www.hope.ac.uk faculty of sciences and social sciences hope different users and uploading files...

www.hope.ac.uk Faculty of Sciences and Social Sciences

HO

PE

Different Users and Uploading Files

Stewart Blakeway

FML 213

[email protected]


HO

PE

Assessment Criteria

Ace training requires a new system for students that enrol onto their course(s). There will typically be three methods of enrolment: from a list, by a tutor, or by a student. Students that register themselves require authorising by the tutor. Tutors are created by administrator(s) after the credentials of the tutor has been checked. To become a course tutor the individual will register as a tutor. The tutor will have the facility of uploading various resources, such as powerpoint presentations and documents. Once uploaded they should either: be made available to the student, not available or available within a specified date range.

Sati

sfact

ory


HO

PE

What we have done• myPhpAdmin

– Created a database

– Tables

– Fields

• Inserted Data– Registration (this could be a student or tutor)

• Selected Data– Used as part of the authentication process

• Session Variables– If the authentication process was successful

• The include statement– Makes our job much easier


HO

PE

What will we do today?

• Applying user levels to your current users table– Registering as a tutor– Registering as a student

• Dynamically displaying different menus/links dependent on the user– Authorising the tutor– Authorising the student

• Allowing a tutor to upload a list of students for registration


HO

PE

Recap

1. Create a connection to the SQL Server$conn = mysql_connect (“localhost”, “root”, “root”);

2. Select the databasemysql_select_db (“database” , $conn);

3. Construct the SQL statement$sql = (“what I want to do with the database”);

4. Execute the SQLmysql_query ($sql,$conn);


HO

PE

Our Database

acetraining

student

studentIDstudentForenamestudentSurnamestudentEmailstudentPassword

only accounts for students! What about tutors and administrators

user

userIDuserForenameuserSurnameuserEmailuserPassworduserTypeuserActive

We change our structure to accommodate different types of users.

Users remain inactive until authorised


HO

PE

register and doregister

• Same as last week– updated to include a dropdown list (tutor/student)– updated to reflect new table name

$sql = ("INSERT INTO user (userForename, userSurname, userEmail, userPassword, userType, userActive) VALUES('$_POST[forename]', '$_POST[surname]', '$_POST[email]', '$_POST[password]', '$_POST[type]' , false)");


HO

PE

login.php• Same as last week

– changes to reflect new table name and structure

– changed session variable

– added new functions

if (!isset($_POST['email'])) { showLogin(); }else { doLogin(); }

if (!isset($_POST['email'])) { showLogin(); }else { doLogin(); if (isset($_SESSION[‘type’]) { displayUserPage(); } }


HO

PE

doLogin()

$conn = mysql_connect("localhost","root","root");

mysql_select_db("aceTraining",$conn);

$sql = ("SELECT * FROM user WHERE (userEmail = '$_POST[email]' AND userPassword = '$_POST[password]')");

if ($resource = mysql_query($sql,$conn)) { echo ("sql --- OK"); if (mysql_num_rows($resource) == 1) { $currentRow = mysql_fetch_array($resource); $_SESSION['userType'] = $currentRow['userType']; echo ("<br /> login --- OK"); } else { echo ("<br /> login --- FAIL"); } }


HO

PE

displayUserPage()• We have a session variable called type

– this will hold values tutor, student or administrator

if (!isset($_POST['email'])) { showLogin(); }else { doLogin(); }

if (!isset($_POST['email'])) { showLogin(); }else { doLogin(); if (isset($_SESSION[‘type’])) { displayUserPage(); } }


HO

PE

displayUserPage()

function displayUserPage() { if ($_SESSION['userType'] == "student") { showStudentPage(); } if ($_SESSION['userType'] == "tutor") { showTutorPage(); }if ($_SESSION['userType'] == "administrator") { showAdministatorPage(); } }


HO

PE

showTutorPage()function showTutorPage() { echo (" <p>You are logged in as a tutor, what would you like to do?</p> <form id='form1' name='form1' method='post' action='enrolStudent.php'> <p> <input type='radio' name='enrolStudent' id='enrolStudent' value='showWaiting' /> Show students waiting to be authorised for your course<br /> <input type='radio' name='enrolStudent' id='enrolStudent' value='enterManually' /> Enter student registration details manually<br /> <input type='radio' name='enrolStudent' id='enrolStudent' value='fromList' /> Enrol students from a list </p> <p> <input type='submit' name='button' id='button' value='Submit' /> </p> </form> "); }


HO

PE

What we will do now

• Display students waiting to be authorised• Allow for entry manually by tutor• Allow tutor to upload a list


HO

PE

enrolStudent.php

if (($_SESSION['userType'] == "student") or (!isset($_SESSION['userType']))) { echo ("you are not authorised to view this page"); }else { if ($_POST['enrolStudent'] == "showWaiting") { showWaiting(); } if ($_POST['enrolStudent'] == "enterManually") { enterManually(); } if ($_POST['enrolStudent'] == "fromList") { getFile(); } }


HO

PE

showWaiting()

$conn = mysql_connect("localhost","root","root");mysql_select_db("aceTraining",$conn);

$sql = ("SELECT * FROM user WHERE (userType = 'student' AND userActive = false)");

$resource = mysql_query($sql,$conn);

echo ("<form id='form1' name='form1' method='post' action='$_SERVER[PHP_SELF]'>");

while ($currentStudent = mysql_fetch_array($resource)) { echo ("<input name='userID[]' type='checkbox' id='userID' value='$currentStudent[userID]' />"); echo ($currentStudent['userForename'] . " " . $currentStudent['userSurname'] . "<br />"); }echo ("<input type='submit' onclick='submit' value='Enrol Student(s)' /></form>");


HO

PE

enrolStudents($students)

$conn = mysql_connect("localhost","root","root");mysql_select_db("aceTraining",$conn);

foreach ($students as $userID) { $sql = ("UPDATE àcetraining`.ùser` SET ùserActive` = true WHERE ùser`.ùserID` = $userID"); mysql_query($sql,$conn); }


HO

PE

enterManually()

• We have done this already– Use the code from the register page to display the

form– Use the code from the doRegister page, make a

slight change to the SQL

$sql = ("INSERT INTO user (userForename, userSurname, userEmail, userPassword, userType, userActive) VALUES ('$_POST[forename]', '$_POST[surname]', '$_POST[email]', '$_POST[password]', '$_POST[type]' , false)");

$sql = ("INSERT INTO user (userForename, userSurname, userEmail, userPassword, userType, userActive) VALUES ('$_POST[forename]', '$_POST[surname]', '$_POST[email]', '$_POST[password]', 'student' , true)");


HO

PE

getFile() and uploadFileandProcess()

• This is where it gets a little tricky– we need to ensure a file structure– deviation from the file structure may cause errors– extra validation should be used to trap incorrectly

formatted files

– we can’t read from a file unless it is on the server• the user must upload the file first


HO

PE

getFile()

echo ("<form enctype='multipart/form-data' action='$_SERVER[PHP_SELF]' method='POST‘>

Choose a file to upload: <input name='uploadedfile' type='file' /><br /><input type='submit' value='Upload File' /></form>");


HO

PE

uploadFileandProcess()

$target_path = basename($_FILES['uploadedfile']['name']);

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; $file = fopen (basename( $_FILES['uploadedfile']['name']),"r"); $conn = mysql_connect("localhost","root","root");

mysql_select_db("aceTraining",$conn);

while (!feof($file)) { $line = fgets ($file); $columns = explode (",",$line); $sql = ("INSERT INTO user (userForename, userSurname, userEmail, userPassword, userType, userActive) VALUES ('$columns[0]', '$columns[1]', '$columns[2]', '$columns[2]', 'student' , true)"); mysql_query($sql,$conn); } }


HO

PE

What we have covered

Ace training requires a new system for students that enrol onto their course(s). There will typically be three methods of enrolment: from a list, by a tutor, or by a student. Students that register themselves require authorising by the tutor. Tutors are created by administrator(s) after the credentials of the tutor has been checked. To become a course tutor the individual will register as a tutor. The tutor will have the facility of uploading various resources, such as powerpoint presentations and documents. Once uploaded they should either: be made available to the student, not available or available within a specified date range.

Sati

sfact

ory


HO

PE

Next?

• Example code is online• Next week is a drop-in support session– we have covered a lot this week– students that can not get this working should

come and speak with me next week


HO

PE

Any Questions?

www.hope.ac.uk faculty of sciences and social sciences hope different users and uploading files...

Documents