Build a Shopping Cart Admin Tool for Your PHP Online Store

Your online business is doing well, but a couple of months down the line your online shopping application gets very slow and unresponsive. Why? It could be a number of things, but most likely, because you do not remove redundant data from your database, your tables are collapsing under the weight of all this data. The obvious answer is to delete the data from your database, but how? Your website is being hosted by some other company; you cannot just go into the next room and turn a switch to make the data disappear. Unless you have your own web hosting company, the best solution is a remote administration tool, or in this case, an online shopping cart administration tool. That is what you are going to create in this article.

First, you will create a login script.

The Login/Logout Scripts

This is a dual-purpose login script that you can adapt to either the admin section or the main application. A login form takes input from a user and then validates it by checking if the username or password matches an entry in a database. Basically, all you need is the username and password, but because you also have an administration interface, it would be nice to have some way of determining whether the person that is logged in has administrative rights. So, a rough outline of the database table would be something like:

• user_id
• uname
• upass
• admin
• normal
• fname
• lname

If you quickly normalize this, do away with admin/normal, add something like level, and enumerate that to include admin or normal, the revised table would look something like this:

• user_id – create a unique id for every new user
• uname – username
• upass – password
• level – level of access
• fname – first name of user
• lname – last name of user

So let's create a table called users with the following code:

CREATE TABLE 'users' ( 'uid' int(11) NOT NULL auto_increment, 'uname' varchar(10) NOT NULL default '', 'upass' varchar(6) NOT NULL default '', 'fname' varchar(100) NOT NULL default '', 'lname' varchar(100) NOT NULL default '', 'level' enum('admin','normal') NOT NULL default 'normal', 'ploggedin' datetime NOT NULL default '0000-00-00 00:00:00', PRIMARY KEY ('uid') ) TYPE=MyISAM; INSERT INTO 'users' VALUES (1, 'dnoabes', 'pass', 'Dantago', '!Noabes', 'admin', '2006-02-09 10:21:28');

Now, you need to create login and logout scripts.

Login

A login script typically has two fields, one for the username and another for the password. Let's create the form:

<? ob_start(); session_start(); if(isset($_POST['submit'])){ include("connect.php"); //empty? if(empty($_POST['uname'])){ header("location:error.php"); } if(empty($_POST['pw'])){ header("location:error.php"); } //clean the variables $username = mysql_escape_string($_POST['uname']); $password = mysql_escape_string($_POST['pw']); $query = "SELECT user_id,email,uname,upass from users WHERE uname = '".$username ."' AND upass = '".$password."'"; $result = mysql_query($query); $num = mysql_num_rows($result); $r=mysql_fetch_assoc($result); if($num > 0){ $_SESSION['userid'] = $r['user_id']; $_SESSION['user'] = $r['uname']; header("location:welcom.php?uid=".$r['user_id'].""); }else{ $error = "Your username and password do not match"; } }//end submit ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="https://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/admin.dwt.php" codeOutsideHTMLIsLocked="false" --> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <!-- InstanceBeginEditable name="doctitle" --> <title>Login Page:: Login</title> <!-- InstanceEndEditable --> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="Templates/style.css" rel="stylesheet" type="text/css" /> </head> <body> <table width="100%" border="0" cellspacing="2"> <tr class="toptitle"> <td> </td> </tr> <tr> <td><!-- InstanceBeginEditable name="EditRegion3" --> <form action="login.php" method="post"> <table width="50%" border="0" align="center" cellspacing="1" class="block"> <tr> <td width="13%" colspan="2"><img src="images/login.png" width="400" height="130" /></td> </tr> <tr> <td width="87%" valign="bottom" colspan="2"><font color = \"#ff000\" size = \"5\"><? if(isset($error)){ echo $error; } </td> </tr> <tr class="table"> <td> </td> <td>Login here: </td> </tr> <tr> <td>Username</td> <td><input name="uname" type="text" id="uname" size="40" /></td> </tr> <tr> <td>Password</td> <td><input name="pw" type="password" id="pw" size="40" /></td> </tr> <tr> <td> </td> <td><input type="submit" name="submit" value="Login" /></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr> <td><div align="center">Copyright 2006 </div></td> </tr> </table> </body> <!-- InstanceEnd --></html>

After the user enters his or her credentials and submits the form, the code first grabs the form data and then checks that they are not empty:

ob_start(); session_start(); if(isset($_POST['submit'])){ include("connect.php"); //empty? if(empty($_POST['uname'])){ header("location:error.php"); } if(empty($_POST['pw'])){ header("location:error.php"); }

You can also use JavaScript to check if the values sent by the form are empty:

<script language="javascript" type="text/javascript"> function checkform(pform1){ if(pform1.uname.value==""){ alert("Please enter a username") pform1.uname.focus() return false } if(pform1.pw.value==""){ alert("Please enter a password") pform1.pw.focus() return false } if(pform1.pw.value=="" && pform1.uname.value==""){ alert("Please make sure that you have entered your username and password") return false } return true } </script>

Sometimes JavaScript is turned off, but you have the PHP code to catch empty fields when that happens. With the next line of code, you clean the form values with the mysql_escape_string() function:

//clean the variables $username = mysql_escape_string($_POST['uname']); $password = mysql_escape_string($_POST['pw']);

Finally, you check the user table to see if there are any records of this user:

$query = "SELECT user_id,email,uname,upass from users WHERE uname = '".$username ."' AND upass = '".$password."'"; $result = mysql_query($query); $num = mysql_num_rows($result); $r=mysql_fetch_assoc($result);

If the user exists, you put some information into session variables. These values can be used to check the user's access rights later. Then you go to the next page:

if($num > 0){ $_SESSION['userid'] = $r['user_id']; $_SESSION['level'] = $r['level']; header("location:welcome.php?uid=".$r['user_id']."");

If there is an error, it is stored in the $error variable and shown when the login form is displayed:

}else{ $error = "Your username and password do not match"; } }//end submit

Logout

That's all there is to the login form. Logging out is very simple; all you have to do is destroy the sessions that you were using:

<? ob_start(); session_start(); session_unset(); session_destroy(); header("location:x.php"); exit; ?>

And that's it for the login/logout form. Below is a style sheet that goes with the login form. Save it in the same directory as your login form or any PHP page that you want to use it with.

body,html { font-family:Verdana, Arial, Helvetica, sans-serif; font-size:12px; background-color:#FFFFFF; SCROLLBAR-FACE-COLOR:#ddd; SCROLLBAR-HIGHLIGHT-COLOR:#ffffff; SCROLLBAR-3DLIGHT-COLOR: ; SCROLLBAR-DARKSHADOW-COLOR:; SCROLLBAR-SHADOW-COLOR: #ffffff; SCROLLBAR-ARROW-COLOR: #334d55; SCROLLBAR-TRACK-COLOR: #999999; } a.hidden { color:#0099CC; font-weight:bold; text-decoration:none; } a.hidden:visited { color: #000000; } a.hidden:hover { color:#000000; font-size:13px; } a.hidden:active { color:#FF0000; } a.menu { font-family: arial, helvetica, sans-serif; font-weight: bold; text-decoration: underline; color:#0000FF; } a.menu:hover { font-family: arial, helvetica, sans-serif; font-weight: bold; text-decoration: underline; } .list{ font-size:11px; } .listtop{ border-bottom:1px; border-bottom-color:#000000; border-bottom-style:solid; font-weight:bold; background-color:#CCCCFF;} .temptitle { font-size: 24px; font-weight: normal; color: #ffffff; } #myimg{ margin-right:60px; margin-left:600px; } #mytxt{ text-align:left; position:absolute; left: 237px; top: 39px; height: 27px; font-size:24px; color:#FFFFFF; background-color:#003366; }

If you are going to use a login script for your online shop, you should also create a user registration script, particularly for the administration side of the online shop. This way, you can easily create as many administrators and non-administrators for your site as you need. Creating a registration script should be easy. Simply take the login form and add three text fields to it. This will match the fields in the user table with the field count on the form. Then you simply add an insert query to add a new member to the users table:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="https://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/admin.dwt.php" codeOutsideHTMLIsLocked="false" --> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <!-- InstanceBeginEditable name="doctitle" --> <title>Login Page:: Login</title> <!-- InstanceEndEditable --> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="Templates/style.css" rel="stylesheet" type="text/css" /> </head> <body> <table width="100%" border="0" cellspacing="2"> <tr class="toptitle"> <td> </td> </tr> <tr> <td><!-- InstanceBeginEditable name="EditRegion3" --> <form action="register.php" method="post"> <table width="50%" border="0" align="center" cellspacing="1" class="block"> <tr> <td width="13%" colspan="2"><img src="images/login.png" width="400" height="130" /></td> </tr> <tr> <td width="87%" valign="bottom" colspan="2"><font color = \"#ff000\" size = \"5\"><? if(isset($error)){ echo $error; } </td> </tr> <tr class="table"> <td> </td> <td> Register here: </td> </tr> <tr> <td>Username</td> <td><input name="uname" type="text" id="uname" size="40" /></td> </tr> <tr> <td>Password</td> <td><input name="pw" type="password" id="pw" size="40" /></td> </tr> <tr> <td>Firstname </td> <td><input name="fname" type="text" id="fname" size="40" /></td> </tr> <tr> <td>lastname </td> <td><input name="lname" type="text" id="lname" size="40" /></td> </tr> <tr> <td>level </td> <td><select name="level"> <option>admin</option> <option>normal</option> </select></td> </tr> <tr> <td> </td> <td><input type="submit" name="submit" value="Login" /></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr> <td><div align="center">Copyright 2009 </div></td> </tr> </table> </body> <!-- InstanceEnd --></html> Then you simply add the new user to the database, like so: //check that all fields are filled in //filter the data //then insert Query="INSERT INTO users SET uname='".$uname."',upass='".$upass."',fname='".$fname."',lname'".$lname."',level='".$level."'"; Mysql_query(query);

Find a programming school near you

Zip Code:

Subject: - Select All Subjects - Computer Applications Computer Engineering Computer Science Computer Prog. - Software Dev. Computer Game Programming Web Design Web Development Internet Systems Internet Certification Database Design and Development Information Systems Management Information Technology Project Management Network Design - Development Systems Analyst

Degree: - Select All Degrees - Associate's Bachelor's Master's Doctoral Certificates Diplomas Coursework MBA

Online Campus Both