Let's customize

Each visitor to your site who wants to customize the view will need a unique account. Visitors register by filling out a simple form. You should not activate visitors' accounts until they verify their account information by responding to an e-mail from the site. This should help to minimize bogus accounts, because you can run nightly queries and delete accounts that that have not been activated after a period of time.

I have included some sample code in login.php that handles both regular logins and new user registration. By passing additional variables to a PHP script you can determine which action to perform and keep the number of scripts to a minimum.

After visitors register for an account, they are sent an e-mail with a link that contains a confirmation code. By following this link and entering an e-mail address and password, visitors verify their accounts and are taken to the user preferences page (edit_user.php). On this page, visitors can enter their first and last names, the news sources they do not want to see when they visit your site (the default is all sources), and the colors used to display site structural elements. The First Name field is used to greet the user when they visit your site. Figure 1 shows an example of the preferences page.

Figure 1. Preferences page (click to enlarge)

Now that visitors can log in and set their preferences, you need a way to retrieve the values. The function in Listing 1 does exactly that.

user_funcs.php (get_user_data)

function get_user_data($user_id) {

        global $s_first_name, $s_last_name, $s_preferences, $s_color;
        
        $query = "SELECT * FROM user WHERE user_id='$user_id' AND active='Y'";
        $result = mysql_query($query) or die ("Query failed");
        
        if (mysql_num_rows($result) > 0) {
        
                session_register('s_first_name');

                session_register('s_last_name');
                session_register('s_preferences');
                session_register('s_color');
                
                $row = mysql_fetch_array($result);
                $s_first_name = $row['first_name'];
                $s_last_name = $row['last_name'];
                $length = strlen($row['preferences']);
                for ($i = 0; $i < $length; $i++) { $s_preferences[$i] = $row['preferences'][$i]; }

                $s_color = $row['color'];
        }
}

The get_user_data function is called with a parameter that contains the visitor's user ID. The function then defines a set of global variables so that they can be imported into the scope of the function. Next, it queries the database to retrieve all the information about the given user ID, while checking to make sure the user ID is active. If the user ID is found, the code calls the session_register function to register the visitor's session variables.

Session management is a new feature of PHP version 4. To use this feature, you have to activate it by calling the session_start function in every script that needs session management. To start session management automatically on every script, set the session.auto_start variable to 1 in your php.ini file. When visitors come to your site, they are assigned a session identifier, a semirandom hash value that uniquely identifies each visitor. The session ID is stored either as a cookie in the user's browser or as a URL parameter. When you register session variables for a user, the variables are passed along in the global $HTTP_STATE_VARS array. Your scripts can now access the global variables for each session without having to pass them to each other. The final section of code in this function pulls the data from the query result (the $row variable), and stores it in the session variables as separate preferences.