21 replies to this topic

[newphpcoder]

i want to share my problem in my website

For the better understandng of my website, I want to tell all the details.

1. I have a database and i has a 2 tables 1 for the tbllogin which consist of Username and Department, and the second table is caltbl which i use for the calendar events.

2.When my website run the first webpage is the login form. If the Username and Department is correct she can browse the other webpages, like the calendar event.


3. In the calendar event you can see the calendar and when you click the date theirs a link "new event" appear and if theirs no existing event theres a text saying "No Events", when you click the link you can add events. I want that theirs a specific person that can only add events for the restriction of adding events. I want to happen that if the user is xxx and her department is yyy the link shoud appear and she can add events. i want that only to her the link should be appear..

here is my code:

<?php

$host = "localhost";


	$username = "";


	$password = "";


	$dbCnx = @mysql_connect($host, $username, $password) or die('Could not Connect to the database');


	$dbName = 'dspi';


	mysql_select_db($dbName);	

?>

<html>

<script>

function goLastMonth(month, year){

// If the month is January, decrement the year

if(month == 1){

--year;

month = 13;

}

document.location.href = '<?=$_SERVER['PHP_SELF'];?>?month='+(month-1)+'&year='+year;

}

//next function

function goNextMonth(month, year){

// If the month is December, increment the year

if(month == 12){

++year;

month = 0;

}

document.location.href = '<?=$_SERVER['PHP_SELF'];?>?month='+(month+1)+'&year='+year;

} 


function remChars(txtControl, txtCount, intMaxLength)

{

if(txtControl.value.length > intMaxLength)

txtControl.value = txtControl.value.substring(0, (intMaxLength-1));

else

txtCount.value = intMaxLength - txtControl.value.length;

}


function checkFilled() {

var filled = 0

var x = document.form1.calName.value;

//x = x.replace(/^\s+/,""); // strip leading spaces

if (x.length > 0) {filled ++}


var y = document.form1.calDesc.value;

//y = y.replace(/^s+/,""); // strip leading spaces

if (y.length > 0) {filled ++}


if (filled == 2) {

document.getElementById("Submit").disabled = false;

}

else {document.getElementById("Submit").disabled = true} // in case a field is filled then erased


}


</script>

<body>

<?php

//$todaysDate = date("n/j/Y");

//echo $todaysDate;

// Get values from query string

$day = (isset($_GET["day"])) ? $_GET['day'] : "";

$month = (isset($_GET["month"])) ? $_GET['month'] : "";

$year = (isset($_GET["year"])) ? $_GET['year'] : "";

//comparaters for today's date

//$todaysDate = date("n/j/Y");

//$sel = (isset($_GET["sel"])) ? $_GET['sel'] : "";

//$what = (isset($_GET["what"])) ? $_GET['what'] : "";


//$day = (!isset($day)) ? $day = date("j") : $day = "";

if(empty($day)){ $day = date("j"); }


if(empty($month)){ $month = date("n"); }


if(empty($year)){ $year = date("Y"); } 

//set up vars for calendar etc

$currentTimeStamp = strtotime("$year-$month-$day");

$monthName = date("F", $currentTimeStamp);

$numDays = date("t", $currentTimeStamp);

$counter = 0;

//$numEventsThisMonth = 0;

//$hasEvent = false;

//$todaysEvents = ""; 

//run a selec statement to hi-light the days

function hiLightEvt($eMonth,$eDay,$eYear){

//$tDayName = date("l");

$todaysDate = date("n/j/Y");

$dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear;

if($todaysDate == $dateToCompare){

//$aClass = '<span>' . $tDayName . '</span>';

$aClass='class="today"';

}else{

//$dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear;

//echo $todaysDate;

//return;

$sql="select count(calDate) as eCount from calTbl where calDate = '" . $eMonth . '/' . $eDay . '/' . $eYear . "'";

//echo $sql;

//return;

$result = mysql_query($sql);

while($row= mysql_fetch_array($result)){

if($row['eCount'] >=1){

$aClass = 'class="event"';

}elseif($row['eCount'] ==0){

$aClass ='class="normal"';

}

}

}

return $aClass;

}

?>

<div id="Calendar_Event">

<table width="350" cellpadding="0" cellspacing="0">

<tr>

<td width="50" colspan="1">

<input type="button" value=" < " onClick="goLastMonth(<?php echo $month . ", " . $year; ?>);">

</td>

<td width="250" colspan="5">

<span class="title" style="color:#FFFFFF"><?php echo $monthName . " " . $year; ?></span><br>

</td>

<td width="50" colspan="1" align="right">

<input type="button" value=" > " onClick="goNextMonth(<?php echo $month . ", " . $year; ?>);">

</td>

</tr> 

<tr>

<th>M</td>

<th>T</td>

<th>W</td>

<th>T</td>

<th>F</td>

<th>S</td>

<th>S</td>

</tr>

<tr>

<?php

for($i = 1; $i < $numDays+1; $i++, $counter++){

$dateToCompare = $month . '/' . $i . '/' . $year;

$timeStamp = strtotime("$year-$month-$i");

//echo $timeStamp . '<br/>';

if($i == 1){

// Workout when the first day of the month is

$firstDay = date("N", $timeStamp);

for($j = 1; $j < $firstDay; $j++, $counter++){

echo "<td> </td>";

} 

}

if($counter % 7 == 0 ){

?>

</tr><tr>

<?php

}

?>

<!--right here--><td width="50" <?=hiLightEvt($month,$i,$year);?>><a href="<?=$_SERVER['PHP_SELF'] . '?month='. $month . '&day=' . $i . '&year=' . $year;?>&v=1"><?=$i;?></a></td> 

<?php

}

?>

</table>

</div>

<div id="New_Event">

<?php

if(isset($_GET['v'])){

if(isset($_POST['Submit'])){

$sql="insert into calTbl(calName,calDesc,calDate,calStamp) values('" . $_POST['calName'] ."','" . $_POST['calDesc'] . "','" . $_POST['calDate'] . "',now())";

mysql_query($sql);

}

$sql="select calName,calDesc, DATE_FORMAT(calStamp, '%a %b %e %Y') as calStamp from calTbl where calDate = '" . $month . '/' . $day . '/' . $year . "'";

//echo $sql;

//return;

$result = mysql_query($sql);

$numRows = mysql_num_rows($result);


$check=mysql_query("SELECT * FROM tbllogin WHERE Username='rhoda.barrera@dunlop.ph' AND Department='MIS'");

if (mysql_num_rows($check)>0){ 

?>

<a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">Add Even</a><a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">t</a><?php

}else{

echo 'You cannot Add New Event';

}?>

</div>

<div id="Cal_Event">

<?php

if(isset($_GET['f'])){

include 'calForm.php';

}

if($numRows == 0 ){

echo '';

}else{

//echo '<ul>';

echo '<h3>Event Listed</h3>';

while($row = mysql_fetch_array($result)){

?>


<h5><?=$row['calName'];?></h5>

<?=$row['calDesc'];?><br/>

Listed On: <?=$row['calStamp'];?>

<?php

}

}

}

?>

</div>

</body>

</html>

[matrob]

I'm not quite sure I understand your problem, but I think you are trying to verify that the user trying to add/edit an event is allowed to? If so, you could keep database records of who is allowed to edit an event, and compare that against a session variable $_SESSION['user'].

[newphpcoder]

matrob said:

I'm not quite sure I understand your problem, but I think you are trying to verify that the user trying to add/edit an event is allowed to? If so, you could keep database records of who is allowed to edit an event, and compare that against a session variable $_SESSION['user'].

The problem is in my login page the session was not work so i can't use session in calendar page, to check if the user who are login is the one who are permitted to add event

[matrob]

What is the code in your login page to set the session variable?

[newphpcoder]

Actually as of now the session in my login is still my problem, because it doesn't work, cause even i already login and i try to login again , i could login again.

[Orjan]

at first, you must run session_start() each run. so if you have different files ran at different times, each of them needs an session_start() before anything else is outputted from that very file

[newphpcoder]

Orjan said:

at first, you must run session_start() each run. so if you have different files ran at different times, each of them needs an session_start() before anything else is outputted from that very file

you mean thta in all my webpages I have a session_start?

The session on my index.php or login page was not yet finish, because honestly, i have no idea about how to use session and how the code session help my problem.


Thank you...

[dbug]

When you call session_start() from a PHP script it tries to find a previously created session for the client that made the request. This is done using a cookie that identifies the current session. If no session exists for that client, it creates a new one. If a session already exists, it loads it.

While you process the request you can read or write data to the session variable ($_SESSION). When you are finished, the session data is automatically saved in permanent (or semi-permanent) storage. When you make a new request, PHP does not know that there were preious session data, so you must explicitly call session_start() again to load the previously saved session information from the storage. This is why you need to call session_start() from each possible script the client can call.

[newphpcoder]

Good day!

The session in my login page is like this:

<?php

session_start(); 

session_regenerate_id(); 


if($_SESSION['loggedin']){ 

//the user is already logged in, lets redirect them to the other page 

    header("Location:Company.php"); 

} 


//and to check if the user is valid

 if($ct == 1) { 

// im guessing this means that the user is valid. 

$_SESSION['loggedin'] = true; // now that the user is valid we change the session value. 

            $row = mysql_fetch_assoc($sql);   

          

            if($row['Department']=='Accounting') { 

                header('location: Company.php'); 

            } elseif($row['Department']=='Engineering') { 

                header('location: Company.php'); 

            } elseif($row['Department']=='Finishing_Goods') { 

                header('location: Company.php'); 

            } elseif($row['Department']=='HRAD') { 

                header('location: Company.php'); 

            } elseif($row['Department']=='MIS') { 

                header('location:Company.php'); 

            } elseif($row['Department']=='Packaging_and_Design') { 

                header('location:Company.php'); 

            } elseif($row['Department']=='Production') { 

                header('location:Company.php'); 

            } elseif($row['Department']=='Purchasing_Logistic') { 

                header('location:Company.php'); 

            } elseif($row['Department']=='QA_and_Technical') { 

                header('location:Company.php'); 

            } elseif($row['Department']=='Supply_Chain') { 

                header('location:Company.php'); 

            } 

            else { 

                header('location:index.php'); 

                echo"Incorrect Username or Department"; 

                 

                }   

    } 

?> 

my problem is how can i use session in calendar.php to check if the user xxx is the user who i permitted to add event.

[dbug]

In the login.php you should add some variable to $_SESSION identifying the user name or its id or its rights, and then in calendar.php use this:

<?php


session_start();


if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] &&

    isset($_SESSION['canaddevent'] && $_SESSION['canaddevent'])

{

    ...code to add an event...

}

It's a very simplified example. I used a simple boolean called 'canaddevent' to determine if the current user can add an event. This variable should have been defined in login.php. You can use other variables or checks to determine if the current session can create an event.

[Orjan]

This is a function I use to start my session. this is called on each and every page with the two parameters id and time, the id parameter just is an static id of your application and time is how many seconds you want the session to be active, for example 3600 for an hour.

function startsession($id, $time)

{

    session_name($id);

    session_set_cookie_params($time);

    session_start();

    $logouttime = time() + $time;

    if (isset($_COOKIE[$id])) {

        setcookie($id, $_COOKIE[$id], $logouttime, "/");

    }

}

example of usage, ran on each and every page: ("MyAppName" can be whatever string, but it must be the same in the whole page, so it matches this very session all the time. the use of id like this makes it possibly to use several parallel web apps on the same server without them interfering with each other).

startsession("MyAppName", 3600);

Then, when someone login, I do this to mark the login:

$_SESSION['userid'] = $id;

and I can now check with

if ($_SESSION['userid'] != "") {

// user is logged in

} else {

// user is not logged in

}

When a person is logged out, I simply do:

session_destroy();

which means that next time the user loads the page, there is a new session started instead of the one I just destroyed... and the session data is destroyed...
so.. this means that you start the session when the person still isn't logged in, populate the session with data on login, and destroys the data upon logout.

[newphpcoder]

dbug said:

In the login.php you should add some variable to $_SESSION identifying the user name or its id or its rights, and then in calendar.php use this:

<?php


session_start();


if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] &&

    isset($_SESSION['canaddevent'] && $_SESSION['canaddevent'])

{

    ...code to add an event...

}

It's a very simplified example. I used a simple boolean called 'canaddevent' to determine if the current user can add an event. This variable should have been defined in login.php. You can use other variables or checks to determine if the current session can create an event.

this is my login page:

<?php 

session_start(); 

session_regenerate_id(); 


if($_SESSION['loggedin']){ 

//the user is already logged in, lets redirect them to the other page 

    header("Location:Company.php"); 

} 



//require_once 'conn.php';   

$db_name="dspi"; 


mysql_connect("localhost", "root", "") or die("Cannot connect to server"); 

mysql_select_db("$db_name")or die("Cannot select DB");    



        $department = mysql_real_escape_string($_POST['department']);    

        $username = mysql_real_escape_string($_POST['username']); 


        $sql=mysql_query("SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '{$department}' AND Username = '{$username}'") or die(mysql_error()); 

        $ct = mysql_num_rows($sql); 

      

        if($ct == 1) { 

// im guessing this means that the user is valid. 

$_SESSION['loggedin'] = true; // now that the user is valid we change the session value. 

            $row = mysql_fetch_assoc($sql);   

          

            if($row['Department']=='Accounting') { 

                header('location: Company.php'); 

            } elseif($row['Department']=='Engineering') { 

                header('location: Company.php'); 

            } elseif($row['Department']=='Finishing_Goods') { 

                header('location: Company.php'); 

            } elseif($row['Department']=='HRAD') { 

                header('location: Company.php'); 

            } elseif($row['Department']=='MIS') { 

                header('location:Company.php'); 

            } elseif($row['Department']=='Packaging_and_Design') { 

                header('location:Company.php'); 

            } elseif($row['Department']=='Production') { 

                header('location:Company.php'); 

            } elseif($row['Department']=='Purchasing_Logistic') { 

                header('location:Company.php'); 

            } elseif($row['Department']=='QA_and_Technical') { 

                header('location:Company.php'); 

            } elseif($row['Department']=='Supply_Chain') { 

                header('location:Company.php'); 

            } 

            else { 

                header('location:index.php'); 

                echo"Incorrect Username or Department"; 

                 

                }   

    } 

?> 

in that code where i can put the session so that in calendar page determine if the user xxx is the one who have rights to add event..

Thank you for helping me...I highly appreciated and i'm sorry because i have no good in prgramming but i try to learn...