Problem in PHP Calendar Event

[newphpcoder]

Good day!

 

I created a webpages and i have a login page consist of Username and Department. And i encountered problem in adding event in my calendar.

 

This is the flow of my webpage:

First I have a separate table for the user and calendar. In my user table it has a Username, Department, and Permission. In the permission I put True or False, only one user i put True because i want that user is the one who permitted to add event or if she is login the add event link appear, but if other login the add even0t did not appear.

 

This is my code in login:

<?php  
session_start();  
session_regenerate_id();  

if($_SESSION['loggedin']){  
//the user is already logged in, lets redirect them to the other page  
    header("Location:company.php");  
}  

//require_once 'conn.php';    
$db_name="dspi";  

mysql_connect("localhost", "root", "") or die("Cannot connect to server");  
mysql_select_db("$db_name")or die("Cannot select DB");     


        $department = mysql_real_escape_string($_POST['department']);     
        $username = mysql_real_escape_string($_POST['username']);  

        $sql=mysql_query("SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '{$department}' AND Username = '{$username}'") or die(mysql_error());  
        $ct = mysql_num_rows($sql);  
       
        if($ct == 1) {  
// im guessing this means that the user is valid.  
$_SESSION['loggedin'] = true; // now that the user is valid we change the session value.  
            $row = mysql_fetch_assoc($sql);    
             
            $_SESSION['username'] = $row['Username'] ; 
            $_SESSION['department'] = $row['Department']; 
             
            $Departments=array('Accounting', 'Engineering', 'Finishing_Goods', 'HRAD', 'MIS', 'Packaging_and_Design', 'Production', 'Purchasing_Logistic', 'QA_and_Technical', 'Supply_Chain'); 
             
            if (in_array($row['Department'], $Departments)){ 
                    header ('Location:company.php'); 
            }else{ 
                    echo "Incorrect Username or Department"; 
                    header ('Location:index.php'); 
            } 
        } 
?> 

 

and this is my code in calendar page:

<?php 

session_start(); 
$host = "localhost"; 

    $username = ""; 

    $password = ""; 

    $dbCnx = @mysql_connect($host, $username, $password) or die('Could not Connect to the database'); 

    $dbName = 'dspi'; 

    mysql_select_db($dbName);     
?> 
<html> 
<body> 
<script> 
function goLastMonth(month, year){ 
// If the month is January, decrement the year 
if(month == 1){ 
--year; 
month = 13; 
} 
document.location.href = '<?=$_SERVER['PHP_SELF'];?>?month='+(month-1)+'&year='+year; 
} 
//next function 
function goNextMonth(month, year){ 
// If the month is December, increment the year 
if(month == 12){ 
++year; 
month = 0; 
} 
document.location.href = '<?=$_SERVER['PHP_SELF'];?>?month='+(month+1)+'&year='+year; 
}  

function remChars(txtControl, txtCount, intMaxLength) 
{ 
if(txtControl.value.length > intMaxLength) 
txtControl.value = txtControl.value.substring(0, (intMaxLength-1)); 
else 
txtCount.value = intMaxLength - txtControl.value.length; 
} 

function checkFilled() { 
var filled = 0 
var x = document.form1.calName.value; 
//x = x.replace(/^\s+/,""); // strip leading spaces 
if (x.length > 0) {filled ++} 

var y = document.form1.calDesc.value; 
//y = y.replace(/^s+/,""); // strip leading spaces 
if (y.length > 0) {filled ++} 

if (filled == 2) { 
document.getElementById("Submit").disabled = false; 
} 
else {document.getElementById("Submit").disabled = true} // in case a field is filled then erased 

} 

</script> 

<?php 
//$todaysDate = date("n/j/Y"); 
//echo $todaysDate; 
// Get values from query string 
$day = (isset($_GET["day"])) ? $_GET['day'] : ""; 
$month = (isset($_GET["month"])) ? $_GET['month'] : ""; 
$year = (isset($_GET["year"])) ? $_GET['year'] : ""; 
//comparaters for today's date 
//$todaysDate = date("n/j/Y"); 
//$sel = (isset($_GET["sel"])) ? $_GET['sel'] : ""; 
//$what = (isset($_GET["what"])) ? $_GET['what'] : ""; 

//$day = (!isset($day)) ? $day = date("j") : $day = ""; 
if(empty($day)){ $day = date("j"); } 

if(empty($month)){ $month = date("n"); } 

if(empty($year)){ $year = date("Y"); }  
//set up vars for calendar etc 
$currentTimeStamp = strtotime("$year-$month-$day"); 
$monthName = date("F", $currentTimeStamp); 
$numDays = date("t", $currentTimeStamp); 
$counter = 0; 
//$numEventsThisMonth = 0; 
//$hasEvent = false; 
//$todaysEvents = "";  
//run a selec statement to hi-light the days 
function hiLightEvt($eMonth,$eDay,$eYear){ 
//$tDayName = date("l"); 
$todaysDate = date("n/j/Y"); 
$dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear; 
if($todaysDate == $dateToCompare){ 
//$aClass = '<span>' . $tDayName . '</span>'; 
$aClass='class="today"'; 
}else{ 
//$dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear; 
//echo $todaysDate; 
//return; 
$sql="select count(calDate) as eCount from calTbl where calDate = '" . $eMonth . '/' . $eDay . '/' . $eYear . "'"; 
//echo $sql; 
//return; 
$result = mysql_query($sql); 
while($row= mysql_fetch_array($result)){ 
if($row['eCount'] >=1){ 
$aClass = 'class="event"'; 
}elseif($row['eCount'] ==0){ 
$aClass ='class="normal"'; 
} 
} 
} 
return $aClass; 
} 
?> 
<div id="Calendar_Event"> 
<table width="350" cellpadding="0" cellspacing="0"> 
<tr> 
<td width="50" colspan="1"> 
<input type="button" value=" < " onClick="goLastMonth(<?php echo $month . ", " . $year; ?>);"> 
</td> 
<td width="250" colspan="5"> 
<span class="title" style="color:#FFFFFF"><?php echo $monthName . " " . $year; ?></span><br> 
</td> 
<td width="50" colspan="1" align="right"> 
<input type="button" value=" > " onClick="goNextMonth(<?php echo $month . ", " . $year; ?>);"> 
</td> 
</tr>  
<tr> 
<th>M</td> 
<th>T</td> 
<th>W</td> 
<th>T</td> 
<th>F</td> 
<th>S</td> 
<th>S</td> 
</tr> 
<tr> 
<?php 
for($i = 1; $i < $numDays+1; $i++, $counter++){ 
$dateToCompare = $month . '/' . $i . '/' . $year; 
$timeStamp = strtotime("$year-$month-$i"); 
//echo $timeStamp . '<br/>'; 
if($i == 1){ 
// Workout when the first day of the month is 
$firstDay = date("N", $timeStamp); 
for($j = 1; $j < $firstDay; $j++, $counter++){ 
echo "<td> </td>"; 
}  
} 
if($counter % 7 == 0 ){ 
?> 
</tr><tr> 
<?php 
} 
?> 
<!--right here--><td width="50" <?=hiLightEvt($month,$i,$year);?>><a href="<?=$_SERVER['PHP_SELF'] . '?month='. $month . '&day=' . $i . '&year=' . $year;?>&v=1"><?=$i;?></a></td>  
<?php 
} 
?> 
</table> 
</div> 
<div id="New_Event"> 
<?php 
if(isset($_GET['v'])){ 
if(isset($_POST['Submit'])){ 
$sql="insert into calTbl(calName,calDesc,calDate,calStamp) values('" . $_POST['calName'] ."','" . $_POST['calDesc'] . "','" . $_POST['calDate'] . "',now())"; 
mysql_query($sql); 
} 
$sql="select calName,calDesc, DATE_FORMAT(calStamp, '%a %b %e %Y') as calStamp from calTbl where calDate = '" . $month . '/' . $day . '/' . $year . "'"; 
//echo $sql; 
//return; 
$result = mysql_query($sql); 
$numRows = mysql_num_rows($result); 

$check=mysql_query("SELECT * FROM tbllogin WHERE Username='xxx' AND Department='HRAD' AND Permission='True'"); 
mysql_fetch_array($check); 
if($check['Username']=='xxx' && $check['Department']=='HRAD'){ 
$_SESSION['isallowed'] = $check['Permission']; 



//if (mysql_num_rows($check)>0){  
?> 
<a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">Add Even</a><a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">t</a><?php 
}else{ 
echo 'You cannot Add New Event'; 
}?> 
</div> 
<div id="Cal_Event"> 
<?php 
if(isset($_GET['f'])){ 
include 'calform.php'; 
} 
if($numRows == 0 ){ 
echo ''; 
}else{ 
//echo '<ul>'; 
echo '<h3>Event Listed</h3>'; 
while($row = mysql_fetch_array($result)){ 
?> 

<h5><?=$row['calName'];?></h5> 
<?=$row['calDesc'];?><br/> 
Listed On: <?=$row['calStamp'];?> 
<?php 
} 
} 
} 
?> 
</div> 
</body> 
</html> 

 

In that code when the user log is xxx and when she click a date she want to add event the appear is "You cannot Add Event".

 

I hope somebody can help me..

 

 

Thank you in advance...

[rwwd]

Firstly:

//if there is only 1 match expected, put a limit clause on the query
$yourQuery = "SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '".$department."' AND `Username` = '".$username."' LIMIT 1";
$sql=mysql_query($yourQuery) or die(mysql_error());  

if($ct > 0) {//more than zero, equal to can be a bit unpredictable  

 

Always a good idea to build the query outside the function just in case you need to debug the string...

 

//no need to have the @ on this, the more information you get regards error messages
$dbCnx = @mysql_connect

 

Not too sure on your issue, seems a little vague

 

Rw

[newphpcoder]

Firstly:

//if there is only 1 match expected, put a limit clause on the query
$yourQuery = "SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '".$department."' AND `Username` = '".$username."' LIMIT 1";
$sql=mysql_query($yourQuery) or die(mysql_error());  

if($ct > 0) {//more than zero, equal to can be a bit unpredictable  

 

Always a good idea to build the query outside the function just in case you need to debug the string...

 

//no need to have the @ on this, the more information you get regards error messages
$dbCnx = @mysql_connect

 

Not too sure on your issue, seems a little vague

 

Rw

 

The top code that you  suggested is it for the login page?