- How to link admins in the admin table to customers in the customer table
- How to limit admin authority to alter, view only records associated with the customer to whom the admins are attached
- The administrator could log in, add/alter a product in the product table using a php form. I would like to know how to ‘auto load’ certain product info based on the customer it belongs to, such as city, state, zip, phone number, email address, web address—which would be the same for all the products that a certain customer ‘owns’ in the storefront database products table. These products could be identified by their customer id, linked through foreign restraint key to the customer in the customer table and therefore to the admin in the admin table. Now the question, how to do it?
DATABASE IS BUILD, STOREFRONT IS BUILT, TABLES ARE BUILT.
MOST OF THE WEBSITE CODE IS COMPLETE.
SPECIFICALLY, I NEED TO KNOW HOW TO WRITE THE PHP/MYSQL:
- HOW TO ASSOCIATE AN ADMIN IN ADMINS TABLE WITH A CUSTOMER IN THE CUSTOMERS TABLE
- LIMIT WHAT ADMIN CAN SELECT, VIEW, ALTER TO THOSE PRODUCTS IN THE PRODUCTS TABLE THAT ARE ‘OWNED’ BY ASSOCIATED CUSTOMER IN THE CUSTOMER TABLE THAT SAID ADMIN IS ASSOCIATED WITH
- HOW TO ADD PRODUCTS TO THE PRODUCTS TABLE AND HAVE CERTAIN ITEMS FROM THE CUSTOMER TABLE AUTOMATICALLY INSERTED, SUCH AS CUSTOMER WEB ADDRESS, PHYSICAL ADDRESS, ETC.
- THIS INFO WOULD BE BASED ON THE ADMIN WHO IS ADDING OR EDITING THE PRODUCT, BASED ON THE ADMIN BEING ASSOCIATED WITH A CERTAIN CUSTOMER IN THE CUSTOMER TABLE
YOU WOULD NOT OWN THE CODE NOR RIGHTS TO IT NOR ANYTHING IN OR ABOUT THE WEBSITE. YOU WOULD SIMPLY BE EXPLAINING TO ME HOW TO UNDERSTAND AND WRITE SAID PHP/MYSQL INSTRUCTIONS TO MAKE THIS HAPPEN. THIS WOULD BE ACHIEVED VIA EMAIL AND SAMPLES OR IN A FORUM SETTING. YOU WOULD NOT ACCESS THE SITE NOR ACTUALLY WRITE THE CODE. MANY THANKS FOR ANY INSIGHT.
See sample code below that is INSUFFICIENT:
This is the new product code, including form for adding product data. It is missing the ‘hidden’ data I describe such as customer website, address, etc. based on the admin who is logged in and adding the product.
[php]<?php
if (!isset($_SESSION[‘store_admin’]))
{
echo “
Sorry, you have not logged into the system
\n”;echo “<a href=“admin.php”>Please login\n”;
} else
{
$userid = $_SESSION[‘store_admin’];
echo “<form enctype=“multipart/form-data” action=“admin.php” method=“post”>\n”;
echo “
Enter the new product information
\n”;
echo “<table width=“100%” cellpadding=“1” border=“1”>\n”;
echo “
echo “
//Categories are decided by master admin and selected from a drop down menu
$query=“SELECT catid,name from categories”;
$result=mysql_query($query);
while($row=mysql_fetch_array($result,MYSQL_ASSOC))
{
$catid = $row[‘catid’];
$name = $row[‘name’];
echo “<option value=”$catid">$name\n";
}
echo “
echo “
echo “
echo “
echo “
echo “
echo “
echo “
echo “
echo “<input type=“hidden” name=“MAX_FILE_SIZE” value=“1024000”>\n”;
echo “
echo “\n”;
echo “<input type=“submit” value=“Submit”>\n”;
echo “<input type=“hidden” name=“content” value=“addproduct”>\n”;
echo “\n”;
}
?>
[/php]
This is similar to the add product code, that I have considered adding the hidden data to, but don’t know how. I can’t write the multiple querries correctly and wonder if that is even the best way. The actual form and database table columns may not match, but I’m more worried about the theory and correct syntax rather than, for example, custphone is not lining up with custphone in the html form.
[php]<?php
$catid=$_POST[‘catid’];
$description=$_POST[‘description’];
$price=$_POST[‘price’];
$quantity=$_POST[‘quantity’];
$restname=$_POST[‘custname’];
$restphone=$_POST[‘custphone’];
if (get_magic_quotes_gpc())
{
$catid = stripslashes($catid);
$description = stripslashes($description);
$price = stripslashes($price);
$quantity = stripslashes($quantity);
$restname = stripslashes($custname);
$restname = stripslashes($custphone);
}
$catid = mysql_real_escape_string($catid);
$description = mysql_real_escape_string($description);
$price = mysql_real_escape_string($price);
$quantity = mysql_real_escape_string($quantity);
$restname = mysql_real_escape_string($custname);
$restphone = mysql_real_escape_string($custphone);
$thumbnail = getThumb($_FILES[‘picture’]);
$thumbnail = mysql_real_escape_string($thumbnail);
$query = “INSERT INTO products (catid, description, picture, price, quantity, custname, custphone) " .
" VALUES (’$catid’,’$description’,’$thumbnail’, ‘$price’, ‘$quantity’, ‘$custname’, '$custphone)”;
$result = mysql_query($query) or die(‘Unable to add product’);
if ($result)
echo “
New product added
\n”;else
echo “
Problem adding new product
\n”;?>
[/php]
THANKS!