newphpcoder

i want to share my problem in my website For the better understandng of my website, I want to tell all the details. 1. I have a database and i has a 2 tables 1 for the tbllogin which consist of Username and Department, and the second table is caltbl which i use for the calendar events. 2.When my website run the first webpage is the login form. If the Username and Department is correct she can browse the other webpages, like the calendar event. 3. In the calendar event you can see the calendar and when you click the date theirs a link "new event" appear and if theirs no existing event theres a text saying "No Events", when you click the link you can add events. I want that theirs a specific person that can only add events for the restriction of adding events. I want to happen that if the user is xxx and her department is yyy the link shoud appear and she can add events. i want that only to her the link should be appear.. here is my code: <?php $host = "localhost"; $username = ""; $password = ""; $dbCnx = @mysql_connect($host, $username, $password) or die('Could not Connect to the database'); $dbName = 'dspi'; mysql_select_db($dbName); ?> <script> function goLastMonth(month, year){ // If the month is January, decrement the year if(month == 1){ --year; month = 13; } document.location.href = '<?=$_SERVER['PHP_SELF'];?>?month='+(month-1)+'&year='+year; } //next function function goNextMonth(month, year){ // If the month is December, increment the year if(month == 12){ ++year; month = 0; } document.location.href = '<?=$_SERVER['PHP_SELF'];?>?month='+(month+1)+'&year='+year; } function remChars(txtControl, txtCount, intMaxLength) { if(txtControl.value.length > intMaxLength) txtControl.value = txtControl.value.substring(0, (intMaxLength-1)); else txtCount.value = intMaxLength - txtControl.value.length; } function checkFilled() { var filled = 0 var x = document.form1.calName.value; //x = x.replace(/^\s+/,""); // strip leading spaces if (x.length > 0) {filled ++} var y = document.form1.calDesc.value; //y = y.replace(/^s+/,""); // strip leading spaces if (y.length > 0) {filled ++} if (filled == 2) { document.getElementById("Submit").disabled = false; } else {document.getElementById("Submit").disabled = true} // in case a field is filled then erased } </script> <html> <body> <?php //$todaysDate = date("n/j/Y"); //echo $todaysDate; // Get values from query string $day = (isset($_GET["day"])) ? $_GET['day'] : ""; $month = (isset($_GET["month"])) ? $_GET['month'] : ""; $year = (isset($_GET["year"])) ? $_GET['year'] : ""; //comparaters for today's date //$todaysDate = date("n/j/Y"); //$sel = (isset($_GET["sel"])) ? $_GET['sel'] : ""; //$what = (isset($_GET["what"])) ? $_GET['what'] : ""; //$day = (!isset($day)) ? $day = date("j") : $day = ""; if(empty($day)){ $day = date("j"); } if(empty($month)){ $month = date("n"); } if(empty($year)){ $year = date("Y"); } //set up vars for calendar etc $currentTimeStamp = strtotime("$year-$month-$day"); $monthName = date("F", $currentTimeStamp); $numDays = date("t", $currentTimeStamp); $counter = 0; //$numEventsThisMonth = 0; //$hasEvent = false; //$todaysEvents = ""; //run a selec statement to hi-light the days function hiLightEvt($eMonth,$eDay,$eYear){ //$tDayName = date("l"); $todaysDate = date("n/j/Y"); $dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear; if($todaysDate == $dateToCompare){ //$aClass = '<span>' . $tDayName . '</span>'; $aClass='class="today"'; }else{ //$dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear; //echo $todaysDate; //return; $sql="select count(calDate) as eCount from calTbl where calDate = '" . $eMonth . '/' . $eDay . '/' . $eYear . "'"; //echo $sql; //return; $result = mysql_query($sql); while($row= mysql_fetch_array($result)){ if($row['eCount'] >=1){ $aClass = 'class="event"'; }elseif($row['eCount'] ==0){ $aClass ='class="normal"'; } } } return $aClass; } ?> <div id="Calendar_Event"> <table width="350" cellpadding="0" cellspacing="0"> <tr> <td width="50" colspan="1"> <input type="button" value=" < " onClick="goLastMonth(<?php echo $month . ", " . $year; ?>);"> </td> <td width="250" colspan="5"> <span class="title" style="color:#FFFFFF"><?php echo $monthName . " " . $year; ?></span><br> </td> <td width="50" colspan="1" align="right"> <input type="button" value=" > " onClick="goNextMonth(<?php echo $month . ", " . $year; ?>);"> </td> </tr> <tr> <th>M</td> <th>T</td> <th>W</td> <th>T</td> <th>F</td> <th>S</td> <th>S</td> </tr> <tr> <?php for($i = 1; $i < $numDays+1; $i++, $counter++){ $dateToCompare = $month . '/' . $i . '/' . $year; $timeStamp = strtotime("$year-$month-$i"); //echo $timeStamp . '<br/>'; if($i == 1){ // Workout when the first day of the month is $firstDay = date("N", $timeStamp); for($j = 1; $j < $firstDay; $j++, $counter++){ echo "<td> </td>"; } } if($counter % 7 == 0 ){ ?> </tr><tr> <?php } ?> <!--right here--><td width="50" <?=hiLightEvt($month,$i,$year);?>><a href="<?=$_SERVER['PHP_SELF'] . '?month='. $month . '&day=' . $i . '&year=' . $year;?>&v=1"><?=$i;?></a></td> <?php } ?> </table> </div> <div id="New_Event"> <?php if(isset($_GET['v'])){ if(isset($_POST['Submit'])){ $sql="insert into calTbl(calName,calDesc,calDate,calStamp) values('" . $_POST['calName'] ."','" . $_POST['calDesc'] . "','" . $_POST['calDate'] . "',now())"; mysql_query($sql); } $sql="select calName,calDesc, DATE_FORMAT(calStamp, '%a %b %e %Y') as calStamp from calTbl where calDate = '" . $month . '/' . $day . '/' . $year . "'"; //echo $sql; //return; $result = mysql_query($sql); $numRows = mysql_num_rows($result); $check=mysql_query("SELECT * FROM tbllogin WHERE Username='rhoda.barrera@dunlop.ph' AND Department='MIS'"); if (mysql_num_rows($check)>0){ ?> <a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">Add Even</a><a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">t</a><?php }else{ echo 'You cannot Add New Event'; }?> </div> <div id="Cal_Event"> <?php if(isset($_GET['f'])){ include 'calForm.php'; } if($numRows == 0 ){ echo ''; }else{ //echo '<ul>'; echo '<h3>Event Listed</h3>'; while($row = mysql_fetch_array($result)){ ?> <h5><?=$row['calName'];?></h5> <?=$row['calDesc'];?><br/> Listed On: <?=$row['calStamp'];?> <?php } } } ?> </div> </body> </html>

Good day! I have an index.php or a login page.The scenario on my webpage is when i successfully login and i accidentally press the back button the login page appear again and when i try to login again i could login again, which is not good. here is my code: <?php session_start(); if(isset($_SESSION['USER_ID'])){ exit("you can't login in again when your all ready logged!"); } //require_once 'conn.php'; $db_name="dspi"; mysql_connect("localhost", "root", "") or die("Cannot connect to server"); mysql_select_db("$db_name")or die("Cannot select DB"); $department = mysql_real_escape_string($_POST['department']); $username = mysql_real_escape_string($_POST['username']); $sql=mysql_query("SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '{$department}' AND Username = '{$username}'") or die(mysql_error()); $ct = mysql_num_rows($sql); if($ct == 1) { $row = mysql_fetch_assoc($sql); if($row['Department']=='Accounting') { header('location: Company.php'); } elseif($row['Department']=='Engineering') { header('location: Company.php'); } elseif($row['Department']=='Finishing_Goods') { header('location: Company.php'); } elseif($row['Department']=='HRAD') { header('location: Company.php'); } elseif($row['Department']=='MIS') { header('location:Company.php'); } elseif($row['Department']=='Packaging_and_Design') { header('location:Company.php'); } elseif($row['Department']=='Production') { header('location:Company.php'); } elseif($row['Department']=='Purchasing_Logistic') { header('location:Company.php'); } elseif($row['Department']=='QA_and_Technical') { header('location:Company.php'); } elseif($row['Department']=='Supply_Chain') { header('location:Company.php'); } else { header('location:index.php'); echo"Incorrect Username or Department"; } } ?>