In the best of all possible worlds, an administrator would never have to see a user's record much less alter it. Very few administrators are lucky enough to live in that world, however, so an administrative-strength edit record application is needed.
In addition to the functionality we've already seen in the user-oriented edit record page, the administrator also requires the capability to alter a user's access group level and to delete the record altogether. Moreover, to maintain security, the SQL statements involved in this page are somewhat more complex than those used in the user version.
Step 1: Implement Login Design
Let's begin by building the basic page.
Open a new dynamic page, either constructing one by hand or deriving one from a template.
In the UserLogin folder, locate the folder for your server model and open the edit_user page found there.
Add a table to the content region of your page to contain the interface elements for the application.
From the Snippets panel, drag the Recipes > UserLogin > Wireframes > Edit User - Wireframe snippet into the Content editable region.
Within the table, insert the form and any necessary form elements for the application. You'll need five text fields one for each of the fields (First Name, Last Name, User Name, Password, and Email Address) and a select list to hold the Group Access data. In addition, this application requires three buttons: Update, Delete, and Cancel.
Place your cursor in the row below the words EDIT USER in the second cell and insert the Recipes > UserLogin > Forms > Edit User - Form snippet [r1-23].
Figure r1-23.
ColdFusion and PHP Users: Both of these server models require a unique record ID for the Update Record server behavior to work properly. In these situations, a Hidden Form Field is used to convey the needed data.
ColdFusion and PHP developers should drag a Hidden Form Field from the Forms category of the Insert bar and name it UserID.
Save the page.
Step 2: Add Database Components
The Edit User page displays when a link is selected in the Manage Users page. The link selected contains a URL parameter, ID, which we will use on this page to filter one of the two recordsets required. The second recordset gets the values necessary to dynamically fill the Access Group list.
From the Server Behaviors panel, choose Add (+) and select Recordset (Query).
Using the simple view of the Recordset dialog, give the recordset a meaningful name.
Enter Users in the Recordset field.
Choose the connection for your data source.
Select Recipes from the Connection list.
Choose the desired table.
Select Users (users for PHP) from the Table list.
Keep the Columns option set to All.
In the Filter area of the Recordset dialog, set the four Filter list elements like this:
Leave the Sort option set to None and then click OK to confirm your choices and close the dialog.
Save the page.
The second recordset, AccessGroups, is just as straightforward.
From the Bindings panel, choose Add (+) and select Recordset (Query).
In the Recordset dialog's simple view, enter the desired name, such as AccessGroups.
Select your data source connections.
Choose Recipes from the Connections list.
Select the table containing the user information.
Choose AccessGroups from the Table list.
Click OK to close the dialog.
Note
The second recordset,AccessGroups, is an exact duplicate of the one built in the Manage User page. If that page has already been developed, you can copy and paste the recordset. To copy a recordset, select it in the Bindings panel and, from the panel Options menu, select Copy. To paste a recordset, switch to the page where the recordset is needed, select the Bindings panel Options menu, and choose Paste. Your recordset should appear in the Bindings panel. Please note that standard Copy and Paste commands will not work with recordsets.
Step 3: Data Binding Process
The data-binding procedure for this page is identical to the one followed on the edit profile page with one exception. The Access Group form element a drop-down list must be bound to data from the accessgroup table. ColdFusion and PHP users will also need to bind the current record ID to the hidden form field.
In the Bindings panel, make sure the Users recordset entry is expanded so that all data columns are displayed.
Drag each of the following data columns over the corresponding text field:
Drag column UserFirstName to field FirstName.
Drag column UserLastName to field LastName.
Drag column UserName to field UserName.
Drag column Password to field Password.
Drag column UserEmail to field EmailAddress.
Leave the default formatting for all dynamic text fields.
Let's now set up the list element to populate dynamically.
Select the Access Group list element.
In the Property inspector, click the Dynamic button to open the Dynamic List/Menu dialog.
Verify that the AccessGroup list element is selected in the Menu list.
From the Options From Recordset list, choose AccessGroups.
Set the Values list to AccessGroupID.
Set the Labels (what the user sees) to AccessGroupNames.
In the Select Value Equal To field, select the lightning icon to open the Dynamic Data dialog.
Expand the Users recordset, if necessary, and choose the UserAccess (AccessGroup for PHP) field.
Linking the selected value to the UserAccess/AccessGroup field, the record will initially display the current user group level while allowing the administrator to adjust it if necessary.
Click OK to close the Dynamic Data dialog. After you've confirmed your selections, click OK in the Dynamic List/Menu dialog to close it.
ColdFusion and PHP users need to complete one additional set of steps in binding dynamic data to the hidden form field previously inserted.
Select the desired form element.
Choose the UserID hidden form element.
Bind the current record ID to the element.
Choose the lightning bolt symbol next to the Value field in the Property inspector to open the Dynamic Data dialog.
In the Dynamic Data dialog, expand the Users recordset and choose UserID.
Click OK to close the dialog.
Save your page.
Step 4: Update User Profile
Now we're ready to insert the Update Record server behavior. As part of the procedure, we'll set the behavior to display the Manage User page after the update is complete so that the administrator can continue working.
For ASP
From the Server Behaviors panel, choose Add (+) and select Update Record to display the dialog.
Select the connection to the data source.
Choose Recipes from the Connection list.
Choose the table containing the user data.
From the Table To Update list, select Users.
Select the recordset from which to get data source fields.
Set the Select Record From field to Users.
Set the Primary Key for the recordset.
From the Unique Key Column list, choose UserID and make sure that the Numeric option is checked.
Enter the page you want the users to see after successfully registering.
In the After Inserting, Go To field, select the Browse button and locate the user_manager file for your server model.
Choose the form on the page from which the values are to be taken.
Set the Get Values From field to EditUser.
For the form elements shown in the list, set each one to its equivalent in the data source. All form elements should be submitted as text:
Set form element FirstName to field UserFirstName as Text.
Set form element Lastname to field UserLastName as Text.
Set form element UserName to field UserName as Text.
Set form element Password to field UserPassword as Text.
Set form element EmailAddress to field UserEmail as Text.
Set form element AccessGroup to field UserAccess as Numeric.
When you're done, click OK to close the dialog and insert the behavior.
Save your page.
For ColdFusion and PHP
From the Server Behaviors panel, choose Add (+) and select Update Record.
In the Update Record dialog, choose the current form.
Select Users from the Submit Values From list.
Select your data source from the list.
Choose Recipes from the Data Source list.
Enter your username and password, if needed.
Select the table in the data source to insert into from the list.
Choose Users from the Insert Into Table list.
Set the data source fields to their corresponding form elements.
As the Primary Key, UserID selects the record using FORM.UserID as a Numeric (Integer in PHP) type.
Set UserAccess to get its value from the FORM.AccessGroup from element as Numeric (Integer in PHP).
Set UserFirstName to get its value from the FORM.FirstName form element as Text.
Set UserLastName to get its value from the FORM.Lastname form element as Text.
Set UserName to get its value from the FORM.UserName form element as Text.
Set UserPassword to get its value from the FORM.Password form element as Text.
Set UserEmail to get its value from the FORM.EmailAddress form element as Text.
Make sure UserRegDate does not get a value.
In the After Inserting, Go To field enter the path to the file you want displayed after the record is updated.
In the After Inserting, Go To field, select the usermanager file for your server model.
Check your entries to verify that they are correct; if so, click OK.
Save your page.
Step 5: Add a Delete Command
If you wanted to add a separate page to delete a record, you could use Dreamweaver's standard Delete Record server behavior. However, if, as this application does, you want to combine a couple of administrative tasks such as updating and deleting records you have to take a different approach.
One method is to create a delete command. A command is a specialized SQL statement that, among other things, can delete, insert, or update records. Once the command is created using the Dreamweaver interface, the code must be moved above the Update Record behavior. The final step is to wrap the delete code in a conditional block also called an If statement so that it executes only when the Delete button is selected.
For ASP
From the Bindings panel, choose Add (+) and select Command.
The Command dialog displays [r1-24].
Figure r1-24.
Enter an appropriate name for the command.
Enter DeleteCommand in the Name field.
Choose your data source connection from the list.
Select Recipes from the Connections list.
Choose Delete for the Command Type.
Enter the following code in the SQL field:
DELETE FROM Users WHERE UserID = IDParam
In the Variables section, select Add (+) and enter IDParam under the Name column.
In the Run-Time Value column, enter Request.Form("MM_recordId") and click OK when you're done.
Inserting the command creates two code blocks. We'll need to move one of them so that the delete command is processed before the update command.
In Code view, find the code block for the delete command. It will look like this:
Now all that remains to complete the delete command is to make sure it is only executed when the user selects the Delete button on the form. If this step is not taken, the delete command will run when this page was loaded not a desirable circumstance. To avoid such a disastrous situation, we'll wrap the two delete command code blocks within an If statement.
In Code view, locate the two adjacent delete command code blocks.
Select the two code blocks to prepare for inserting the snippet.
Insert the following code:
From the Snippets panel, open the Recipes > UserLogin > Custom Code folder for your server model and insert the Delete Button - If Statement snippet.
Before:
<% if (cStr(Request.Form("Delete"))<>"") then %>
After:
<% Response.Redirect("user_manager.asp") end if %>
Before:
<% if (String(Request("Delete"))!="undefined") { %>
After:
<% Response.Redirect("user_manager.asp"); } %>
You can, of course, change the page to redirect to after the delete is completed, if your page is named something different than user_manager.asp.
For ColdFusion
From the Bindings panel, choose Add (+) and select Recordset (Query).
Unlike with the ASP server models, there is no separate user interface in ColdFusion for Commands, and the Recordset dialog is used.
If the simple view is displayed, select Advanced.
In the Name field, enter an appropriate name.
Enter DeleteOperation in the Name field.
Choose your data source connection from the list.
Select Recipes from the Data Source list.
If necessary, enter the User Name and Password in their respective fields.
Enter the following code in the SQL field:
DELETE FROM Users WHERE UserID = #FORM.UserID#
In the Page Parameters section, select Add (+) to display the Add Parameter dialog.
In the Add Parameter dialog, enter FORM.UserID in the Name field.
In the Default Value fields, enter 0 and click OK to close the Add Parameter dialog.
When you're done, click OK to close the Recordset dialog.
Now all that remains to complete the delete command is to make sure it is only executed when the user selects the Delete button on the form. To do this, we'll wrap the two delete command code blocks within an If statement.
In Code view, find the code block for the delete command. It will look like this:
<cfquery name="DeleteCommand" datasource="Recipes"> DELETE FROM Users WHERE USERID = #FORM.UserID# </cfquery>
Select the two code blocks to prepare for inserting the snippet.
Insert the following code:
From the Snippets panel, insert the Recipes > UserLogin > Custom Code-CF > Delete Button - If Statement snippet.
You can, of course, change the page to redirect to after the delete is completed, if your page is named something different from user_manager.cfm.
For PHP
Adding a Delete button in PHP is simpler than in other server models and requires the addition of a single function.
In Code view, position your cursor at the end of the opening line that begins <?php require_once...> and press Enter (Return).
Enter the following code:
Insert the Recipes > UserLogin > Custom Code-PHP > Edit User Delete User snippet.
[View full width]
<?php if ((isset($_POST['Delete'])) && ($_POST['Delete']=="Delete")) { mysql_select_db($database_Recipes_PHP, $Recipes_PHP); $deleteSQL = "DELETE FROM users WHERE User0" width="14" height="9" align="left" src="/books/2/711/1/html/2/files/ccc.gif" alt="graphics/ccc.gif">.$_POST['UserID']; $deleteRS = mysql_query($deleteSQL,$Recipes_PHP); header("Location: user_manager.php"); } ?>
Save the page.
Step 6: Cancel Editing Process
As we did on the Update Record page, we'll use some JavaScript code to implement the Cancel button.
Select the Cancel form button.
From the Behaviors panel, select Add (+) and choose Call JavaScript.
In the Call JavaScript dialog, enter the following code:
history.back();
When you're done, click OK to close the dialog.
Save the file.
Step 7: Validate the User Name
One final aspect still needs to be addressed. Since this page can potentially alter the username, we must make sure that the new name chosen is unique. Unfortunately, we cannot just apply the Check User Name server behavior as we did in the register_user page because this particular server behavior requires that a variable, MM_flag, be set to MM_insert, and an update page sets MM_flag to MM_update.
The solution is to copy the Macromedia code used on the register_user page and adapt it to our needs. In all, three changes will need to be made. While these modifications will give us the functionality we need, it will also prevent further changes to the Update Record server behavior through the dialog. This is indicated by a red exclamation mark next to the server behavior in the Server Behaviors panel.
Open the register_user page in Code view and copy the following code block:
[View full width]
<% ' *** Redirect if username exists MM_flag="MM_insert" If (CStr(Request(MM_flag)) <> "") Then MM_dupKeyRedirect="register_user.asp?repeat=true" MM_rsKeyConnection=MM_Recipes_VB_STRING MM_dupKeyUsernameValue = CStr(Request.Form("UserName")) MM_dupKeySQL="SELECT UserName FROM Users WHERE UserName='" & MM_dupKeyUsernameValue & "'" MM_adodbRecordset="ADODB.Recordset" set MM_rsKey=Server.CreateObject(MM_adodbRecordset) MM_rsKey.ActiveConnection=MM_rsKeyConnection MM_rsKey.Source=MM_dupKeySQL MM_rsKey.CursorType=0 MM_rsKey.CursorLocation=2 MM_rsKey.LockType=3 MM_rsKey.Open If Not MM_rsKey.EOF Or Not MM_rsKey.BOF Then ' the username was found - can not add the requested username MM_qsChar = "?" If (InStr(1,MM_dupKeyRedirect,"?") >= 1) Then MM_qsChar = "&" MM_dupKeyRedirect = MM_dupKeyRedirect & MM_qsChar & "requsername=" & MM_dupKeyUsernameValue Response.Redirect(MM_dupKeyRedirect) End If MM_rsKey.Close End If %>
[View full width]
<% // *** Redirect if username exists var MM_flag="MM_insert"; if (String(Request(MM_flag)) != "undefined") { var MM_dupKeyRedirect="register_user.asp?repeat=true"; var MM_rsKeyConnection=MM_Recipes_STRING; var MM_dupKeyUsernameValue = String(Request.Form("UserName")); var MM_dupKeySQL = "SELECT UserName FROM Users WHERE UserName='" + MM_dupKeyUsernameValue + "'" var MM_adodbRecordset = "ADODB.Recordset"; var MM_rsKey = Server.CreateObject(MM_adodbRecordset); MM_rsKey.ActiveConnection = MM_rsKeyConnection; MM_rsKey.Source = MM_dupKeySQL; MM_rsKey.CursorType=0; MM_rsKey.CursorLocation=2; MM_rsKey.LockType=3; MM_rsKey.Open(); if (!MM_rsKey.EOF || !MM_rsKey.BOF) { // the username was found - can not add the requested username var MM_qsChar = "?"; if (MM_dupKeyRedirect.indexOf("?") >= 0) MM_qsChar = "&"; MM_dupKeyRedirect = MM_dupKeyRedirect + MM_qsChar + "requsername=" + MM_dupKeyUsernameValue; Response.Redirect(MM_dupKeyRedirect); } MM_rsKey.Close(); } %>
<?php // *** Redirect if username exists $MM_flag="MM_insert"; if (isset($_POST[$MM_flag])) { $MM_dupKeyRedirect="register_user.php?repeat=true"; $loginUsername = $_POST['UserName']; $LoginRS__query = "SELECT UserName FROM users WHERE UserName='" . $loginUsername . "'"; mysql_select_db($database_Recipes_PHP, $Recipes_PHP); $LoginRS=mysql_query($LoginRS__query, $Recipes_PHP) or die (mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); //if there is a row in the database, the username was found - can not add the requested username if($loginFoundUser){ $MM_qsChar = "?"; //append the username to the redirect page if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&"; $MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar ."requsername=".$loginUsername; header ("Location: $MM_dupKeyRedirect"); exit; } } ?>
Open the edit_user page and paste the code after the complete delete command sequence.
Make sure you paste the code after the close of the If statement where the redirection occurs.
Near the top of the pasted code block, change the following line from
MM_flag=MM_insert
to
MM_flag=MM_update
This change allows the server behavior to work with a record update.
Make a second change from
MM_dupKeyRedirect="register_user"
to
MM_dupKeyRedirect="edit_user"
This modification specifies the proper page for the redirect operation.
Locate the line that starts with the following code:
var MM_dupKeySQL
var MM_dupKeySQL
var MM_dupKeySQL
$LoginRS__query
Append the following to the end of the code line:
+ Request("MM_recordId")
+ Request("MM_recordId")
+ Request("MM_recordId")
PHP users should remove the final three characters on the line (single quote, double quote, and semicolon) and add the following:
Change:
"'";
to:
"' AND UserID != ".$_POST['UserID'];
With this change, the SQL statement ignores the current record. This action is necessary in case the administrator made other changes to the record other than the username. Without this modification, the SQL statement would identify the current record as the duplicate and the update would not take place.
Additionally, PHP users need to locate the code line that ends as follows:
"requsername=".$loginUsername;
Remove the semicolon at the end and append the following:
In the 
ColdFusion and PHP developers should drag a Hidden Form Field from the Forms category of the Insert bar and name it UserID.
= " +Replace(DeleteCommand__IDParam, "'", "''") + "" DeleteCommand.CommandType = 1 DeleteCommand.CommandTimeout = 0 DeleteCommand.Prepared = true DeleteCommand.Execute() %> 
