View
215
Download
1
Category
Preview:
Citation preview
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Different Users and Uploading Files
Stewart Blakeway
FML 213
blakews@hope.ac.uk
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Assessment Criteria
Ace training requires a new system for students that enrol onto their course(s). There will typically be three methods of enrolment: from a list, by a tutor, or by a student. Students that register themselves require authorising by the tutor. Tutors are created by administrator(s) after the credentials of the tutor has been checked. To become a course tutor the individual will register as a tutor. The tutor will have the facility of uploading various resources, such as powerpoint presentations and documents. Once uploaded they should either: be made available to the student, not available or available within a specified date range.
Sati
sfact
ory
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
What we have done• myPhpAdmin
– Created a database
– Tables
– Fields
• Inserted Data– Registration (this could be a student or tutor)
• Selected Data– Used as part of the authentication process
• Session Variables– If the authentication process was successful
• The include statement– Makes our job much easier
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
What will we do today?
• Applying user levels to your current users table– Registering as a tutor– Registering as a student
• Dynamically displaying different menus/links dependent on the user– Authorising the tutor– Authorising the student
• Allowing a tutor to upload a list of students for registration
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Recap
1. Create a connection to the SQL Server$conn = mysql_connect (“localhost”, “root”, “root”);
2. Select the databasemysql_select_db (“database” , $conn);
3. Construct the SQL statement$sql = (“what I want to do with the database”);
4. Execute the SQLmysql_query ($sql,$conn);
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Our Database
acetraining
student
studentIDstudentForenamestudentSurnamestudentEmailstudentPassword
only accounts for students! What about tutors and administrators
user
userIDuserForenameuserSurnameuserEmailuserPassworduserTypeuserActive
We change our structure to accommodate different types of users.
Users remain inactive until authorised
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
register and doregister
• Same as last week– updated to include a dropdown list (tutor/student)– updated to reflect new table name
$sql = ("INSERT INTO user (userForename, userSurname, userEmail, userPassword, userType, userActive) VALUES('$_POST[forename]', '$_POST[surname]', '$_POST[email]', '$_POST[password]', '$_POST[type]' , false)");
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
login.php• Same as last week
– changes to reflect new table name and structure
– changed session variable
– added new functions
if (!isset($_POST['email'])) { showLogin(); }else { doLogin(); }
if (!isset($_POST['email'])) { showLogin(); }else { doLogin(); if (isset($_SESSION[‘type’]) { displayUserPage(); } }
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
doLogin()
$conn = mysql_connect("localhost","root","root");
mysql_select_db("aceTraining",$conn);
$sql = ("SELECT * FROM user WHERE (userEmail = '$_POST[email]' AND userPassword = '$_POST[password]')");
if ($resource = mysql_query($sql,$conn)) { echo ("sql --- OK"); if (mysql_num_rows($resource) == 1) { $currentRow = mysql_fetch_array($resource); $_SESSION['userType'] = $currentRow['userType']; echo ("<br /> login --- OK"); } else { echo ("<br /> login --- FAIL"); } }
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
displayUserPage()• We have a session variable called type
– this will hold values tutor, student or administrator
if (!isset($_POST['email'])) { showLogin(); }else { doLogin(); }
if (!isset($_POST['email'])) { showLogin(); }else { doLogin(); if (isset($_SESSION[‘type’])) { displayUserPage(); } }
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
displayUserPage()
function displayUserPage() { if ($_SESSION['userType'] == "student") { showStudentPage(); } if ($_SESSION['userType'] == "tutor") { showTutorPage(); }if ($_SESSION['userType'] == "administrator") { showAdministatorPage(); } }
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
showTutorPage()function showTutorPage() { echo (" <p>You are logged in as a tutor, what would you like to do?</p> <form id='form1' name='form1' method='post' action='enrolStudent.php'> <p> <input type='radio' name='enrolStudent' id='enrolStudent' value='showWaiting' /> Show students waiting to be authorised for your course<br /> <input type='radio' name='enrolStudent' id='enrolStudent' value='enterManually' /> Enter student registration details manually<br /> <input type='radio' name='enrolStudent' id='enrolStudent' value='fromList' /> Enrol students from a list </p> <p> <input type='submit' name='button' id='button' value='Submit' /> </p> </form> "); }
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
What we will do now
• Display students waiting to be authorised• Allow for entry manually by tutor• Allow tutor to upload a list
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
enrolStudent.php
if (($_SESSION['userType'] == "student") or (!isset($_SESSION['userType']))) { echo ("you are not authorised to view this page"); }else { if ($_POST['enrolStudent'] == "showWaiting") { showWaiting(); } if ($_POST['enrolStudent'] == "enterManually") { enterManually(); } if ($_POST['enrolStudent'] == "fromList") { getFile(); } }
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
showWaiting()
$conn = mysql_connect("localhost","root","root");mysql_select_db("aceTraining",$conn);
$sql = ("SELECT * FROM user WHERE (userType = 'student' AND userActive = false)");
$resource = mysql_query($sql,$conn);
echo ("<form id='form1' name='form1' method='post' action='$_SERVER[PHP_SELF]'>");
while ($currentStudent = mysql_fetch_array($resource)) { echo ("<input name='userID[]' type='checkbox' id='userID' value='$currentStudent[userID]' />"); echo ($currentStudent['userForename'] . " " . $currentStudent['userSurname'] . "<br />"); }echo ("<input type='submit' onclick='submit' value='Enrol Student(s)' /></form>");
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
enrolStudents($students)
$conn = mysql_connect("localhost","root","root");mysql_select_db("aceTraining",$conn);
foreach ($students as $userID) { $sql = ("UPDATE `acetraining`.`user` SET `userActive` = true WHERE `user`.`userID` = $userID"); mysql_query($sql,$conn); }
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
enterManually()
• We have done this already– Use the code from the register page to display the
form– Use the code from the doRegister page, make a
slight change to the SQL
$sql = ("INSERT INTO user (userForename, userSurname, userEmail, userPassword, userType, userActive) VALUES ('$_POST[forename]', '$_POST[surname]', '$_POST[email]', '$_POST[password]', '$_POST[type]' , false)");
$sql = ("INSERT INTO user (userForename, userSurname, userEmail, userPassword, userType, userActive) VALUES ('$_POST[forename]', '$_POST[surname]', '$_POST[email]', '$_POST[password]', 'student' , true)");
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
getFile() and uploadFileandProcess()
• This is where it gets a little tricky– we need to ensure a file structure– deviation from the file structure may cause errors– extra validation should be used to trap incorrectly
formatted files
– we can’t read from a file unless it is on the server• the user must upload the file first
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
getFile()
echo ("<form enctype='multipart/form-data' action='$_SERVER[PHP_SELF]' method='POST‘>
Choose a file to upload: <input name='uploadedfile' type='file' /><br /><input type='submit' value='Upload File' /></form>");
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
uploadFileandProcess()
$target_path = basename($_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; $file = fopen (basename( $_FILES['uploadedfile']['name']),"r"); $conn = mysql_connect("localhost","root","root");
mysql_select_db("aceTraining",$conn);
while (!feof($file)) { $line = fgets ($file); $columns = explode (",",$line); $sql = ("INSERT INTO user (userForename, userSurname, userEmail, userPassword, userType, userActive) VALUES ('$columns[0]', '$columns[1]', '$columns[2]', '$columns[2]', 'student' , true)"); mysql_query($sql,$conn); } }
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
What we have covered
Ace training requires a new system for students that enrol onto their course(s). There will typically be three methods of enrolment: from a list, by a tutor, or by a student. Students that register themselves require authorising by the tutor. Tutors are created by administrator(s) after the credentials of the tutor has been checked. To become a course tutor the individual will register as a tutor. The tutor will have the facility of uploading various resources, such as powerpoint presentations and documents. Once uploaded they should either: be made available to the student, not available or available within a specified date range.
Sati
sfact
ory
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Next?
• Example code is online• Next week is a drop-in support session– we have covered a lot this week– students that can not get this working should
come and speak with me next week
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Any Questions?
Recommended