The script itself is not so complicated; it merely retrieves the project's name, status, and date of creation. So let's take a closer look. The very first lines of the php portion of the script should be familiar to you by now; they include the database connection file and the functions file. The script also initializes variables, if needed. I initialize the variables because in some versions of PHP, you get an error message saying 'variable not defined.' Initializing variables avoids this problem. 

<?php

include "dbcon.php";

include "functions.php";

//initialize variables

The next bit of code is at the heart of the main script. First of all, it checks to see whether the user ID session variable is set. If it is set, then we know the user is properly logged in and should be on this page:

// retrieve information based on the user id, that we set in the login page:

if(isset($_SESSION['uid'])){

Since our intention is to retrieve the list of projects belonging to this user, we have to escape the variables that we are going to use in the query concerned. At the same time, we also give the level session variable a shorter name. This will make it easy for us to check the value of the $level variable for comparison later on:

//here you could check if the session var is indeed numeric, just as a extra security precaution

$uid=mysql_escape_string($_SESSION['uid']);

//echo $uid;

$level = $_SESSION['level'];

Now we check whether the value contained in the $level variable is 'admin' or 'normal' and based on the outcome, we run specific queries. If the value turns out to be 'admin,' then we need to retrieve ALL projects in the database. At this point, you can also set conditions on the query by retrieving only those projects that are not overdue or only those projects that are pending. It is entirely up to you and your situation as to what you want the administrator to see at this point:

//if the access level is admin, then you need to retrieve all the projects in the database

if($level == "admin"){

$getprojects = "SELECT * from projects ORDER by pid";

$results=mysql_query($getprojects);

if(!$results){

echo mysql_error();

}else{

$num_admin = mysql_num_rows($results);

}

The result of the query is stored in the $num_admin variable. It will hold the number of projects that are returned by the query. The value in that variable ($num_admin) is of type integer. If the value in the $level variable contains 'normal,' then we run a query to retrieve only projects that are registered in the logged-in user's name:

}else{//level does not contain admin

//otherwise extract only the projects belonging to the currently logged in user

$getprojects = "SELECT * FROM projects WHERE u_id = '".$uid."'";

$result=mysql_query($getprojects);

if(!$result){

echo mysql_error();

}else{

$num_normal = mysql_num_rows($result);

}

}

The first line of the query specifies that only projects that have the logged-in user's user id should be retrieved:

$getprojects = "SELECT * FROM projects WHERE u_id = '". $uid ."'";

If the user id session variable is not set, then the user should not be on this page, since this means that he or she was not logged in. We redirect the user to the login page:

}else{

//user did not login and should not be on this page

//redirect to login page

header("location:login.php");

}//end session check

Conclusion

In the next article, we will look at the HTML portion of the main.php application. The HTML part will consist of a dynamic table that will be mixed in with PHP variables.