Good day!

I created a webpages and i have a login page consist of Username and Department. And i encountered problem in adding event in my calendar.

This is the flow of my webpage:
First I have a separate table for the user and calendar. In my user table it has a Username, Department, and Permission. In the permission I put True or False, only one user i put True because i want that user is the one who permitted to add event or if she is login the add event link appear, but if other login the add even0t did not appear.

This is my code in login:


<?php
session_start();
session_regenerate_id();

if($_SESSION['loggedin']){
//the user is already logged in, lets redirect them to the other page
header("Location:company.php");
}

//require_once 'conn.php';
$db_name="dspi";

mysql_connect("localhost", "root", "") or die("Cannot connect to server");
mysql_select_db("$db_name")or die("Cannot select DB");


$department = mysql_real_escape_string($_POST['department']);
$username = mysql_real_escape_string($_POST['username']);

$sql=mysql_query("SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '{$department}' AND Username = '{$username}'") or die(mysql_error());
$ct = mysql_num_rows($sql);

if($ct == 1) {
// im guessing this means that the user is valid.
$_SESSION['loggedin'] = true; // now that the user is valid we change the session value.
$row = mysql_fetch_assoc($sql);

$_SESSION['username'] = $row['Username'] ;
$_SESSION['department'] = $row['Department'];

$Departments=array('Accounting', 'Engineering', 'Finishing_Goods', 'HRAD', 'MIS', 'Packaging_and_Design', 'Production', 'Purchasing_Logistic', 'QA_and_Technical', 'Supply_Chain');

if (in_array($row['Department'], $Departments)){
header ('Location:company.php');
}else{
echo "Incorrect Username or Department";
header ('Location:index.php');
}
}
?>


and this is my code in calendar page:


<?php

session_start();
$host = "localhost";

$username = "";

$password = "";

$dbCnx = @mysql_connect($host, $username, $password) or die('Could not Connect to the database');

$dbName = 'dspi';

mysql_select_db($dbName);
?>
<html>
<body>
<script>
function goLastMonth(month, year){
// If the month is January, decrement the year
if(month == 1){
--year;
month = 13;
}
document.location.href = '<?=$_SERVER['PHP_SELF'];?>?month='+(month-1)+'&year='+year;
}
//next function
function goNextMonth(month, year){
// If the month is December, increment the year
if(month == 12){
++year;
month = 0;
}
document.location.href = '<?=$_SERVER['PHP_SELF'];?>?month='+(month+1)+'&year='+year;
}

function remChars(txtControl, txtCount, intMaxLength)
{
if(txtControl.value.length > intMaxLength)
txtControl.value = txtControl.value.substring(0, (intMaxLength-1));
else
txtCount.value = intMaxLength - txtControl.value.length;
}

function checkFilled() {
var filled = 0
var x = document.form1.calName.value;
//x = x.replace(/^\s+/,""); // strip leading spaces
if (x.length > 0) {filled ++}

var y = document.form1.calDesc.value;
//y = y.replace(/^s+/,""); // strip leading spaces
if (y.length > 0) {filled ++}

if (filled == 2) {
document.getElementById("Submit").disabled = false;
}
else {document.getElementById("Submit").disabled = true} // in case a field is filled then erased

}

</script>

<?php
//$todaysDate = date("n/j/Y");
//echo $todaysDate;
// Get values from query string
$day = (isset($_GET["day"])) ? $_GET['day'] : "";
$month = (isset($_GET["month"])) ? $_GET['month'] : "";
$year = (isset($_GET["year"])) ? $_GET['year'] : "";
//comparaters for today's date
//$todaysDate = date("n/j/Y");
//$sel = (isset($_GET["sel"])) ? $_GET['sel'] : "";
//$what = (isset($_GET["what"])) ? $_GET['what'] : "";

//$day = (!isset($day)) ? $day = date("j") : $day = "";
if(empty($day)){ $day = date("j"); }

if(empty($month)){ $month = date("n"); }

if(empty($year)){ $year = date("Y"); }
//set up vars for calendar etc
$currentTimeStamp = strtotime("$year-$month-$day");
$monthName = date("F", $currentTimeStamp);
$numDays = date("t", $currentTimeStamp);
$counter = 0;
//$numEventsThisMonth = 0;
//$hasEvent = false;
//$todaysEvents = "";
//run a selec statement to hi-light the days
function hiLightEvt($eMonth,$eDay,$eYear){
//$tDayName = date("l");
$todaysDate = date("n/j/Y");
$dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear;
if($todaysDate == $dateToCompare){
//$aClass = '<span>' . $tDayName . '</span>';
$aClass='class="today"';
}else{
//$dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear;
//echo $todaysDate;
//return;
$sql="select count(calDate) as eCount from calTbl where calDate = '" . $eMonth . '/' . $eDay . '/' . $eYear . "'";
//echo $sql;
//return;
$result = mysql_query($sql);
while($row= mysql_fetch_array($result)){
if($row['eCount'] >=1){
$aClass = 'class="event"';
}elseif($row['eCount'] ==0){
$aClass ='class="normal"';
}
}
}
return $aClass;
}
?>
<div id="Calendar_Event">
<table width="350" cellpadding="0" cellspacing="0">
<tr>
<td width="50" colspan="1">
<input type="button" value=" < " onClick="goLastMonth(<?php echo $month . ", " . $year; ?>);">
</td>
<td width="250" colspan="5">
<span class="title" style="color:#FFFFFF"><?php echo $monthName . " " . $year; ?></span><br>
</td>
<td width="50" colspan="1" align="right">
<input type="button" value=" > " onClick="goNextMonth(<?php echo $month . ", " . $year; ?>);">
</td>
</tr>
<tr>
<th>M</td>
<th>T</td>
<th>W</td>
<th>T</td>
<th>F</td>
<th>S</td>
<th>S</td>
</tr>
<tr>
<?php
for($i = 1; $i < $numDays+1; $i++, $counter++){
$dateToCompare = $month . '/' . $i . '/' . $year;
$timeStamp = strtotime("$year-$month-$i");
//echo $timeStamp . '<br/>';
if($i == 1){
// Workout when the first day of the month is
$firstDay = date("N", $timeStamp);
for($j = 1; $j < $firstDay; $j++, $counter++){
echo "<td>&nbsp;</td>";
}
}
if($counter % 7 == 0 ){
?>
</tr><tr>
<?php
}
?>
<!--right here--><td width="50" <?=hiLightEvt($month,$i,$year);?>><a href="<?=$_SERVER['PHP_SELF'] . '?month='. $month . '&day=' . $i . '&year=' . $year;?>&v=1"><?=$i;?></a></td>
<?php
}
?>
</table>
</div>
<div id="New_Event">
<?php
if(isset($_GET['v'])){
if(isset($_POST['Submit'])){
$sql="insert into calTbl(calName,calDesc,calDate,calStamp) values('" . $_POST['calName'] ."','" . $_POST['calDesc'] . "','" . $_POST['calDate'] . "',now())";
mysql_query($sql);
}
$sql="select calName,calDesc, DATE_FORMAT(calStamp, '%a %b %e %Y') as calStamp from calTbl where calDate = '" . $month . '/' . $day . '/' . $year . "'";
//echo $sql;
//return;
$result = mysql_query($sql);
$numRows = mysql_num_rows($result);

$check=mysql_query("SELECT * FROM tbllogin WHERE Username='xxx' AND Department='HRAD' AND Permission='True'");
mysql_fetch_array($check);
if($check['Username']=='xxx' && $check['Department']=='HRAD'){
$_SESSION['isallowed'] = $check['Permission'];



//if (mysql_num_rows($check)>0){
?>
<a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">Add Even</a><a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">t</a><?php
}else{
echo 'You cannot Add New Event';
}?>
</div>
<div id="Cal_Event">
<?php
if(isset($_GET['f'])){
include 'calform.php';
}
if($numRows == 0 ){
echo '';
}else{
//echo '<ul>';
echo '<h3>Event Listed</h3>';
while($row = mysql_fetch_array($result)){
?>

<h5><?=$row['calName'];?></h5>
<?=$row['calDesc'];?><br/>
Listed On: <?=$row['calStamp'];?>
<?php
}
}
}
?>
</div>
</body>
</html>


In that code when the user log is xxx and when she click a date she want to add event the appear is "You cannot Add Event".

I hope somebody can help me..


Thank you in advance...

Well based on what you show us I don't see anywhere you define the values of $check that you use in your if() right before you issue you have. You are using the $check but nowhere do you give them a value from a query or anything, so of course the you are getting to the else() rather than the link you desire. I imagine that you need to use $_SESSION instead of $check.

Well based on what you show us I don't see anywhere you define the values of $check that you use in your if() right before you issue you have. You are using the $check but nowhere do you give them a value from a query or anything, so of course the you are getting to the else() rather than the link you desire. I imagine that you need to use $_SESSION instead of $check.

$check is only a variable

Sorry I totally missed the that you used it right above where I was looking.
Try this though:

$check1=mysql_query("SELECT * FROM tbllogin WHERE Username='xxx' AND Department='HRAD' AND Permission='True'");
$check2 = mysql_fetch_array($check1);
if($check2['Username']=='xxx' && $check2['Department']=='HRAD'){
$_SESSION['isallowed'] = $check2['Permission'];

Sorry I totally missed the that you used it right above where I was looking.
Try this though:

$check1=mysql_query("SELECT * FROM tbllogin WHERE Username='xxx' AND Department='HRAD' AND Permission='True'");
$check2 = mysql_fetch_array($check1);
if($check2['Username']=='xxx' && $check2['Department']=='HRAD'){
$_SESSION['isallowed'] = $check2['Permission'];
I try the code you suggested and in all user the add event link appear

well you're getting closer than. I assume you are not actually using the xxx in the query but merely a example for us to see. If that's true did you set that back to what it should be before testing. The issue seems to be either how or what you are checking in the query to make it TRUE so it doesn't hit your else().

well you're getting closer than. I assume you are not actually using the xxx in the query but merely a example for us to see. If that's true did you set that back to what it should be before testing. The issue seems to be either how or what you are checking in the query to make it TRUE so it doesn't hit your else().

i query the permission...I'm sorry i'm not good in coding

well you're getting closer than. I assume you are not actually using the xxx in the query but merely a example for us to see. If that's true did you set that back to what it should be before testing. The issue seems to be either how or what you are checking in the query to make it TRUE so it doesn't hit your else().
i add some code in the condition for adding event but still other user can add event:



$check1=mysql_query("SELECT * FROM tbllogin WHERE Username='xxx' AND Department='HRAD' AND Permission='True'");
$check2 = mysql_fetch_array($check1);
if($check2['Username']=='xxx' && $check2['Department']=='HRAD' && $check2['Permission']=='True'){
$_SESSION['isallowed'] = $check2['Permission'];


i put in if condition the $check2['Permission']=='True'

Please post up exactly what your code currently is after what I told you to try and please don't change anything that the live site will use (don't substitute any thing for xxx or whatever, the real code you are going to use please)

I think I may have found the issue. You have { in your comments that you and I assumed was not acting in the code but it seems to be using it. Delete that and try it.


//if (mysql_num_rows($check)>0){

I think I may have found the issue. You have { in your comments that you and I assumed was not acting in the code but it seems to be using it. Delete that and try it.


//if (mysql_num_rows($check)>0){

I do what you suggested



$check1=mysql_query("SELECT * FROM tbllogin WHERE Username='sammy' AND Department='HRAD' AND Permission='True'");
$check2 = mysql_fetch_array($check1);
if($check2['Username']=='sammy' && $check2['Department']=='HRAD' && $check2['Department']=='True'){
$_SESSION['isallowed'] = $check2['Permission'];

?>
<a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">Add Even</a><a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">t</a><?php
}else{
echo 'You cannot Add New Event';
}?>


when sammy was login he cannot add event even he is the one who permitted to add event. When he try to add event the message "You cannot Add New Event" was appear and when some user login who are not permitted to login the message "You cannot Add New Event" was appear that is correct.

I delete the comment that you said

code:



$check1=mysql_query("SELECT * FROM tbllogin WHERE Username='sammy' AND Department='HRAD' AND Permission='True'");
$check2 = mysql_fetch_array($check1);
if($check2['Username']=='sammy' && $check2['Department']=='HRAD' && $check2['Department']=='True'){
$_SESSION['isallowed'] = $check2['Permission'];

?>
<a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">Add Even</a><a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">t</a><?php
}else{
echo 'You cannot Add New Event';
}?>


when sammy is login and he try to add event instead the add event link will appear the message "You cannot Add New Event " was appear and when the other user try to add event the message "You cannot Add New Event" appear which is correct.

I noticed now that you are checking Department for 2 different values instead of using the Permission for one of them. Change it to this and let me know.

$check1=mysql_query("SELECT * FROM tbllogin WHERE Username='sammy' AND Department='HRAD' AND Permission='True'");
$check2 = mysql_fetch_array($check1);
if($check2['Username']=='sammy' && $check2['Department']=='HRAD' && $check2['Permission']=='True'){
$_SESSION['isallowed'] = $check2['Permission'];

If that stills does not work then you need to start echoing out the info you are getting from the db and compare it to the variables you want them to equal. So then do this:

$check1=mysql_query("SELECT * FROM tbllogin WHERE Username='sammy' AND Department='HRAD' AND Permission='True'");
$check2 = mysql_fetch_array($check1);
$username = $check2['Username'];
$dep = $check2['Department'];
$permiss = $check2['Permission'];
echo "$username<br/>$dep<br/>$permiss<br/><br/>";
if($username=="sammy" && $dep=="HRAD" && $permiss=="True"){
$_SESSION['isallowed'] = $check2['Permission'];

I noticed now that you are checking Department for 2 different values instead of using the Permission for one of them. Change it to this and let me know.

$check1=mysql_query("SELECT * FROM tbllogin WHERE Username='sammy' AND Department='HRAD' AND Permission='True'");
$check2 = mysql_fetch_array($check1);
if($check2['Username']=='sammy' && $check2['Department']=='HRAD' && $check2['Permission']=='True'){
$_SESSION['isallowed'] = $check2['Permission'];

If that stills does not work then you need to start echoing out the info you are getting from the db and compare it to the variables you want them to equal. So then do this:

$check1=mysql_query("SELECT * FROM tbllogin WHERE Username='sammy' AND Department='HRAD' AND Permission='True'");
$check2 = mysql_fetch_array($check1);
$username = $check2['Username'];
$dep = $check2['Department'];
$permiss = $check2['Permission'];
echo "$username<br/>$dep<br/>$permiss<br/><br/>";
if($username=="sammy" && $dep=="HRAD" && $permiss=="True"){
$_SESSION['isallowed'] = $check2['Permission'];


Thank you for the suggested code. I try the code and the result is when sammy is login and he try to add event his username, department, and permission was appear and also the add even. Then I try to login as different user. The problem is when the user try to adtd event the username, department, permission of sammy was appear even he is not sammy and also the add event link was appear also. i want that if other user try to add event the message "You cannot add Event" Appear and only to sammy the add event link appear.

I have an idea that i could not echo the information of sammy because in all user who try to add event all the information of sammy appear to them.I am right??

Thank you...

I'm starting to get this now, I understood all along what you are trying to do but I'm understanding how we need to check this.
First we need to check if the current user is in fact sammy and then run the query if he is or echo You cannot Add New Event is it is not. The key is the first part of that last sentence.
Try this, this will only work is $_SESSION['username'] is set from the login.


<?php
if ($_SESSION['username']=="sammy")
{
$check1=mysql_query("SELECT * FROM tbllogin WHERE Username='sammy' AND Department='HRAD' AND Permission='True'");
$check2 = mysql_fetch_array($check1);
$username = $check2['Username'];
$dep = $check2['Department'];
$permiss = $check2['Permission'];
echo "$username<br/>$dep<br/>$permiss<br/><br/>";
if($username=="sammy" && $dep=="HRAD" && $permiss=="True"){
$_SESSION['isallowed'] = $check2['Permission'];

?>
<a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">Add Event</a>
<?php
}
else
{ echo "You cannot Add New Event"; }
?>

I'm starting to get this now, I understood all along what you are trying to do but I'm understanding how we need to check this.
First we need to check if the current user is in fact sammy and then run the query if he is or echo You cannot Add New Event is it is not. The key is the first part of that last sentence.
Try this, this will only work is $_SESSION['username'] is set from the login.


<?php
if ($_SESSION['username']=="sammy")
{
$check1=mysql_query("SELECT * FROM tbllogin WHERE Username='sammy' AND Department='HRAD' AND Permission='True'");
$check2 = mysql_fetch_array($check1);
$username = $check2['Username'];
$dep = $check2['Department'];
$permiss = $check2['Permission'];
echo "$username<br/>$dep<br/>$permiss<br/><br/>";
if($username=="sammy" && $dep=="HRAD" && $permiss=="True"){
$_SESSION['isallowed'] = $check2['Permission'];

?>
<a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">Add Event</a>
<?php
}
else
{ echo "You cannot Add New Event"; }
?>


This code was solved my problem. But when i try it first i got an parse error because the first if statement was not close and i close it, so the error was solve. And also the echo of username i deleted.

This is my code:


if ($_SESSION['username']=="rhoda.barrera@dunlop.ph")
{
$check1=mysql_query("SELECT * FROM tbllogin WHERE Username='sammy' AND Department='MIS' AND Permission='True'");
$check2 = mysql_fetch_array($check1);
$username = $check2['Username'];
$dep = $check2['Department'];
$permiss = $check2['Permission'];
//echo "$username<br/>$dep<br/>$permiss<br/><br/>";
if($username=="sammy" && $dep=="MIS" && $permiss=="True"){
$_SESSION['isallowed'] = $check2['Permission'];

?>
<a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">Add Even</a><a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">t</a>
<?php
}
}
else
{ echo "You cannot Add New Event"; }

?>


And the result of this code is when the user sammy was login the add event was appear and the rest user the message "You Cannot Add New Event" was appear to them because they are not permitted to add event. That's what i want to make happen. ANd now it happened..

Thank you so much....

good deal, glad it worked.