Restriction in Adding Events in Calendar

PHP
1

i want to share my problem in my website

For the better understandng of my website, I want to tell all the details.

  1. I have a database and i has a 2 tables 1 for the tbllogin which consist of Username and Department, and the second table is caltbl which i use for the calendar events.

2.When my website run the first webpage is the login form. If the Username and Department is correct she can browse the other webpages, like the calendar event.

  1. In the calendar event you can see the calendar and when you click the date theirs a link “new event” appear and if theirs no existing event theres a text saying “No Events”, when you click the link you can add events. I want that theirs a specific person that can only add events for the restriction of adding events. I want to happen that if the user is xxx and her department is yyy the link shoud appear and she can add events. i want that only to her the link should be appear…

here is the code:


<?php
$host = "localhost";

	$username = "";

	$password = "";

	$dbCnx = @mysql_connect($host, $username, $password) or die('Could not Connect to the database');

	$dbName = 'dspi';

	mysql_select_db($dbName);	
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>DSPI CALENDAR EVENTS</title>
<script>
function goLastMonth(month, year){
// If the month is January, decrement the year
if(month == 1){
--year;
month = 13;
}
document.location.href = '<?=$_SERVER['PHP_SELF'];?>?month='+(month-1)+'&year='+year;
}
//next function
function goNextMonth(month, year){
// If the month is December, increment the year
if(month == 12){
++year;
month = 0;
}
document.location.href = '<?=$_SERVER['PHP_SELF'];?>?month='+(month+1)+'&year='+year;
} 

function remChars(txtControl, txtCount, intMaxLength)
{
if(txtControl.value.length > intMaxLength)
txtControl.value = txtControl.value.substring(0, (intMaxLength-1));
else
txtCount.value = intMaxLength - txtControl.value.length;
}

function checkFilled() {
var filled = 0
var x = document.form1.calName.value;
//x = x.replace(/^\\s+/,""); // strip leading spaces
if (x.length > 0) {filled ++}

var y = document.form1.calDesc.value;
//y = y.replace(/^s+/,""); // strip leading spaces
if (y.length > 0) {filled ++}

if (filled == 2) {
document.getElementById("Submit").disabled = false;
}
else {document.getElementById("Submit").disabled = true} // in case a field is filled then erased

}

</script>
<style>
body{
background-image: url(layout_image/bgroundv09.png);
background-attachment: fixed; 
font-family:Georgia, "Times New Roman", Times, serif;
font-size:16px;
}
.today{
/*background-color:#00CCCC;*/
font-weight:bold;
font-style:italic;
border-bottom-style:dashed;
background-image:url(calBg.jpg);
background-repeat:no-repeat;
background-position:center;
position:relative;
color:#FFFF00;
}
.today span{
position:absolute;
left:0;
top:0; 
}

.today a{
color:#FFFF00;
padding-top:10px;
}
.selected {
color: #FFFFFF;
background-color: #C00000;
}
.event {
/*background-color: #C6D1DC;*/
/*border:1px solid #ffffff;*/
background-image:url(layout_image/boxv01.png);
border: 1px ;
/*border-bottom-style:dashed;*/
/*border color #427e1a;*/
} 
.normal {

} 
table{
border:1px solid #cccccc;
padding:3px;
}
th{
width:36px;
background-color:#bcdd24;
text-align:center;
color:#ffffff;
border-left:1px solid #ffffff;
}
td{
text-align:center;
padding:8px;
margin:0;
}
table.tableClass{
width:350px;
border:none;
border-collapse: collapse;
font-size:85%;
border:1px dotted #cccccc;
}
table.tableClass input,textarea{
font-size:90%;
}
#form1{
margin:5px 0 0 0;
}
#greyBox{
height:10px;
width:10px;
background-color:#C6D1DC;
border:1px solid #666666;
margin:5px;
}
#hr{border-bottom:1px solid #cccccc;width:300px;}
.output{width:300px;border-bottom:1px dotted #ccc;margin-bottom:5px;padding:6px;}
h5{margin:0;}

</style>
<style type="text/css">
#Calendar_Event {
	position:absolute;
	width:200px;
	height:94px;
	z-index:2;
	left: 255px;
	top: 233px;
}
#New_Event {
	position:absolute;
	width:126px;
	height:21px;
	z-index:3;
	left: 612px;
	top: 232px;
}
</style>

<style type="text/css">

#ddcolortabs{
margin-left: 2px;
padding: 0;
width: 100%;
background: transparent;
voice-family: "\\"}\\"";
voice-family: inherit;
padding-left: 2px;
}

#ddcolortabs ul{
font: bold 12px Arial, Verdana, sans-serif;
margin:0;
padding:0;
list-style:none;
}

#ddcolortabs li{
display:inline;
margin:0 2px 0 0;
padding:0;
text-transform:uppercase;
}


#ddcolortabs a{
float:right;
color: white;
background: #8cb85c url(layout_image/color_tabs_left.gif) no-repeat left top;
margin:115px 2px 0 0;
padding:0px 0 1px 3px;
text-decoration:none;
letter-spacing: 1px;
}

#ddcolortabs a span{
float:right;
display:block;
/*background: transparent url(layout_image/color_tabs_right.gif) no-repeat right top;*/
padding:6px 9px 2px 6px;
}

#ddcolortabs a span{
float:none;
}


#ddcolortabs a:hover{
background-color: #678b3f;
}

#ddcolortabs a:hover span{
background-color: #678b3f ;
}

#ddcolortabs #current a, #ddcolortabs #current span{ /*currently selected tab*/
background-color: #678b3f;
}
</style>

<style type="text/css">
#Layer4_horizontal_line {
	position:absolute;
	width:980px;
	height:5px;
	z-index:3;
	left: 0px;
	top: 150px;
}
#green_frame {
	position:absolute;
	width:172px;
	height:384px;
	z-index:4;
	left: 0px;
	top: 156px;
}
#Layer1_background_green {
	position:absolute;
	width:980px;
	height:392px;
	z-index:1;
	top: 149px;
	left: 0px;
}

#nav_vertical {
	position:absolute;
	width:182px;
	height:113px;
	z-index:5;
	left: 1px;
	top: 361px;
}
#nav_vertical ul{
font: bold 12px Arial, Verdana, sans-serif;
margin:0;
padding:0;
list-style:none;
}

#nav_vertical li{
display:inline;
margin:0 0 0 0;
padding:0;
text-transform:uppercase;
}


#nav_vertical a{
float:left;
color: green;
/*background: #8cb85c url(layout_image/color_tabs_left.gif) no-repeat left top;*/
margin:0 2px 0 0;
padding:0 0 1px 3px;
text-decoration:none;
letter-spacing: 1px;
}

#nav_vertical a span{
float:left;
display:block;
/*background: transparent url(layout_image/color_tabs_right.gif) no-repeat right top;*/
padding:9px 9px 2px 6px;
}


#nav_vertical a:hover{
color:#00CC00;
}

#nav_vertical a:hover span{
color: #00CC00 ;
}

#nav_vertical #current a, #nav_vertical #current span{ /*currently selected tab*/
/*background-color: #678b3f; */
color:#FFFFFF
}
#dunlop_lazenger {
	position:absolute;
	width:73px;
	height:72px;
	z-index:6;
	left: 0px;
	top: 160px;
}
a:link {
	color: #FFFFFF;
	text-decoration: none;
}
a:visited {
	text-decoration: none;
}
a:hover {
	text-decoration: none;
}
a:active {
	text-decoration: none;
}
#Cal_Event {
	position:absolute;
	width:166px;
	height:74px;
	z-index:7;
	left: 611px;
	top: 254px;
}
</style>
</head>

<body>
<form>
<div id="nav_vertical">
<ul>
<li id="current"><a href="Calendar_Event.php" title="CALENDAR EVENT" target="_self"><span>CALENDAR EVENT</span></a></li>
<li><a href="roland_garros.php" title="RONALD GARROS" target="_self"><span>ROLAND GARROS</span></a></li>
<li><a href="wimbledon.php" title="WIMBLEDON" target="_self"><span>WIMBLEDON</span></a></li>
</ul>
</div>
<div id="ddcolortabs">
<ul>
<li> <a href="Products.php" title="Products" target="_self"><span>Products</span></a></li>
<li id="current"><a href="Event.php" title="Events" target="_self"><span>Events</span></a></li>
<li style="margin-left: 1px"><a href="Company.php" title="Company" target="_self"><span>Company</span></a></li>
</ul>
</div>
<div id="ddcolortabsline"></div>
<div id="dunlop_lazenger"><img src="layout_image/dunlop_slazenger.png" width="170" height="200" /></div>
<div id="Layer1_background_green"><img src="layout_image/LINE.png" width="1020" height="417" /></div>
<div id="green_frame"><img src="layout_image/vertical left v01.jpg" width="174" height="410" /></div>
<div id="Layer4_horizontal_line"><img src="layout_image/horizontal_line.png" width="1020" height="5" /></div>
</form>
<?php
//$todaysDate = date("n/j/Y");
//echo $todaysDate;
// Get values from query string
$day = (isset($_GET["day"])) ? $_GET['day'] : "";
$month = (isset($_GET["month"])) ? $_GET['month'] : "";
$year = (isset($_GET["year"])) ? $_GET['year'] : "";
//comparaters for today's date
//$todaysDate = date("n/j/Y");
//$sel = (isset($_GET["sel"])) ? $_GET['sel'] : "";
//$what = (isset($_GET["what"])) ? $_GET['what'] : "";

//$day = (!isset($day)) ? $day = date("j") : $day = "";
if(empty($day)){ $day = date("j"); }

if(empty($month)){ $month = date("n"); }

if(empty($year)){ $year = date("Y"); } 
//set up vars for calendar etc
$currentTimeStamp = strtotime("$year-$month-$day");
$monthName = date("F", $currentTimeStamp);
$numDays = date("t", $currentTimeStamp);
$counter = 0;
//$numEventsThisMonth = 0;
//$hasEvent = false;
//$todaysEvents = ""; 
//run a selec statement to hi-light the days
function hiLightEvt($eMonth,$eDay,$eYear){
//$tDayName = date("l");
$todaysDate = date("n/j/Y");
$dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear;
if($todaysDate == $dateToCompare){
//$aClass = '<span>' . $tDayName . '</span>';
$aClass='class="today"';
}else{
//$dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear;
//echo $todaysDate;
//return;
$sql="select count(calDate) as eCount from calTbl where calDate = '" . $eMonth . '/' . $eDay . '/' . $eYear . "'";
//echo $sql;
//return;
$result = mysql_query($sql);
while($row= mysql_fetch_array($result)){
if($row['eCount'] >=1){
$aClass = 'class="event"';
}elseif($row['eCount'] ==0){
$aClass ='class="normal"';
}
}
}
return $aClass;
}
?>
<div id="Calendar_Event">
<table width="350" cellpadding="0" cellspacing="0">
<tr>
<td width="50" colspan="1">
<input type="button" value=" < " onClick="goLastMonth(<?php echo $month . ", " . $year; ?>);">
</td>
<td width="250" colspan="5">
<span class="title" style="color:#FFFFFF"><?php echo $monthName . " " . $year; ?></span><br>
</td>
<td width="50" colspan="1" align="right">
<input type="button" value=" > " onClick="goNextMonth(<?php echo $month . ", " . $year; ?>);">
</td>
</tr> 
<tr>
<th>M</td>
<th>T</td>
<th>W</td>
<th>T</td>
<th>F</td>
<th>S</td>
<th>S</td>
</tr>
<tr>
<?php
for($i = 1; $i < $numDays+1; $i++, $counter++){
$dateToCompare = $month . '/' . $i . '/' . $year;
$timeStamp = strtotime("$year-$month-$i");
//echo $timeStamp . '<br/>';
if($i == 1){
// Workout when the first day of the month is
$firstDay = date("N", $timeStamp);
for($j = 1; $j < $firstDay; $j++, $counter++){
echo "<td>&nbsp;</td>";
} 
}
if($counter % 7 == 0 ){
?>
</tr><tr>
<?php
}
?>
<!--right here--><td width="50" <?=hiLightEvt($month,$i,$year);?>><a href="<?=$_SERVER['PHP_SELF'] . '?month='. $month . '&day=' . $i . '&year=' . $year;?>&v=1"><?=$i;?></a></td> 
<?php
}
?>
</table>
</div>
<div id="New_Event">
<?php
if(isset($_GET['v'])){
if(isset($_POST['Submit'])){
$sql="insert into calTbl(calName,calDesc,calDate,calStamp) values('" . $_POST['calName'] ."','" . $_POST['calDesc'] . "','" . $_POST['calDate'] . "',now())";
mysql_query($sql);
}
$sql="select calName,calDesc, DATE_FORMAT(calStamp, '%a %b %e %Y') as calStamp from calTbl where calDate = '" . $month . '/' . $day . '/' . $year . "'";
//echo $sql;
//return;
$result = mysql_query($sql);
$numRows = mysql_num_rows($result);

$check=mysql_query("SELECT * FROM tbllogin WHERE Username='xxx' AND Department='yyy'");
if (mysql_num_rows($check)>0){ 
?>
<a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">New Even</a><a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">t</a><?php
}else{
echo 'You cannot Add New Event';
}?>
</div>
<div id="Cal_Event">
<?php
if(isset($_GET['f'])){
include 'calForm.php';
}
if($numRows == 0 ){
echo '';
}else{
//echo '<ul>';
echo '<h3>Event Listed</h3>';
while($row = mysql_fetch_array($result)){
?>

<h5><?=$row['calName'];?></h5>
<?=$row['calDesc'];?><br/>
Listed On: <?=$row['calStamp'];?>
<?php
}
}
}
?>
</div>
</body>
</html>

When i run this code eventhough the user is not xxx and the department is not yyy sshe can also add event…so i think eventhough my program has no error but my condition was not work properly.

2

I put the code again and still error is
Parse error: parse error in D:\xampp\htdocs\web_intranet\calendar_event.php on line 17

3

it is real work and i am a fresh grad and i am new in php.

4

Yes, there’s an error in that line. Just return it to the way I wrote it.
The other (first) error is in the line above. It should be


$query = "SELECT * FROM tbllogin WHERE Username = '" . mysql_real_escape_string($username) . "' 
      AND Department = '" . mysql_real_escape_string($department) . "'";

By the way, are you writing this application for yourself, as a study project? Or is it real work?

5

On top of company.php.

6

On top:


<?php
  session_start();

  $host = "localhost";
  $username = "";
  $password = "";
  $dbCnx = @mysql_connect($host, $username, $password) or die('Could not Connect to the database');
  $dbName = 'dspi';
  mysql_select_db($dbName);    

  // check if the session variables are set, and if they exist in the database
  if (isset($_SESSION['username']) && isset($_SESSION['Department'])) {
    $username = $_SESSION['username'];
    $department = $_SESSION['Department'];
    $query = "
      SELECT * 
      FROM tbllogin 
      WHERE Username = '" . mysql_real_escape_string($username) . "' 
      AND Department = '" . mysql_real_escape_string($department) . '"
    ";
    $result = mysql_query($query) or die("mysql error: " . mysql_error() .  " in query $query");
    if (mysql_num_rows == 0) {
      // if user-department doesn't exist, go to login page
      unset ($_SESSION['username']);
      unset ($_SESSION['department']);
      header("Location:login.php"); 
      exit();
    }
  } else {
  // user didn't login, go to login page
  unset ($_SESSION['username']);
  unset ($_SESSION['department']);
  header("Location:login.php"); 
  exit();
?>

Later on in your code, you can change this check:


$check=mysql_query("SELECT * FROM tbllogin WHERE Username='xxxxx' AND Department='xxx'");
if (mysql_num_rows($check)>0){

into


if ($username == 'xxxxx' && $department = 'xxxx') {
7

the line error is this

$result = mysql_query($query) or die(mysql error: ’ . mysql_error() . ‘in query $query’);

i don’t know why it cause error

8

yes

9

You didn’t solve the error.

10

Good day!

this is my new code in my login, i add session


&lt;?php 
session_start(); 
session_regenerate_id(); 

if($_SESSION['loggedin']){ 
//the user is already logged in, lets redirect them to the other page 
    header("Location:company.php"); 
} 

//require_once 'conn.php';   
$db_name="dspi"; 

mysql_connect("localhost", "root", "") or die("Cannot connect to server"); 
mysql_select_db("$db_name")or die("Cannot select DB");    


        $department = mysql_real_escape_string($_POST['department']);    
        $username = mysql_real_escape_string($_POST['username']); 

        $sql=mysql_query("SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '{$department}' AND Username = '{$username}'") or die(mysql_error()); 
        $ct = mysql_num_rows($sql); 
      
        if($ct == 1) { 
// im guessing this means that the user is valid. 
$_SESSION['loggedin'] = true; // now that the user is valid we change the session value. 
            $row = mysql_fetch_assoc($sql);   
			
			$_SESSION['username'] = $row['Username'] ;
			$_SESSION['department'] = $row['Department'];
			
			$Departments=array('Accounting', 'Engineering', 'Finishing_Goods', 'HRAD', 'MIS', 'Packaging_and_Design', 'Production', 'Purchasing_Logistic', 'QA_and_Technical', 'Supply_Chain');
			
			if (in_array($row['Department'], $Departments)){
					header ('Location:company.php');
			}else{
					echo "Incorrect Username or Department";
					header ('Location:index.php');
			}
		}
?&gt;

and this is my code in calendar:


&lt;?php
$host = "localhost";

	$username = "";

	$password = "";

	$dbCnx = @mysql_connect($host, $username, $password) or die('Could not Connect to the database');

	$dbName = 'dspi';

	mysql_select_db($dbName);	
?&gt;
&lt;html&gt;
&lt;body&gt;
&lt;script&gt;
function goLastMonth(month, year){
// If the month is January, decrement the year
if(month == 1){
--year;
month = 13;
}
document.location.href = '&lt;?=$_SERVER['PHP_SELF'];?&gt;?month='+(month-1)+'&year='+year;
}
//next function
function goNextMonth(month, year){
// If the month is December, increment the year
if(month == 12){
++year;
month = 0;
}
document.location.href = '&lt;?=$_SERVER['PHP_SELF'];?&gt;?month='+(month+1)+'&year='+year;
} 

function remChars(txtControl, txtCount, intMaxLength)
{
if(txtControl.value.length &gt; intMaxLength)
txtControl.value = txtControl.value.substring(0, (intMaxLength-1));
else
txtCount.value = intMaxLength - txtControl.value.length;
}

function checkFilled() {
var filled = 0
var x = document.form1.calName.value;
//x = x.replace(/^\\s+/,""); // strip leading spaces
if (x.length &gt; 0) {filled ++}

var y = document.form1.calDesc.value;
//y = y.replace(/^s+/,""); // strip leading spaces
if (y.length &gt; 0) {filled ++}

if (filled == 2) {
document.getElementById("Submit").disabled = false;
}
else {document.getElementById("Submit").disabled = true} // in case a field is filled then erased

}

&lt;/script&gt;
&lt;?php
//$todaysDate = date("n/j/Y");
//echo $todaysDate;
// Get values from query string
$day = (isset($_GET["day"])) ? $_GET['day'] : "";
$month = (isset($_GET["month"])) ? $_GET['month'] : "";
$year = (isset($_GET["year"])) ? $_GET['year'] : "";
//comparaters for today's date
//$todaysDate = date("n/j/Y");
//$sel = (isset($_GET["sel"])) ? $_GET['sel'] : "";
//$what = (isset($_GET["what"])) ? $_GET['what'] : "";

//$day = (!isset($day)) ? $day = date("j") : $day = "";
if(empty($day)){ $day = date("j"); }

if(empty($month)){ $month = date("n"); }

if(empty($year)){ $year = date("Y"); } 
//set up vars for calendar etc
$currentTimeStamp = strtotime("$year-$month-$day");
$monthName = date("F", $currentTimeStamp);
$numDays = date("t", $currentTimeStamp);
$counter = 0;
//$numEventsThisMonth = 0;
//$hasEvent = false;
//$todaysEvents = ""; 
//run a selec statement to hi-light the days
function hiLightEvt($eMonth,$eDay,$eYear){
//$tDayName = date("l");
$todaysDate = date("n/j/Y");
$dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear;
if($todaysDate == $dateToCompare){
//$aClass = '&lt;span&gt;' . $tDayName . '&lt;/span&gt;';
$aClass='class="today"';
}else{
//$dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear;
//echo $todaysDate;
//return;
$sql="select count(calDate) as eCount from calTbl where calDate = '" . $eMonth . '/' . $eDay . '/' . $eYear . "'";
//echo $sql;
//return;
$result = mysql_query($sql);
while($row= mysql_fetch_array($result)){
if($row['eCount'] &gt;=1){
$aClass = 'class="event"';
}elseif($row['eCount'] ==0){
$aClass ='class="normal"';
}
}
}
return $aClass;
}
?&gt;
&lt;div id="Calendar_Event"&gt;
&lt;table width="350" cellpadding="0" cellspacing="0"&gt;
&lt;tr&gt;
&lt;td width="50" colspan="1"&gt;
&lt;input type="button" value=" &lt; " onClick="goLastMonth(&lt;?php echo $month . ", " . $year; ?&gt;);"&gt;
&lt;/td&gt;
&lt;td width="250" colspan="5"&gt;
&lt;span class="title" style="color:#FFFFFF"&gt;&lt;?php echo $monthName . " " . $year; ?&gt;&lt;/span&gt;&lt;br&gt;
&lt;/td&gt;
&lt;td width="50" colspan="1" align="right"&gt;
&lt;input type="button" value=" &gt; " onClick="goNextMonth(&lt;?php echo $month . ", " . $year; ?&gt;);"&gt;
&lt;/td&gt;
&lt;/tr&gt; 
&lt;tr&gt;
&lt;th&gt;M&lt;/td&gt;
&lt;th&gt;T&lt;/td&gt;
&lt;th&gt;W&lt;/td&gt;
&lt;th&gt;T&lt;/td&gt;
&lt;th&gt;F&lt;/td&gt;
&lt;th&gt;S&lt;/td&gt;
&lt;th&gt;S&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;?php
for($i = 1; $i &lt; $numDays+1; $i++, $counter++){
$dateToCompare = $month . '/' . $i . '/' . $year;
$timeStamp = strtotime("$year-$month-$i");
//echo $timeStamp . '&lt;br/&gt;';
if($i == 1){
// Workout when the first day of the month is
$firstDay = date("N", $timeStamp);
for($j = 1; $j &lt; $firstDay; $j++, $counter++){
echo "&lt;td&gt;&nbsp;&lt;/td&gt;";
} 
}
if($counter % 7 == 0 ){
?&gt;
&lt;/tr&gt;&lt;tr&gt;
&lt;?php
}
?&gt;
&lt;!--right here--&gt;&lt;td width="50" &lt;?=hiLightEvt($month,$i,$year);?&gt;&gt;&lt;a href="&lt;?=$_SERVER['PHP_SELF'] . '?month='. $month . '&day=' . $i . '&year=' . $year;?&gt;&v=1"&gt;&lt;?=$i;?&gt;&lt;/a&gt;&lt;/td&gt; 
&lt;?php
}
?&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;div id="New_Event"&gt;
&lt;?php
if(isset($_GET['v'])){
if(isset($_POST['Submit'])){
$sql="insert into calTbl(calName,calDesc,calDate,calStamp) values('" . $_POST['calName'] ."','" . $_POST['calDesc'] . "','" . $_POST['calDate'] . "',now())";
mysql_query($sql);
}
$sql="select calName,calDesc, DATE_FORMAT(calStamp, '%a %b %e %Y') as calStamp from calTbl where calDate = '" . $month . '/' . $day . '/' . $year . "'";
//echo $sql;
//return;
$result = mysql_query($sql);
$numRows = mysql_num_rows($result);

$check=mysql_query("SELECT * FROM tbllogin WHERE Username='rhoda.barrera@dunlop.ph' AND Department='MIS'");
if (mysql_num_rows($check)&gt;0){ 
?&gt;
&lt;a href="&lt;?=$_SERVER['PHP_SELF'];?&gt;?month=&lt;?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?&gt;&v=1&f=true"&gt;Add Even&lt;/a&gt;&lt;a href="&lt;?=$_SERVER['PHP_SELF'];?&gt;?month=&lt;?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?&gt;&v=1&f=true"&gt;t&lt;/a&gt;&lt;?php
}else{
echo 'You cannot Add New Event';
}?&gt;
&lt;/div&gt;
&lt;div id="Cal_Event"&gt;
&lt;?php
if(isset($_GET['f'])){
include 'calform.php';
}
if($numRows == 0 ){
echo '';
}else{
//echo '&lt;ul&gt;';
echo '&lt;h3&gt;Event Listed&lt;/h3&gt;';
while($row = mysql_fetch_array($result)){
?&gt;

&lt;h5&gt;&lt;?=$row['calName'];?&gt;&lt;/h5&gt;
&lt;?=$row['calDesc'];?&gt;&lt;br/&gt;
Listed On: &lt;?=$row['calStamp'];?&gt;
&lt;?php
}
}
}
?&gt;
&lt;/div&gt;
&lt;/body&gt;
&lt;/html&gt;

I have no idea where i can add session in my calendar

11

When the form was submitted so the script that should be next is confirm that the user is login so that she could not login again if she accidentally press the back button

12

In that script I guess you check that the user/password is correct?
When the user/password is correct, you should save the username and the department in session variables. Read more about the use of sessions here.

Schematically, the script would be something like


// first line: session_start
session_start();

// after session_start follows your script
...
// at some point you query your DB to see if the user/password combo exists
if (...) {
  // if it exists, the user is logged in succesfully
  // at that moment, you store the user and the department in session variables
  $_SESSION['user'] = $row['user'];
  $_SESSION['department'] = $row['department'];
  ...
}
...

In the calendar events code, you do session_start again at the top of the script, and then you can use the session variables to check if a user is logged in (if he’s not, deny him access and send him back to the login page), and what the user name and his department is.

13

I don’t know:(

14

Let’s go back to the login form then. When the form is submitted, what script is called?

15

How do you know which user is accessing the page?

16

I understand what you say but i have no idea on how to do it…

17 

<?php
session_start();
 
  $host = "localhost";
  $username = "";
  $password = "";
  $dbCnx = @mysql_connect($host, $username, $password) or die('Could not Connect to the database');
  $dbName = 'dspi';
  mysql_select_db($dbName);    
 
  // check if the session variables are set, and if they exist in the database
  if (isset($_SESSION['Username']) && isset($_SESSION['Department'])) {
    $username = $_SESSION['Username'];
    $department = $_SESSION['Department'];
    $query = "SELECT * FROM tbllogin WHERE Username = '" . mysql_real_escape_string($username) . "' 
      AND Department = '" . mysql_real_escape_string($department) . '"";
    $result = mysql_query($query) or die(mysql error: ' . mysql_error() .  'in query $query');
    if (mysql_num_rows == 0) {
      // if user department doesnt exist, go to login page
      unset ($_SESSION['Username']);
      unset ($_SESSION['Department']);
      header("Location:index.php"); 
      exit();
    }
  } else {
  // user didn't login, go to login page
  unset ($_SESSION['Username']);
  unset ($_SESSION['Department']);
  header("Location:index.php"); 
  exit();
  
?>

i edit the code and theres an error again:
Parse error: parse error in D:\xampp\htdocs\dspi_intranet\calendar_event.php on line 17

18

Yes, I made a typing mistake in the query, I switched a single and double quote. I’m sure you’ll be able to locate and correct the error :slight_smile:

19

the code is:


<?php
session_start();
 
  $host = "localhost";
  $username = "";
  $password = "";
  $dbCnx = @mysql_connect($host, $username, $password) or die('Could not Connect to the database');
  $dbName = 'dspi';
  mysql_select_db($dbName);    
 
  // check if the session variables are set, and if they exist in the database
  if (isset($_SESSION['Username']) && isset($_SESSION['Department'])) {
    $username = $_SESSION['Username'];
    $department = $_SESSION['Department'];
    $query = "
      SELECT * FROM tbllogin WHERE Username = '" . mysql_real_escape_string($username) . "' AND Department = '" . mysql_real_escape_string($department) . '";
    $result = mysql_query($query) or die("mysql error: " . mysql_error() .  " in query $query");
    if (mysql_num_rows == 0) {
      //if user-department doesnt exist go to login page
      unset ($_SESSION['Username']);
      unset ($_SESSION['Department']);
      header("Location:index.php"); 
      exit();
    }
  } else {
  //user didnt login, go to login page
  unset ($_SESSION['Username']);
  unset ($_SESSION['Department']);
  header("Location:index.php"); 
  exit();
?>

I got an error:
Parse error: parse error in D:\xampp\htdocs\dspi_intranet\calendar_event.php on line 21

20

You aren’t checking if the current user is xxx and the department yyy. You are checking if there is a user xxx with department yyy in your database, which of course is always true, otherwise noone could add events.

Anyway, I don’t think it’s a good idea to hard-code the user and the department in your script. What if in the future user and/or department have to change? Why not add a column to your table with a value that indicates if that user can add events?