The first script we are going to look at is the main.php script. The script is, in a sense, the point of access for the entire application. It is the page to which the login script sends a user that has been granted access. It lists all the projects in the database that are connected to the logged-in user's name.

The script basically checks to see if the user that is logged in has the 'admin' or 'normal' level of access. If the user is an admin, then all the projects in the database are listed; otherwise, only the projects registered in the name of the logged-in user are listed. Below is the code for the entire script:

<?php

include "dbcon.php";

include "functions.php";

//initialize variables

// retrieve information based on the user id, that we set in the login page:

if(isset($_SESSION['uid'])){

//here you could check if the session var is indeed numeric, just as a extra security precaution

$uid=mysql_escape_string($_SESSION['uid']);

//echo $uid;

$level = $_SESSION['level'];

//if the access level is admin, then you need to retrieve all the projects in the database

if($level == "admin"){

$getprojects = "SELECT * from projects ORDER by pid";

$results=mysql_query($getprojects);

if(!$results){

echo mysql_error();

}else{

$num_admin = mysql_num_rows($results);

}

}else{//level does not contain admin

//otherwise extract only the projects belonging to the currently logged in user

$getprojects = "SELECT * FROM projects WHERE u_id = '".$uid."'";

$result=mysql_query($getprojects);

if(!$result){

echo mysql_error();

}else{

$num_normal = mysql_num_rows($result);

}

}

}else{

//user did not login and should not be on this page

//redirect to login page

header("location:login.php");

}//end session check

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/PM_Main.dwt.php" codeOutsideHTMLIsLocked="false" -->

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<!-- InstanceBeginEditable name="doctitle" -->

<title>Untitled Document</title>

<!-- InstanceEndEditable -->

<!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable -->

<link href="Templates/main.css" rel="stylesheet" type="text/css" />

</head>

<body>

<table width="100%" border="0">

<tr>

<td width="33%">&nbsp;</td>

<td width="28%">&nbsp;</td>

<td width="39%">Logged in: <!-- InstanceBeginEditable name="login" --><? echo $_SESSION['name'];?> | <a href="logout.php">Logout</a><!-- InstanceEndEditable --></td>

</tr>

<tr>

<td colspan="3" bgcolor="#6699CC" class="headertxt">Project Management Software </td>

</tr>

<tr>

<td colspan="3"><!-- InstanceBeginEditable name="main" -->

<table width="100%" border="0">

<tr>

<td width="37%"><strong>Project Name </strong></td>

<td width="34%"><strong>Status</strong></td>

<td width="29%"><strong>Date Created</strong> </td>

</tr>

<?php if($level =="admin"){?>

<?php

if($num_admin > 0){

while($rowadmin = mysql_fetch_assoc($results)){

?>

<tr>

<td><a href="view_project.php?pid=<?php echo $rowadmin['pid']?>"><?php echo $rowadmin['title'];?></a></td>

<td><?php echo $rowadmin['status'];?></td>

<td><?php echo $rowadmin['create_dt'];?>

</td>

</tr>

<?php

}

}else{ ?>

<tr>

<td colspan="3"><p>There does not seem to be any projects registered in your name. Click on the "Create New Project" link to create a project.</p></td>

</tr>

<?php

}?>

<?php }else{?>

<?php

if($num_normal > 0){

while($rownormal = mysql_fetch_assoc($result)){

?>

<tr>

<td><a href="view_project.php?pid=<?php echo $rownormal['pid']?>"><?php echo $rownormal['title'];?></a></td>

<td><?php echo $rownormal['status'];?></td>

<td><?php echo $rownormal['create_dt'];?>

</td>

</tr>

<?php

}

}else{ ?>

<tr>

<td colspan="3"><p>There does not seem to be any projects registered in your name. Click on the "Create New Project" link to create a project.</p></td>

</tr>

<?php

}?>

<?php } ?>

</table>

<!-- InstanceEndEditable --></td>

</tr>

<tr>

<td colspan="3"><!-- InstanceBeginEditable name="nav" --><table width="100%" border="0">

<tr>

<td><a href="add_project.php">Create New Project</a> | <a href="admin/login.php">Administrators Corner </a></td>

</tr>

</table>

<!-- InstanceEndEditable --></td>

</tr>

<tr>

<td align="right" class="cright" colspan="3">copyright &copy; 2007 PM </td>

</tr>

</table>

</body>

<!-- InstanceEnd --></html>