Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member
In this movie, we're going to create all the CRUD we need for managing Admin users in our Admin area. That is, the ability to list the users, to add new ones, to edit them, and to delete them. We're not going to worry about any of the login or authentication or encryption or anything just yet. This is just simple CRUD, the same kind of stuff you've been doing before. And you should be able to do it on your own by applying what we learned about subjects and pages. So what I'd like us to do is I'm going to show you the demo of the version I created. Then you can pause the movie, go off and try to create it for yourself applying everything you've learned so far. And then come back and I'll actually show you my code so you can compare. The pages that you're going to need to create are going to include manage_admins.php.
Or if you prefer you could call that list admins.php. And then new_admin.php, notice that it's singular. That's the process for created a new admin. For now, don't worry about encrypting the password, go ahead and just have it save a plain text password. That's a bad practice. We're going to get rid of that very soon, but for now just go ahead and have it save whatever the password is in the database in plain text. And then edit_admin, which will allow us to edit an admin's record. Delete_admin to delete them. And then you'll probably want to add some functions to includes functions.php, such as find_all_admins and find_admin_by_id.
Again, for those, you can look up what we did for subjects and pages and copy it over. You'll just have to make a few changes because it's a little bit different. We're not, for example, using a public context. These are always private and there's no reason to return admins who are visible or not, because we don't have that attribute on admins. They just have a username and a password. Let me show you my version. So, to begin with, I'm in my public, admin.php. That's my menu for my Admin area. And I have a link here for Manage_Admin_Users, which takes me to manage_admins.php.
Notice it says Manage Admins up here at the top, and notice that I'm using that layout context, which is adding admin up here at the top. Don't forget that. And then I've got a loop that's looping through all of the users that are in my database. All of the admins. And there's only one right now. I have kskoglund that I created and that user has an edit and a delete action. Those are just links and you can see that they're going to pass the ID of that user to the next page so that the next page can look them up. I can also add a new admin. Let's try that now. That takes me to newadmin.php. Let's create one for Jane Smith and the password, I'll put in secret. Notice that the password is using a password type field, and that's allowing me to have those bullets instead of showing the password. When I click create admin, I get a message at the top saying admin was created, and now I see her here in the list.
I'm sorting these users alphabetically, by the way, and so the usernames are username ascending. And if we go to add a new admin, we don't put any information in. Of course, we have our validations to kick in. Username can't be blank, password can't be blank. And if I click cancel, I'll go back to the main list. And then for Jane Smith, let's edit it. Let's make her user name Jane E.Smith. Now, the password here does require me to enter it again. I can't edit her record without providing a password. Because my validations are going to require it. Now, you could write fancier code that would say, well, don't always change the password just because they changed the username or something. But for now we're going to keep it simple and I'm just going to put in the password.
So, I'll put back in secret again, edit admin and now her username is Jane Smith. And if I click Delete, it comes up and says, are you sure, click okay and now it says, admin deleted and she's gone. So that's it. That's the process. Again, I'm just storing those passwords as plaintext in the database. So that's all you need to do for now. Just store the username and the password in the database, and we'll talk about how to encrypt those a little later. So pause the movie now and try it for yourself if you don't want any spoilers. Because the next thing I'm going to do is I'm going to show you the code that I used to create this.
So, if we come over to our directory of Widget Corp, you can see that I've got manage admins here. Manage admins is pretty simple and straight forward, I've got a function here, find all admins. Let's just jump over and look at that real quick. It's inside functions, and it's very similar to what I did for find all subjects. So it takes the global connection, makes a query, select all from admins, order by username, ascending. Then it executes that query and returns the admin set. Pretty simple.
It's also while we're here, we'll take a look at the other function, find admin by id. Again, very similar to what we did for find subject by id. We take an admin ID as argument. We use mysqli real escape string on that, to make sure that we have a safe version of it. And we select from the database, all admins where that ID matches with limit 1. And then we go ahead and take the additional step of seeing, is there a user there? If we find that admin. If we can pull one out of that set by using mysqli_fetch association.
We return it, otherwise, we return null. So those are the only two functions that I wrote. Let's close that all up. So here's find all admins using layout context for admin above my header. Then for my navigation I've just got a non breaking space. We don't need all those pages or anything like that, we'll just leave that blank. I've got my message here, which I will want to be able to return messages if they're there. If they're in the session and I get sent to this page so I've got that function being called. Then I've just got a simple table. I've thrown in a little bit of style information here. I've got user name, and I've got actions, and then I've got a loop. While I'm able to find an admin in the admin set, then its output. Don't forget to use HTML entities and URL encode and we're going to output the user name, and then a link.
Alright, so it's hashed password, and then hashed password. Is what I'm inserting into the database, username and hash password. Now, we're not doing any hashing right now, but we will. We'll worry about that in a minute. For now, we're just simply taking the plain text and moving it over to hash password without hashing it. So then we do a simple submit and either the admin was created or failed. If it wasn't a submission, then we just go ahead and display the form. We've got our message and our form errors create_admin in the simple form using that password type field. And making sure that we use name equals submit on it as well so that it triggers that other behavior if it sees name submit being submitted in the form values.
And then cancel just goes back to manage admins. Let's take a look at edit admin. It's basically the same thing that we just had. The one difference is that we're going to find admin by ID using that get ID and then take that admin. And if we don't have an admin, redirect them back to the admins page. You could also put a message or something there saying sorry, I couldn't find it. But for now, we'll just send them back to that page as if it was a mistake. And then if it's set, if it was submitted, we do the exact same process we did before, the one difference is we're just using id is equal to the admin id.
And so then when we do our update here, we're going to update where id equals that id. Again hash password is just using regular password. And then the form looks almost identical to what we ha before, with just a few changes like the fact that it says edit admin. And that its action is going to submit somewhere different, and notice it includes the id, because it's going to need that id once we submit the edit admin form. And last of all, delete admin, so delete admin is where to find the admin by id again, same as the other one.
And the whole process is the same except that we're just going to delete from admins where id equals id. We're not worried about what the username or password is, we're just saying okay, you gave me an id I'm going to delete it. And so it does that and redirects us immediately. There's no HTML to render at the bottom. So that's it. You can pause the movie and go back if you want to copy any of that down or compare it against yours. It doesn't have to work exactly the same as mine. If yours is a little bit different, that's fine, the main idea is just to make sure that you're able to manage the admins from your admin area. All right, now we stored our passwords in plain text, and that's a terrible idea. In the next movie, we'll talk about why and what to do about it.
Get unlimited access to all courses for just $25/month.Become a member
82 Video lessons · 98450 Viewers
61 Video lessons · 85739 Viewers
71 Video lessons · 69645 Viewers
56 Video lessons · 101971 Viewers
Access exercise files from a button right under the course name.
Search within course videos and transcripts, and jump right to the results.
Remove icons showing you already watched videos if you want to start over.
Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.
Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.
Your file was successfully uploaded.