = '$user_cellphone',
                    user_mail = '$user_mail',
                    user_permissions = '$user_permissions'
                    WHERE user_id = '$user_id'";
            }            
            //
            //check if query is set and not empty and sent query to database
            if (isset($sql) && !empty($sql))
            {
            mysql_query($sql)
                or die("Invalid query: " . mysql_error());

                //get user_id from last query if action == user_add
                if($action == "user_add") {
                    $user_id = mysql_insert_id();
                }
            ?>
            <html>
                <head>
                    <script type="text/javascript">

                        window.onload = function()
                        {
                            // Reload the parent window
                            window.top.location.href = "users.php?action=user_call&user_id=<?php echo $user_id; ?>";
                        }

                    </script>
                </head>
            </html>
            <?php
            }
        }
}

?>
<!-- Print data to screen -->
<?php echo $doctype; ?>
<html>
<head>
<title>user call</title>
<link rel="stylesheet" type="text/css" media="screen" href="../css/main_css.css">
</head>
<body>
<div id="framedocs">
<?php if($action != "user_call") { ?>
<form action="<?php $_SERVER['PHP_SELF']?>?action=<?php echo $action; ?>&form_action=commit&user_id=<?php echo $user_id; ?>" method="post">
<?php } ?>
<fieldset>
    <legend><a class="h1">BRUGEROPLYSNINGER</a></legend>
<table cellspacing="0" cellpadding="3">
    <tr>
        <td class="fade" width="35%">Titel:</td>
        <td width="35%"><?php if($action != "user_call"){ ?>
        <input class="required" type="text" name="user_title" value="<?php echo $user_title; ?>">
        <?php }
        else {echo $user_title;} ?>
        </td>
        <td class="fade" width="20%" align="right">Initialer:</td>
        <td width="10%"><?php if($action != "user_call"){ ?>
        <input class="required" type="text" name="user_initials" value="<?php echo $user_initials; ?>">
        <?php }
        else {echo $user_initials;} ?>
        </td>
    </tr>
    <?php //error if exists
    if(isset($user_title_error)){ ?>
    <tr>
        <td width="35%"></td>
        <td colspan="3" class="error"><?php echo $user_title_error; ?></td>
    </tr>
    <?php } ?>
    <?php //error if exists
    if(isset($user_initials_error)){ ?>
    <tr>
        <td width="35%"></td>
        <td colspan="3" class="error"><?php echo $user_initials_error; ?></td>
    </tr>
    <?php } ?>
    <tr>
        <td class="fade" width="35%">Fornavn(e):</td>
        <td width="65%" colspan="3"><?php if($action != "user_call"){ ?>
        <input class="required" type="text" name="user_first_names" value="<?php echo $user_first_names; ?>">
        <?php }
        else {echo $user_first_names;} ?>
        </td>
    </tr>
    <?php //error if exists
    if(isset($user_first_names_error)){ ?>
    <tr>
        <td width="35%"></td>
        <td colspan="3" class="error"><?php echo $user_first_names_error; ?></td>
    </tr>
    <?php } ?>
    <tr>
        <td class="fade" width="35%">Efternavn:</td>
        <td width="65%" colspan="3"><?php if($action != "user_call"){ ?>
        <input class="required" type="text" name="user_surname" value="<?php echo $user_surname; ?>">
        <?php }
        else {echo $user_surname;} ?>
        </td>
    </tr>
    <?php //error if exists
    if(isset($user_surname_error)){ ?>
    <tr>
        <td width="35%"></td>
        <td colspan="3" class="error"><?php echo $user_surname_error; ?></td>
    </tr>
    <?php } ?>
    <tr>
        <td class="fade" width="35%">Mobil nummer:</td>
        <td width="65%" colspan="3"><?php if($action != "user_call"){ ?>
        <input class="required" type="text" name="user_cellphone" value="<?php echo $user_cellphone; ?>">
        <?php }
        else {echo $user_cellphone;} ?>
        </td>
    </tr>
    <?php //error if exists
    if(isset($user_cellphone_error)){ ?>
    <tr>
        <td width="35%"></td>
        <td colspan="3" class="error"><?php echo $user_cellphone_error; ?></td>
    </tr>
    <?php } ?>
    <tr>
        <td class="fade" width="35%">Direkte nummer:</td>
        <td width="65%" colspan="3"><?php if($action != "user_call"){ ?>
        <input type="text" name="user_direct_phone" value="<?php echo $user_direct_phone; ?>">
        <?php }
        else {echo $user_direct_phone;} ?>
        </td>
    </tr>
    <?php //error if exists
    if(isset($user_direct_phone_error)){ ?>
    <tr>
        <td width="35%"></td>
        <td colspan="3" class="error"><?php echo $user_direct_phone_error; ?></td>
    </tr>
    <?php } ?>
    <tr>
        <td class="fade" width="35%">Mail:</td>
        <td width="65%" colspan="3"><?php if($action != "user_call"){ ?>
        <input class="required" type="text" name="user_mail" value="<?php echo $user_mail; ?>">
        <?php }
        else {echo $user_mail;} ?>
        </td>
    </tr>
    <?php //error if exists
    if(isset($user_mail_error)){ ?>
    <tr>
        <td width="35%"></td>
        <td colspan="3" class="error"><?php echo $user_mail_error; ?></td>
    </tr>
    <?php } ?>
    <tr>
        <td class="fade" width="35%">Brugernavn:</td>
        <td width="65%" colspan="3"><?php if($action != "user_call"){ ?>
        <input class="required" type="text" name="user_name" value="<?php echo $user_name; ?>">
        <?php }
        else {echo $user_name;} ?>
        </td>
    </tr>
    <?php //error if exists
    if(isset($user_name_error)){ ?>
    <tr>
        <td width="35%"></td>
        <td colspan="3" class="error"><?php echo $user_name_error; ?></td>
    </tr>
    <?php } ?>
    <?php if($action == "user_add"){ ?>
    <tr> 
        <td class="fade" width="35%">Adgangskode:</td>
        <td width="65%" colspan="3">
        <input class="required" type="text" name="user_password" value="<?php echo $user_password; ?>">
        </td>
    </tr>
    <?php } ?>
    <?php if($action == "user_edit"){ ?>
    <tr>
        <td class="fade" width="35%">Ny adgangskode:</td>
        <td width="65%" colspan="3">
        <input type="text" name="new_user_password" value="<?php echo $new_user_password; ?>">
        </td>
    </tr>
    <?php //error if exists
    if(isset($new_user_password_error)){ ?>
    <tr>
        <td width="35%"></td>
        <td colspan="3" class="error"><?php echo $new_user_password_error; ?></td>
    </tr>
    <?php } ?>
    <tr>
        <td class="fade" width="35%">Bekræft adgangskode:</td>
        <td width="65%" colspan="3">
        <input type="text" name="confirm_new_user_password" value="">
        </td>
    </tr>
    <?php } ?>
    <?php //error if exists
    if(isset($user_password_error)){ ?>
    <tr>
        <td width="35%"></td>
        <td colspan="3" class="error"><?php echo $user_password_error; ?></td>
    </tr>
    <?php } ?>
    <tr>
        <td class="fade" width="35%">Rettigheder:</td>
        <td width="65%" colspan="3">
        <?php echo $user_permissions; ?></td>
    </tr>
</table>
</fieldset>
<table cellspacing="0" cellpadding="3">
    <tr>
        <td align="right">
            <?php if($action == "user_call"){ ?>
            <a class="fade">rediger</a>
            <a href="<?php $_SERVER['PHP_SELF']?>?action=user_edit&user_id=<?php echo $user_id; ?>">
            <img src="../icon/pencil.png" title="rediger" alt="" border="0"/></a>
            <a class="fade">slet</a>
            <a href="user_delete.php?action=user_delete&user_id=<?php echo $user_id; ?>" target="_top">
                <img src="../icon/delete.png" title="slet bruger" alt="" border="0"/></a>
            <?php } if($action != "user_call") { ?>
            <a class="fade">accepter</a>
            <input type="image" title="accepter" src="../icon/accept.png" style="width:16px; background-color: transparent">
            <a class="fade">anuller</a>
            <a href="<?php $_SERVER['PHP_SELF']?>?action=user_call&user_id=<?php echo $user_id; ?>">
                <img src="../icon/cross.png" title="anuller" alt="" border="0"/></a>
            <?php }?> 
        </td>
    </tr>
</table>
<?php if($action != "user_call") { ?></form><?php } ?>
</div>
</body>
</html>

 

I will probably never become a programmer, but I like it and like to learn it probably (with limits of cause), and therefore your advice would be most welcome! 

 

Thanks!

 

Link to comment
Share on other sites
Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

I realize you didn't ask for a code critique, but if that's from a live site, you need to take steps to prevent SQL injection attacks before they happen. Also, what is the purpose of using "ALTER TABLE user AUTO_INCREMENT = 1"prior to inserting a new user?

 

 

Otherwise, I didn't see any glaring problems with the structure, etc.

Link to comment
Share on other sites
dbk Member

dbk

Posted
  • Author
Posted

Thanks Pikachu2000!

 

Your absolutely right, I have to prevent injections with the stripslashes and mysql_real_escape_string (the ones I know).

 

The ALTER TABLE is used because users will be deleted and new made, and with ALTER I kind of reset the primary key to start from the highest key number. In that way I try to prevent to big "holes" in the sequence of primary key.

 

The application is mostly for "in house" use, but the plan is to make it accessible from the web later on!

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.