The main.php script - PHP

The main project management application that we will examine deals with maintaining user state (tracking users) and all major events that make the application useful, such as adding, removing, and editing projects. It will also enable users to assign tasks and add or remove project staff, as well as maintain files for a particular project.

TABLE OF CONTENTS:

By: David Web

Poor Best

Rating:

/ 5

June 02, 2008

print this article

SEARCH DEV SHED

TOOLS YOU CAN USE

The first script we are going to look at is the main.php script. The script is, in a sense, the point of access for the entire application. It is the page to which the login script sends a user that has been granted access. It lists all the projects in the database that are connected to the logged-in user's name.

The script basically checks to see if the user that is logged in has the 'admin' or 'normal' level of access. If the user is an admin, then all the projects in the database are listed; otherwise, only the projects registered in the name of the logged-in user are listed. Below is the code for the entire script:

<?php

include "dbcon.php";

include "functions.php";

//initialize variables

// retrieve information based on the user id, that we set in the login page:

if(isset($_SESSION['uid'])){

//here you could check if the session var is indeed numeric, just as a extra security precaution

$uid=mysql_escape_string($_SESSION['uid']);

//echo $uid;

$level = $_SESSION['level'];

//if the access level is admin, then you need to retrieve all the projects in the database

if($level == "admin"){

$getprojects = "SELECT * from projects ORDER by pid";

$results=mysql_query($getprojects);

if(!$results){

echo mysql_error();

}else{

$num_admin = mysql_num_rows($results);

}

}else{//level does not contain admin

//otherwise extract only the projects belonging to the currently logged in user

$getprojects = "SELECT * FROM projects WHERE u_id = '".$uid."'";

$result=mysql_query($getprojects);

if(!$result){

echo mysql_error();

}else{

$num_normal = mysql_num_rows($result);

}

}else{

//user did not login and should not be on this page

//redirect to login page

header("location:login.php");

}//end session check

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<head>

<title>Untitled Document</title>

</head>

<body>

<tr>

<td width="39%">Logged in: <? echo $_SESSION['name'];?> | <a href="logout.php">Logout</a></td>

</tr>

<tr>

<td colspan="3" bgcolor="#6699CC" class="headertxt">Project Management Software </td>

</tr>

<tr>

<tr>

<td width="37%"><strong>Project Name </strong></td>

<td width="34%"><strong>Status</strong></td>

<td width="29%"><strong>Date Created</strong> </td>

</tr>

<?php if($level =="admin"){?>

<?php

if($num_admin > 0){

while($rowadmin = mysql_fetch_assoc($results)){

<tr>

</td>

</tr>

<?php

}

}else{ ?>

<tr>

<td colspan="3"><p>There does not seem to be any projects registered in your name. Click on the "Create New Project" link to create a project.</p></td>

</tr>

<?php

}?>

<?php }else{?>

<?php

if($num_normal > 0){

while($rownormal = mysql_fetch_assoc($result)){

<tr>

</td>

</tr>

<?php

}

}else{ ?>

<tr>

<td colspan="3"><p>There does not seem to be any projects registered in your name. Click on the "Create New Project" link to create a project.</p></td>

</tr>

<?php

}?>

<?php } ?>

</table>

</td>

</tr>

<tr>

<tr>

<td><a href="add_project.php">Create New Project</a> | <a href="admin/login.php">Administrators Corner </a></td>

</tr>

</table>