Specifications
echo “[<A HREF=\”story.php?story=”.$qry[id].”\”>edit</A>] “;
echo “[<A HREF=\”delete_story.php?story=”.$qry[id].”\”>delete</A>] “;
echo “[<A HREF=\”keywords.php?story=”.$qry[id].”\”>keywords</A>]”;
}
echo “</TD>”;
echo “</TR>”;
}
echo “</TABLE>”;
}
}
?>
The first step is to check whether a user has been authenticated, and if not, to display only a
login form.
The session variable $auth_user will be set after a writer has logged in. The authentication
here isn’t particularly secure, and in reality you would take more care to ensure that the writers
are properly authenticated. This is dealt with in detail in Chapter 14, “Implementing
Authentication with PHP and MySQL.”
The login form submits to login.php, which checks the username and password against data-
base values. If the login is successful, the user is returned to the page she came from, using the
$HTTP_REFERER value. This means that the login script can be invoked from any calling page
within the system.
Next, we welcome the writer by name and give her the opportunity to log out. This link will
always appear at the top of stories.php so she can easily log out when she is done.
$w = get_writer_record($auth_user);
echo “Welcome, “.$w[full_name];
echo “ (<A HREF=\”logout.php\”>Logout</A>)”;
The function get_writer_record() is defined in db_fns.php and returns an array of all the
fields in the writer table for the passed in username. The script
logout.php simply unsets the
value of
$auth_user.
The following SQL finds all a writer’s stories, starting with the most recently added:
select * from stories where writer = ‘$auth_user’
order by created desc
We are storing a created, modified, and published timestamp against each story record. When a
new story is added, both the created and modified timestamps are set to the system time. Each
subsequent change updates only the modified field.
Building a Content Management System
C
HAPTER 26
26
CONTENT
MANAGEMENT
SYSTEMS
605
LISTING 26.5 Continued
32 7842 ch26 3/6/01 3:36 PM Page 605