A Simple PHP Script (MySQL, Too) To Track Radio Station Song Requests, Part 3

In my last post on creating an online request system for an Internet radio station, we created a backend for DJs.

In this third of four parts, we create an administrative backend that will allow master users to add, edit and delete both DJs and admins to the system.

In order for this to work, you need to have a default admin user. Here’s a little SQL to get an initial user in the system:

INSERT INTO adminlist (admin_username, admin_password) VALUES ('admin', 'default')

You definitely want to delete this default user after you set up this program! Otherwise, you’re going to be seriously sorry; anyone who’s read this post will pretty much have full power over your request system if you don’t delete this record.

With a default user in place, we can begin with the needed pages.

Task 1: Log In The Admin (index.php)

This is an even more traditional login script than we had in the DJ section. All it does is check our credentials, then set a session variable and redirect the user to a menu page on a good login.

<?php
session_start();
require_once("../conn.inc.php");
$message = "";

if(isset($_SESSION['login']) && $_SESSION['login'] != "") {
	header('Location: menu.php');
}
else {
	if(isset($_POST['submit'])) {
		$un = trim(mysql_escape_string($_POST['user']));
		$pw = trim(mysql_escape_string($_POST['pass']));
		$sql = "SELECT * FROM adminlist WHERE admin_username = '$un' AND admin_password = '$pw'";
		$rs = mysql_query($sql) or die('Cannot get admin login query');
		if(mysql_num_rows($rs) > 0) {
			$_SESSION['login'] = $un;
			header('Location: menu.php');
		}
		else {
			$message = "<p>Login attempt failed. Please check your credentials and try again.</p>n";
		}
	}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Admin Login</title>
</head>
<body>
<h1>Admin Login</h1>
<?php echo $message; ?>
<form id="form1" name="form1" method="post" action="">
  <table>
    <tr>
      <td>User name: </td>
      <td><input name="user" type="text" id="user" size="20" maxlength="20" /></td>
    </tr>
    <tr>
      <td>Password:</td>
      <td><input name="pass" type="password" id="pass" size="20" maxlength="20" /></td>
    </tr>
  </table>
  <br />
  <input name="submit" type="submit" id="submit" value="Submit" />
</form>
<p>&nbsp;</p>
</body>
</html>

Some notes on this code:

  • Once again, passwords are stored in the clear on this system, so keep that in mind.
  • This does use session variables, so you will find that after 10 minutes or so of inactivity, you’ll need to log back in.

Task 2: Display A Menu (menu.php)

This is the easiest page in the whole project. All we do is check to see if the user is logged in; if so, we just show a simple links page to him.

<?php
session_start();
if(!isset($_SESSION['login']) || $_SESSION['login'] == "") {
	header('Location: index.php');
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Admin Menu</title>
</head>
<body>
<h1>Admin Menu</h1>
<h3>DJ Submenu</h3>
<blockquote>
  <p><a href="dj_add.php">Add a new DJ </a></p>
  <p><a href="dj_list.php">View, edit or delete current DJ record</a> </p>
</blockquote>
<h3>Admin Submenu</h3>
<blockquote>
  <p><a href="admin_add.php">Add a new admin</a></p>
  <p><a href="admin_list.php">View, edit or delete current admin</a>  </p>
</blockquote>
<p>&nbsp;</p>
</body>
</html>

Task 3: Add A DJ Form (dj_add.php)

Other than an extra field to insert, there’s fundamentally no difference between adding a DJ and adding an admin, so I’ll only discuss this page.

This is a fairly straightforward script: Take the user input, massage it a bit, stuff it into the database.

<?php
session_start();
if(!isset($_SESSION['login']) || $_SESSION['login'] == "") {
	header('Location: index.php');
}
require_once("../conn.inc.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Add A DJ</title>
</head>
<body>
<h1>Add A DJ</h1>
<?php
if(isset($_POST['submit'])) {
	//prep text
	$pn = substr(trim(mysql_escape_string($_POST['name'])), 0, 50);
	$un = substr(trim(mysql_escape_string($_POST['user'])), 0, 20);
	$pw = substr(trim(mysql_escape_string($_POST['pass1'])), 0, 20);

	if($_POST['pass1'] != $_POST['pass2']) {
		echo "<p>Password fields do not match. Please correct this problem and try again.</p>n";
	}
	elseif($pn == "" || $un == "" || $pw == "") {
		echo "<p>A field is blank or contains only junk. Please correct this problem and try again.</p>n";
	}
	else {
		$sql = "INSERT INTO djlist (dj_username, dj_password, dj_public_name) VALUES ('$un', '$pw', '$pn')";
		$rs = mysql_query($sql) or die('Cannot insert record');
		echo "<p>DJ record added.</p>n";
	}

}
?>
<form id="form1" name="form1" method="post" action="">
  <table>
    <tr>
      <td>Publicly Displayed Name </td>
      <td><input name="name" type="text" id="name" value="<?php echo $_POST['name']; ?>" /></td>
    </tr>
    <tr>
      <td>Username</td>
      <td><input name="user" type="text" id="user" value="<?php echo $_POST['user']; ?>" /></td>
    </tr>
    <tr>
      <td>Password</td>
      <td><input name="pass1" type="password" id="pass1" value="<?php echo $_POST['pass1']; ?>" /></td>
    </tr>
    <tr>
      <td>Confirm Password</td>
      <td><input name="pass2" type="password" id="pass2" value="<?php echo $_POST['pass2']; ?>" /></td>
    </tr>
  </table>
  <br />
  <input name="submit" type="submit" id="submit" value="Submit" />
</form>
<p><a href="dj_list.php">DJ List</a> | <a href="menu.php">Menu</a></p>
<p>&nbsp;</p>
</body>
</html>

Task 4: The Edit A DJ Script (dj_edit.php)

I’m jumping a bit ahead of myself here because editing a DJ record is fundamentally the same as adding one, with the added steps of getting the current DJ record and displaying that in the input boxes.

<?php
session_start();
if(!isset($_SESSION['login']) || $_SESSION['login'] == "") {
	header('Location: index.php');
}
require_once("../conn.inc.php");

if(isset($_GET['id'])) {
	$djid = $_GET['id'];
}
else {
	$djid = $_POST['id'];
}

$sql2 = "SELECT * FROM djlist WHERE dj_id = $djid";
$rs2 = mysql_query($sql2) or die('Cannot get DJ record');
if(mysql_num_rows($rs2) == 0) {
	header('Location: dj_list.php');
}
else {
	$row = mysql_fetch_array($rs2);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Edit A DJ</title>
</head>
<body>
<h1>Edit A DJ</h1>
<?php
if(isset($_POST['submit'])) {
	//prep text
	$pn = substr(trim(mysql_escape_string($_POST['name'])), 0, 50);
	$un = substr(trim(mysql_escape_string($_POST['user'])), 0, 20);
	$pw = substr(trim(mysql_escape_string($_POST['pass1'])), 0, 20);

	if($_POST['pass1'] != $_POST['pass2']) {
		echo "<p>Password fields do not match. Please correct this problem and try again.</p>n";
	}
	elseif($pn == "" || $un == "" || $pw == "") {
		echo "<p>A field is blank or contains only junk. Please correct this problem and try again.</p>n";
	}
	else {
		$sql = "UPDATE djlist SET dj_username = '$un', dj_password = '$pw', dj_public_name = '$pn' WHERE dj_id = $djid";
		$rs = mysql_query($sql) or die('Cannot update record');
		echo "<p>DJ record updated.</p>n";
	}

}
?>
<form id="form1" name="form1" method="post" action="">
  <table>
    <tr>
      <td>Publicly Displayed Name </td>
      <td><input name="name" type="text" id="name" value="<?php echo $row['dj_public_name']; ?>" /></td>
    </tr>
    <tr>
      <td>Username</td>
      <td><input name="user" type="text" id="user" value="<?php echo $row['dj_username']; ?>" /></td>
    </tr>
    <tr>
      <td>Password</td>
      <td><input name="pass1" type="password" id="pass1" value="<?php echo $row['dj_password']; ?>" /></td>
    </tr>
    <tr>
      <td>Confirm Password</td>
      <td><input name="pass2" type="password" id="pass2" value="<?php echo $row['dj_password']; ?>" /></td>
    </tr>
  </table>
  <input name="id" type="hidden" id="id" value="<?php echo $row['dj_id']; ?>" />
  <br />
  <input name="submit" type="submit" id="submit" value="Submit" />
</form>
<p><a href="dj_list.php">DJ List</a> | <a href="menu.php">Menu</a></p>
<p>&nbsp;</p>
</body>
</html>

Some notes about this script:

  • This script will refer users back to the DJ list if it can’t find a valid DJ record entry.
  • The script assumes you’re not going to make bad entry mistakes or attempt SQL / HTML injection.

That’s it for Part 3. Part 4 finishes everything up; we’ll list off the current DJs and we’ll be able to delete them, too.

4 Comments

  1. A very good day to you

    With reference to above I have started radio dj recently. Im in the training process. For this Saturdays programme I have 5 REQUESTS. I NNED TO KNOW HOW to mention the 5 requests on air

    1) Madonna – crazy for you
    2) 3 song mix
    3) Season in the sun
    4) Bimbo – jim reeves
    5) Song of 50cents

    Would you be able to help me in this regard like how to tell it on air and how can i continue on this

    Awaiting your kind response

    Delesh

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Check out the Commenting Guidelines before commenting, please!
  • Want to share code? Please put it into a GitHub Gist, CodePen or pastebin and link to that in your comment.
  • Just have a line or two of markup? Wrap them in an appropriate SyntaxHighlighter Evolved shortcode for your programming language, please!