www.hope.ac.uk faculty of sciences and social sciences hope different users and uploading files...
Post on 19-Dec-2015
217 views
TRANSCRIPT
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Different Users and Uploading Files
Stewart Blakeway
FML 213
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Assessment Criteria
Ace training requires a new system for students that enrol onto their course(s). There will typically be three methods of enrolment: from a list, by a tutor, or by a student. Students that register themselves require authorising by the tutor. Tutors are created by administrator(s) after the credentials of the tutor has been checked. To become a course tutor the individual will register as a tutor. The tutor will have the facility of uploading various resources, such as powerpoint presentations and documents. Once uploaded they should either: be made available to the student, not available or available within a specified date range.
Sati
sfact
ory
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
What we have done• myPhpAdmin
– Created a database
– Tables
– Fields
• Inserted Data– Registration (this could be a student or tutor)
• Selected Data– Used as part of the authentication process
• Session Variables– If the authentication process was successful
• The include statement– Makes our job much easier
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
What will we do today?
• Applying user levels to your current users table– Registering as a tutor– Registering as a student
• Dynamically displaying different menus/links dependent on the user– Authorising the tutor– Authorising the student
• Allowing a tutor to upload a list of students for registration
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Recap
1. Create a connection to the SQL Server$conn = mysql_connect (“localhost”, “root”, “root”);
2. Select the databasemysql_select_db (“database” , $conn);
3. Construct the SQL statement$sql = (“what I want to do with the database”);
4. Execute the SQLmysql_query ($sql,$conn);
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Our Database
acetraining
student
studentIDstudentForenamestudentSurnamestudentEmailstudentPassword
only accounts for students! What about tutors and administrators
user
userIDuserForenameuserSurnameuserEmailuserPassworduserTypeuserActive
We change our structure to accommodate different types of users.
Users remain inactive until authorised
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
register and doregister
• Same as last week– updated to include a dropdown list (tutor/student)– updated to reflect new table name
$sql = ("INSERT INTO user (userForename, userSurname, userEmail, userPassword, userType, userActive) VALUES('$_POST[forename]', '$_POST[surname]', '$_POST[email]', '$_POST[password]', '$_POST[type]' , false)");
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
login.php• Same as last week
– changes to reflect new table name and structure
– changed session variable
– added new functions
if (!isset($_POST['email'])) { showLogin(); }else { doLogin(); }
if (!isset($_POST['email'])) { showLogin(); }else { doLogin(); if (isset($_SESSION[‘type’]) { displayUserPage(); } }
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
doLogin()
$conn = mysql_connect("localhost","root","root");
mysql_select_db("aceTraining",$conn);
$sql = ("SELECT * FROM user WHERE (userEmail = '$_POST[email]' AND userPassword = '$_POST[password]')");
if ($resource = mysql_query($sql,$conn)) { echo ("sql --- OK"); if (mysql_num_rows($resource) == 1) { $currentRow = mysql_fetch_array($resource); $_SESSION['userType'] = $currentRow['userType']; echo ("<br /> login --- OK"); } else { echo ("<br /> login --- FAIL"); } }
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
displayUserPage()• We have a session variable called type
– this will hold values tutor, student or administrator
if (!isset($_POST['email'])) { showLogin(); }else { doLogin(); }
if (!isset($_POST['email'])) { showLogin(); }else { doLogin(); if (isset($_SESSION[‘type’])) { displayUserPage(); } }
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
displayUserPage()
function displayUserPage() { if ($_SESSION['userType'] == "student") { showStudentPage(); } if ($_SESSION['userType'] == "tutor") { showTutorPage(); }if ($_SESSION['userType'] == "administrator") { showAdministatorPage(); } }
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
showTutorPage()function showTutorPage() { echo (" <p>You are logged in as a tutor, what would you like to do?</p> <form id='form1' name='form1' method='post' action='enrolStudent.php'> <p> <input type='radio' name='enrolStudent' id='enrolStudent' value='showWaiting' /> Show students waiting to be authorised for your course<br /> <input type='radio' name='enrolStudent' id='enrolStudent' value='enterManually' /> Enter student registration details manually<br /> <input type='radio' name='enrolStudent' id='enrolStudent' value='fromList' /> Enrol students from a list </p> <p> <input type='submit' name='button' id='button' value='Submit' /> </p> </form> "); }
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
What we will do now
• Display students waiting to be authorised• Allow for entry manually by tutor• Allow tutor to upload a list
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
enrolStudent.php
if (($_SESSION['userType'] == "student") or (!isset($_SESSION['userType']))) { echo ("you are not authorised to view this page"); }else { if ($_POST['enrolStudent'] == "showWaiting") { showWaiting(); } if ($_POST['enrolStudent'] == "enterManually") { enterManually(); } if ($_POST['enrolStudent'] == "fromList") { getFile(); } }
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
showWaiting()
$conn = mysql_connect("localhost","root","root");mysql_select_db("aceTraining",$conn);
$sql = ("SELECT * FROM user WHERE (userType = 'student' AND userActive = false)");
$resource = mysql_query($sql,$conn);
echo ("<form id='form1' name='form1' method='post' action='$_SERVER[PHP_SELF]'>");
while ($currentStudent = mysql_fetch_array($resource)) { echo ("<input name='userID[]' type='checkbox' id='userID' value='$currentStudent[userID]' />"); echo ($currentStudent['userForename'] . " " . $currentStudent['userSurname'] . "<br />"); }echo ("<input type='submit' onclick='submit' value='Enrol Student(s)' /></form>");
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
enrolStudents($students)
$conn = mysql_connect("localhost","root","root");mysql_select_db("aceTraining",$conn);
foreach ($students as $userID) { $sql = ("UPDATE `acetraining`.`user` SET `userActive` = true WHERE `user`.`userID` = $userID"); mysql_query($sql,$conn); }
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
enterManually()
• We have done this already– Use the code from the register page to display the
form– Use the code from the doRegister page, make a
slight change to the SQL
$sql = ("INSERT INTO user (userForename, userSurname, userEmail, userPassword, userType, userActive) VALUES ('$_POST[forename]', '$_POST[surname]', '$_POST[email]', '$_POST[password]', '$_POST[type]' , false)");
$sql = ("INSERT INTO user (userForename, userSurname, userEmail, userPassword, userType, userActive) VALUES ('$_POST[forename]', '$_POST[surname]', '$_POST[email]', '$_POST[password]', 'student' , true)");
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
getFile() and uploadFileandProcess()
• This is where it gets a little tricky– we need to ensure a file structure– deviation from the file structure may cause errors– extra validation should be used to trap incorrectly
formatted files
– we can’t read from a file unless it is on the server• the user must upload the file first
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
getFile()
echo ("<form enctype='multipart/form-data' action='$_SERVER[PHP_SELF]' method='POST‘>
Choose a file to upload: <input name='uploadedfile' type='file' /><br /><input type='submit' value='Upload File' /></form>");
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
uploadFileandProcess()
$target_path = basename($_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; $file = fopen (basename( $_FILES['uploadedfile']['name']),"r"); $conn = mysql_connect("localhost","root","root");
mysql_select_db("aceTraining",$conn);
while (!feof($file)) { $line = fgets ($file); $columns = explode (",",$line); $sql = ("INSERT INTO user (userForename, userSurname, userEmail, userPassword, userType, userActive) VALUES ('$columns[0]', '$columns[1]', '$columns[2]', '$columns[2]', 'student' , true)"); mysql_query($sql,$conn); } }
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
What we have covered
Ace training requires a new system for students that enrol onto their course(s). There will typically be three methods of enrolment: from a list, by a tutor, or by a student. Students that register themselves require authorising by the tutor. Tutors are created by administrator(s) after the credentials of the tutor has been checked. To become a course tutor the individual will register as a tutor. The tutor will have the facility of uploading various resources, such as powerpoint presentations and documents. Once uploaded they should either: be made available to the student, not available or available within a specified date range.
Sati
sfact
ory
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Next?
• Example code is online• Next week is a drop-in support session– we have covered a lot this week– students that can not get this working should
come and speak with me next week
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Any Questions?