i want to share my problem in my website
For the better understandng of my website, I want to tell all the details.
1. I have a database and i has a 2 tables 1 for the tbllogin which consist of Username and Department, and the second table is caltbl which i use for the calendar events.
2.When my website run the first webpage is the login form. If the Username and Department is correct she can browse the other webpages, like the calendar event.
3. In the calendar event you can see the calendar and when you click the date theirs a link "new event" appear and if theirs no existing event theres a text saying "No Events", when you click the link you can add events. I want that theirs a specific person that can only add events for the restriction of adding events. I want to happen that if the user is xxx and her department is yyy the link shoud appear and she can add events. i want that only to her the link should be appear..
here is my code in login page:
<?php
session_start();
session_regenerate_id();
if($_SESSION['loggedin']){
//the user is already logged in, lets redirect them to the other page
header("Location:company.php");
}
//require_once 'conn.php';
$db_name="dspi";
mysql_connect("localhost", "root", "") or die("Cannot connect to server");
mysql_select_db("$db_name")or die("Cannot select DB");
$department = mysql_real_escape_string($_POST['department']);
$username = mysql_real_escape_string($_POST['username']);
$sql=mysql_query("SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '{$department}' AND Username = '{$username}'") or die(mysql_error());
$ct = mysql_num_rows($sql);
if($ct == 1) {
// im guessing this means that the user is valid.
$_SESSION['loggedin'] = true; // now that the user is valid we change the session value.
$row = mysql_fetch_assoc($sql);
$_SESSION['username'] = $row['Username'] ;
$_SESSION['department'] = $row['Department'];
$Departments=array('Accounting', 'Engineering', 'Finishing_Goods', 'HRAD', 'MIS', 'Packaging_and_Design', 'Production', 'Purchasing_Logistic', 'QA_and_Technical', 'Supply_Chain');
if (in_array($row['Department'], $Departments)){
header ('Location:company.php');
}else{
echo "Incorrect Username or Department";
header ('Location:index.php');
}
}
?>
and this is my code in calendar event
<?php
$host = "localhost";
$username = "";
$password = "";
$dbCnx = @mysql_connect($host, $username, $password) or die('Could not Connect to the database');
$dbName = 'dspi';
mysql_select_db($dbName);
?>
<html>
<body>
<script>
function goLastMonth(month, year){
// If the month is January, decrement the year
if(month == 1){
--year;
month = 13;
}
document.location.href = '<?=$_SERVER['PHP_SELF'];?>?month='+(month-1)+'&year='+year;
}
//next function
function goNextMonth(month, year){
// If the month is December, increment the year
if(month == 12){
++year;
month = 0;
}
document.location.href = '<?=$_SERVER['PHP_SELF'];?>?month='+(month+1)+'&year='+year;
}
function remChars(txtControl, txtCount, intMaxLength)
{
if(txtControl.value.length > intMaxLength)
txtControl.value = txtControl.value.substring(0, (intMaxLength-1));
else
txtCount.value = intMaxLength - txtControl.value.length;
}
function checkFilled() {
var filled = 0
var x = document.form1.calName.value;
//x = x.replace(/^\s+/,""); // strip leading spaces
if (x.length > 0) {filled ++}
var y = document.form1.calDesc.value;
//y = y.replace(/^s+/,""); // strip leading spaces
if (y.length > 0) {filled ++}
if (filled == 2) {
document.getElementById("Submit").disabled = false;
}
else {document.getElementById("Submit").disabled = true} // in case a field is filled then erased
}
</script>
<?php
//$todaysDate = date("n/j/Y");
//echo $todaysDate;
// Get values from query string
$day = (isset($_GET["day"])) ? $_GET['day'] : "";
$month = (isset($_GET["month"])) ? $_GET['month'] : "";
$year = (isset($_GET["year"])) ? $_GET['year'] : "";
//comparaters for today's date
//$todaysDate = date("n/j/Y");
//$sel = (isset($_GET["sel"])) ? $_GET['sel'] : "";
//$what = (isset($_GET["what"])) ? $_GET['what'] : "";
//$day = (!isset($day)) ? $day = date("j") : $day = "";
if(empty($day)){ $day = date("j"); }
if(empty($month)){ $month = date("n"); }
if(empty($year)){ $year = date("Y"); }
//set up vars for calendar etc
$currentTimeStamp = strtotime("$year-$month-$day");
$monthName = date("F", $currentTimeStamp);
$numDays = date("t", $currentTimeStamp);
$counter = 0;
//$numEventsThisMonth = 0;
//$hasEvent = false;
//$todaysEvents = "";
//run a selec statement to hi-light the days
function hiLightEvt($eMonth,$eDay,$eYear){
//$tDayName = date("l");
$todaysDate = date("n/j/Y");
$dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear;
if($todaysDate == $dateToCompare){
//$aClass = '<span>' . $tDayName . '</span>';
$aClass='class="today"';
}else{
//$dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear;
//echo $todaysDate;
//return;
$sql="select count(calDate) as eCount from calTbl where calDate = '" . $eMonth . '/' . $eDay . '/' . $eYear . "'";
//echo $sql;
//return;
$result = mysql_query($sql);
while($row= mysql_fetch_array($result)){
if($row['eCount'] >=1){
$aClass = 'class="event"';
}elseif($row['eCount'] ==0){
$aClass ='class="normal"';
}
}
}
return $aClass;
}
?>
<div id="Calendar_Event">
<table width="350" cellpadding="0" cellspacing="0">
<tr>
<td width="50" colspan="1">
<input type="button" value=" < " onClick="goLastMonth(<?php echo $month . ", " . $year; ?>);">
</td>
<td width="250" colspan="5">
<span class="title" style="color:#FFFFFF"><?php echo $monthName . " " . $year; ?></span><br>
</td>
<td width="50" colspan="1" align="right">
<input type="button" value=" > " onClick="goNextMonth(<?php echo $month . ", " . $year; ?>);">
</td>
</tr>
<tr>
<th>M</td>
<th>T</td>
<th>W</td>
<th>T</td>
<th>F</td>
<th>S</td>
<th>S</td>
</tr>
<tr>
<?php
for($i = 1; $i < $numDays+1; $i++, $counter++){
$dateToCompare = $month . '/' . $i . '/' . $year;
$timeStamp = strtotime("$year-$month-$i");
//echo $timeStamp . '<br/>';
if($i == 1){
// Workout when the first day of the month is
$firstDay = date("N", $timeStamp);
for($j = 1; $j < $firstDay; $j++, $counter++){
echo "<td> </td>";
}
}
if($counter % 7 == 0 ){
?>
</tr><tr>
<?php
}
?>
<!--right here--><td width="50" <?=hiLightEvt($month,$i,$year);?>><a href="<?=$_SERVER['PHP_SELF'] . '?month='. $month . '&day=' . $i . '&year=' . $year;?>&v=1"><?=$i;?></a></td>
<?php
}
?>
</table>
</div>
<div id="New_Event">
<?php
if(isset($_GET['v'])){
if(isset($_POST['Submit'])){
$sql="insert into calTbl(calName,calDesc,calDate,calStamp) values('" . $_POST['calName'] ."','" . $_POST['calDesc'] . "','" . $_POST['calDate'] . "',now())";
mysql_query($sql);
}
$sql="select calName,calDesc, DATE_FORMAT(calStamp, '%a %b %e %Y') as calStamp from calTbl where calDate = '" . $month . '/' . $day . '/' . $year . "'";
//echo $sql;
//return;
$result = mysql_query($sql);
$numRows = mysql_num_rows($result);
$check=mysql_query("SELECT * FROM tbllogin WHERE Username='rhoda.barrera@dunlop.ph' AND Department='MIS'");
if (mysql_num_rows($check)>0){
?>
<a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">Add Even</a><a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">t</a><?php
}else{
echo 'You cannot Add New Event';
}?>
</div>
<div id="Cal_Event">
<?php
if(isset($_GET['f'])){
include 'calform.php';
}
if($numRows == 0 ){
echo '';
}else{
//echo '<ul>';
echo '<h3>Event Listed</h3>';
while($row = mysql_fetch_array($result)){
?>
<h5><?=$row['calName'];?></h5>
<?=$row['calDesc'];?><br/>
Listed On: <?=$row['calStamp'];?>
<?php
}
}
}
?>
</div>
</body>
</html>