Hey guys,
I need an idea on how to determine wether a user that has been logged in is a supervisor. Ive made my login.php file and my choosereview.php.I have a very slight idea on how to do it but i just cant get it right.I want to determine whether the user logged in is a supervisor and then direct the user to the choosereview.php.All useres are supposed to be directed there,but supervisors have extra information displayed on their webpage.Ive managed to make the page for non-supervisors bt im having a bit of difficulty with supervisors.
Ok, the code is :
<?php
require_once("nocache.php");
$id = $_POST["id"];
$pword = $_POST["pword"];
if (empty($id) || empty($pword))
{
header("location: login.html");
}
else {
require_once("dbconn.php");
$sql = "select * from employee where empid = '$id' and password = '$pword'";
$rs = mysql_query($sql, $dbConn);
if (mysql_num_rows($rs)> 0 )
{
session_start();
$_SESSION["who"] = $id;
$_SESSION["surname"] = mysql_result($rs,0,"surname");
$_SESSION["firstname"]=mysql_result($rs,0,"firstname");
//Ive been trying to use an IF statement within this statement to determine that the user is a supervisor while keeping the condition that a user is logged in true as well.But i get stuck at the part where im supposed to write something within the if statement.
$sql2 = "select * from employee,departments where employee.empid = departments.supervisorid";
$rs2 = mysql_query($sql2, $dbConn);
if(mysql_num_rows($rs2)> 0 && $_SESSION["who"]==$id)
{
$sup=true;
}
header("location: choosereview.php");
}
else
{
header("location: employee.php");}
}
?>The table for Departments has the fields: ID, DepartmentID,Department Name and Supervisor ID, where as the employee table has ID,EmpID,First Name,LastName.
The problem is that supervisor ID is the same as the emoloyeeID.
So say an employee id is 100 if that person is a supervisor their supervisor id is also 100. Im lost:S
Now the Choosereview:
<?php
require_once("nocache.php");
session_start();
if (!$_SESSION["who"])
{
header("location: logoff.php");
}
else
{
$emp = $_SESSION["who"];
$sn=$_SESSION["surname"];
$fn=$_SESSION["firstname"];
}
?>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Employee Review</title>
</head>
<body>
<h1>Review Page</h1>
<p>
<h3>Welcome to the Review Page <?php echo $fn;?> <?php echo $sn;?> (<?php echo $emp; ?>)</h3>
//Over here here i want an IF statement that will show certain data ONLY if the logged in user is a supervisor
<?php
require_once("dbconn.php");
$sql="SELECT * FROM reviews WHERE empid='$emp'";
$rs = mysql_query($sql, $dbConn);
?>
<?php
while ($row = mysql_fetch_array($rs)) {?>
<?php
$_SESSION["rid"] =mysql_result($rs,0,"reviewid");
echo'<h4>Employee ID</h4>';
echo $emp;
echo'<h4>Supervisor ID</h4>';
echo $row["supervisorid"];
echo'<h4>Review ID</h4>';
echo $row["reviewid"];
echo'<h4>Date Completed:</h4>';
echo $row["datecompleted"];
echo'<h4>Review Year</h4>';
echo '<a href="viewReview.php" />';
echo $row["reviewYear"];
echo '</a>';
echo'<h4>Completed</h4>';
echo $row["completed"];
?>
<?php }; ?>
<br/>
<a href="logoff.php">Log Off</a><br/>
</p>
</body>
</html>