Creating EditUser Page
The EditUser page is very similar to the NewUser. The main difference is that when EditUser is initially requested, the input fields should be initialized with existing user information. Another slight difference is that EditUser can also be accessed by normal users.
To determine which user account is to be editted, we use the following policy:
- If the current user is an administrator, he can edit any user account by specifying the account's username in a GET variable named 'username'. For example, http://hostname/blog/index.php?page=users.EditUser&username=demo.
- If the current user is an administrator and the URl does not contain 'username', the administrator himself's data is being updated.
- If the current user is a normal user, he can only edit his own account information, and he cannot modify his role data.
We create two files protected/pages/users/EditUser.page and protected/pages/users/EditUser.php to save the page template and page class, respectively.
Creating Page Template
As you may have guessed, the page template EditUser is largely the same as that of NewUser. Besides the difference in page title and the caption of the submit button, there are three main differences.
- The "username" text box is replaced by a TLabel control because we do not allow modifying username;
- The validator for the "password" input is removed. This is because if the user does not provide a password during editting, it means the user does not want to change the password.
- The "role" input is surrounded with TControl whose visibility is toggled according to the role of the currently logged-in user. If the user is not an administrator, the "role" input will not be displayed because normal users are not allowed to modify their roles.
<%@ Title="My Blog - Edit User" %>
<com:TLabel ID="Username" />
<com:TTextBox ID="Password" TextMode="Password" />
ErrorMessage="Your password entries did not match."
<com:TTextBox ID="Password2" TextMode="Password" />
ErrorMessage="Please provide your email address."
ErrorMessage="You entered an invalid email address."
<com:TTextBox ID="Email" />
<com:TControl Visible="<%= $this->User->IsAdmin %>">
<com:TListItem Text="Normal User" Value="0" />
<com:TListItem Text="Administrator" Value="1" />
<com:TTextBox ID="FirstName" />
<com:TTextBox ID="LastName" />
<com:TButton Text="Save" OnClick="saveButtonClicked" />
Creating Page Class
Based on the above description and template, we need to write a page class that initializes the inputs with the existing user information. In addition, the page class also needs to implement the saveButtonClicked() method which is attached to the "save" button's OnClick event.
class EditUser extends TPage
public function onInit($param)
public function saveButtonClicked($sender,$param)
protected function getUserRecord()
if($this->User->IsAdmin && $this->Request['username']!==null)
if(!($userRecord instanceof UserRecord))
throw new THttpException(500,'Username is invalid.');
method is invoked by PRADO during one of the page lifecycles
. Other commonly overriden lifecycle methods include onPreInit()
Adding Permission Check
To make the EditUser page also accessible by authenticated users (users="@"), we need to adjust the page configuration file protected/pages/users/config.xml accordingly.
<?xml version="1.0" encoding="utf-8"?>
<allow users="@" pages="EditUser"/>
To test the EditUser page, visit the URL http://hostname/blog/index.php?page=users.EditUser&username=demo. You may be required to login first if you have not done so. Try logging in with different accounts (e.g. admin/demo, demo/demo) and see how the page displays differently.