Of the remaining scripts, we will look at the list users/projects ones. These basically open the doors to deleting and updating users and projects. Let's start by looking at the code for the list projects script:

<?php

ob_start();

include "../dbcon.php";

include "../functions.php";

//make sure that the user that is logged on has the right access

if(isset($_SESSION['level'])){

$level = $_SESSION['level'];

//if the access level is admin, then grant access to user

if(!$level == "admin"){

header("location:../login.php");

}

}else{

//session var is not set, user should not be on this page, redirect

header("location:../login.php");

}//end session check

The first part of the script simply checks to see if the logged-in user is or is not an admin, by comparing the session variable to a string as explained before. The second part of the code then retrieves a list of all the projects from the database:

//otherwise extract only the projects belonging to the currently logged in user

$getprojects = "SELECT pid,title FROM projects ORDER BY pid";

$results=mysql_query($getprojects);

if(!$results){

echo mysql_error();

}else{

$num_projects = mysql_num_rows($results);

}

If you look closely you will note that the results are not actually displayed here. They will be shown in the main HTML section of the page. The number of rows returned are stored in a variable called $num, which will later be used to build a dynamic HTML table with the MySQL results:

<?php

if($num_projects > 0){

while($rowprojects = mysql_fetch_assoc($results)){

?>

<tr>

<td><?php echo $rowprojects['title'];?></td>

<td><a href="edit_project.php?pid=<?php echo $rowprojects['pid']?>">Change</a> | <a href="del_project.php?pid=<?php echo $rowprojects['pid']?>">Delete</a> </td>

</tr>

<?php

}

}else{ ?>

<tr>

<td colspan="3"><p>There are no projects in the table, click on &quot;&quot;Add project&quot; to add new ones.</p></td>

</tr>

<?php

}?>

To built a dynamic table the $num/$result variables are used. First the $num variable is used to see if any rows are returned from the database table; if so, the $results variable is used to retrieve those records and build the table rows.

The list users script follows the same pattern. First it checks to see if the logged- in user has admin rights:

<?php

ob_start();

include "../dbcon.php";

include "../functions.php";

//make sure that the user that is logged on has the right access

if(isset($_SESSION['level'])){

$level = $_SESSION['level'];

//if the access level is admin, then grant access to user

if(!$level == "admin"){

header("location:../login.php");

}

}else{

//session var is not set, user should not be on this page, redirect

header("location:../login.php");

}//end session check

Then it retrieves the users from the database:

//otherwise extract all users from users table

$getusers = "SELECT uid,uname FROM users ORDER BY uid";

$result=mysql_query($getusers);

if(!$result){

echo mysql_error();

}else{

$num_users = mysql_num_rows($result);

}

?>

The exact same pattern is followed; the query results are stored in the $results variable and the number of rows retrieved is stored in the $num variable. Both of these will be used to build a dynamic table as the script is parsed:

<?php

if($num_users > 0){

while($rowusers = mysql_fetch_assoc($result)){

?>

<tr>

<td><?php echo $rowusers['uname'];?></td>

<td><a href="edit_user.php?uid=<?php echo $rowusers['uid']?>">Change</a> | <a href="del_user.php?uid=<?php echo $rowusers['uid']?>">Delete</a> </td>

</tr>

<?php

}

}else{ ?>

<tr>

<td colspan="3"><p>There are no users in the table, click on &quot;&quot;Add user&quot; to add new ones.</p></td>

</tr>

<?php

}?>