newphpcoder Posted September 23, 2010 Share Posted September 23, 2010 PHP Calendar Event Good day!I created a webpages and i have a login page consist of Username and Department. And i encountered problem in adding event in my calendar.This is the flow of my webpage:First I have a separate table for the user and calendar. In my user table it has a Username, Department, and Permission. In the permission I put True or False, only one user i put True because i want that user is the one who permitted to add event or if she is login the add event link appear, but if other login the add event did not appear.This is my code in login: <?php session_start(); session_regenerate_id(); if($_SESSION['loggedin']){ //the user is already logged in, lets redirect them to the other page header("Location:company.php"); } //require_once 'conn.php'; $db_name="dspi"; mysql_connect("localhost", "root", "") or die("Cannot connect to server"); mysql_select_db("$db_name")or die("Cannot select DB"); $department = mysql_real_escape_string($_POST['department']); $username = mysql_real_escape_string($_POST['username']); $sql=mysql_query("SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '{$department}' AND Username = '{$username}'") or die(mysql_error()); $ct = mysql_num_rows($sql); if($ct == 1) { // im guessing this means that the user is valid. $_SESSION['loggedin'] = true; // now that the user is valid we change the session value. $row = mysql_fetch_assoc($sql); $_SESSION['username'] = $row['Username']; $_SESSION['department'] = $row['Department']; $Departments=array('Accounting', 'Engineering', 'Finishing_Goods', 'HRAD', 'MIS', 'Packaging_and_Design', 'Production', 'Purchasing_Logistic', 'QA_and_Technical', 'Supply_Chain'); if (in_array($row['Department'], $Departments)){ header ('Location:company.php'); }else{ echo "Incorrect Username or Department"; header ('Location:index.php'); } }?> and this is my code in calendar page: <?phpsession_start();$host = "localhost"; $username = ""; $password = ""; $dbCnx = @mysql_connect($host, $username, $password) or die('Could not Connect to the database'); $dbName = 'dspi'; mysql_select_db($dbName); ?><html><body><script>function goLastMonth(month, year){// If the month is January, decrement the yearif(month == 1){--year;month = 13;}document.location.href = '<?=$_SERVER['PHP_SELF'];?>?month='+(month-1)+'&year='+year;}//next functionfunction goNextMonth(month, year){// If the month is December, increment the yearif(month == 12){++year;month = 0;}document.location.href = '<?=$_SERVER['PHP_SELF'];?>?month='+(month+1)+'&year='+year;} function remChars(txtControl, txtCount, intMaxLength){if(txtControl.value.length > intMaxLength)txtControl.value = txtControl.value.substring(0, (intMaxLength-1));elsetxtCount.value = intMaxLength - txtControl.value.length;}function checkFilled() {var filled = 0var x = document.form1.calName.value;//x = x.replace(/^\s+/,""); // strip leading spacesif (x.length > 0) {filled ++}var y = document.form1.calDesc.value;//y = y.replace(/^s+/,""); // strip leading spacesif (y.length > 0) {filled ++}if (filled == 2) {document.getElementById("Submit").disabled = false;}else {document.getElementById("Submit").disabled = true} // in case a field is filled then erased}</script><?php//$todaysDate = date("n/j/Y");//echo $todaysDate;// Get values from query string$day = (isset($_GET["day"])) ? $_GET['day'] : "";$month = (isset($_GET["month"])) ? $_GET['month'] : "";$year = (isset($_GET["year"])) ? $_GET['year'] : "";//comparaters for today's date//$todaysDate = date("n/j/Y");//$sel = (isset($_GET["sel"])) ? $_GET['sel'] : "";//$what = (isset($_GET["what"])) ? $_GET['what'] : "";//$day = (!isset($day)) ? $day = date("j") : $day = "";if(empty($day)){ $day = date("j"); }if(empty($month)){ $month = date("n"); }if(empty($year)){ $year = date("Y"); } //set up vars for calendar etc$currentTimeStamp = strtotime("$year-$month-$day");$monthName = date("F", $currentTimeStamp);$numDays = date("t", $currentTimeStamp);$counter = 0;//$numEventsThisMonth = 0;//$hasEvent = false;//$todaysEvents = ""; //run a selec statement to hi-light the daysfunction hiLightEvt($eMonth,$eDay,$eYear){//$tDayName = date("l");$todaysDate = date("n/j/Y");$dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear;if($todaysDate == $dateToCompare){//$aClass = '<span>' . $tDayName . '</span>';$aClass='class="today"';}else{//$dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear;//echo $todaysDate;//return;$sql="select count(calDate) as eCount from calTbl where calDate = '" . $eMonth . '/' . $eDay . '/' . $eYear . "'";//echo $sql;//return;$result = mysql_query($sql);while($row= mysql_fetch_array($result)){if($row['eCount'] >=1){$aClass = 'class="event"';}elseif($row['eCount'] ==0){$aClass ='class="normal"';}}}return $aClass;}?><div id="Calendar_Event"><table width="350" cellpadding="0" cellspacing="0"><tr><td width="50" colspan="1"><input type="button" value=" < " onClick="goLastMonth(<?php echo $month . ", " . $year; ?>);"></td><td width="250" colspan="5"><span class="title" style="color:#FFFFFF"><?php echo $monthName . " " . $year; ?></span><br></td><td width="50" colspan="1" align="right"><input type="button" value=" > " onClick="goNextMonth(<?php echo $month . ", " . $year; ?>);"></td></tr> <tr><th>M</td><th>T</td><th>W</td><th>T</td><th>F</td><th>S</td><th>S</td></tr><tr><?phpfor($i = 1; $i < $numDays+1; $i++, $counter++){$dateToCompare = $month . '/' . $i . '/' . $year;$timeStamp = strtotime("$year-$month-$i");//echo $timeStamp . '<br/>';if($i == 1){// Workout when the first day of the month is$firstDay = date("N", $timeStamp);for($j = 1; $j < $firstDay; $j++, $counter++){echo "<td> </td>";} }if($counter % 7 == 0 ){?></tr><tr><?php}?><!--right here--><td width="50" <?=hiLightEvt($month,$i,$year);?>><a href="<?=$_SERVER['PHP_SELF'] . '?month='. $month . '&day=' . $i . '&year=' . $year;?>&v=1"><?=$i;?></a></td> <?php}?></table></div><div id="New_Event"><?phpif(isset($_GET['v'])){if(isset($_POST['Submit'])){$sql="insert into calTbl(calName,calDesc,calDate,calStamp) values('" . $_POST['calName'] ."','" . $_POST['calDesc'] . "','" . $_POST['calDate'] . "',now())";mysql_query($sql);}$sql="select calName,calDesc, DATE_FORMAT(calStamp, '%a %b %e %Y') as calStamp from calTbl where calDate = '" . $month . '/' . $day . '/' . $year . "'";//echo $sql;//return;$result = mysql_query($sql);$numRows = mysql_num_rows($result);$check1=mysql_query("SELECT * FROM tbllogin WHERE Username='xxx' AND Department='HRAD' AND Permission='True'");$check2 = mysql_fetch_array($check1);if($check2['Username']=='xxx' && $check2['Department']=='HRAD'){$_SESSION['isallowed'] = $check2['Permission']; //if (mysql_num_rows($check)>0){ ?><a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">Add Even</a><a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">t</a><?php}else{echo 'You cannot Add New Event';}?></div><div id="Cal_Event"><?phpif(isset($_GET['f'])){include 'calform.php';}if($numRows == 0 ){echo '';}else{//echo '<ul>';echo '<h3>Event Listed</h3>';while($row = mysql_fetch_array($result)){?><h5><?=$row['calName'];?></h5><?=$row['calDesc'];?><br/>Listed On: <?=$row['calStamp'];?><?php}}}?></div></body></html> In my calendar page all user who login the add event link was appear. i want is when the user that the perission is tru only to her the add event appear and the rest user when they try to add event the message "You cannot add event" will appear. Link to comment Share on other sites More sharing options...
justsomeguy Posted September 23, 2010 Share Posted September 23, 2010 Check the permission before showing the add section, and only show that section if the permission is there. You may want to just check that when they log in and store the permission in the session so that you don't need to keep looking it up on the other page. Your login also isn't using a password, but maybe that's how you want it. Link to comment Share on other sites More sharing options...
newphpcoder Posted September 24, 2010 Author Share Posted September 24, 2010 Check the permission before showing the add section, and only show that section if the permission is there. You may want to just check that when they log in and store the permission in the session so that you don't need to keep looking it up on the other page. Your login also isn't using a password, but maybe that's how you want it.How can i check permission? Link to comment Share on other sites More sharing options...
thescientist Posted September 24, 2010 Share Posted September 24, 2010 depends on how your tables are setup in your database. This is something you have to check against using your own design. I'm sure you give each type of user some sort of account status/grouping, i.e. admin, department A, department B, etc. If a person is of group admin, allow them to do this, else, disable//hide the button, etc. Link to comment Share on other sites More sharing options...
justsomeguy Posted September 24, 2010 Share Posted September 24, 2010 You don't know how to check your own permissions? You're already doing that at one point on the page, where it shows a message that they can't add an event if they don't have the permissions. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.