[ciapug] Peer review of PHP code
Claus
ciapug@cialug.org
Mon, 12 Apr 2004 12:03:17 -0500
This is a multi-part message in MIME format.
--------------020102060805060508080103
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Hello
I finished up what I call a halfway decent php program but I'm curious
what you think about the coding (style as well as function) and would
love to hear your comments about it.
The program is an administrative interface to upload newsletters (word
and or pdf files) to a web site. Functions of the program are to add
newsletters, list existing newsletters, replace newsletters, delete
newsletters. All functions are implemented within the php file (called
newsletters.html) that is attached.
I appreciate your feedback as I'm trying to improve my PHP skills.
Claus
--------------020102060805060508080103
Content-Type: text/html;
name="newsletters.html"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="newsletters.html"
<?php
$debug = true;
// open DB connection
require_once('DB.php');
$db = DB::connect('pgsql://www@unix+localhost/database);
if (DB::isError($db)) {dbError($db);}
outputHtmlHeader();
if (isset($_POST['action']) && $_POST['action'] == "add")
{
addNewsletter($db);
displayAddNewsletter();
displayNewsletters($db);
}
elseif (isset($_POST['action']) && $_POST['action'] == "edit")
{
editNewsletter($db);
}
else
{
displayAddNewsletter();
displayNewsletters($db);
}
outputHtmlFooter();
// close DB connection
$db->disconnect();
function outputHtmlHeader()
{
echo "<html>\n";
echo " <head>\n";
echo " <title>Administration - Newsletters</title>\n";
echo " </head>\n";
echo "\n";
echo " <body bgcolor=\"#99FFFF\">\n";
echo " <center><h3>Administration - Newsletters</h3></center>\n";
echo " <hr>\n";
}
function outputHtmlFooter()
{
echo " <hr>\n";
echo " <font size=\"-1\"><i>Last modified: "
. date("F d, Y H:i:s", getlastmod()) . "</i></font>\n";
echo " </body>\n";
echo "</html>\n";
}
function displayNewsletters($db)
{
echo " <table align=\"center\" cellspacing=\"0\" cellpadding=\"4\">\n";
echo " <tr>\n";
echo " <td colspan=\"3\" align=\"center\">\n";
echo " <h2>Newsletters</h2>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td>\n";
echo " </td>\n";
echo " <td>\n";
echo " <b>Word Document</b>\n";
echo " </td>\n";
echo " <td>\n";
echo " <b>PDF Document</b>\n";
echo " </td>\n";
echo " </tr>\n";
$result = $db->query("select year, month, word_file, pdf_file
from newsletters order by year desc, month desc");
if (DB::isError($result)) {dbError($result);}
while ($resultRow = $result->fetchRow(DB_FETCHMODE_ASSOC))
{
echo " <tr>\n";
echo " <td>\n";
echo " <form action=\"newsletters.html\" method=\"post\">\n";
echo " <input type=\"hidden\" name=\"action\" value=\"edit\">\n";
echo " <input type=\"hidden\" name=\"keyYear\" value=\""
. $resultRow['year'] . "\">\n";
echo " <input type=\"hidden\" name=\"keyMonth\" value=\""
. $resultRow['month'] . "\">\n";
echo " <input type=\"submit\" value=\"Edit\">\n";
echo " </form>\n";
echo " </td>\n";
echo " <td>\n";
if ($resultRow['word_file'] > ' ')
{
echo " <a href=\"newsletters/" . $resultRow['word_file'] . "\">"
. intToTextMonth($resultRow['month']) . " " . $resultRow['year'] . "</a>\n";
}
echo " </td>\n";
echo " <td>\n";
if ($resultRow['pdf_file'] > ' ')
{
echo " <a href=\"newsletters/" . $resultRow['pdf_file'] . "\">"
. intToTextMonth($resultRow['month']) . " " . $resultRow['year'] . "</a>\n";
}
echo " </td>\n";
echo " </tr>\n";
}
echo " </table>\n";
}
function displayAddNewsletter()
{
echo " <form action=\"newsletters.html\" method=\"post\" enctype=\"multipart/form-data\">\n";
echo " <input type=\"hidden\" name=\"action\" value=\"add\">\n";
echo " <input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"8388608\">\n";
echo " <table align=\"center\">\n";
echo " <tr>\n";
echo " <td colspan=\"2\" align=\"center\">\n";
echo " <h2>Add Newsletter</h2>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td>\n";
echo " <b>Word Document</b>\n";
echo " </td>\n";
echo " <td>\n";
echo " <input type=\"file\" name=\"docFile\" size=\"50\" accept=\"application/msword\"><br>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td>\n";
echo " <b>PDF Document</b>\n";
echo " </td>\n";
echo " <td>\n";
echo " <input type=\"file\" name=\"pdfFile\" size=\"50\" accept=\"application/pdf\"><br>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td colspan=\"2\" align=\"center\">\n";
echo " <select name=\"keyMonth\">\n";
echo " <option value=\"01\">January\n";
echo " <option value=\"02\">Febuary\n";
echo " <option value=\"03\">March\n";
echo " <option value=\"04\">April\n";
echo " <option value=\"05\">May\n";
echo " <option value=\"06\">June\n";
echo " <option value=\"07\">July\n";
echo " <option value=\"08\">August\n";
echo " <option value=\"09\">September\n";
echo " <option value=\"10\">October\n";
echo " <option value=\"11\">November\n";
echo " <option value=\"12\">December\n";
echo " </select>\n";
echo " <select name=\"keyYear\">\n";
echo " <option value=\"2000\">2000\n";
echo " <option value=\"2001\">2001\n";
echo " <option value=\"2002\">2002\n";
echo " <option value=\"2003\">2003\n";
echo " <option value=\"2004\">2004\n";
echo " <option value=\"2005\">2005\n";
echo " <option value=\"2006\">2006\n";
echo " <option value=\"2007\">2007\n";
echo " <option value=\"2008\">2008\n";
echo " <option value=\"2009\">2009\n";
echo " <option value=\"2010\">2010\n";
echo " </select>\n";
echo " <input type=\"submit\" value=\"Add Newsletter\">\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </form>\n";
}
function addNewsletter($db)
{
$result = $db->query("select '1' from newsletters
where year = '" . $_POST['keyYear'] . "'
and month = '". $_POST['keyMonth'] . "';");
if (DB::isError($result)) {dbError($result);}
if ($result->numRows() > 0)
{
echo " <center>\n";
echo " <font color=\"red\"><b>Newsletter exists already</b></font><br>\n";
echo " Newsletter for " . intToTextMonth($_POST['keyMonth'])
. " " . $_POST['keyYear'] . " was not added\n";
echo " </center>\n";
return;
}
if ($_FILES['docFile']['size'] == 0 && $_FILES['pdfFile']['size'] == 0)
{
echo " <center>\n";
echo " <font color=\"red\"><b>No newsletter uploaded</b></font><br>\n";
echo " Newsletter for " . intToTextMonth($_POST['keyMonth'])
. " " . $_POST['keyYear'] . " was not added\n";
echo " </center>\n";
return;
}
if ($_FILES['docFile']['size'] > 0)
{
$uploadfile = "newsletters/" . $_REQUEST['keyYear'] . "-"
. $_REQUEST['keyMonth'] . " Newsletter.doc";
if (move_uploaded_file($_FILES['docFile']['tmp_name'], $uploadfile))
{
chmod($uploadfile, 0775);
}
else
{
echo " <center>\n";
echo " <font color=\"red\"><b>File upload error (doc)</b></font><br>\n";
echo " Newsletter for " . intToTextMonth($_POST['keyMonth'])
. " " . $_POST['keyYear'] . " was not added\n";
echo " </center>\n";
return;
}
}
if ($_FILES['pdfFile']['size'] > 0)
{
$uploadfile = "newsletters/" . $_REQUEST['keyYear'] . "-"
. $_REQUEST['keyMonth'] . " Newsletter.pdf";
if (move_uploaded_file($_FILES['pdfFile']['tmp_name'], $uploadfile))
{
chmod($uploadfile, 0775);
}
else
{
echo " <center>\n";
echo " <font color=\"red\"><b>File upload error (pdf)</b></font><br>\n";
echo " Newsletter for " . intToTextMonth($_POST['keyMonth'])
. " " . $_POST['keyYear'] . " was not added\n";
echo " </center>\n";
return;
}
}
if ($_FILES['docFile']['size'] > 0)
{
$wordFilename = $_REQUEST['keyYear'] . "-" . $_REQUEST['keyMonth']
. " Newsletter.doc";
}
else
{
$wordFilename = " ";
}
if ($_FILES['pdfFile']['size'] > 0)
{
$pdfFilename = $_REQUEST['keyYear'] . "-" . $_REQUEST['keyMonth']
. " Newsletter.pdf";
}
else
{
$pdfFilename = " ";
}
$result = $db->query("insert into newsletters
values ('" . $_REQUEST['keyYear'] . "',
'" . $_REQUEST['keyMonth'] . "',
'" . $wordFilename . "',
'" . $pdfFilename . "')");
if (DB::isError($result))
{
if(stristr($result->getUserinfo(),"duplicate key"))
{
echo " <center>\n";
echo " <font color=\"red\"><b>Newsletter for this month exists already</b></font><br>\n";
echo " Newsletter for " . intToTextMonth($_POST['keyMonth'])
. " " . $_POST['keyYear'] . " was not added\n";
echo " </center>\n";
return;
}
else
{
dbError($result);
}
}
}
function editNewsletter($db)
{
$result = $db->query("select word_file, pdf_file
from newsletters
where year = '" . $_POST['keyYear'] . "'
and month = '" . $_POST['keyMonth'] ."'");
if (DB::isError($result)) {dbError($result);}
if (!$resultRow = $result->fetchRow(DB_FETCHMODE_ASSOC))
{
echo " <center>\n";
echo " <font color=\"red\"><b>Some wacky error happened</b></font><br>\n";
echo " Newsletter for " . intToTextMonth($_POST['keyMonth'])
. " " . $_POST['keyYear'] . " does not exist and thus can't be edited\n";
echo " </center>\n";
return;
}
if (isset($_POST['editAction']) && $_POST['editAction'] == "add/replaceDoc")
{
editAddReplaceDoc($db, $resultRow);
}
elseif (isset($_POST['editAction']) && $_POST['editAction'] == "add/replacePdf")
{
editAddReplacePdf($db, $resultRow);
}
elseif (isset($_POST['editAction']) && $_POST['editAction'] == "deleteDoc")
{
editDeleteDoc($db, $resultRow);
}
elseif (isset($_POST['editAction']) && $_POST['editAction'] == "deletePdf")
{
editDeletePdf($db, $resultRow);
}
else
{
editDisplayForm($db, $resultRow);
}
}
function editDisplayForm($db, $resultRow)
{
echo " <table align=\"center\">\n";
echo " <tr>\n";
echo " <td colspan=\"3\" align=\"center\">\n";
echo " <h2>Edit Newsletter for " . intToTextMonth($_POST['keyMonth'])
. " " . $_POST['keyYear'] . "</h2>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td>\n";
echo " <b>Word Document</b>\n";
echo " </td>\n";
echo " <td>\n";
echo " <form action=\"newsletters.html\" method=\"post\" enctype=\"multipart/form-data\">\n";
echo " <input type=\"hidden\" name=\"action\" value=\"edit\">\n";
echo " <input type=\"hidden\" name=\"editAction\" value=\"add/replaceDoc\">\n";
echo " <input type=\"hidden\" name=\"keyYear\" value=\"" . $_POST['keyYear'] . "\">\n";
echo " <input type=\"hidden\" name=\"keyMonth\" value=\"" . $_POST['keyMonth'] . "\">\n";
echo " <input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"8388608\">\n";
echo " <input type=\"file\" name=\"docFile\" size=\"50\" accept=\"application/msword\">\n";
if ($resultRow['word_file'] > ' ')
{
echo " <input type=\"submit\" value=\"Replace\">\n";
echo " </form>\n";
echo " </td>\n";
echo " <td>\n";
echo " <form action=\"newsletters.html\" method=\"post\" enctype=\"multipart/form-data\">\n";
echo " <input type=\"hidden\" name=\"action\" value=\"edit\">\n";
echo " <input type=\"hidden\" name=\"editAction\" value=\"deleteDoc\">\n";
echo " <input type=\"hidden\" name=\"keyYear\" value=\"" . $_POST['keyYear'] . "\">\n";
echo " <input type=\"hidden\" name=\"keyMonth\" value=\"" . $_POST['keyMonth'] . "\">\n";
echo " <input type=\"submit\" value=\"Delete\">\n";
echo " </form>\n";
}
else
{
echo " <input type=\"submit\" value=\"Add\">\n";
echo " </form>\n";
echo " </td>\n";
echo " <td>\n";
}
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td>\n";
echo " <b>PDF Document</b>\n";
echo " </td>\n";
echo " <td>\n";
echo " <form action=\"newsletters.html\" method=\"post\" enctype=\"multipart/form-data\">\n";
echo " <input type=\"hidden\" name=\"action\" value=\"edit\">\n";
echo " <input type=\"hidden\" name=\"editAction\" value=\"add/replacePdf\">\n";
echo " <input type=\"hidden\" name=\"keyYear\" value=\"" . $_POST['keyYear'] . "\">\n";
echo " <input type=\"hidden\" name=\"keyMonth\" value=\"" . $_POST['keyMonth'] . "\">\n";
echo " <input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"8388608\">\n";
echo " <input type=\"file\" name=\"pdfFile\" size=\"50\" accept=\"application/msword\">\n";
if ($resultRow['pdf_file'] > ' ')
{
echo " <input type=\"submit\" value=\"Replace\">\n";
echo " </form>\n";
echo " </td>\n";
echo " <td>\n";
echo " <form action=\"newsletters.html\" method=\"post\" enctype=\"multipart/form-data\">\n";
echo " <input type=\"hidden\" name=\"action\" value=\"edit\">\n";
echo " <input type=\"hidden\" name=\"editAction\" value=\"deletePdf\">\n";
echo " <input type=\"hidden\" name=\"keyYear\" value=\"" . $_POST['keyYear'] . "\">\n";
echo " <input type=\"hidden\" name=\"keyMonth\" value=\"" . $_POST['keyMonth'] . "\">\n";
echo " <input type=\"submit\" value=\"Delete\">\n";
echo " </form>\n";
}
else
{
echo " <input type=\"submit\" value=\"Add\">\n";
echo " </form>\n";
echo " </td>\n";
echo " <td>\n";
}
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td colspan=\"3\" align=\"center\">\n";
echo " <form action=\"newsletters.html\" method=\"post\">\n";
echo " <input type=\"submit\" value=\"Done\">\n";
echo " </form>\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
}
function editAddReplaceDoc($db, $resultRow)
{
if ($_FILES['docFile']['size'] == 0)
{
echo " <center>\n";
echo " <font color=\"red\"><b>No new Word newsletter uploaded</b></font><br>\n";
echo " Newsletter for " . intToTextMonth($_POST['keyMonth'])
. " " . $_POST['keyYear'] . " was not changed\n";
echo " </center>\n";
editDisplayForm($db, $resultRow);
return;
}
$uploadfile = "newsletters/" . $_REQUEST['keyYear'] . "-"
. $_REQUEST['keyMonth'] . " Newsletter.doc";
if (move_uploaded_file($_FILES['docFile']['tmp_name'], $uploadfile))
{
chmod($uploadfile, 0775);
}
else
{
echo " <center>\n";
echo " <font color=\"red\"><b>File upload error (doc)</b></font><br>\n";
echo " Word newsletter for " . intToTextMonth($_POST['keyMonth'])
. " " . $_POST['keyYear'] . " failed to upload\n";
echo " </center>\n";
editDisplayForm($db, $resultRow);
return;
}
$wordFilename = $_REQUEST['keyYear'] . "-" . $_REQUEST['keyMonth']
. " Newsletter.doc";
$result = $db->query("update newsletters
set word_file = '" . $wordFilename . "'
where year = '" . $_REQUEST['keyYear'] . "'
and month = '" . $_REQUEST['keyMonth'] . "'");
if (DB::isError($result)) {dbError($result);}
if ($db->affectedRows() == 0)
{
echo " <center>\n";
echo " <font color=\"red\"><b>Some wacky error happened</b></font><br>\n";
echo " Word newsletter for " . intToTextMonth($_POST['keyMonth'])
. " " . $_POST['keyYear'] . " was not updated in database\n";
echo " </center>\n";
}
$resultRow['word_file'] = $wordFilename;
editDisplayForm($db, $resultRow);
}
function editAddReplacePdf($db, $resultRow)
{
if ($_FILES['pdfFile']['size'] == 0)
{
echo " <center>\n";
echo " <font color=\"red\"><b>No new PDF Newsletter uploaded</b></font><br>\n";
echo " Newsletter for " . intToTextMonth($_POST['keyMonth'])
. " " . $_POST['keyYear'] . " was not changed\n";
echo " </center>\n";
editDisplayForm($db, $resultRow);
return;
}
$uploadfile = "newsletters/" . $_REQUEST['keyYear'] . "-"
. $_REQUEST['keyMonth'] . " Newsletter.pdf";
if (move_uploaded_file($_FILES['pdfFile']['tmp_name'], $uploadfile))
{
chmod($uploadfile, 0775);
}
else
{
echo " <center>\n";
echo " <font color=\"red\"><b>File upload error (pdf)</b></font><br>\n";
echo " PDF newsletter for " . intToTextMonth($_POST['keyMonth'])
. " " . $_POST['keyYear'] . " failed to upload\n";
echo " </center>\n";
editDisplayForm($db, $resultRow);
return;
}
$pdfFilename = $_REQUEST['keyYear'] . "-" . $_REQUEST['keyMonth']
. " Newsletter.pdf";
$result = $db->query("update newsletters
set pdf_file = '" . $pdfFilename . "'
where year = '" . $_REQUEST['keyYear'] . "'
and month = '" . $_REQUEST['keyMonth'] . "'");
if (DB::isError($result)) {dbError($result);}
if ($db->affectedRows() == 0)
{
echo " <center>\n";
echo " <font color=\"red\"><b>Some wacky error happened</b></font><br>\n";
echo " PDF newsletter for " . intToTextMonth($_POST['keyMonth'])
. " " . $_POST['keyYear'] . " was not updated in database\n";
echo " </center>\n";
}
$resultRow['pdf_file'] = $pdfFilename;
editDisplayForm($db, $resultRow);
}
function editDeleteDoc($db, $resultRow)
{
if ($resultRow['pdf_file'] > ' ')
{
$result = $db->query("update newsletters
set word_file = ' '
where year = '" . $_POST['keyYear'] . "'
and month = '" . $_POST['keyMonth'] ."'");
if (DB::isError($result)) {dbError($result);}
if ($db->affectedRows() == 0)
{
echo " <center>\n";
echo " <font color=\"red\"><b>Some wacky error happened</b></font><br>\n";
echo " Newsletter for " . intToTextMonth($_POST['keyMonth'])
. " " . $_POST['keyYear'] . " does not exist and thus can't be deleted\n";
echo " </center>\n";
}
else
{
if (!unlink("newsletters/" . $resultRow[word_file]))
{
echo " <center>\n";
echo " <font color=\"red\"><b>Some wacky error happened</b></font><br>\n";
echo " Word document of " . intToTextMonth($_POST['keyMonth'])
. " " . $_POST['keyYear'] . " newsletter could not be deleted\n";
echo " </center>\n";
}
}
$resultRow['word_file'] = " ";
editDisplayForm($db, $resultRow);
}
else
{
$result = $db->query("delete from newsletters
where year = '" . $_POST['keyYear'] . "'
and month = '" . $_POST['keyMonth'] ."'");
if (DB::isError($result)) {dbError($result);}
if ($db->affectedRows() == 0)
{
echo " <center>\n";
echo " <font color=\"red\"><b>Some wacky error happened</b></font><br>\n";
echo " Newsletter for " . intToTextMonth($_POST['keyMonth'])
. " " . $_POST['keyYear'] . " does not exist and thus can't be deleted\n";
echo " </center>\n";
}
else
{
if (!unlink("newsletters/" . $resultRow[word_file]))
{
echo " <center>\n";
echo " <font color=\"red\"><b>Some wacky error happened</b></font><br>\n";
echo " Word document of " . intToTextMonth($_POST['keyMonth'])
. " " . $_POST['keyYear'] . " newsletter could not be deleted\n";
echo " </center>\n";
}
}
displayAddNewsletter();
displayNewsletters($db);
}
}
function editDeletePdf($db, $resultRow)
{
if ($resultRow['word_file'] > ' ')
{
$result = $db->query("update newsletters
set pdf_file = ' '
where year = '" . $_POST['keyYear'] . "'
and month = '" . $_POST['keyMonth'] ."'");
if (DB::isError($result)) {dbError($result);}
if ($db->affectedRows() == 0)
{
echo " <center>\n";
echo " <font color=\"red\"><b>Some wacky error happened</b></font><br>\n";
echo " Newsletter for " . intToTextMonth($_POST['keyMonth'])
. " " . $_POST['keyYear'] . " does not exist and thus can't be deleted\n";
echo " </center>\n";
}
else
{
if (!unlink("newsletters/" . $resultRow[pdf_file]))
{
echo " <center>\n";
echo " <font color=\"red\"><b>Some wacky error happened</b></font><br>\n";
echo " PDF document of " . intToTextMonth($_POST['keyMonth'])
. " " . $_POST['keyYear'] . " newsletter could not be deleted\n";
echo " </center>\n";
}
}
$resultRow['pdf_file'] = " ";
editDisplayForm($db, $resultRow);
}
else
{
$result = $db->query("delete from newsletters
where year = '" . $_POST['keyYear'] . "'
and month = '" . $_POST['keyMonth'] ."'");
if (DB::isError($result)) {dbError($result);}
if ($db->affectedRows() == 0)
{
echo " <center>\n";
echo " <font color=\"red\"><b>Some wacky error happened</b></font><br>\n";
echo " Newsletter for " . intToTextMonth($_POST['keyMonth'])
. " " . $_POST['keyYear'] . " does not exist and thus can't be deleted\n";
echo " </center>\n";
}
else
{
if (!unlink("newsletters/" . $resultRow[pdf_file]))
{
echo " <center>\n";
echo " <font color=\"red\"><b>Some wacky error happened</b></font><br>\n";
echo " PDF document of " . intToTextMonth($_POST['keyMonth'])
. " " . $_POST['keyYear'] . " newsletter could not be deleted\n";
echo " </center>\n";
}
}
displayAddNewsletter();
displayNewsletters($db);
}
}
function intToTextMonth($month)
{
switch ($month)
{
case 1: return "January"; break;
case 2: return "February"; break;
case 3: return "March"; break;
case 4: return "April"; break;
case 5: return "May"; break;
case 6: return "June"; break;
case 7: return "July"; break;
case 8: return "August"; break;
case 9: return "September"; break;
case 10: return "October"; break;
case 11: return "November"; break;
case 12: return "December"; break;
default: return "Error: intToTextMonth()"; break;
}
}
function dbError($dbReturn)
{
if($GLOBALS["debug"])
{
die($dbReturn->getDebugInfo());
}
else
{
die($dbReturn->getMessage());
}
}
?>
--------------020102060805060508080103--